Traditionally, sovereignty in the technology space has been synonymous with data residency: Keeping information within national borders to satisfy regulatory requirements such as the European Union’s General Data Protection Regulation (GDPR).
But today the definition is changing, and AI is driving that change. Increasingly, sovereignty refers to AI sovereignty — the end-to-end control over the AI lifecycle, including data lineage, model training, inference, and the infrastructure those systems run on.
In some markets, particularly in Asia-Pacific, this extends to nationally controlled ecosystems, where governments and local providers ensure that data, compute, and software remain within trusted boundaries. The Japanese government, for example, is developing requirements for AI systems to operate entirely within domestic infrastructure, with strict controls over where data resides and how it is processed.
Companies need to be aware of this broad shift. Sovereignty is no longer just about compliance with data-security and privacy mandates. The concept has become about control, trust, and managing geopolitical risk.
Boards Are Paying Attention
The adoption of AI has become a core strategy for company boardrooms. While the effectiveness of AI systems across business operations has not yet played out, the industry has leaned hard into themes that AI will drive productivity improvements for the next decade. With AI companies promising that the technology will reduce costs, drive innovation, and unlock new revenue streams, executives are keen to integrate AI with their infrastructure.
Yet, data security, trust, and sovereignty have become challenges that need to be solved. Boards are asking how quickly their organizations can adopt AI and how to do so without exposing sensitive data or intellectual property.
For CIOs, one of the most practical challenges is deciding where AI workloads should run. The answer increasingly depends on data sensitivity, cost, and sovereignty constraints. Lower-risk use cases — such as internal copilots for human resources or employee support — are often deployed on global hyperscaler platforms. These applications typically rely on less sensitive data and can tolerate some level of external exposure.
By contrast, workloads involving core intellectual property, such as source code, product designs, or proprietary algorithms, are more likely to remain in sovereign environments —whether that is on-premises, in private clouds, or in nationally controlled infrastructure.
Some nations are pushing domestic companies to own the entire AI stack, from the power plug all the way up to the models being served. Data sovereignty extends from the data being created by applications to where that data is stored and how it’s being enriched along the way.
Rethinking Where AI Workloads Live
This tension between opportunity and risk elevates sovereignty to a strategic priority. While sovereignty requirements are often challenges to overcome, in some regions, it’s not slowing innovation, but accelerating it.
In Japan and South Korea, for example, organizations are investing in localized AI infrastructure, including smaller, regionally focused data centers and service providers. These boutique ecosystems are designed to meet local regulatory requirements while delivering AI capabilities tailored to language, culture, and industry needs.
This decision-making is not just strategic but also shaped by supply-chain realities, particularly the availability and cost of GPUs and other AI hardware. In some cases, organizations are forced to rely on hyperscalers simply because on-premises infrastructure is too expensive or difficult to procure.
The result is faster adoption. Enterprises can deploy AI systems that are already compliant with national regulations and optimized for local use cases, reducing friction in procurement and implementation. Sovereignty enables innovation that is both faster and more targeted. This creates a hybrid model in practice: Enterprises balance sovereignty requirements with the need for scalable compute, often distributing workloads across multiple environments.
Building for a Sovereign Future
By 2028, most countries will have mature sovereign frameworks for AI. Emerging technologies, such as processing encrypted data and securing data pipelines between on-premises and cloud environments, could allow organizations to leverage public infrastructure without compromising sensitive information. This would enable CIOs to take advantage of hyperscaler scale while maintaining control over critical assets.
In the near term, however, CIOs should focus on data governance and preparation by ensuring that data is properly labeled, annotated, and enriched with metadata. Strong data lineage and provenance capabilities will be essential for enforcing sovereignty policies and enabling AI systems to operate safely across environments.
Organizations that invest in these foundations now will be better positioned to adapt as sovereignty requirements evolve. Those that do not may find themselves constrained, unable to move data, deploy models, or scale AI initiatives without significant rework.
The shift to AI sovereignty reflects a deeper concern about how nations and organizations think about control, risk, and value in the age of AI. For CIOs, the challenge is to strike the right balance, both leveraging global innovation while maintaining local control. Done well, sovereignty does not have to be a barrier, but a way to build AI systems that are both trusted locally and relevant.

