You have data sovereignty, but you don’t have sovereign AI: why Europe is holding itself back

In many European companies and institutions, there is a belief that the issue of technological sovereignty has been “checked off”: data is stored in local data centers, the cloud provider has a region in the EU, and the contract specifies European jurisdiction. In presentations, everything looks secure and compliant with regulations.

The problem is that this is only half the story. You can have full data sovereignty—and yet have no sovereignty whatsoever in the intelligence layer, i.e., where decisions are made, where models, agents, and recommendation systems operate. And this is precisely what causes Europe to get stuck on its own advantage: it has the data, it has the regulations, it has the industry, but too often it outsources the “brain” of the system.

Data sovereignty is not the same as AI sovereignty

Sovereign artificial intelligence is not about “setting up a server in the country.” It is about the ability of a state or organization to independently create, maintain, and control AI systems based on its own resources: infrastructure, data, models, and people, as well as its own rules, jurisdiction, and value system.

Four dimensions of sovereignty understood in this way can be distinguished:

• Territorial – where the data and computing resources are physically located.

• Operational – who can manage, shut down, modify, and maintain them.

• Technological/IP – who owns the technology stack and the intellectual property rights to the models and code.

• Legal – whose jurisdiction applies when something goes wrong.

Data sovereignty focuses mainly on the first and, to some extent, the fourth dimension: location and the law applicable to data processing. Sovereign AI goes much further: it concerns the intelligence layer, specifically who “owns” the system’s decision-making logic.

So you can keep the data in the country while having the entire intelligence layer—models, agents, orchestration—in the hands of external providers. In this setup, you have data sovereignty, but you do not have sovereign AI.

This isn’t ideology, but hard economics

It’s easy to dismiss AI sovereignty as mere “politics” or “ideology.” Yet the stakes are very practical.

First, an increasing share of economic value will come from sovereign or “sufficiently sovereign” solutions—especially in regulated industries: healthcare, finance, the public sector, defense, and energy. Where highly sensitive data and significant responsibility are at stake, it is difficult to rely solely on black boxes managed from another continent.

Second, for Europe, sovereign AI represents real growth potential. The Draghi Report from September 2024—the most influential analysis of EU competitiveness in the last decade—estimates that closing the productivity gap with the United States and China requires an additional €750–800 billion in annual investment, and digital technologies centered on AI are one of the three key pillars of this response. In the “digital sovereignty” scenario, part of this value remains in the region: in data centers, model-building teams, and companies providing applications. In the alternative scenario, it flows out along with the profit margin.

Third, if a country or a major sector relies exclusively on foreign models accessible via APIs, then:

• it exports data and knowledge abroad,

• it imports ready-made, high-margin services,

• and gives others the opportunity to train models using their own context.

The result is simple: the country becomes primarily a market and a source of “data fuel,” rather than a co-creator of technology. This is not a neutral choice—it is a matter of where value will be created and where expertise will be developed.

Three reasons why sovereign AI is making its way onto boardroom agendas

The topic of sovereign AI is already moving beyond the narrow circles of cybersecurity and regulatory specialists. It is appearing on supervisory boards, executive boards, and in ministers’ discussions. It is driven by at least three forces.

1. Legal liability—and its crystallization in regulations

Courts are increasingly ruling that the entity implementing AI is responsible for the consequences of its operation: bias, erroneous decisions, and damages resulting from the use of the system. Model providers go to great lengths to limit their liability in contracts.

These abstract principles of liability are now beginning to crystallize into specific regulations that redefine what it means to “use AI in a regulated sector”:

• DORA (effective January 2025) requires financial institutions to ensure the operational reproducibility of every system decision and full incident reporting.

• The EU AI Act for high-risk systems (credit scoring, HR, critical infrastructure, public administration, the judiciary) requires auditability, human oversight, and documentation of the model’s lifecycle.

• NIS2 requires strict access controls and the ability to respond to incidents in critical and key entities.

