Resources & insights
The SOVALYX blog
News decoded and hands-on guides about sovereign infrastructure, business continuity and private AI.
Featured
Mauritius & Indian Ocean

Budget 2026-27: five tech measures Mauritian CIOs need to know
AI training for 50,000 people, Rs 13M for cyber-resilience, modernised public services: what the 2026-27 Mauritius budget means for IT leaders.
Read the article →
Data centres in Mauritius: what does hosting locally really change (latency, law, costs)?
Latency, applicable law, costs: local hosting vs Europe, South Africa and India compared, as the Côte d'Or technopole takes shape in Mauritius.
Read the article →
Data sovereignty in Mauritius: which data should never leave the island?
Public, internal, sensitive, critical: a simple grid to classify your data and decide what should stay hosted in Mauritius — and why it matters.
Read the article →
Fintech in Mauritius: the infrastructure behind the 2026-2030 strategy
RTO, RPO, tested DR plans and data protection: what Mauritius's 2026-2030 fintech strategy means for your infrastructure and how to prepare for audits.
Read the article →
Mauritian DPA + GDPR: where should your client data live?
How the Mauritian Data Protection Act 2017 and the GDPR overlap, what cross-border transfers require, and how to choose compliant hosting for client data.
Read the article →
Submarine cables: a digital plan B for Mauritian businesses
Mauritius relies on a handful of submarine cables (SAFE, LION, METISS, T3, IOX). Multi-path connectivity, local services, degraded modes: your plan B.
Read the article →
Cyclone season: the 7 IT tests to run before December
Failover, off-site backups, measured RTO, on-call chain: the 7 tests to run on your IT systems before cyclone season hits Mauritius (November to April).
Read the article →
Why Mauritius Is the Best Place in Africa and the Indian Ocean to Host Enterprise AI
First in Sub-Saharan Africa on the Government AI Readiness Index (53.94/100), Mauritius pairs stability, legal certainty and connectivity for your AI.
Read the article →
The State Is Scaling Up Its Cyber Defence: a Minimum Viable Plan for Mauritian SMEs
Immutable backups, monitoring, on-call response: the cybersecurity baseline every Mauritian SME needs while the State puts Rs 13M into cyber resilience.
Read the article →
Where should a Mauritian business host its website?
Local or overseas hosting for a Mauritian business website: latency for local visitors, applicable law, costs, and when hybrid hosting makes sense.
Read the article →
Managed IT in Mauritius: ten questions to ask before you sign
Reversibility, real SLAs, on-call cover, tested backups, data location, references: ten questions to ask an IT provider in Mauritius before signing.
Read the article →
Applying the 3-2-1 backup rule in a Mauritian SME
Three copies, two media, one off-site: how a Mauritian SME can apply the 3-2-1 backup rule, with immutability and real restore testing.
Read the article →
Secure remote work for Mauritian teams
VPN or ZTNA, MFA, personal devices, access to internal apps: a plain-language guide to secure remote work for Mauritian teams, with a checklist.
Read the article →
A customer service AI that speaks French, English AND Kreol
Why a private LLM tuned for French, English and Mauritian Kreol beats generic chatbots — and keeps your customers' conversations confidential.
Read the article →
Migrating to a private cloud in Mauritius: the drama-free steps
Inventory, prioritisation, progressive cutover, coexistence and reversibility: a step-by-step method for migrating to a private cloud in Mauritius.
Read the article →
What a (good) IT security audit looks like for a Mauritian SME
Scope, methods, deliverables: what a serious IT security audit covers for a Mauritian SME — and how to avoid the PDF-report-and-goodbye trap.
Read the article →
Power cuts: protecting your IT in Mauritius
Properly sized UPS, automated clean shutdown, generators and failover to a backup site: a layered plan to protect your IT from power cuts in Mauritius.
