When Denmark sent the world’s first tech ambassador to Silicon Valley in 2017, it was an admission — diplomatically rare in its candour — that the companies headquartered there had acquired a form of power that the existing apparatus of foreign policy was not designed to engage. Eight years later, more than seventy nations have followed. The companies, meanwhile, have not stood still.
By Vladimir Tsakanyan, PhD · Center for Cyber Diplomacy and International Security · cybercenter.space
In 2026, Microsoft has committed $80 billion to global AI infrastructure investment in a single fiscal year. Amazon Web Services has pledged $5.3 billion to build a data centre region in Saudi Arabia, structured specifically to keep sovereign government data within the kingdom’s territorial boundaries. Oracle has committed $14 billion to the Saudi market over ten years. These are not commercial announcements. They are, in the precise language of geopolitics, acts of strategic positioning — bilateral commitments that carry the weight of partnership agreements, shape the digital sovereignty posture of the recipient nation, and determine which power’s technical standards, governance models, and supply chain dependencies will be embedded in that nation’s critical infrastructure for the next generation.
The Danish tech ambassador who arrived in Silicon Valley in 2017 was not, in retrospect, an avant-garde experiment. He was a diplomat dispatched to engage foreign powers — powers that happened to be headquartered in Cupertino, Menlo Park, and Redmond rather than Beijing or Berlin, but whose capacity to affect the lives of Danish citizens had become, in certain domains, comparable to that of any state. Denmark’s then-Foreign Minister described the rationale with unusual directness: we are in the third wave of modern diplomacy, in which foreign policy is no longer decided only by countries or international organisations, but also by corporate non-state actors whose influence over our societies is vast.
That observation, radical when it was made, is now orthodoxy. The question it generates — and the one that the diplomatic system has not yet answered — is structural: what does it mean, for the theory and practice of international relations, when the most consequential actors in global digital governance answer to no treaty, operate under no diplomatic protocol, and can be held accountable by no international court?
The Third Wave — and What It Displaced
The history of modern diplomacy is, as the former Danish tech ambassador observed, a story of two prior waves. The first emerged from the Congress of Vienna in 1815: the formalisation of bilateral state-to-state representation, the establishment of the resident ambassador as the primary instrument of foreign policy. The second followed the Second World War: the construction of multilateral institutions — the UN system, the Bretton Woods organisations, the regional bodies — that required states to post diplomats not just to capitals but to Geneva, New York, Brussels, and the alphabet soup of intergovernmental organisations that now populate those cities.
The third wave has no founding congress, no constitutive treaty, and no agreed protocol. It has emerged from the accumulated weight of a single empirical observation: the companies driving the Fourth Industrial Revolution have acquired economic scale, social reach, and geopolitical influence that the existing diplomatic architecture was not designed to accommodate. Microsoft’s market capitalisation exceeds the GDP of most countries. Meta’s platforms carry the public discourse of democracies and autocracies alike. Google’s search algorithms shape what billions of people know about the world. Starlink’s satellite internet infrastructure has, in the course of a single conflict, become a military asset whose control by a private actor creates strategic dependencies that no alliance treaty anticipated and no defence ministry has fully resolved.
The response of the international system to this development has been characterised by a structural lag that is itself analytically significant. Seventy-plus nations have now established some form of tech diplomatic presence — ambassadors, special envoys, innovation hubs, ministry tech units — in recognition of the reality. But recognition is not the same as architecture. Sending an ambassador to Apple is not equivalent to having a treaty with Apple. Establishing a tech attaché at your consulate in San Francisco is not equivalent to having an agreed framework for the governance of the company’s operations in your jurisdiction. The form of the response has mimicked the first wave of diplomacy without the substance that made the first wave meaningful: binding obligations, mutual accountability, and enforceable rules.
Analyst note
Brazil has built perhaps the most systematic national architecture for tech diplomacy: a dedicated Tech Ambassador, more than seventy technology-focused sections across its embassy network worldwide, and a structured programme of investment promotion and technology transfer engagement with global firms. This is impressive institutional ambition. It is also, in its design, primarily a mechanism for attraction and engagement rather than accountability. The question of what Brazil can compel from a tech company that operates in its market — as opposed to what it can offer — remains structurally unanswered, as it does for every state that has appointed a tech ambassador without also building the regulatory authority to back the diplomatic relationship.