These three regulations share a common denominator: they require the implementer to have the ability to reproduce, explain, and correct system decisions. And this ability is structurally absent if the intelligence layer lies outside their control. If critical decisions are made by a model over which we have no real control (architecture, training, data, version changes), we create a gap between legal liability and actual influence over the system. Sovereign AI allows this gap to be narrowed—through auditability, the ability to intervene, and a clear chain of responsibility.

2. Geopolitical Resilience

Dependence on a few global suppliers carries the risk of an “emergency shutdown”: interruptions in service access, consequences of trade disputes, sanctions, and political tensions. This is not merely an abstract problem—it affects critical sectors: infrastructure, government, and defense.

Sovereign AI does not mean cutting ourselves off from the world, but ensuring that in key areas, the state and large organizations have a Plan B, C, and D that does not rely on “let’s hope the supplier doesn’t cut us off.”

3. Value Capture

If the entire “brain” of AI systems resides in the stack of external players, local companies pay for licenses and services, global providers accumulate profits, user behavior data, and know-how, while local innovation ecosystems develop more slowly because the most interesting problems have already been solved elsewhere.

Sovereign AI is an attempt to reverse this trend: to keep a larger share of the value within the country or region.

Europe Today: Sovereign Data, Dependent Intelligence

Looking at many initiatives in Europe, a clear pattern emerges:

• data is stored locally,

• data centers are located on European soil,

• there are “sovereign regions” in the cloud,

• politicians proudly speak of “data sovereignty.”

At the same time, key models are developed and updated outside of Europe, inference—the actual “thinking” of the system—takes place in environments controlled by external providers, and local teams often use AI as a ready-made tool, not as something they co-design.

This is a situation where the data layer is sovereign, but the intelligence layer is not. In practice, this means, among other things, limited ability to fine-tune models to local legal, linguistic, and cultural realities; difficulty in ensuring full compliance with European regulations; and a hindrance to AI adoption in regulated sectors, where the risk acceptance threshold is higher.

There is one more thing here that cannot be overlooked in 2026, even though just two years ago it was marginal in European discourse. When we talk about “external model providers,” we are increasingly no longer referring solely to the American stack. Chinese labs—DeepSeek, Alibaba’s Qwen, Zhipu’s GLM, MiniMax—have released a family of models over the past eighteen months that not only match top American models in many benchmarks but, unlike them, are available under open licenses for download and deployment on one’s own infrastructure. For the discussion on AI sovereignty in Europe, this is a shift in the balance of power that most industry publications have not yet addressed. A third vector has emerged—high-end models that can be run locally, without relying on a provider’s API, without sending queries outside the jurisdiction, but whose origin raises its own set of regulatory, geopolitical, and strategic questions.

For CIOs in the regulated sector, this presents a specific dilemma that did not exist two years ago. Today, one can deploy a frontier-class model in a Polish data center, maintain full operational and legal control over inference, meet backward auditability requirements, and do all this at a cost that is comparable to or lower than the annual fees for a top-tier American model via API. But: the model comes from a Chinese lab whose training processes, data selection, and state oversight are not transparent to the same degree as those of American providers. This is not an ideological question—it is a question of risk classes that previously did not need to be assessed. How much does the model’s openness (the ability to audit weights, fine-tune, and isolate it in a basement) weigh against the opacity of its origin? For some sectors—industry, general applications, less sensitive processes—the balance tips in favor of Chinese models. For others—defense, critical infrastructure, selected segments of banking and the public sector—origin remains a red line, regardless of technical appeal. Ignoring this third vector in an AI strategy in 2026 is the same as ignoring the public cloud in an IT strategy in 2014—you can do it, but you’ll be revisiting this conversation a year from now, under worse circumstances.

Where you really need sovereign AI, and where you don’t

The good news: sovereign AI doesn’t have to mean that everything must be local and “ours.” The key is to distinguish where a high level of sovereignty is essential, and where dependence can be consciously accepted.