Read the article →
The fractional CIO: when it makes sense for a Mauritian SME
Hiring, outsourcing or a fractional CIO: the signs a Mauritian SME needs part-time IT leadership and how to scope the engagement properly.
Read the article →
Hosting health data in Mauritius: the precautions that matter
Why health data needs special care in Mauritius: Data Protection Act principles, encryption, audit trails and local hosting explained.
Read the article →
The EU AI Act seen from Mauritius: is your business in scope?
The EU AI Act applies fully on 2 August 2026, even outside Europe. What Mauritian BPOs, software vendors and IT providers should do now.
Read the article →
GDPR in Mauritius: the guide for a business serving Europe
When the GDPR applies to a Mauritian company (Article 3), how it stacks with the Data Protection Act, the EU representative, transfers and first steps.
Read the article →
Windows 10 has reached end of support: what should a Mauritian SME do with its fleet?
Windows 10 stopped receiving security fixes on 14 October 2025. Windows 11 migration, ESU, replacement or isolation: a practical plan for Mauritian SMEs.
Read the article →
DORA: what Mauritian ICT providers must deliver to their European financial clients
DORA has applied since 17 January 2025. Register of information, contract clauses, exit strategy, audit rights: what EU financial clients now demand.
Read the article →
Deepfake CEO fraud: protecting a Mauritian business when voice and video can lie
Cloned voices and fake video calls are the new face of CEO fraud. Out-of-band verification, payment controls and training for Mauritian businesses.
Read the article →
Mauritian BPO: the 2026 requirements coming from your European clients
NIS2, DORA, the AI Act and GDPR are flowing down to Mauritian BPO providers as security questionnaires and contract clauses. How to build one evidence file.
Read the article →
Post-quantum cryptography: why a Mauritian business should start its inventory now
Harvest now, decrypt later attacks and the scheduled deprecation of RSA-2048 by 2030: how a Mauritian business should start its cryptographic inventory.
Read the article →
Mauritian hospitality: securing the PMS, payments and guest wifi
How Mauritian hotels secure their PMS, payment terminals and guest wifi, and keep operations running through a high-season incident.
Read the article →
International

The EU AI Act Timeline 2026-2027, Untangled — Are You in Scope Even Outside Europe?
Full application on 2 August 2026, Annex III high-risk duties pushed to 2 December 2027, fines up to €35M: the real EU AI Act timeline, explained.
Read the article →
Sovereign Cloud Becomes a Regulatory Requirement: What the EU CADA Signals for the Rest of the World
Presented on 3 June 2026, in force on 4 August 2026, mandatory tiers from 2028-2029: what the EU CADA imposes on government cloud and what it signals.
Read the article →
76% of Backups Compromised: Why Your Backup Is Not a DR Plan
Backup repositories are targeted in 96% of ransomware attacks and compromised in 76% of cases. Immutability, air gap and tested restores explained.
Read the article →
Your SaaS AI Assistant Has More Access Than Your Intern: 2026's Blind Spot
A SaaS AI assistant connected through OAuth keeps standing access to your data. How to map, restrict and revoke those permissions before attackers do.
Read the article →
What Happens on Your Side When AWS Goes Down? The 4-Question Test
Only 20% of organisations say they are fully prepared for cloud outages. Four practical questions to find out what happens to you when AWS goes down.
Read the article →
What Really Happens to a Prompt Sent to a Public AI (and When It Becomes a Problem)
Training, retention, sub-processors: where a prompt sent to a public AI really goes, and when an internal LLM on private infrastructure makes sense.
Read the article →
NIS2: why your EU client will ask for your disaster recovery plan (even if you are in Mauritius)
NIS2 pushes continuity and incident-response duties down to non-EU suppliers. What EU clients will ask for, key contract clauses and a supplier checklist.
Read the article →
What does one hour of IT downtime really cost you? A step-by-step method
A step-by-step method to price one hour of IT downtime: lost revenue, idle staff, recovery costs, a worked fictional example and RTO/RPO targets.
