Sovereignty Has Eight Dimensions — And Most Boards Have Addressed Two
Every European board now talks about AI sovereignty. Almost none of them is talking about the same thing — and almost none has produced a written, current answer to the eight separate questions sovereignty actually contains.
In most European AI conversations, “sovereignty” has been narrowed to one question — which logo runs the compute. That narrowing is the problem. Sovereignty has eight dimensions. Most boards have addressed two. The remaining six contain the dependencies that will determine whether the organisation keeps its freedom to act when a vendor changes terms, a foundation model is restricted, or an extraterritorial law is triggered.
The pattern is consistent across the executive conversations I have had over the past year. The vocabulary is repeated. The framework underneath is not understood. And the cost of that gap is no longer hypothetical — it is documented in 2025 acquisitions, 2025 sanctions enforcement, and the EU’s own €180M cloud-sovereignty procurement, awarded earlier this year.
Three words that are not synonyms
Before the eight dimensions, the vocabulary. Most organisations use these three words interchangeably. They are not interchangeable.
– Sovereignty is the freedom to choose. To select a platform, a model, a vendor. To leave one. To stay. It is a posture of optionality.
– Autonomy is operating without ongoing dependence. A system that runs on its own infrastructure, with its own data, under its own legal frame.
– Autarky is the absolute case — full self-sufficiency, no external inputs, no external dependencies.
The right question is never _can we be entirely independent?_ That is autarky, and few enterprises actually want it. The right question is _which dependencies do we accept, consciously, with our eyes open?
This is the framing I draw in boardrooms when the topic comes up — and it is also the framing in Chapter 11 of my book, _Strategy is Good. Execution is Better._ The chapter walks the eight dimensions across three concerns: infrastructure, exposure, and strategic flexibility. Each can be answered. Each, unanswered, becomes a hidden liability.
The eight dimensions
1. Platform sovereignty (technical sovereignty)
Who controls how the components fit together — you, or the vendor whose architecture you adopted? The platform sovereignty question is not _which cloud? It is _how deeply are you integrated into that cloud’s proprietary services, and have you decided that consciously? A workload that runs on Kubernetes can move. A workload tied to a specific managed service, a specific identity stack and a specific data fabric cannot — at least, not without rebuilding it.
2. Operations sovereignty
Who runs the system at 3 a.m. when it breaks? Who has root, who has the audit log, who is paged? “Managed service” is a useful abstraction until it becomes a structural blindness. The convenience of someone else operating your AI platform is real. The cost — that you cannot intervene, cannot diagnose, cannot recover without their consent — is also real.
3. Model sovereignty
Could you switch foundation models tomorrow without rewriting your prompts and your evaluations? If GPT, Claude, or Gemini disappeared from your stack — taken offline by your vendor, restricted by export controls, deprecated in a version change — what fraction of your AI applications would survive? An application tuned to one model’s behaviour does not behave the same on an open-source alternative. The output shape changes. The reliability profile changes. The product, effectively, changes.
4. Solution sovereignty
When you adopt a third-party tool — an agent framework, a vector database, a workflow orchestrator — you adopt its roadmap, its pricing policy, and its corporate fate. Two cases from 2024–2025 make this concrete:
Broadcom / VMware. After Broadcom completed the VMware acquisition, the licensing model was restructured. Perpetual licences were retired in early 2024; the catalogue collapsed from over 8,000 SKUs to four primary bundles; the minimum core requirement rose to 72 cores from 10 April 2025; a 20% late-renewal penalty was added. Documented customer cost increases run in the 800–1,500% range, with some segments reporting north of 1,000%. The practical consequence: enterprises that standardised on VMware are now planning exits by 2030. The technology did not change. The control did.
Cognigy / NiCE. Cognigy — the Düsseldorf-founded (2016) conversational-AI company, founded by Philipp Heltewig and Sascha Poggemann, long held up as a German AI champion — was acquired by NiCE for approximately USD 955M. The deal was announced on 28 July 2025 and closed on 8 September 2025. NiCE is a US-listed company. Customers who had built sovereign-feeling capabilities on Cognigy’s platform did not lose their product on day one. They lost the answer to the question who controls our roadmap? on day one. That is a different loss, and a more durable one.
The solution-sovereignty question is not do I trust this vendor today? It is can I keep operating if this vendor is acquired, deprecated, or repriced next quarter?
5. Data sovereignty
Who controls your data — technically and legally? Residency is not control. Data stored in Frankfurt that flows through an American-owned managed service is subject to the US Cloud Act. The contract may say one thing; the technical reality is that the provider holds the keys, or the access path, or the metadata.