Data Centres as Diplomatic Commitments
The most concrete manifestation of corporate quasi-sovereignty in 2026 is not social media influence or AI governance positioning. It is infrastructure. The $600 billion in capital expenditure that the five largest hyperscalers are projected to deploy globally in 2026 — a thirty-six percent increase over 2025 — is not being invested in neutral, fungible computing capacity. It is being deployed in specific sovereign territories, under specific legal frameworks, with specific implications for which nation’s data residency requirements are met, which nation’s intelligence services have lawful access, and which nation’s technical standards govern the systems that will run that country’s government services, healthcare records, and financial infrastructure for decades.
The physical placement of AI compute infrastructure across sovereign territories is, as analysts have described it, an act of strategic positioning. Nations that host hyperscaler data centres gain economic benefits, technical expertise, and — critically — the political embedding that comes from being integrated into a major power’s digital ecosystem. The Saudi deployment of AWS, Azure, and Oracle infrastructure is not merely a commercial arrangement. It is a declaration of digital alignment — one that will shape Riyadh’s technology governance choices, its standards preferences, and its geopolitical posture in ways that no bilateral treaty could produce with equivalent durability.
China’s response to this pattern follows a parallel logic with a distinct governance overlay. Where US hyperscalers operate as commercial actors whose geopolitical implications are structural rather than explicit, Chinese cloud providers — Alibaba Cloud, Huawei Cloud, Tencent — are explicitly instruments of state-directed digital statecraft, aligned with Belt and Road diplomacy and designed to produce the infrastructure dependencies and governance alignment that Beijing requires from its Digital Silk Road partners. The competition between these two models — Western commercial infrastructure with embedded governance norms versus Chinese state-directed infrastructure with explicit alignment requirements — is the defining axis of technology diplomacy in 2026, and it is being decided not in UN conference rooms but in data centre construction contracts signed in Riyadh, Nairobi, and Jakarta.
The physical placement of a data centre is now a diplomatic act. The company that builds it shapes which nation’s laws govern the data inside it, which nation’s standards define its architecture, and which nation’s geopolitical interests it will serve in a crisis.
The Accountability Vacuum
The structural problem at the heart of the third diplomatic wave is not that tech companies have acquired influence. Powerful non-state actors have always existed in international relations — the East India Company, the Church, the major banks. The structural problem is that the current generation of technology companies has acquired influence at a scale and in domains that are directly constitutive of state sovereignty — communications infrastructure, financial rails, data governance, AI systems that will increasingly mediate government decision-making — while remaining outside the accountability frameworks that governed every previous powerful non-state actor.
The East India Company was eventually regulated, then nationalised, then abolished. The major banks operate under prudential regulation, deposit insurance frameworks, and, since 2008, enhanced systemic risk oversight. The technology companies that now shape global diplomatic reality operate under national regulatory frameworks whose extraterritorial reach is contested, under self-regulatory commitments whose enforcement is voluntary, and under international governance frameworks that are either non-binding, under negotiation, or designed around problems that the companies have already moved past.
This accountability vacuum has three distinct dimensions. The first is jurisdictional: a company incorporated in Delaware, operating servers in Ireland, serving users in Indonesia, and influencing elections in Brazil does not fit cleanly into any single regulatory framework, and the efforts of each jurisdiction to assert authority produce the fragmented compliance environment described in Series 1 of this series — without the security benefits that genuine regulatory coherence would deliver. The second is representational: tech companies participate in international governance processes — ITU meetings, internet governance forums, AI safety summits — as stakeholders whose voice is valued but whose commitments are optional. They can walk away from any framework at any time, and the framework has no mechanism to compel their continued engagement. The third is temporal: the speed at which technology companies acquire new capabilities and deploy them at scale systematically outpaces the speed at which diplomatic and regulatory responses can be formulated, negotiated, and implemented.
