THE QUESTION GOVERNMENTS ARE SLOW TO ASK.

There is an assumption embedded in the way most governments manage their digital presence — that the addresses they operate from are, in some meaningful sense, theirs. The hospital’s website, the parliament’s official portal, the court registry’s public-facing interface: each carries an address that citizens associate with legitimate government authority. What is rarely examined is whether that address is truly owned by the institution it represents, or whether it is leased, at annual cost, from a commercial registrar operating under the jurisdiction of another government, subject to policies that no Queensland law has ever touched.

For states, digital sovereignty means the capacity to govern the rules, standards, infrastructures and data flows that underpin the digital economy within their territory on their own terms. That formulation, tidy as it sounds, contains a problem when translated to the level of a sub-national government — a state within a federation. Queensland is not a nation-state. It cannot regulate the root DNS system. It cannot compel ICANN. It holds no authority over the commercial registrars from which it rents its own name. And yet it is, in every civic sense, a sovereign jurisdiction — responsible for the health, education, justice, emergency services, and daily administrative life of more than five million people. The gap between that civic responsibility and the infrastructure on which it runs is the subject this essay takes seriously.

Since federation in 1901, Queensland has been a state of Australia, with the Constitution of Australia regulating its relationship with the Commonwealth. Like its federal counterpart, the Queensland Government takes the form of a parliamentary constitutional monarchy. That constitutional continuity — more than a century of stable governance, evolving institutions, and accumulated public trust — is now expressed, in part, through digital addresses. The question of who ultimately controls those addresses is not a technical footnote. It is a question of governance.

WHAT SOVEREIGNTY MEANS IN THE DIGITAL REGISTER.

The word “sovereignty” has a long history in political theory before it encounters the digital world, and it arrives there carrying all of its earlier weight. In its classical sense, sovereignty implies the supreme authority within a defined territory — the power to make final decisions without appeal to any external authority. Applied to the digital sphere, this classical meaning produces a more complicated picture.

Digital sovereignty is the capacity to control your digital destiny: your infrastructure, software, standards and data, including how they are governed and under which jurisdiction they operate. At the level of a national government, that definition is tractable — nations can legislate, negotiate, and build. At the level of a state government within a federation, the available tools are more limited. Queensland cannot establish its own root DNS server. It cannot impose technical standards on global internet infrastructure. What it can do is make deliberate choices about the addresses it occupies, the infrastructure it relies on, and the conditions under which that infrastructure can be disrupted or withdrawn.

Digital sovereignty has become a concern for many policymakers who feel there is too much control ceded to too few places, too little choice in the tech market, and too much power in the hands of a small number of tech companies, who control massive amounts of data about their users. This concern, increasingly voiced at national and supranational levels, translates directly to the state government context. When Queensland Health’s digital presence depends on a domain registered through a commercial registrar headquartered abroad, subject to that registrar’s terms of service, renewal schedules, and the regulatory reach of a foreign jurisdiction, there is a dependency — quiet, invisible, and largely unexamined — that sits beneath the surface of daily civic life.

In practice, digital sovereignty can be associated with three interrelated policies. First, digital sovereignty generally involves safeguarding the autonomy and security of a country’s digital infrastructure. Next to protecting critical physical infrastructure and computer networks, it entails guaranteeing a country’s access to data collected on its territory. A state government might reasonably expect to exercise all three of these capacities over its own institutional addresses. Currently, it does not — not fully.

THE INFRASTRUCTURE UNDERNEATH THE ADDRESS.

Most citizens interact with government services through addresses: a URL, a portal name, a government email domain. These addresses appear stable. They have been the same for years. Citizens trust them precisely because of that stability. What they do not see is the infrastructure underneath — the domain name system that resolves those addresses, the registrars that hold the registration, the renewal processes that keep them active.

Online government services are increasingly regarded as critical national infrastructure. Because these services directly influence public trust, any disruption can have significant societal and political consequences. Yet their supporting infrastructures remain vulnerable to outages from natural disasters, geopolitical tensions, and targeted attacks.

