top of page

AI & Digital Sovereignty: Why Nations and Enterprises Are Rethinking Technology Dependencies

Saumitra Kalikar

In June 2026, the AI sovereignty debate became very real. Anthropic’s advanced Fable 5 and Mythos 5 models were reportedly disrupted after a US export-control order linked to national security concerns. Around the same period, reporting also suggested tighter scrutiny of advanced model releases by US authorities. Whether these restrictions prove temporary or become part of a broader pattern, the message for enterprises outside the United States is clear: access to frontier AI can be shaped by national security decisions, export controls and geopolitical priorities.

For years, enterprises adopted global cloud, SaaS and AI platforms because they were faster, cheaper and more capable than building everything internally. That logic still holds. But as AI becomes embedded into decision-making, software engineering, cyber defence, customer service and operational workflows, technology dependency is no longer just a sourcing question. It is becoming a strategic resilience question.

The issue is not whether nations or enterprises should disconnect from global technology ecosystems. They cannot, and they should not. The real question is whether they understand which dependencies matter, where control is required, and how they would respond if access, price, trust or operating conditions changed.

The next strategic risk is not technology adoption. It is unmanaged technology dependency.

1. Digital sovereignty is no longer just data residency

For many years, digital sovereignty was treated mainly as a data residency issue. If data was stored locally, many organisations assumed the risk was largely addressed. That view is now too narrow.

Data location still matters, particularly in government, healthcare, financial services, defence and critical infrastructure. But data can be hosted locally while the platform, support model, privileged access, encryption controls, software updates or operational decisions remain dependent on offshore providers or foreign jurisdictions.

True digital sovereignty is about control. Who can access the data? Who operates the platform? Who holds the encryption keys? Who can suspend, inspect, modify or recover the service? How quickly can the organisation move if a provider becomes unavailable, unaffordable or untrusted?

Many enterprises now run core operations on a concentrated set of global platforms. Identity, collaboration, cyber monitoring, analytics, customer engagement and software delivery are often deeply embedded into a small number of vendors. That concentration is not automatically wrong. It becomes risky when the organisation has limited visibility and no realistic exit path.

Digital sovereignty is not a geography question. It is a control question.

2. AI expands the sovereignty challenge

AI changes the dependency equation because organisations are no longer only consuming infrastructure or software. They are increasingly consuming external intelligence.

AI models are being embedded into customer service, software engineering, marketing, risk analysis, fraud detection, claims processing, knowledge management and cyber operations. In some sectors, AI is beginning to influence public services, clinical workflows and decisions with legal, financial or reputational consequences.

This creates new control questions. What data is sent to the model? Are prompts and outputs retained? Where does inference occur? Can the provider inspect or use enterprise data? Can decisions be explained? What happens if the model changes behaviour, becomes unavailable, is withdrawn from a region or becomes materially more expensive?

Agentic AI raises the stakes further. A chatbot that summarises documents is one risk profile. An AI agent that can update customer records, approve transactions, trigger workflows or access operational systems is very different. In that scenario, sovereignty becomes a runtime control issue. Organisations need to know what the agent can do, what data it can access, what tools it can invoke, how actions are logged and how exceptions are escalated.

AI sovereignty is the question of who controls the intelligence layer of the enterprise.

3. Technology dependency has become geopolitical

Frontier AI models are no longer being treated as ordinary software products. They are increasingly viewed as strategic technologies with national security implications.

This is consistent with broader global moves. The European Union’s technology sovereignty agenda focuses on cloud, AI, chips and open source. The European Chips Act was designed to strengthen semiconductor capability and reduce strategic dependency. Australia’s National AI Plan focuses on AI infrastructure, adoption, capability and safety, while its expectations for data centre and AI infrastructure developers link AI growth to national interest, energy, water, grid capacity, skills and local capability.

The lesson is clear: AI does not run on software alone. It depends on compute, chips, cloud regions, data centres, power, cooling, cyber security, data access, research capability and skilled people. Nations that cannot influence or assure these foundations will face strategic constraints.

For Australia, this does not mean attempting to replicate the United States, China or the European Union. It means being clear about which capabilities require sovereign-grade assurance, where trusted partnerships are sufficient, and where over-dependence creates unacceptable exposure.

