The term “sovereign AI and data” became increasingly prevalent in recent years, initially driven by cloud infrastructure providers responding to the need to support regional regulations with sovereign cloud offerings. However, the use of sovereign cloud infrastructure is not required to deliver compliance with data sovereignty regulations. In fact, our research indicates that having the autonomy to choose between different architectural options is increasingly important for enterprise sovereign AI and data strategies.
In our forthcoming ISG Buyers Guide for Sovereign AI and Data, we assess the capabilities required for an enterprise to operate its AI and data strategy while avoiding the risks associated with getting locked into a specific architectural approach or set of providers. In this Analyst Perspective, I explore the potential role of sovereign cloud as one—but by no means the only—element of delivering AI and data autonomy.
Enterprises developing and deploying artificial intelligence applications and agents must govern data and monitor and maintain these resources to ensure they remain accurate and relevant as market conditions, as well as regulatory requirements and governance policies, evolve. This requires governance and monitoring frameworks that ensure projects comply with internal policies, regulatory requirements and data sovereignty laws such as GDPR in the European Union and LGPD in Brazil. Organizations must also ensure compliance with security frameworks such as ISO 27001, SOC 2, NIS2 and FedRAMP. Software providers have responded to the need for reliable AI governance and operations tools and processes, while cloud infrastructure providers have introduced sovereign cloud offerings that operate within the borders of a sovereign state in adherence to its data sovereignty laws.
Sovereign cloud providers have naturally begun using the term sovereign AI and data to describe AI and data workloads that run on sovereign cloud environments. While this is a logical extension of sovereign cloud, it also implies that enterprises require sovereign cloud infrastructure to deliver compliance with data sovereignty regulations. This is not the case. Many enterprises are using self-managed, on-premises architecture to fulfil data sovereignty requirements. In fact, our research indicates that having the autonomy to choose between different architectural options is increasingly important in relation to enterprise sovereign AI and data strategies. Ideally, such a strategy would also include the freedom to choose between options related to infrastructure, data management, analytics and AI software. I’ll explore each of these in turn.
A fundamental requirement for an enterprise operating across multiple geographic regions is an AI and data infrastructure that enables the management of data across multiple cloud environments and on-premises infrastructure. As my colleague Jeff Orr asserts, through 2027, more than one-half of enterprises will operate across multiple cloud computing providers to meet data sovereignty requirements.
Additionally, an enterprise operating a sovereign AI and data strategy should have the option to use the platform on self-managed infrastructure, either on-premises or in a virtual private cloud, or consume the AI or data platform in a sovereign cloud or managed virtual private cloud infrastructure environment. Ideally, AI and data platform software that enables complete autonomy should provide an enterprise with all four options (self-managed on-premises infrastructure, self-managed virtual private cloud infrastructure, managed virtual private cloud infrastructure, and managed sovereign cloud infrastructure) and the ability to mix and match as required.
Freedom of choice must extend throughout the software stack. An enterprise operating a sovereign AI and data strategy should have the option to choose machine learning, deep learning and AI models from multiple providers. There are good arguments for avoiding cost and complexity by reducing the number of models used, but a sovereign AI and data strategy requires the autonomy to combine multiple predictive, generative, agentic or reasoning models, whether those are supervised, unsupervised or reinforcement learning models. This freedom includes using different software providers for developing, operationalizing, managing and governing AI models, applications and agents.
Enterprises also need the flexibility to use data management, data operations, business intelligence and data science software from another provider. There are similarly strong arguments for avoiding cost and complexity by limiting the number of software providers, but for complete autonomy, an enterprise should have the option to use different providers for data governance, data quality, master data management, data integration, data pipelines, data orchestration, data observability and data products, as well as real-time data processing.
I assert that through 2028, one-third of enterprises will prioritize AI and data platform providers that enable the use of data management and data operations software from multiple providers to support a sovereign AI and data strategy. Similarly, an enterprise should have the option to use different providers for business intelligence and data science, including reporting and visualization tools, programming languages, development environments and machine learning frameworks.
Beyond software choice, an enterprise may need to incorporate data from external platforms and applications. We also see enterprises looking to software and infrastructure providers for resources that facilitate the development of an enterprise's cloud exit strategy to support moving data, applications and workloads out of a cloud provider, either to another cloud or for on-premises deployment. Enterprises should also ensure that sovereignty will be respected throughout the full lifecycle of the project, and be wary of products that may not always be available for deployment on premises.
Few providers are likely to support the full breadth of options that would enable an enterprise to have complete autonomy over its AI and data strategy, and few enterprises are likely to take advantage of all these options. A strategy involving too many different providers adds complexity and risk that is at odds with the requirements of delivering compliance with multiple data sovereignty laws. As such, any sovereign AI and data strategy will involve trade-offs between freedom and risk avoidance.
Every use case will be different, but I recommend enterprises use the considerations raised above—and included within the forthcoming ISG AI and Data Platforms Buyers Guide—as a checklist to assess the relative importance of these trade-offs in relation to different data, analytics and AI product categories. Providers can also use it to evaluate the ability to support the range of theoretical options that could be required to address an enterprise’s sovereign AI and data strategy.
Regards,
Matt Aslett
Fill out the form to continue reading.