Central to their operation is the authoritative Domain Name System (DNS) infrastructure, the single source of truth that maps government domain names to service endpoints. While indispensable, this infrastructure also represents a potential and critical point of system failure.

The vulnerability here is not merely theoretical. Because deploying a local DNS server requires technical expertise, companies have not rarely been delegating the task of maintaining their authoritative name server records to third-party DNS providers. Such a delegation, which has been increasing over the years, led to the current scenario where DNS resolution is concentrated on a small number of large providers. Government agencies, operating under budget constraints and without specialist technical capacity in every department, often find themselves in the same position as private-sector organisations: dependent on a handful of large commercial providers whose continuity of service cannot be guaranteed by any Queensland law.

If this infrastructure becomes unreachable — such as during the large-scale Amazon AWS DNS outage in 2025 — users cannot access the service, even if the website itself remains operational. If the authoritative DNS records are tampered with, attackers can redirect users to fraudulent sites and harvest sensitive information. For a government health service, an emergency contact portal, or a payments system, the consequences of such disruption extend well beyond inconvenience.

As several essential services are provided through electronic government, it is highly important to be able to measure the digital sovereignty of a nation and the impacts that the lack of such feature can bring to its citizens. What is true at the national level is true, with equal or greater urgency, at the state government level — where citizens interact with essential services daily, and where the consequences of digital disruption fall directly on people rather than on abstract policy frameworks.

WHAT QUEENSLAND HAS BUILT — AND WHAT REMAINS.

It would be wrong to suggest that Queensland has been inattentive to its digital future. The Queensland Government committed to supporting communities, business and industry to embrace innovation through the $200 million Digital Economy Strategy — Our Thriving Digital Future: Queensland’s Digital Economy Strategy and 2023–26 Action Plan. That investment is real and its intentions are sound. It places people and businesses at the heart of government service, program and policy design so that services are trusted, easy to use and get the best outcomes, and commits to better, more reliable digital infrastructure so that regional communities can connect, grow and prosper.

The strategy includes delivering the Cyber Secure Queensland Strategic Plan and program, and continuing delivery of the state Digital Archiving Program. These are meaningful commitments. They reflect an awareness that digital infrastructure carries civic weight, that data is a public asset, and that security is not separable from service delivery.

But there is a distinction — rarely articulated in strategy documents — between building good digital services and owning the infrastructure on which those services stand. A government can invest heavily in the design of a portal, the security of its databases, the accessibility of its interfaces, and still be dependent, at the foundational layer of its address, on commercial infrastructure it does not control and cannot compel. The $200 million strategy addresses many things. It does not address the question of what happens when the registrar fails, the renewal lapses, or the third-party DNS provider experiences a catastrophic outage.

Developing and delivering a Queensland Digital Infrastructure Plan, and co-investing in digital infrastructure with the Australian Government and industry — these are the right directions. But infrastructure planning, to be complete, must extend to the naming layer. It must ask: what does it mean for a Queensland government institution to have a permanent, sovereign address? Not an address that can be disrupted, expired, or redirected by forces outside the state’s jurisdiction — but an address that belongs, in an enduring sense, to Queensland.

THE PERMANENCE QUESTION.

Governments think in generations. The Queensland Parliament, the state’s courts, its hospitals, its universities — these are institutions designed to outlast any particular administration, any particular technological fashion, any particular commercial arrangement. They carry accumulated public trust that is built over decades, not quarters. The addresses they occupy in the digital world ought to reflect that temporal scope.

The conventional domain name system was not designed with governments in mind. It was designed for a commercial internet that assumed annual renewals, competitive registrar markets, and institutional customers willing to manage their registrations as ongoing administrative tasks. It works adequately for businesses whose existence is contingent and whose addresses may legitimately change. It works less well for institutions whose identity is, by design, permanent.