AI capability is becoming a function of national resilience, not just digital innovation.

4. Open-source AI is becoming a sovereignty lever

Open-source and open-weight AI models are becoming increasingly important in the sovereignty conversation. They do not solve every problem, but they can reduce dependence on a small number of closed frontier model providers.

Open models can give nations and enterprises greater transparency, portability and adaptability. They can be deployed in controlled environments, fine-tuned for local language or sector context, inspected more deeply than closed services, and used as part of a multi-model strategy. This matters when access to frontier closed models can be restricted, repriced or governed by another jurisdiction.

The EU Open Source Strategy explicitly places open source at the centre of Europe’s technological sovereignty by promoting European open alternatives in critical domains. For enterprises, the same principle applies at a practical level. A portfolio that includes open models, commercial models and domain-specific models can provide more resilience than a strategy locked into one proprietary provider.

However, open source does not mean risk-free. Open models still require strong governance, cyber controls, model evaluation, licensing review, data protection, monitoring and operational support. The value is not that open-source AI is automatically sovereign. The value is that it can create more architectural choice and reduce dependency concentration.

Open-source AI is not a complete sovereignty answer, but it is a powerful hedge against model dependency.

5. Sovereignty is not isolationism

Sovereignty should not be interpreted as a call to build everything locally or reject global providers. Modern economies are deeply interconnected. No enterprise can own every layer of the technology stack. Very few nations can either.

The objective should not be independence at any cost. It should be deliberate interdependence.

Some workloads can run safely on global platforms with standard controls. Others may require higher assurance, including sensitive citizen services, critical infrastructure operations, regulated decisioning, healthcare data, national security workloads and high-value intellectual property.

This is why sovereign cloud, sovereign AI and open model strategies are becoming more prominent. The point is not simply to buy something labelled “sovereign”. The point is to secure practical control over data access, operations, encryption, auditability, model use, resilience and exit options.

Sovereignty is not about rejecting global platforms. It is about avoiding dependency without choices.

6. The enterprise risk is dependency without visibility

For boards and executive teams, the immediate issue is not dependency itself. It is dependency without visibility.

Many organisations have vendor registers, application inventories and risk assessments. But these often do not show which platforms support critical business capabilities, where sensitive data flows, which AI models are being used, who has privileged access, which services rely on offshore support, and whether realistic exit options exist.

For AI, leaders should know which models are used, what data is sent to them, where inference occurs, whether prompts and outputs are retained, whether outputs are monitored, and whether alternative models or deployment patterns are available.

A modern dependency view should include cloud services, SaaS platforms, AI model providers, open-source model dependencies, identity systems, data processors, managed service providers, cyber tooling, APIs, software supply chains and operational support arrangements.

You cannot govern what you cannot see, and you cannot exit what you have never mapped.

7. Sovereign AI requires architecture, not slogans

As the phrase “sovereign AI” becomes more common, there is a risk that it becomes a marketing label. A local data centre, local provider or open model may help, but none of these automatically creates sovereign AI.

Sovereign AI requires deliberate architecture. This includes data classification, identity and access management, encryption, key custody, model selection, inference location, prompt handling, logging, monitoring, auditability, lifecycle management and human oversight.

Enterprises will increasingly need an AI control plane. This does not necessarily mean one product. It means an integrated set of policies, platforms and operating practices that govern approved models, data usage, agent permissions, tool access, monitoring, escalation and incident response.

Sovereign AI is not a procurement category. It is an architecture and operating model discipline.

Conclusion: sovereignty as strategic resilience

AI and digital sovereignty will become more important because technology dependency is now central to enterprise competitiveness and national resilience.

The winners will not be organisations that reject global platforms. They will be those that use them deliberately, understand their dependencies, retain control where it matters, include open-source and portable options where appropriate, and design for recovery when conditions change.

The next phase of digital strategy will not be defined only by AI adoption, cloud modernisation or platform scale. It will be defined by how intelligently organisations manage the dependencies those technologies create.

Sovereignty is not about resisting the future. It is about retaining enough control to shape it.

bottom of page