Sovereignty in AI is about control and agency, not isolation.
A declaration of interest before I start: I lead commercial strategy at a company that builds sovereign AI for defence, national security and other regulated industries.
So I have skin in this game, which, combined with my prior military service and concerns over global security, is also why I spend my days thinking about exactly where the line between “sovereign” and “open” should sit.
For defence, national security (NATSEC), and regulated sectors, what matters is that the sensitive layer, the operating system, mission-critical applications and the data they touch sit within national borders, under the control of cleared nationals, with you deciding who can access it and what gets shared. Everything else (hyperscaler infrastructure, foundation models, global engineering talent) can remain part of the picture, provided the crown jewels stay under your roof and your oversight.
All too often, “sovereignty” gets heard as “build everything yourself, behind a closed border.” But that is both impractical and unnecessary, especially where collaboration across allies is critical to our ongoing national security.
The real questions to ask
- Where does my data live? (residency within national borders)
- Who can touch it? (cleared nationals, controlled access)
- Who decides where it goes? (You retain the choice to share or not)
Sovereignty is about answering those three questions with confidence, not about reinventing the wheel.
For defence and NATSEC, especially, but also policing, critical national infrastructure, healthcare, and other regulated industries with tight compliance demands, the downside isn’t a compliance fine; it’s operational and national-security risk. The real concern is whether an adversary or foreign vendor could access, withhold, or switch off something critical. Sovereignty is what lets these organisations trust the system enough to actually use AI on sensitive workloads.
Sovereignty does not mean building a wall
Picture the full medieval works: crenellations, a portcullis, a moat. Sovereignty isn’t about keeping every foreign capability out.
You can run on hyperscaler infrastructure.
You can use a foundation model that wasn’t built in-country.
You can draw on global engineering talent.
The platform can be built elsewhere, as long as it’s hosted in-country, operated by cleared nationals, with critical apps built locally and the data layer resident and controlled domestically.
Sovereign at the layer that matters; open everywhere it’s safe to be.
Why “where” isn’t the same as “who”
Consider why this matters in practice. The US CLOUD Act allows American authorities to compel US-headquartered companies to hand over data they control, wherever in the world that data physically sits. A dataset hosted in a London or Frankfurt data centre, but operated by a US provider, remains reachable under US jurisdiction, often without the customer being notified. The lesson is blunt: access follows corporate control, not the location of the server.
So the sharpest version of “where does my data live?” is really “who controls the operator, and under whose laws do they answer?” That is the question residency alone can never settle.
Two examples of the principle
Vendor control. A provider holding significant control over a customer’s own applications, data, and workflows. This is what happens when “using a powerful platform” quietly becomes “depending on someone else’s grip on your operations.”
Self-restraint as a trust signal. A leading AI company is restricting access to certain models in response to export controls and extending that restriction universally rather than carving out exceptions. That is 100% pro-trust, not anti-innovation: a demonstration that the company respects national-security constraints even at a commercial cost.
Holding the keys, literally
The title isn’t only a metaphor. The cleanest defence against compelled disclosure is to hold your own encryption keys: if you control the keys, anything handed over without them is unreadable. Hold the keys, and you hold sovereignty, because even data sitting on someone else’s infrastructure stays yours.
It’s worth being honest that, in practice, compelled access to enterprise data held in Europe is rare, and providers do offer technical mitigations. But in defence and NATSEC, you plan for the capability that exists, not the frequency with which it happens to be used today.
Sovereignty enables sharing; it doesn’t block it
Just because a system is sovereign doesn’t mean its data is trapped. Sovereign systems can interconnect, especially AI operating systems designed to let data flow between them by deliberate choice. Trusted, faster information-sharing and lessons-learned across allies is easier when each nation controls its own system and can choose to share, versus everyone depending on the same opaque commercial platform that nobody fully trusts.
NATO already operates this way.
Federated Mission Networking lets allied and partner forces work together on a shared mission network while each nation retains ownership of its own. NATO’s own data strategy frames the goal as balancing the responsibility to share against the need to know. That is sovereignty and interoperability in the same breath: connected by deliberate choice, not by default dependency.
Interoperability without dependency is the key.
One honest objection
“Operated by cleared nationals” assumes you have enough cleared nationals to go round, and cleared engineering talent is scarce. But that scarcity is precisely the argument for not making every layer sovereign. Reserve your hardest-won, cleared people for the layer that genuinely carries the risk, the operating system, mission-critical applications and the data they touch, and let global infrastructure and talent carry the rest. Sovereign-everything doesn’t just cost more; it spreads your rarest resource too thin to be effective anywhere.
Sovereignty isn’t a wall; it’s a set of keys. For the sectors that carry national risk, the goal is confidence: knowing where your data lives, who can touch it, and that the decision to share always stays yours. Done right, sovereignty is what makes trusted sharing possible in the first place.
Written by Paul Gudonis, Chief Commercial Officer at Whitespace
Apply now for your limited 30-day free trial of Collective and experience the benefits today!
