Sovereign AI in practice: from European ambitions to functioning ecosystems (without falling into isolationism)
- Jun 6
- 9 min read
In the previous text, I showed why we increasingly confuse data sovereignty in Europe with AI sovereignty—and why this distinction costs us a real competitive advantage. Here, I want to move from diagnosis to the practical level: how to build a functioning ecosystem of sovereign AI without falling into isolationism.
Europe faces a problem today that is not discussed enough: over the past two decades, its economy has grown more slowly than it could have, and productivity—especially labor productivity—has stalled. The Draghi Report from September 2024 estimates that closing the productivity gap with the United States requires 750–800 billion euros in additional investment annually, and digital technologies—with AI at the center—are one of the three key pillars of this response. It is becoming increasingly difficult to promise citizens that their standard of living will continue to rise as it has in the past. Artificial intelligence is one of the few tools that can realistically reverse this trajectory.
But there is a catch: AI can either close this gap—or widen it. If Europe adopts the role of a “recipient of ready-made solutions,” it will use AI, but the layer of value creation and control will remain elsewhere. Sovereign artificial intelligence is an attempt to find a third way: to accelerate adoption while simultaneously building its own engine of growth and autonomy.

Four possible paths by 2030
Looking ahead to the end of this decade, various strategic analyses (including McKinsey, Bruegel, and the Draghi report) outline four possible scenarios for AI development in Europe.
1. European digital sovereignty. Europe accelerates the adoption of AI and automation while simultaneously building its own capabilities and infrastructure. A large portion of spending, investment, and value remains within the region. Regulated sectors (banking, healthcare, the public sector, defense) use solutions they trust—because they are designed and maintained within the European context.
2. Externalized growth. Europe rapidly implements AI, but mainly relies on external suppliers. Productivity gains occur, but a large portion of value and control flows to global companies outside the continent. In key, sensitive industries, adoption remains lower due to regulatory risks and trust issues.
3. Underdeveloped independence. Europe is betting on local solutions, but fails to bring them up to the required quality and scale. Expensive, immature systems emerge that lose out to global competition. Companies and institutions are “independent” in theory, but in practice they lose productivity.
4. Missed opportunity. Neither adoption nor sovereignty is making progress. AI is used piecemeal, mainly in pilot projects, and the entire economy is sliding toward stagnation.
In practical terms, sovereign AI is an attempt to maximize the chances of a “European digital sovereignty” scenario and minimize the risk of falling into “externalized growth” or “underdeveloped independence.”
What does the target ecosystem for sovereign AI look like?
Instead of abstract declarations, it is worth viewing AI as a stack of several layers:
energy and network,
data centers and hardware,
cloud and computing platforms,
data platforms,
models and tools,
applications and agents.
There is no point in pretending that Europe will dominate all layers. Realistically—and strategically—three are key:
Applications and use cases. This is where the greatest value and highest margins are generated. Especially in sectors where Europe has strong expertise: industry, energy, mobility, healthcare, the public sector, and B2B software. Here, it’s worth pausing to consider a specific example that illustrates why this list is not merely abstract. One of the strongest European use cases for sovereign AI—and at the same time the least noticed in an industry discourse dominated by chatbots—is the digital twin of an industrial process: a production line, power grid, petrochemical plant, pharmaceutical facility, or railway line. Poland and, more broadly, the CEE region have operational data spanning decades of these installations’ operation—temperatures, pressures, vibrations, anomalies, operator decisions, maintenance cycles. This is the fuel that, by definition, cannot be sent to a global cloud: because it is simultaneously commercially confidential (each parameter is a fragment of competitive know-how), critical for security (industrial facilities are mostly classified under NIS2 as critical infrastructure), and covered by sector-specific agreements with equipment suppliers that prohibit the export of telemetry data. This is precisely the case where sovereign AI is not an ideology, but the only realistically available option. And in which Europe has a structural advantage that the United States lacks and China cannot replicate—because this data is physically here, in devices that cannot be moved.
