At Cisco Live in Las Vegas, Techzine TV spoke with Gordon Thomson, president of EMEA at Cisco, about his first year in the role, the rapid evolution of the market. They also discussed two of the company’s most consequential strategic bets: Sovereign Critical Infrastructure and Cisco Cloud Control.
Gordon Thomson stepped into the Cisco EMEA president role roughly one year before this interview. By his own account, the pace has been unlike anything he anticipated. In the months since Cisco Live Amsterdam, the region has absorbed a war it didn’t see coming and a memory price crisis that pushed costs up fivefold. Furthermore, it has seen the emergence of Mythos. All of this was compressed in just a few months. “It’s a 3-month period, that’s more like 4 years,” as he says it.
Thomson identifies two sides to the compression of many significant developments into a window of only several months: the opportunity that comes with moving fast and being agile. At the same time, there is the internal challenge of making decisions without the luxury of full analysis. Cisco CEO Chuck Robbins has publicly endorsed the idea that a bad decision you can correct is better than no decision at all. Thomson has made that philosophy central to how he leads his team.
Sovereign Critical Infrastructure: from signal to legal framework
When Cisco launched Sovereign Critical Infrastructure (SCI) in September 2025, the initial offering was limited. It covered a handful of switches, some devices, and a Webex endpoint, with no compute included. Thomson acknowledges this was intentional. “That was really more an intent at the time,” he explains. The goal was to signal to the market that Cisco was shifting its mindset. After years of pushing customers toward cloud-first architectures, the company was recognizing that sovereignty had become a boardroom-level concern.
The formal launch came in April, and with it, something more substantial: new legal terms and conditions that give customers binding guarantees. Those guarantees cover three areas that matter most to governments and critical infrastructure operators: no backdoors, fully air-gapped operation, and continued product functionality in the event of embargo, war, or crisis. “It’s a legal framework now that gives them guarantees that otherwise they never had before,” Thomson says.
Traction has spread beyond the expected buyers in defense and central government. Cisco is now seeing pipeline across manufacturing, retail, and operational technology environments. These are sectors where OT infrastructure has become an increasingly attractive target not just for data breaches but for outright destruction.
13 product families and the recertification challenge
The SCI offering now spans 13 product families: data center products, campus networking, wireless, collaboration, and Splunk’s on-prem offering. Compute is included. But the more significant near-term challenge is the installed base.
Many customers who already own the relevant hardware want sovereign guarantees without buying new equipment. Cisco’s answer is a recertification program, planned for later in 2026. It audits existing devices and converts their licenses from subscription-based to perpetual. The device hardware itself does not change. Only the software delivery model and the accompanying legal contract change. Customers pay a flat fee for 1, 3, 5, or 7 years of sovereign support.
Thomson estimates the addressable installed base runs into the hundreds of millions of devices. “You don’t realize how complex it is to launch things like that into the market,” he says. The perpetual license model is a deliberate trade-off: Cisco accepts reduced recurring revenue in exchange for customer loyalty.
The sovereignty debate: emotion, trust, and the price of purity
Not everyone is satisfied with what US vendors can offer, even with legal guarantees. Thomson acknowledges the emotional dimension of the sovereignty discussion. He also notes the trend toward chip-level stipulations in RFPs from some organizations and colocation providers. His assessment is clear: true chip-level sovereignty comes at a price that most customers are not prepared to pay.
For organizations that want every component designed and manufactured within a trusted domestic supply chain, the cost is prohibitive. This is especially true in a region where the available partners are scarce. Thomson’s position is that Cisco’s value lies in offering choice. Customers can place some workloads in public cloud, move sensitive data to SCI-certified on-prem infrastructure, or opt for a middle ground via sovereign cloud stacks operated by local service providers.
Reducing the cost of sovereign cloud
AI helps to bring down the cost of sovereignty, we hear from Thomson. That is, AI is changing the economics of sovereign cloud delivery. Building cloud-based services has always required deep, bespoke integration with cloud vendor infrastructure. That is an integration that is expensive to replicate inside a sovereign boundary. However, Thompson says AI is now helping reduce both the cost and the manpower required to achieve that interoperability. This makes it viable for Cisco to work with in-country service providers to run sovereign cloud stacks locally.
On the question of on-prem dashboards, specifically whether products like Nexus Dashboard can be fully air-gapped, the answer is nuanced. Some dashboards are cloud-only; others can run on-prem but with reduced functionality. Updates to air-gapped environments are delivered via encrypted channels rather than USB sticks. However, the additional complexity carries a cost. Thomson is direct: these services will cost more than standard offerings, and whether customers are willing to pay that premium is an open question.
Cisco Cloud Control
Thomson, who has worked at Cisco for 29 years, also has some interesting things to say about Cisco Cloud Control, the platform announced at Cisco Live Las Vegas. “From my perspective, this is one of the most fundamental things we have done,” he says.
Cloud Control unifies networking, security, and observability into a single platform, with AI agents that help customers manage and automate their environments and understand what is happening across their infrastructure. It builds on five to six years of incremental development. Any customer already running Cisco management or automation tools is automatically integrated into Cloud Control.
The platform is currently cloud-only, a deliberate architectural decision given its complexity, and is rolling out in the US first before expanding to Europe. There are no firm dates for the European rollout yet. For sovereign customers who cannot route data through public cloud, the cloud-only characteristic of Cloud Control is a trade-off they will need to evaluate carefully. Thomson acknowledges the tension. He believes the platform’s capabilities, particularly its relevance to addressing legacy tech debt and end-of-life equipment exposed by threats like Mythos, make it a game changer regardless.
Also read: Cisco Cloud Control brings most of Cisco together on a single platform