Governments around the world commonly use Cloud Service Providers (CSPs) that are headquartered in other nations. How do they ensure data sovereignty when these CSPs, storing a nation’s data within that nation’s borders, are subject to long-arm statutes on data stored abroad? And what if, in turn, the governmental data is stored abroad, would access to that data constitute a violation of the nation’s sovereignty? This paper examines how selected governments have protected their CSP-hosted data from foreign law enforcement access and suggests methods that other governments might employ to ensure data sovereignty. It addresses these issues in three steps. First, we describe the problem of long-arm jurisdiction with respect to the US Clarifying Lawful Overseas Use of Data (CLOUD) Act and the proposed EU e-evidence regulation (EU COM/2018/225 final). Given the extraterritorial reach of these regulations, foreign CSPs looking to maintain good standing with their respective governments and laws may consider storing active copies of their customers’ data and metadata in their home country. For CSPs offering services to the EU, having to comply with an emergency Production Order within 6 hours may not be possible without duplication and active parsing of customer data in a CSP centralised location, foreign to the data owner. Secondly, we evaluate the recently signed US and UK Executive Agreement under the US CLOUD Act to see if and how the UK protects its own Government Cloud from US law enforcement. We also evaluate France’s position, the German model which prohibits storing of government data with US CSPs, and the Polish model recently signed with the US CSP Google, to better understand their positions and approach to managing data sovereignty. Finally, we offer an assessment on how to balance sovereignty over government data stored in the cloud with the needs of law enforcement for States exercising jurisdiction over CSPs.