Read the article →
Running a private LLM on your own infrastructure: hardware, real budget, use cases
What it really takes to run a private LLM in-house: GPU sizing, five cost lines, use cases that justify it and when public APIs still win.
Read the article →
Cloud repatriation: which workloads to bring back first (and which to leave in the cloud)
A cost, criticality and latency framework for leaving public cloud the right way: which workloads to repatriate first and which to leave alone.
Read the article →
RTO and RPO explained simply (and how to set yours)
RTO and RPO explained in plain language: clear definitions, the difference between them, examples by application type and how to set your targets.
Read the article →
The disaster recovery plan: a complete guide
What goes into a disaster recovery plan: core components, build steps, why testing is non-negotiable, classic mistakes and long-term upkeep.
Read the article →
Reading an SLA: what 99.9% hides, penalties and exclusions
Convert 99.9% availability into real hours of downtime, spot maintenance windows and exclusions, and find out whether SLA penalties actually protect you.
Read the article →
Immutable backups: how they really work
Object lock, WORM storage, logical and physical air gaps, retention rules: how immutable backups hold up when ransomware reaches your infrastructure.
Read the article →
RAG: connecting an LLM to your internal documents without leaks
How retrieval-augmented generation lets an LLM answer from your internal documents, the access-control and data-quality prerequisites, private hosting.
Read the article →
Data encryption: at rest, in transit, in use — what actually matters
What encryption at rest, in transit and in use each really protect, why key management is the true issue, and the most common mistakes to avoid.
Read the article →
24/7 monitoring: what to watch, what to alert on, who to wake up
Metrics that matter versus noise, meaningful thresholds, three alert levels, on-call and runbooks: 24/7 monitoring that wakes people for real incidents.
Read the article →
Cyber insurance: what your insurer will demand from your IT
MFA, isolated backups, a tested DR plan, EDR and access management: the evidence file cyber insurers expect, and why it protects you either way.
Read the article →
FinOps: the practical levers that cut your cloud bill
Cost visibility per service, rightsizing, reserved instances, cold storage and egress: the FinOps levers that actually shrink your cloud bill.
Read the article →
Shadow IT: regaining control without alienating your teams
Shadow IT thrives where IT says no too often: map real usage without a witch hunt, offer credible internal alternatives, keep governance light.
Read the article →
GDPR and hosting: where should your European clients' data live?
The GDPR demands demonstrable protection, not a location. Sub-processor chains, standard contractual clauses, encryption and keys: how to choose hosting.
Read the article →
GDPR processor: the compliance checklist
Contract, documented instructions, records, security, breach notification: GDPR Article 28 obligations turned into an actionable processor checklist.
Read the article →
Post-quantum: the 2026-2035 timeline and where to start
FIPS 140-2 certificates go Historical, CNSA 2.0 becomes mandatory for NSS, RSA-2048 deprecated by 2030: the PQC deadlines and how to plan your migration.
Read the article →
Cyber Resilience Act: the countdown has started for connected products
Reporting of actively exploited vulnerabilities starts 11 September 2026, full obligations by December 2027: who the CRA covers and what to prepare.
Read the article →
Data Act: switching clouds becomes a right
The EU Data Act has applied since 12 September 2025: migration assistance, phased removal of exit fees and the contract clauses to renegotiate now.
Read the article →
Autonomous AI agents at work: what we delegate (and what we don't yet)
Assistant vs autonomous AI agent: sensible use cases, access and drift risks, guardrails, and why private hosting matters twice as much.
Read the article →
Small language models: when a local SLM beats a giant
What a small language model is, when a local SLM outperforms a large model on cost, latency and privacy, and how a hybrid setup works.
Read the article →
Passkeys: the end of passwords at work, in practice
How passkeys work, why they resist phishing, and a pragmatic rollout plan for the enterprise — privileged accounts first, pitfalls included.
Read the article →