Analyst note
The Starlink precedent deserves particular attention as a case study in the accountability vacuum. Elon Musk’s decision to restrict Starlink service in specific geographic areas of Ukraine during active combat operations — a decision made by a private individual, affecting a sovereign state’s military operations, with no legal framework governing it — illustrates the structural gap with unusual clarity. No treaty addresses it. No international court has jurisdiction over it. No diplomatic protocol exists for states to negotiate with a private satellite operator over the terms under which their territory will have connectivity during armed conflict. The incident was resolved, in practice, through personal diplomacy and public pressure. That is not a governance framework. It is the absence of one.
What a Genuinely Updated Diplomatic Architecture Would Require
The answer is not that tech companies should be regulated like states. They are not states, and the category error of treating them as equivalent produces both analytical confusion and bad policy. The answer is that the diplomatic system requires new instruments — ones designed for the specific characteristics of the actors it is now dealing with, rather than instruments retrofitted from frameworks designed for bilateral state relations or post-war multilateral institutions.
Three gaps are the most tractable. The first is representational: the major technology platforms require a formal, structured relationship with the international community that goes beyond participation in forums as invited guests. The model of the ICANN multi-stakeholder process — flawed, contested, and increasingly under pressure — nonetheless represents an attempt to create a governance architecture in which private actors have defined roles, defined obligations, and defined accountability mechanisms. Extending that architecture to cover the hyperscalers’ infrastructure commitments, data governance practices, and AI deployment decisions is a governance challenge of the first order, but it is not a technically impossible one.
The second is jurisdictional: the extraterritoriality problem requires not just bilateral negotiation but multilateral frameworks that define minimum standards for the governance of technology infrastructure across sovereign territories, regardless of the nationality of the operating company. The EU’s approach — asserting regulatory jurisdiction over any company serving EU users, regardless of where it is incorporated — is the most ambitious current attempt to address this gap. Its effectiveness depends on market size as leverage, which means it is available to the EU and not to most other jurisdictions. A multilateral version would require the kind of sustained great-power cooperation that the current geopolitical environment does not support — but that the current governance vacuum increasingly demands.
The third is temporal: the speed mismatch between technology deployment and governance response is structural and will not be resolved by faster diplomacy alone. It requires anticipatory governance mechanisms — regulatory frameworks designed to apply to categories of capability rather than specific products, and diplomatic processes capable of establishing norms before a technology is deployed at scale rather than after. The AI safety summit process, for all its limitations, represents an attempt at this approach. Its outcomes have been primarily declaratory. The gap between declaration and binding obligation — the central theme of the final article of this series — remains the defining failure of digital diplomacy in 2026.
Bottom line assessment
Tech companies have become sovereign actors in the practical sense that matters most to international relations: they make decisions that determine the conditions under which states exercise their sovereignty in the digital domain. The diplomatic system has responded to this development with institutional adaptation — tech ambassadors, innovation hubs, ministry tech units — that acknowledges the reality without addressing its structural implications. Sending an ambassador to a company you cannot compel, bind, or sanction is a gesture, not a strategy. A genuinely updated diplomatic architecture would require representational frameworks that create obligations rather than invitations, jurisdictional frameworks that extend beyond market size as the sole lever of accountability, and temporal frameworks that produce anticipatory rather than retrospective governance. None of these are technically impossible. All of them are politically expensive. The companies whose accountability is at issue are also the companies whose investment commitments, infrastructure deployments, and geopolitical positioning make them indispensable partners to the states that would need to regulate them. That dependency is the deepest structural problem in tech diplomacy — and the one that no summit communiqué has yet begun to address.
This is Article 1 of the series “Digital Diplomacy & Power.” The series examines how digital technology is reshaping the practice, institutions, and power dynamics of international diplomacy. Next: The Data Embassy — How Small States Are Reinventing Sovereignty in the Digital Age. All articles available at cybercenter.space.
Tech Diplomacy Digital Diplomacy Technology Governance Hyperscalers Geopolitics AI Infrastructure Sovereignty Vladimir Tsakanyan
Leave a comment