Following the recent issuance of a Request for Proposal (RFP) to select a vendor for implementing the Sri Lanka Digital Identity (SL-UDI), Sri Lanka is actively seeking participation from both local cloud infrastructure providers and global hyperscalers to build its next-generation cloud infrastructure under the nation’s comprehensive digital strategy.
Dr. Hans Wijayasuriya, Chief Adviser to the President on Digital Economy, emphasized the importance of leveraging public cloud capabilities for cost-effectiveness and robust security, noting that global cloud providers bring unmatched investment and technical expertise. However, he underscored the critical need for a local cloud infrastructure to manage sensitive data that must remain within Sri Lanka’s borders.
The envisioned cloud architecture will comprise a hybrid of residential, sovereign, and public cloud elements. Dr. Wijayasuriya clarified that “sovereign” cloud refers to environments where the government retains control of encryption keys, even if data is physically stored abroad under arrangements like data embassies. This approach enables classification of data by sensitivity and the application of tailored sovereignty levels accordingly.
Earlier this year, the government initiated the conceptualization of a sovereign cloud to safeguard sensitive biometric and biographical information integral to the national digital ID program—a recurring concern in protecting citizen data.
Sanjaya Karunasena, Director of the Information Communication Technology Agency of Sri Lanka (ICTA), told Biometric Update in February, “We need a sovereign cloud for the country which can meet all local and international security standards. We are currently engaging with potential stakeholders to establish a transparent mechanism for qualified local and international players to participate in building the cloud infrastructure.”
Sri Lanka is concurrently developing a comprehensive cloud policy addressing both data residency and sovereignty alongside a national data governance strategy. This framework involves categorizing data across sectors such as government, banking, and telecommunications into levels of security—high security, sensitive, less secure, or public. These classifications will dictate policies on data storage locations, ensuring that critical data remains onshore or within sovereign environments while optimizing the cost advantages of public cloud services where appropriate.
An integral part of the nation’s digital infrastructure plan is the National Data Exchange (NDX), developed by ICTA in partnership with Citra Lab—a joint initiative between the Prime Minister’s Office and the United Nations Development Programme (UNDP). The NDX will facilitate seamless, secure data sharing among government agencies and stakeholders, enhancing collaboration and data-driven decision-making.
Additional core components include the Sri Lanka Unique Digital Identity system and an eLocker platform for managing digital credentials.
Sri Lanka aims to quintuple its digital economy over the next five years by harnessing advanced technologies such as artificial intelligence (AI), the Internet of Things (IoT), and cloud computing to stimulate sustainable economic growth.
