Sovereign AI: Why digital independence is becoming a competitive advantage right now

It's no secret: the global digital economy is in flux – influenced by wars, cyber attacks, new regulatory requirements and even the political capriciousness of formerly reliable partners. Geopolitical tensions and conflicts highlight the importance of protecting critical technologies and infrastructures from external risks.

Sovereign AI – the ability of companies to make their own decisions about data, models and infrastructure – is the direct response to these challenges. The aim is to minimise risky technological dependencies and strengthen digital resilience.

Why digital sovereignty is now a priority

The growing importance of sovereignty is a pan-European phenomenon. Recent reports, such as the GenAI Impact Report, confirm this trend. Another indicator of the urgency of this issue is the placement of ‘sovereign AI’ at the top of this year's Gartner Hype Cycle for AI. Both publications clearly show that sovereign AI is gaining in importance. The expectation behind this is that companies will regain control over their data, systems and processes. Trade wars, sanctions and political conflicts in recent years have shown how fragile international supply chains and technological dependencies can be.

Companies that rely on the services of technology providers risk losing access to critical systems or data in an emergency. Digital sovereignty has therefore become the foundation of economic resilience: it enables companies to act independently of geopolitical influences and protect themselves against external disruptions.

The protection of sensitive data and intellectual property has been a key issue since the introduction of the GDPR. Now, the EU AI Act is joining the fray, imposing high requirements for transparency, security and accountability, especially for high-risk applications. This is not just a matter of compliance, but also of securing models and algorithms that are essential to many business models. Companies that store their data on third-party platforms expose themselves to the risk that it will be inadequately protected or even misused. Sovereign solutions based on open standards and interoperable technologies that put control over data and systems in the hands of companies provide a remedy here. They not only strengthen independence, but also the trust of customers and partners.

However, companies should not fall into alarmism. Sovereign AI does not mean that from now on everything should be handled in-house at any cost. Dependencies should be made clear and the ability to act should be actively sought. The market will also respond to the desire for more sovereignty. The reason for this is, of course, that companies such as Google and Microsoft have been operating in the EU for decades – and want to continue doing so, as the EU market will remain significant with a forecast turnover of 75.686 million.

Politicians have also understood the problem of dependencies and vendor lock-in. The provisions of the EU Data Act will come into force in September of this year, with the aim of facilitating interoperability and thus a faster switch between cloud providers, both technically and contractually.

These developments are positive, but they do not solve the underlying problem: foreign laws such as the US CLOUD Act allow authorities to access data even if it is physically stored in Europe.

The trend away from fully managed services towards more user participation and control is therefore irreversible. Companies and organisations increasingly expect solutions that are not only powerful, but also controllable, transparent and legally compliant.

What is sovereign AI anyway?

But let's take a step back: what does sovereignty really mean in the context of AI? Contrary to a widespread misconception, sovereignty does not mean hoarding graphics cards and building large language models yourself. Rather, sovereignty is a spectrum that varies depending on the company, its AI maturity and its business model.

A start-up that uses GPT models as a chatbot via an API for rapid market launch can certainly act sovereignly. An insurer with highly sensitive customer data, on the other hand, has completely different requirements for data security and availability if this data is to be stored in a cloud as training data for AI. We therefore define sovereignty as the ability to maintain control over one's own systems at all times. This is not about isolation or complete independence, but about the freedom to act autonomously, even in dependent relationships. This sovereignty is based on technological independence, operational decision-making power and control of the system.

Challenges on the road to sovereign AI

Strengthened by the desire for sovereignty, a clear trend is emerging: companies are increasingly willing to invest in European solutions and move away from fully managed services. However, this change also brings challenges that need to be overcome.

For many companies, the path to sovereign AI is a strategic project that goes far beyond the introduction of new technologies. Regulatory requirements such as the GDPR and the EU AI Act place high demands on transparency, traceability and clear responsibilities. This is particularly problematic in the case of black-box AI from third countries, which often does not meet European standards. Companies must ensure that their systems provide technical documentation and traceability in order to minimise regulatory risks.

Another obstacle is the dependence on a few large technology providers. Many companies have built their infrastructure and AI systems on proprietary platforms that make it difficult to switch. This vendor lock-in not only limits flexibility, but also poses risks to data security and control over sensitive information. Even though the EU Data Act promotes interoperability and is intended to make it easier to switch between providers, it is to be expected that providers will continue to try to lock customers in. Building sovereign AI therefore requires a critical assessment of the existing technology stack and a search for alternatives based on open standards and interoperability.

Control over data flows is a key element of sovereign AI. Companies must ensure that sensitive data does not flow unchecked into external systems where it could potentially be misused or inadequately protected. This applies not only to personal data, but also to intellectual property such as models and algorithms. The challenge is to make data flows transparent and implement security mechanisms that ensure the protection of this information.

Finally, sovereign AI requires not only technological adjustments, but also a cultural change. Companies must adapt their internal processes and mindsets to fully exploit the advantages of sovereign systems. This includes critically questioning existing structures. Ultimately, trust is the decisive factor: customers, partners and regulatory authorities expect not only compliance with legal requirements, but also proactive measures for security and transparency.

How should companies proceed now?

The first step is to critically evaluate the current AI stack. This involves not only identifying existing dependencies, but also analysing the risks to data protection and intellectual property in detail. This assessment must take into account the requirements of the GDPR and the new EU AI Act, especially for high-risk AI applications.

Based on these findings, a clear target operating model can be defined in the second step.

This involves developing a precise idea of what a secure and legally compliant model for your own AI applications should look like. The aim is to find the optimal balance between control, costs and flexibility.

A sovereign approach is therefore no longer a purely defensive measure, but an offensive strategy that strengthens long-term resilience, technological independence and the trust of customers and partners. Those who act now with foresight will not only position themselves as pioneers in an uncertain digital world, but also create a sustainable competitive advantage.

We support you on this journey

adesso supports your company in successfully shaping the path to sovereign AI. Our experts work with you to develop solutions that are not only technologically powerful, but also transparent, legally compliant and tailored to your specific requirements. From identifying the right AI strategy and selecting suitable technologies to seamless integration into your existing infrastructure, adesso accompanies you every step of the way. With our many years of experience in implementing AI projects, we create solutions that not only meet current requirements but are also future-proof.