There has been much discussion about the use of the word sovereign when describing many products and services, especially in the computer software space, none more than in Artificial Intelligence.
Many contest that the word sovereign can be divisive, limiting or undefinable. I disagree. I believe that the word has simply become inconvenient to most.
The English word has existed since around the 14th century (even older in Latin). As a noun is means a supreme authority or an old British coin, and as an adjective it means autonomy – the ability to operate without outside interference.
When it comes to AI sovereignty (and sovereignty of the associated data) this most often falls on the builders and sellers of AI products and services, rather than the client consuming those same products and services.
This narrows the field and introduces the real inconvenience of the word sovereign.
Let me explain through an Australian lens, but it is applicable to any nation.
There are many ways to measure the sovereignty of a company. The obvious is who owns the company? Are the shareholders majority Australian legal entities or Australian citizens? Is the Board located in Australia? Does it have foreign influence? Does the company report to an overseas parent? Does it pay all its taxes in Australia?
The above is just the question of ownership. However, sovereignty goes well beyond that, right down to operations.
Is the product built here in Australia? Or was part (or all) of the build carried out overseas by non-sovereign resources (for reasons of ownership or cost saving)?
It is here that the sovereign becomes an ‘inconvenient truth’ for the vast majority of AI product and service providers.
Our reliance on overseas software companies is so big that very few want to tackle the behemoth marketing budgets and lucrative sponsorship dollars of these companies and so we shy away from the term sovereign and default to even less defined terms like domestic or agency.
The complexity of AI sovereignty.
Many believe that AI creates greater complexity for sovereignty than in other industries. I don’t believe it does. Sovereignty of the supply or value chain is the same for sovereignty as it is for the manufacture of any product.
Let’s consider the layers of AI sovereignty.
The base layer – data centres. Where your data lives is important. Sovereignty in AI starts with where your data is held and processed. Is the data centre you have chosen located here in Australia and are the failover sites also in Australia? Does the company your chose have sovereign ownership and employ Australian staff?
The enablement layer – servers and GPUs. Clearly Australia does not have significant scale electronics manufacturing in this country (at this time) and so we must purchase physical hardware from offshore companies. But who is managing those servers for you? Unless you purchase your own servers and mount/maintain them in a sovereign data centre then you have a potential sovereign vulnerability. If you outsource the acquisition, installation and/or management of your servers and GPUs, then again you need to ensure that the company has sovereign ownership.
We are only two layers in and already almost every company in Australia will have failed. Many companies use international hyperscalers for data storage. Companies like Microsoft, Amazon, Google and more are not sovereign, nor will they ever be. All the hyperscalers sell the concept of a secure cloud. This is a nice way of saying that it is highly likely that your data is replicated offshore somewhere for redundancy.
“But ..” I hear many of your shout, about to tell me that you have a signed agreement with the hyperscaler that they will never replicate your data offshore. That’s a good start however you will note above that I called out the difference between data being stored and data being processed.
When a user inferences AI, the request must go to a GPU to be processed. Again, many of the hyperscalers use AI factories located around the world for pooled efficiency. Thus, your inference (possibly with attachments or corporate data) is being processed offshore. That offshore location may not have the same strict data privacy rules as Australia.
If you are one of the few who has also signed an agreement with the hyperscaler to only utilise GPUs installed in Australia, well done. But the rabbit hole goes deeper. Around 7 years ago the US enacted its US CLOUD Act. Australia has become a signatory to that Act. The US CLOUD Act allows US authorities to compel any US-based company to grant access to any server it owns or leases anywhere in the world.
So, if you are dealing with a hyperscaler, you are at risk of the US authorities simply looking in any of your servers. Unless all your data is deeply encrypted you have a possible exposure point.
Very inconvenient for the hyperscalers, so best not to talk about sovereignty.
The intelligence layer – foundational models. Australia already has some wonderful foundational models in image generation, medicine, agriculture, mining and more. We are a nation of educated and experienced AI resources despite what some may say. The algorithm behind google maps was developed here in Australia.
However, what Australia lacks is sovereignty in the generative AI darling field of large language models (LLM). Simply downloading a copy of a commercial model or a so called open-source model to a local server is not a sovereign solution. Yes, this includes using OpenAI in an Azure cloud as outlined above.
Australia has zero visibility on how offshore models have been built. We do not know what data they were trained on; if that data was sourced ethically; how the data was curated; what bias have been introduced and so much more. Further, we have little to no ability to direct, coerce or influence the owners of this technology to share such information with us.
In July of this year the US president signed an executive order mandating how model builders should treat DEI bias, essentially settling a cultural agenda for the entire world. Australia needs to stay in control of AI models, or it risks losing its vernacular, culture and values.
You should also consider where the current LLM models are inferenced. If you build a custom GPT or similar, where in the world is the GPU that will handle the inference of your app?
