What does borderless data mean for your organization when borders are tightening?

Published

18 March, 2026

Businesses have been encouraged to treat information as something that can move freely for years. Companies in the U.K. engage creative agencies in India, international companies have had outsourced functions for decades. As web infrastructure has grown in tandem (and as a driver); documents are now shared instantly, teams collaborate across time zones, and a single process may involve staff, suppliers, and systems in several countries at once. In that sense, data has become borderless.

The problem is regulation, risk, and accountability have not.

Data fragmentation, sovereignty and the inherent risks

That tension is becoming harder to ignore. The OECD⁠ has stated that cross-border data flows now support international business operations, logistics, supply chains, and communications, while conversely governments are paying closer attention to privacy, security, regulatory reach, and national resilience.

That same OECD report warns that data localisation measures can raise data management costs by 15% to 55%, while also reducing resilience if organizations become too reliant on keeping information in one place.

That is the issue in a nutshell: Information move as if borders don’t matter, but the law still depends on jurisdiction.

For many organizations, “borderless data” sounds like a technology problem. It is actually an information management problem. It is not about where data sits in the cloud. It is whether you know what it holds, where it sits, who can access it, how long it must be kept, whether it can lawfully cross a border, and what happens when a regulator, auditor, customer, or court asks for it.

This matters because borderless information isn’t limited to one format. It includes contracts in shared systems, invoices moving through approval chains, HR records held across entities, emails, scanned legacy files, and often (and this is often forgotten in our digital age) the paper originals that still carry operational or legal weight. The process may be digital, but the record base is not.

That is why the recent policies of tightening borders (both physical and cloud) affect the full life of a record.

Throughout the 2020s, the policy environment has been, predictably, shifting. The United Nations Commission on Trade and Development’s Digital Economy report in 2021 (UNCTAD⁠) described a “global spectrum” ranging from open approaches to much stricter controls, with a tendency towards increasing scrutiny. The situation has only grown stricter and more siloed since 2021.

In 2025, the WTO⁠ published a report titled “Economic Implications of Data Regulation”, underscoring how data borders now reach beyond privacy into national security, intellectual property, industrial policy, and regulatory control:

“Overall, more global solutions that balance free-flows with trust are likely to deliver better economic outcomes for countries at all levels of development.”

The question is now “how much heavier is all this data scrutiny going to become?”

Recent reporting makes it even more clear. Reuters⁠ reported in February 2026 that Washington had instructed diplomats to push back against foreign data sovereignty initiatives, arguing that localisation rules can increase costs and disrupt digital services. Reuters has also reported on efforts to make some cross-border flows easier in tightly defined sectors, such as finance in China. While governments aren’t “shutting the door” as such, the overall picture is one of fragmentation and honestly, confusion.

For organizations, that makes governance more important than theory (something we’ve provided guidance on before). Whatever direction policymakers take, you still need to work within these rules.

This is what we mean by it being a information management problem rather than a purely technological problem.

Take Enterprise Content Management (ECM) as an example. The Association for Intelligent Information Management (AIIM)⁠ defines ECM as “the combination of strategies, methods, and tools used to capture, manage, store, preserve, and deliver information through its lifecycle.” Basically, it’s the system that stops you drowning in your own files.

That matters when borders are tightening because compliance isn’t, as we’ve said, solved by where you store it alone. It depends on classification, permissions, audit trails and importantly, retention (i.e. how long you’re meant to such-and-such HR record for legally in X territory). ECMs give all of this structure.

The same applies to what we call “digital workflows”. When onboarding, invoice processing, or case management relies on ad hoc email chains and scattered file shares, information tends to move without much control. People download, resend, duplicate, and store records wherever work happens to be happening, we’ve all been guilty of it.

Managing the physical while regulating the digital

Physical records should not be treated as separate from this discussion. In many sectors, original documents, archive files, patient records, legal files, signed agreements, or historical case material still matter. As borders tighten, organizations need firmer rules about which hard-copy records stay in-country, which can be digitized for access, and which need secure retrieval on demand rather than wholesale movement. Secure storage, indexing, and scanning are not old, legacy services. In many cases, they are what allow digital access without losing control your all-important chain of custody.

There is also a broader point here. Borderless data is often treated as a sign of progress, while limits on data movement are described as friction. Sometimes that is true. But from an information management perspective, the biggest risk is false confidence. Too many organizations assume their information is borderless because their people can access it from anywhere. Unfortunately, that’s not the same as a model that’s lawful and compliant.

What’s the blunt view then? Borderless access and territorial accountability exist at the same time. That means asking hard questions. Which records are truly business-critical? Which are personal or sensitive? Which jurisdictions matter? What needs to stay local? What can be digitised and routed? What should never be casually duplicated? Which processes would fail an audit because nobody can clearly explain where the record is, or why?

To be clear, these are not software questions alone. As we’ve talked about. They are a management of information problem.

However, while regulation tightens and geopolitical assumptions become less reliable, it’s important not to panic. The firms that cope best are unlikely to be the ones that move information fastest.

That is what borderless data means when borders are tightening. Information may move globally, but responsibility does not.

If your organization is rethinking how information moves across jurisdictions, now is a good time to review the basics, from record location and retention to digital workflows and secure storage, we can make it simple. Get in touch with one of our experts today.

 

Share this article