Two 2025 incidents tightened the picture for European executives who had assumed the legal exposure was theoretical:
– Microsoft restricted the Microsoft account of the ICC Chief Prosecutor, Karim Khan, after the US administration’s executive order of 6 February 2025 imposed sanctions following the ICC’s arrest warrants against Israeli Prime Minister Benjamin Netanyahu and former Defence Minister Yoav Gallant. Khan moved to Proton Mail, a Swiss provider. Microsoft has disputed the strongest framings of the story — President Brad Smith stated Microsoft had not terminated services to the ICC as an organisation — but Dutch reporting indicates Microsoft told the ICC it could not provide Khan access while leaving the wider organisation’s services in place. Whichever account is closer to the operational truth, the outcome is the same: a US-sanctioned individual lost access to his primary tooling overnight, and the European institution had to migrate his communications to a non-US provider in response.
– Microsoft handed over BitLocker recovery keys to the FBI. In 2025, a search warrant compelled Microsoft to provide the encryption keys for three laptops held in connection with a COVID-related fraud investigation in Guam. The encryption was not bypassed; the keys were delivered through the legal channel that already exists. Microsoft has confirmed it receives roughly 20 BitLocker recovery-key requests per year and complies when the keys are accessible — which they are by default on Windows 11, because the consumer setup flow backs the recovery key up to the Microsoft account in the cloud.
Neither incident was an exotic case. Both are routine applications of laws that have been in place since 2001 (US Patriot Act) and 2018 (US Cloud Act). Both apply extraterritorially. Both apply to US companies and their subsidiaries worldwide. Encryption does not protect you from access. The legal path does.
The conflict with European law is no longer abstract either. GDPR Article 48 is explicit: transfers of personal data to third-country authorities should happen through mutual legal assistance treaties or equivalent international agreements. A unilateral US Cloud Act order is not such an instrument. Organisations that route personal data through US-controlled services are not GDPR-compliant in a legally robust way — they are GDPR-compliant until the conflict surfaces, at which point they are exposed on both sides.
6. Cost sovereignty
Can you steer your own cost curve, or does it steer you? Cost sovereignty has at least three layers:
– Platform costs. Tied to a vendor, service prices can rise faster than the business case can absorb. The VMware case under solution sovereignty is also a cost-sovereignty case — the two dimensions interact constantly.
– Licence costs. Third-party tools change pricing. Acquisitions change pricing. M&A changes pricing. The cost curve is set by another company’s quarterly priorities.
– Token costs. The layer most enterprise leaders are blind to. Many teams treat foundation-model usage as essentially free — top up a provider account and use it without instrumentation. When token prices change, when context windows are misused, when long-running agent loops hit production traffic, the bill arrives as a shock. A six-figure business case can turn into a seven-figure operational cost without anyone deciding it should. I have seen €200k projections drift into seven-figure annual run-rates inside twelve months — not through a single decision, but through the absence of one.
Cost sovereignty is also a discipline about picking the right tool for the problem. Not every “AI problem” is a GenAI problem. Some are classical machine-learning problems — a classifier, a regression, a forecast — where a classical ML solution is cheaper, more accurate, and behaviourally deterministic. Some are mathematical or statistical problems where a heuristic or a simple rule outperforms any model. Some are not AI problems at all — they are if-then-else logic that no one bothered to write down.
The reflex to reach for a large language model for every problem is itself a sovereignty cost. It binds the cost curve to the foundation-model market, and it binds the accuracy profile to a probabilistic system in places a deterministic one would have served the business better.
7. Legal and regulatory sovereignty
Under whose law does your AI system actually operate? Not the contract — the operational reality. If a regulator audits a decision, can you reconstruct what the model did, when, on which data, under which version? If the EU AI Act classifies your use case as high-risk, can you produce conformity documentation that a court will accept? If your GDPR posture relies on data residency in Frankfurt while your provider is subject to US extraterritorial law, can you defend that posture honestly?
The EU has begun to put this question into procurement. In April 2026, the European Commission awarded its €180M sovereign cloud framework for EU institutions to four providers: Post Telecom(with CleverCloud and OVHcloud), StackIT(Schwarz Gruppe), Scaleway, and Proximus (with S3NS, Clarence, and Mistral). The contract runs for six years. The selection was made against eight objectives — strategic, legal, operational, environmental, supply-chain transparency, technological openness, security, and EU-law compliance — and the providers were rated against a SEAL maturity scale; three reached SEAL-3, the Proximus consortium reached SEAL-2. The procurement signals what the EU itself now considers operational sovereignty: not a logo, but a verifiable multi-axis posture, contractually enforced, with named alternatives.
