The Philippines is embracing digital technology to drive economic growth and tackle socioeconomic challenges. Hyperscale cloud solutions—far larger than typical cloud service providers—promise robust cybersecurity and operational stability to protect critical data. But their adoption raises serious concerns about data sovereignty and dependence on foreign providers.

The Marcos government has articulated an ambitious digital transformation agenda, aiming to improve internet connectivity, expand e-governance platforms, and achieve universal digital ID registrations by the end of 2025. With the government’s data collection and the country’s broader data economy rapidly expanding, cloud adoption has also emerged as a priority.

The Department of Information and Communication Technology (DICT), the lead agency for cybersecurity and digital infrastructure, has pushed for the replacement of siloed legacy systems across government with more modern, integrated cloud-based solutions. These new platforms are intended to enhance interoperability between agencies and improve delivery of public services. Under the current strategy, cloud services are developed as hybrids, blending on-site infrastructure with accredited third-party cloud providers. This allows for agency-level flexibility while maintaining essential control over sensitive data.

Security is a key criterion in accrediting cloud service providers. The DICT advises that government agencies move to accredited providers, as they regularly update their software. However, as government systems are increasingly targeted by state-sponsored cyber operations, the case for working with hyperscale cloud providers becomes more compelling. These providers claim to offer stronger defences for critical systems and national datasets than many government agencies can build in-house.

Without robust cybersecurity measures, the benefits of digital transformation risk being undermined, particularly in a country that remains highly vulnerable to cybercrime and foreign cyber intrusion. Other countries facing similar threats, such as Taiwan, have already turned to hyperscale cloud platforms as a means of ensuring digital resilience.

The scale of the challenge is substantial. In 2024, the cybersecurity firm Surfshark reported that more than 24 million Philippine accounts were compromised in data breaches, placing the country sixth in Asia for cyber incidents. High-profile attacks have hit both public and private sectors.

In October 2023, the Philippine Health Insurance Corporation suffered a ransomware attack that exposed the data of more than 42 million people. In early 2024, China-linked hackers made unsuccessful attempts to breach the president’s office and maritime security agencies. This followed an earlier breach in which sensitive military data was exfiltrated, allegedly by Chinese state-sponsored actors.

As the Philippines develops key sectors, such as electronics, and deepens its role in regional security issues, it also becomes more exposed to intellectual property theft and digital coercion.

One of the strongest arguments for adopting hyperscale cloud services is their superior security features. Unlike traditional on-site infrastructure, hyperscalers offer AI-powered threat detection, continuous monitoring and automated incident response. Their infrastructure is designed with redundancy and geographic distribution in mind, making them well-suited to the Philippines, as a disaster-prone country. The ability to preserve data integrity and maintain services during crises is particularly valuable.

There is also a security logic to the adoption of hyperscalers. The Philippines is deepening its cyber cooperation with partners such as the United States and Australia, including through enhanced defence cooperation and increased collaboration on critical technologies.

Meaningful integration into allied defence networks will require the Philippines to meet high interoperability and cybersecurity standards. Hyperscale cloud platforms, if properly governed and secured, provide the critical foundation for secure information sharing, joint operational planning and rapid response capabilities with allied forces.

However, these benefits do not come without strategic trade-offs.

Currently, the Philippines relies heavily on foreign cloud vendors, with such major vendors as Huawei, Alibaba and Amazon Web Services operating in the country. This reliance—particularly on Chinese companies, given the two countries’ disputes in the South China Sea—poses serious risks to national sovereignty and operational security. It also underscores the urgent need for a more comprehensive regulatory framework to govern cloud security and ensure digital sovereignty.

National security, not cost, must guide decisions about cloud providers. While hyperscale cloud platforms offer extraordinary capabilities, the Philippines must ensure that accredited providers meet strict sovereignty and cybersecurity requirements. The Data Privacy Act provides some protections, but it does not fully address the complexities of managing sensitive military and national security data across multinational platforms. The DICT should move quickly to enforce rigorous compliance standards for hyperscale adoption in defence, including mandated end-to-end encryption, strict physical and logical access controls, independent audits, and clear restrictions on foreign jurisdictions’ legal claims over data.

To future-proof its digital transformation and secure its place as a credible regional partner, the Philippines must treat hyperscale cloud adoption as a strategic enabler—not just of administrative efficiency, but of national defence and sovereignty. This means embedding cybersecurity and geopolitical risk assessments in every stage of cloud policy, while building a regulatory environment that protects sensitive data and ensures operational continuity in times of crisis.

Hyperscale platforms, when governed by strong safeguards and aligned with trusted international partners, offer the Philippines a rare opportunity to bridge its digital infrastructure gap and reinforce its security architecture. The choice is not whether to adopt hyperscale cloud, but how to do so on the country’s own terms.

This article is provided as part of ASPI’s partnership with Microsoft, which includes fostering informed debate about cybersecurity and technology adoption in the Indo-Pacific and about Australia’s role in these areas.