Domain-specific and language models. Models that understand European languages, regulations, industrial processes, and healthcare or financial systems. These will power agents working in critical processes.
Tools and platforms for regulated sectors. Solutions that combine security, compliance, and local jurisdiction requirements with modern AI engineering.
The remaining layers—hardware and parts of the infrastructure—can largely rely on global supply chains, provided that projects ensure adequate control and transparency. The key is that in these layers, where sensitive data and decisions reside, Europe has a real influence on the architecture and the rules of the game.
Four stakeholder groups: who should do what
Sovereign AI will not happen on its own. It requires the coordinated efforts of four groups: governments, large companies, technology providers, and investors.
Governments and the public sector
Governments have three main roles:
Strategist – integrating sovereign AI into industrial and digital policy; identifying priority sectors (e.g., health, defense, energy, administration).
Investor – launching funds and programs (e.g., pan-European initiatives modeled after IPCEI for AI and compute) to support the development of local data centers, models, and applications.
Anchor Demand – leveraging the power of public procurement to create a market for sovereign solutions, rather than merely being a consumer of global products.
Without the role of the "anchor demand," even the best investment plans may end up with empty data centers lacking demand.
Large enterprises (AI takers)
Companies should, above all, stop treating AI as a series of pilot projects and move toward a well-thought-out transformation.
In practice, this means:
selecting a few critical business domains (e.g., production, customer service, network planning, grid management),
designing end-to-end workflows with AI, rather than numerous disconnected POCs,
building proprietary models and agents where their IP and competitive advantage lie (e.g., based on decades of production or clinical data).
In sensitive areas, companies should use sovereign stacks—local or proprietary—rather than relying solely on external APIs. In other areas, they can continue to use global services while consciously managing trade-offs.
Technology providers (AI makers)
Telecom companies, data center operators, local clouds, and AI platforms are the “muscle” of sovereign AI. Their tasks include:
building cloud regions and data centers with local operational and legal control,
offering AI-ready services: computing power, storage, and model platforms that meet sovereignty requirements,
forming vertical partnerships—e.g., with industrial manufacturers, energy companies, and the healthcare system—rather than offering only “bare infrastructure.”
What will set leaders apart from the rest is the ability to combine sovereignty with modernity—so that local solutions do not lag behind global ones in quality. In this layer, I have been developing my own stack for two years, designed specifically for regulated sectors in Europe and CEE: a sovereign AI gateway (as an access control point to models), an application-agent layer with auditable working memory, and a federated governance model based on an AI-Operating & Working Agreement. I have been designing these three components from day one to meet European auditability requirements—not as a compliance layer added after the fact. This is the difference that is currently the subject of a real battle in the enterprise segment in the EU.
Investors
Investors—both public and private—must accept that sovereign AI is not just lightweight software with a quick return on investment. It also involves capital-intensive investments in data centers, energy infrastructure, hardware, and long-term financing for the development of models and platforms before they achieve full monetization. At stake, however, is not just the ROI of a single company, but also the position of entire sectors and countries in the future economy.
Pitfalls: How Not to Ruin a Good Idea
A poorly designed sovereign AI program can do more harm than good. The most common pitfalls are:
Overbuilding ahead of demand – constructing massive, “sovereign” infrastructures without specific use cases, personnel, or a monetization plan.
Duplicating hyperscalers – attempting to replicate global services 1:1 in a local version, without the competitive advantage or scale, resulting in expensive, mediocre products.
Isolationism – closing oneself off from cooperation with global suppliers, which cuts off access to the latest technological advancements and drives up costs.
Ignoring energy – failing to link data center and compute development with energy planning and grid modernization; as a result, compute becomes a bottleneck.
Sovereign AI is not a wall around the continent. Rather, it is the intelligent setting of boundaries and priorities: what must be local and controlled, and what can remain global and shared.
A Minimal Program for Sovereign AI
To move from declarations to action, a country or large organization can adopt a simple four-step program.