The user layer – applications of AI. The application layer of AI is arguably Australia’s frontrunner in sovereignty. There are some amazing AI application builders in this country making great user interfaces for a host of different styles and use cases of AI.
The builders who are sovereign owned (as discussed before) and that build all of their tools onshore using Australian resources could claim sovereignty. However, many utilise offshore resources immediately giving up sovereignty.
Using offshore resources to lower cost is convenient, so the word sovereignty becomes very inconvenient.
Beyond the product. how far does sovereignty extend?
A company’s sovereignty should not stop at how they build or deploy their products and services.
If we take the initial meaning of sovereignty to be the ability to operate autonomously then we need to ensure our operation is not reliant on an offshore entity whose operations are beyond our control. Recent Cloudflare outages have highlighted this vulnerability.
Almost every Australian company operates their primary communication channel, email, this way. They use a Microsoft or Google product (again owned by a US parent and subject to the CLOUD Act).
Google has seen this issue coming and now offers complete air-gapped solutions where you can purchase their software and run it on your own servers.
But think about the myriad of other software in use by corporates and AI builders alike. CRM, ERP, accounting, payment gateways, file sharing, call centre telephony, knowledge repositories and so much more are likely SaaS products hosted somewhere in the world, but not necessarily in Australia.
Consider that many of these products also contain embedded AI elements. So you could easily have a non-Australian CRM system utilising the inference of a non-Australian LLM. Who knows where in the world your data is being processed?
I am not naïve enough to suggest that a company can be 100% sovereign today. To do so would mean if our undersea cables were cut, we could continue to operate (albeit minus the internet of course). We are a long way from that. But more can and should be done to become less reliant and more in control of our autonomy.
How do we solve for sovereignty?
Everyone is looking for a one-and-done guide to AI sovereignty – essentially, tell me if I am sovereign or not. However, sovereignty in AI is a little more nuanced than that.
Sovereignty is dependent upon where you sit in the AI stack. Think about the stack as having four layers.
Top layer – AI applications
2nd layer – AI models
3rd layer – AI infrastructure
4th layer – AI data warehouse
If you are only in the 4th layer then sovereignty is relatively easy. Is your ownership sovereign and is your supply chain as sovereign as it can be?
At the 3rd layer you now need to consider the same test as above but also include a test of your data centre partner.
At the 2nd layer, the layer I am involved in (for full disclosure), the test gets more complicated. It is probably the most complicated. As above, we need to test ownership and supply chain of the infrastructure and data centres. However infrastructure needs to consider on two planes. The first is the infrastructure used to train the model and house the parametric data. The second plane to consider is the infrastructure used for inference. The easily forgotten large scale GPU deployment across the country to keep data always onshore, even at rest or being processed.
However, we now need to go beyond the infrastructure. We need to look at how the AI model was built, where it was built, who built it – are all of these sovereign? Or was development done offshore and we are repurposing? Similarly, if you are offering a presentation layer to your users (as is often the case of an LLM), where was that presentation layer built? Who built it? Is it housed securely in Australia?
The 1st layer repeats the tests of the third layer. AI application builders need to check their complete value chain including their data centre, their infrastructure and their models (both build and inference). Then they must make sure that their own build team and resultant product is sovereign.
Measuring sovereignty
This is where the rubber really hits the road. Everyone has their own measure of sovereignty. Some are very robust while others are more ‘domestic’ than ‘sovereign’.
The EU leads the way in measuring sovereignty by creating a Cloud Sovereignty Framework, which includes AI, in October of 2025.
The framework provides objectives of sovereignty (strategic, legal, data & AI, operational, etc). It also provides sovereignty assurance levels:
• Seal 0 – No sovereignty
• Seal 1 – Jurisdictional sovereignty
• Seal 2 – Data sovereignty
• Seal 3 – Digital resilience
• Seal 4 – Full digital sovereignty
Finally, the EU framework assigns a weight to each objective so that a score can be calculated.
Australia must develop its own version of this to address levels of sovereignty, especially for AI and related cloud services.
Conclusion
As I shared earlier, there are many software vendors that would prefer that we do not discuss sovereignty because it is terribly inconvenient for them.
To come close to being sovereign they would need to ensure their solutions were hosted on Australian servers in Australian data centres. They would have to be willing to share exactly how their products were built and make this auditable.
Most importantly they would need a local entity operating under a Deed of Sovereignty to ensure local operations were not influenced by global company policy, and ideally not parented in the USA due to Cloud Act provisions.
Extremely inconvenient – but for certain users and applications it is absolutely critical.
Sovereignty in our systems must stay at the forefront of innovation and be a part of robust conversation for Australia (or any nation) to realise the ongoing benefits this new technology can deliver.