Latin America’s data centre boom reveals that digital sovereignty depends less on legal declarations than on states’ operational control over energy, water, and exit rights. Transposed to the address layer, the same insight applies: sovereignty depends less on rhetorical commitment than on operational control. A state government that cannot guarantee the continuity of its own institutional addresses — regardless of commercial decisions made by third parties — does not fully control the infrastructure on which its civic presence depends.

This is where the concept of onchain namespaces becomes relevant, not as a technological novelty, but as a structural response to a genuine governance problem. The Ethereum Name Service is a distributed, open, and extensible naming system based on the Ethereum blockchain. ENS maps human-readable names like ‘alice.eth’ to machine-readable identifiers such as Ethereum addresses, other cryptocurrency addresses, content hashes, metadata, and more. The significance of this architecture, for a government institution, lies in the ownership model: a name recorded on a public blockchain is not subject to registrar failure, commercial policy changes, or renewal lapses in the conventional sense. It is anchored at the protocol level rather than the commercial layer.

Unlike the traditional, centralized Domain Name System, ENS is user-owned, censorship-resistant, and secured by private wallets, reflecting Web3’s focus on user ownership and open access. For a state government seeking to establish addresses that reflect its institutional permanence, this is not a peripheral feature — it is the central one.

THE LAYERS OF SOVEREIGNTY IN PRACTICE.

Digital sovereignty, at the state government level, operates across at least three distinct layers, and it is worth distinguishing them clearly.

The first layer is data sovereignty — the question of where government data is stored, under whose legal jurisdiction it resides, and who can access it under what conditions. This layer examines the legal, security, privacy, workforce, and supply chain factors that influence a government’s ability to maintain digital sovereignty. It highlights challenges related to jurisdictional complexity, reliance on global suppliers, evolving cyber security risks, and internal capacity, while underscoring the need for interoperability across government and with trusted international partners.

The second layer is infrastructure sovereignty — the question of which systems, platforms, and networks carry government services, and who controls them. The Open Rights Group has argued that if the UK got into an argument with a foreign power, that power could swiftly close down the UK’s government by closing down US-owned IT and cloud systems. The scenario is not hypothetical. Governments that rely entirely on foreign-owned cloud infrastructure for their essential services carry a structural vulnerability that no domestic security policy fully resolves.

The third layer — least examined and arguably most foundational — is identity sovereignty: the question of who controls the addresses through which government presents itself to citizens and through which citizens reach government services. An institution that does not control its own address cannot fully control its own identity. A name that can be allowed to lapse, that can be redirected by a registrar acting under commercial or regulatory pressure from outside Queensland, is not a sovereign address in any meaningful sense of the word.

These three layers are distinct, but they are related. A government might achieve substantial progress on data sovereignty and infrastructure sovereignty while leaving identity sovereignty entirely unaddressed. The result would be an institution that holds its data securely, runs its services on robust infrastructure, but presents to the world through an address it does not, in the final analysis, own.

QUEENSLAND AS A CASE FOR CIVIC PERMANENCE.

Queensland is a particular kind of polity. It is one of the oldest continuous governments in Australia — the Colony of Queensland became the Queensland State Government on the 1st of January 1901 when Federation occurred, and the institutions that predate federation itself go back further still to the separation of Queensland from New South Wales in 1859. Queensland is a constituent state of a constitutional monarchy, and its government is based on the British Westminster parliamentary system. Its institutions are not new arrangements. They are the accumulated civic architecture of more than a century and a half of public life.

That history imposes a particular obligation on how Queensland manages its digital future. The institutions of Queensland government are not startups. They do not operate on a quarterly cycle. They are designed to carry public trust across generations, and the addresses through which citizens reach them should reflect that design. An address that can be disrupted by a commercial accident, a registrar’s policy change, or a renewal failure is not fit for institutions of that standing.

The question of digital identity also connects, in important ways, to the question of place. Queensland is not a generic jurisdiction. It is a named place, with a name that carries specific civic meaning — for the people who live here, for the institutions that serve them, for the international recognition that will come with Brisbane 2032. The digital addresses associated with Queensland government should, where possible, carry that name in a form that is as enduring as the name itself.

