The spreading acceptance of Cloud Services across geographically distributed and in different environments has intensified various concerns around data sovereignty, regulatory enforcement and security compliance. Traditionally, the cloud security architectures and integrators are deeply intertwined with cloud service providers and jurisdictional constraints, making it difficult for organizations to maintain control over their data while complying with diverse regulations. This kind of tight coupling introduces various operational inefficiencies, many legal complexities, and security risks, specifically cross-border data processing scenarios and in multi-cloud as well. To address these challenges, this research proposes a Decoupled Cloud Security (DCS) framework that separates security enforcement from cloud infrastructure, enabling dynamic and policy-driven control over data, independent of underlying cloud platforms. The proposed DCS framework take the advantages of distributed cryptographic key management, policy-aware access controls, confidential computing and secure enclaves to provide an abstraction layer which can ensures data security, data integrity, and sovereignty without even constrained by various cloud provider dependencies. Additionally, it incorporates compliance-aware orchestration which are allowing different organizations to automatically enforce jurisdiction-specific security policies and regulations in alignment with various regulatory mandates such as California Consumer Privacy Act (CCPA - USA),, GDPR - EU,  Health Insurance Portability and Accountability Act (HIPAA - USA), Personal Data Protection Act (PDPA - Singapore, Thailand, Malaysia), Brazil’s Lei Geral de Proteção de Dados (LGPD), China’s Personal Information Protection Law (PIPL), India’s Digital Personal Data Protection Act (DPDPA), Australia’s Privacy Act 1988, and international frameworks such as ISO/IEC 27001, NIST 800-53, Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM), and SWIFT Customer Security Programme (CSP). By using the mechanism to decouple the security mechanisms from cloud service providers, this framework empowers various organizations with support of granular control over security policies, encryption, and access management, irrespective of the cloud infrastructure.

Through theoretical modeling and empirical validation, this research demonstrates how enterprises can achieve regulatory compliance, mitigate vendor lock-in risks, and enhance security postures while maintaining the agility and scalability of cloud services. The findings provide a practical roadmap for enterprises, cloud providers, and regulators to establish a resilient, compliance-driven, and sovereignty-preserving cloud security model.