You can look at this as a simple matrix:

• first axis: data and IP sensitivity (low vs. high),

• axis two: process criticality (low vs. high).

In areas where data and IP are not very sensitive and the process is not critical (e.g., parts of marketing, low-risk internal analytics), using global models and services makes sense: speed and cost are what matter. In areas where data is highly sensitive (healthcare, finance, defense) and the process is critical, a red flag should go up: there, we should strive to ensure that both data and intelligence remain under local control. Between these extremes lies a broad intermediate zone where hybrid approaches can be applied: some components global, some local, with a clear division of roles. In this intermediate zone, a third option is increasingly coming into play: a “ ” model—one deployed locally but sourced from a provider outside the EU—and choosing it requires a separate calculation in which the model’s origin carries as much weight as its technical class and license.

How to build “sufficiently sovereign” AI—three layers of the stack

Instead of thinking in black-and-white terms (“either everything local or everything global”), it’s worth designing a modular AI stack and consciously deciding which layers we want to control. In the implementation practice I’m developing as part of the CDF (Cognitive Deployment Framework) for regulated sectors, a sovereign AI stack can be broken down into three layers, each with a separate owner and a separate control model.

The gateway layer (AI Gateway). The point where your organization interacts with models—whether your own or external ones. It is responsible for routing queries to the appropriate model (local or global, depending on data classification), enforcing access policies in fail-closed mode, detecting and masking personal data before any transfer, and fully auditing every interaction. Without this layer, every query to an external model is an act of faith in the provider—and faith is not a category that can be audited.

Application-agent layer. The place where agent systems, runtime memory, domain semantics, and orchestration are built. In a regulated sector, this layer must meet the auditability requirements described above: every agent result must be retrospectively reproducible with precision down to the source data, model version, and invocation context. This is the layer where your actual domain advantage is created—and that is why it should remain with you.

The governance and operations layer. This is where policies, processes, audits, incident response, and agent lifecycles reside. In my practice, I describe it as the AI-Operating & Working Agreement—a contract establishing a federated model of accountability between the central team (platform, standards, oversight) and the business domains (agents’ day-to-day operations within their workflows). Without this layer, even the best technical architecture falls apart within the first year of production use, because no one knows who is responsible for what when something goes wrong.

The key to success is that these three layers are designed together, not added on after the fact. Sovereignty added as a compliance layer to an existing stack doesn’t work—this is one of the most important lessons I’ve learned from implementations in regulated sectors over the past two years.

What if we don’t do this?

If Europe and European companies stop at the level of “data sovereignty” without moving on to sovereignty in the intelligence layer, the consequences will be very tangible:

• Regulated industries will continue to hesitate to scale AI—the lack of solutions offering full control will block implementations, and productivity and competitiveness will lag behind other regions.

• An increasing share of added value will be generated elsewhere—here we’ll be left with the costs of infrastructure and regulation, while profits from models and applications go elsewhere.

• Europe and individual countries will primarily become consumers of technology, rather than co-authors of answers to fundamental questions: how AI should operate, what values it should reflect, and what ethical and safety standards it should uphold.

In the end, there remains a question worth asking at both the national and organizational levels: in a world based on artificial intelligence—to what extent are you truly the owner of your intelligence, and to what extent are you merely the owner of your data?

A Micro-Case Study from Practice

The quickest test of real AI sovereignty isn’t the question of where the server is located. It is the question: can you reproduce exactly which data and which model version were used to make a specific decision three months ago? With precision down to the record, the weight version, and the context of the call. If so—you have sovereignty as an operational capability. If not—you have it as a declaration in digital policy. Most organizations that talk about AI sovereignty today would fail this test. And this is the first question worth asking before making any investment in the stack—because without this capability, no other layer of control matters.

In the next article, I’ll show how to translate this diagnosis into a practical roadmap: what scenarios Europe faces by 2030, which layers of the stack are worth realistically controlling, and how to build a “sufficiently sovereign” ecosystem without falling into isolationism.