A namespace anchored in the name of the place — health.queensland · courts.queensland · parliament.queensland — is not merely a cosmetic preference. It is an assertion of civic identity at the infrastructural level: an insistence that the digital presence of Queensland institutions should be as distinctly and permanently Queensland as the institutions themselves. When such names are recorded on a permanent onchain layer, they carry that identity not only in the present but as a matter of record that no commercial decision can erase.

Digital sovereignty goes beyond technology and data regulation to include fostering entrepreneurship and funding innovation. For a state government, the same expansiveness applies: digital sovereignty is not only a technical matter, not only a security matter, not only a procurement matter. It is a matter of civic identity — of what it means for Queensland institutions to exist as themselves in the digital world, recognisably, continuously, and on terms that Queensland sets.

THE INSTITUTIONAL ARGUMENT FOR ACTING NOW.

Governments are, understandably, cautious about adopting emerging infrastructure. The caution is appropriate. Public institutions have obligations to citizens that private actors do not, and those obligations counsel against premature adoption of systems that have not demonstrated their durability. The conventional DNS system, whatever its limitations, has demonstrated its durability across decades. New naming systems, including onchain namespaces, are still earning that trust.

But caution and delay are not the same thing. There is a meaningful difference between a government that is carefully evaluating new infrastructure and a government that is simply unaware that a structural question exists. The argument here is not that Queensland should abandon the conventional web, or that it should stake its essential services exclusively on emerging infrastructure. It is the narrower and more defensible argument that Queensland’s institutional identity — its civic addresses, the names through which its permanent institutions present themselves — should be anchored in a layer that reflects their permanence, not merely their current commercial arrangement.

Earlier work on data sovereignty examined the management and jurisdiction of government information in cloud environments, focusing primarily on where data is stored and under whose laws it resides. A broader view considers the government’s ability to govern and sustain its digital operations, consistent with the legislative and policy frameworks that guide its activities. That broader view is the right frame. Governing and sustaining digital operations requires, at the foundation, that the names through which those operations are identified are themselves stable, sovereign, and indelibly associated with the institutions they represent.

Different works have focused on sovereignty from different perspectives, such as the usage of the decentralisation provided by blockchain technology as a potential ally for digital sovereignty. That alliance — between the permanence that public institutions require and the immutability that onchain infrastructure provides — is neither theoretical nor distant. It is a practical option available to Queensland now, at the level of civic identity, in the form of enduring names anchored to the state’s own place names and registered on infrastructure that no single commercial actor controls.

PERMANENCE AS A CIVIC PRINCIPLE.

There is a phrase that recurs in how governments describe their relationship to public trust: for generations to come. It appears in constitutional preambles, in the founding charters of public institutions, in the mission statements of hospitals and schools and libraries. It describes an ambition that distinguishes public governance from commercial activity — the ambition to build things that last, that continue to serve citizens beyond the lifespan of any particular administration, any particular technology, any particular commercial arrangement.

Digital infrastructure has not, historically, been designed with that ambition in mind. The domain name system was designed for a commercial internet. Cloud services are designed on subscription models. The addresses most governments occupy today were chosen for convenience, not permanence, and they carry no guarantee of continuity beyond the next renewal date.

What digital sovereignty means for a state government, at its most foundational, is the right to match the permanence of its intentions with the permanence of its infrastructure. It means the right to say: this institution will be findable here, under this name, not because a commercial registrar has renewed the registration this year, but because Queensland has anchored its identity at a layer that endures. It means the right to ensure that the civic addresses through which Queenslanders reach their government — for healthcare, for justice, for emergency services, for education — belong, in the fullest sense of the word, to Queensland.

That is not a technological aspiration. It is a civic one. And for a state with the history, the scale, and the ambitions that Queensland carries into its third century, it is an aspiration that deserves to be met with infrastructure equal to the task.