That signal matters because most European enterprises have not yet brought the same rigour to their own AI procurement. The contract languages still treat sovereignty as a residency clause. The audit posture still treats it as a data-protection question. The EU’s own behaviour is two steps ahead of the boardrooms.
8. Strategic sovereignty
Can you develop your AI capability on your own roadmap — or only when the vendor’s roadmap allows it? Strategic sovereignty is the dimension that becomes visible last and matters longest. It is the question of whether your competitive advantage in AI is something you build, or something you rent. Both can be legitimate. Only one is sovereign.
Sovereignty by label is not sovereignty
The European market has learned to package sovereignty as a brand layer. SAP announces “OpenAI für Deutschland”— OpenAI delivered through SAP’s Delos Cloudsubsidiary. The branding is German. The infrastructure underneath is Microsoft Azure. The model is American. The legal exposure is what it always was. Only the label has shifted.
This is not a SAP-specific failure. It is the European pattern. The market knows what executives want to buy — the feeling of sovereignty without the cost of restructuring the stack. Vendors supply it. The check-box is ticked. The dependency is unchanged.
The diagnostic is short:
– If the data path runs through a US-controlled service, you do not have data sovereignty — regardless of where the data is at rest.
– If the model is proprietary and operated by a US company, you do not have model sovereignty — regardless of the wrapper around it.
– If the platform that hosts the workload is a US hyperscaler, you do not have platform sovereignty — regardless of the European brand on the front.
You may have decided, consciously, that you accept those exposures. That is a legitimate position. What is not legitimate is believing you have removed them when you have only renamed them.
The honest position
Old: “We are sovereign because we have moved to a European hyperscaler.”
New: “We are exposed in five of eight dimensions, mitigated in two, and genuinely sovereign in one. Here is the conscious reasoning for each.”
Why it matters: The first sentence is comfortable. The second is operationally useful. Only the second survives an audit, a board challenge, or a sanctions event.
This is the move that separates leadership from administration. The executive who can name the dependencies, name the reasoning behind each acceptance, and name the backup posture for each — that executive is leading. The executive who delegates the sovereignty question to procurement and waits for a green checkmark is administering.
You do not need to be sovereign in all eight dimensions. What you need is a written, current, board-visible answer to each of them: are we sovereign here? If not, by how much, in exchange for what, and with what backup if it goes wrong?
What to do this quarter
– Sovereignty audit.For each of the eight dimensions, name the current posture, the named owner, and the conscious reasoning. Where any of the three is missing, you do not yet have a position.
– Single points of failure.Identify the dependencies that, if removed tomorrow, would stop the business. For each, define a backup posture — not a backup tool, a backup _posture_ (hybrid, multi-cloud, fallback model, open-source alternative). Treat the Karim Khan incident and the BitLocker case as your operational scenarios, not edge cases.
– Architecture decoupling.Place an abstraction layer between your business logic and any vendor-specific surface. Containers and orchestration are necessary but not sufficient. Prompts, evaluations, and tool integrations need the same treatment.
– Token-cost telemetry.Instrument every foundation-model call. Set budgets. Set alerts. Treat token spend as you would treat compute spend in any other production system — observed, attributed, governed.
– Problem-class discipline. Before any new AI initiative, decide: is this a GenAI problem, a classical ML problem, a statistical problem, a rules problem, or not an AI problem at all? Each answer changes the cost, the accuracy, and the sovereignty profile.
– Procurement language.Mirror the EU’s own approach in your own AI contracts. Demand multi-axis sovereignty evidence, not residency clauses. Reference the SEAL maturity logic the Commission used in the €180M tender. If your providers cannot meet a SEAL-3-equivalent posture on the dimensions that matter to you, accept that consciously — and document the backup.
Final thought
Conscious dependency, not pursued autarky, is the operating posture that holds. The strongest organisations know exactly where they have ceded control, why they have ceded it, what it costs them, and what happens if the dependency turns hostile tomorrow. They have a written answer for each of the eight dimensions, and the answer is allowed to be “we accept this exposure, and here is the backup” — as long as the sentence is written and signed.
The vendors will sell you the checkmarks. The European Commission will sell you the framework. The book chapter will sell you the language. The sentences you have to write yourself.
Eight dimensions. Eight named owners. Eight honest sentences. You do not have to be sovereign in all eight. You have to know, by name, where you are not.
