~/krishnamallam/opinions/sovereign-ai-is-table-stakes.md
./home./opinionsonline · rome
krishna@medialogic:~$ cat sovereign-ai-is-table-stakes.md
18 May 2026·2 min read·
#sovereign-ai#regulation#eu

Sovereign AI is table stakes, not a feature

EU data residency is now table stakes - every hyperscaler offers it. But a US-owned cloud answers to the US CLOUD Act in Frankfurt just as it does in Virginia. Sovereignty is the floor, and residency is not the same thing.

For the last 18 months, every European enterprise pitch I've seen has framed "data sovereignty" as a differentiator. It isn't. It's the floor.

If you're selling to a Tier-1 European bank, an insurer regulated by IVASS, or a telco under EU NIS2, the question is no longer "is the data in Europe." Every hyperscaler will sell you an EU region now. The question is who can be legally compelled to hand it over. A US-owned cloud is subject to the US CLOUD Act and FISA 702 no matter which region the bytes sit in - Frankfurt, Paris, or its "European Sovereign Cloud" that is still Amazon-owned. Residency is settled. Jurisdiction is the live question, and procurement teams have learned to ask it.

What I mean by sovereign

In practice, sovereign AI for a regulated enterprise means:

  • The weights run on infrastructure with no US parent in the control chain. That means open weights (Llama 3, Mistral, DeepSeek V4, Qwen3, Kimi K2.6, GLM) on EU-owned bare metal - Hetzner, OVH, your own racks. A region-locked hyperscaler SKU keeps the bytes in Europe but leaves a US company in the control chain, so it is residency, not sovereignty. Useful, but not the same control.
  • The prompt logs stay under the same jurisdiction as the weights. This is the bit most teams forget. The model can be in Frankfurt, but if your observability stack ships traces to a US-owned SaaS, those traces sit under US compulsion - and the prompt is often more sensitive than the document it was built from.
  • The crypto keys stay with the customer. HSM in their estate, not in your VPC.

What this is not

It's not "we vendored a US-based model API behind a thin proxy and called it sovereign" - the proxy does not change who can be compelled to produce the data. And it is not "GDPR-proof": running outside US jurisdiction removes the US compulsion hook, it does not discharge your GDPR, EU AI Act, or DORA duties. Those still apply, in full.

Where the work is

The real engineering is in the boring parts: certificate pinning, audit logs that the compliance team can grep without crying, runbooks for the day a model needs to be swapped in 48 hours because a CVE landed. The model itself is increasingly a commodity. The platform underneath is not.

We've been shipping this stack for two years now. Happy to compare notes.

krishna@medialogic:~$ cd ../ · all opinions →