Step 1: Select priority domains
Focus on sectors with high impact and high sensitivity: healthcare, banking, energy, defense, and public administration. This is where sovereign AI will have the greatest impact and is most needed.
Step 2: Build a pilot sovereign stack for specific use cases
Instead of designing a “sovereign state” on paper, select a few specific applications and, together with local partners, recreate the full stack: from data, through models, to applications. Prove that it works in a real-world process, not just in a lab.
In my experience, the minimum sovereign stack for a pilot in a regulated sector consists of exactly these three layers, which I described in detail in the previous text—the AI gateway, the application-agent layer, and the federated governance model. The entire system can be designed and deployed in 6–9 months for a single, well-chosen use case—broad enough to prove the thesis, and narrow enough to avoid falling into the first pitfall of overbuilding. This is the configuration I am actually implementing in the CDF (Cognitive Deployment Framework) for clients in regulated sectors in Poland and the region.
Step 3: Establish the operational model and governance
Define who is responsible for which layers, and outline the processes for certification, auditing, and incident management. Establish clear rules for collaboration between the public and private sectors and suppliers.
In my approach, this model is outlined in the AI-Operating & Working Agreement—a contract that establishes a federated division of responsibilities: the central team (CIO/CDO/Chief AI Officer) is responsible for the platform, standards, and oversight, while business domains are responsible for the day-to-day operations of agents within their workflows. The contract explicitly describes what an agent can do automatically, what requires human approval, who issues agent identities, who revokes them, and what the audit process looks like. Without such a document, sovereignty remains a declaration in digital policy but does not translate into daily operations.
Step 4: Scale based on results and demand
Expand the scope of what you do autonomously as usage, capabilities, and results grow. At the same time, invest in talent: migration programs, reskilling, and training for engineers, data scientists, and leaders.
Between autonomy and openness
Sovereign AI is not an end in itself. It is a tool to achieve two things at once: higher productivity and greater autonomy. The hardest part is finding a balance between autonomy and openness, between local control and global cooperation.
If Europe treats sovereign AI as a project of isolation, it will fail. If it treats it as a project of conscious prioritization—it can combine its strengths (industry, science, regulations, infrastructure) into a real, functioning ecosystem.
In the end, there remains a very practical question for you—as a decision-maker in technology or business: which processes and data in your organization should be handled by “sufficiently sovereign” AI, and where can you consciously trust global services because you’ll gain in speed and cost efficiency?
This is a question that cannot be answered in the abstract—the answer depends on the sector, the data profile, the regulator’s appetite, and where your real competitive advantage lies. If this question is becoming unavoidable in your organization—and in regulated sectors within the EU, I observe that it is being raised today in the boardrooms of virtually every large institution—it’s worth starting to ask it directly, rather than leaving it in the “we’ll address this next year” category. This is the area where I work with clients: I translate the above ideas into a tangible roadmap for sovereign AI at the level of a specific product, process, or business unit—with a realistic implementation timeline, a risk map within the European auditability framework, and a three-layer stack ready for piloting in 6–9 months.
A micro-pattern from practice
In most successful implementations of “sufficiently sovereign AI,” only a small part of the stack is fully on-premises—models are often mixed, development tools come from various sources, and part of the infrastructure resides in the global cloud. But 100% of decision points and data access pass through the sovereign AI Gateway: a single control point where it is determined which query goes to which model, what data can leave the retrieval layer, who has access to what, and how everything is audited retrospectively. It is the Gateway, not the model, that is the real point of sovereignty control. And this is the first thing worth designing before discussing which models to run locally and which to call via API.
This series breaks down the AI transformation in regulated sectors into seven layers:
Posts are published weekly on the product blogs allclouds.pl — genesis-ai.app/blog and savant-ai.app/blog. The entire series is a record of what I’ve learned from working in regulated sectors—decisions that had to be made faster than caution allowed, mistakes that taught me more than successes, intuition honed in conversations with no script, and the will to build something that doesn’t yet exist. |





Comments