TALKING POINT
DIGITAL SOVEREIGNTY IN PRACTICE: A PLAYBOOK FOR ORGANISATIONS DEPLOYING AI
By Natalie Denyer, VP for Client Engineering, IBM.
As organisations accelerate their adoption of AI, their digital environments are becoming more expansive and complex. The use of hybrid multi-cloud models in the UK is expected to increase significantly over the next three years, further distributing data and workloads across platforms and borders. This shift is forcing organisations to reassess how effectively they protect sensitive information and how they maintain control while navigating an increasingly complex landscape of cross-border regulation.
This landscape is encouraging more boardroom conversations on digital sovereignty. The instinctive reaction can be to tighten the perimeter, build sovereign clouds, localise data and isolate AI systems. However, this approach can create a patchwork of siloed environments that ultimately reduce flexibility and increase operational friction across the business.
Digital sovereignty isn’ t about isolating systems but rather retaining transparency and authority over how they are governed. That way, organisations can operate confidently across borders, apply consistent oversight and make the most of advanced technologies without losing autonomy. But what does that journey look like in practice?
Embracing a pragmatic mindset means starting with a clear understanding of what truly needs protecting. Not all data carries the same weight, yet many organisations treat it that way, applying standard controls that increase complexity but not resilience. The first step is to identify critical and sensitive datasets, for example customers’ financial data or healthcare records, and build governance frameworks around them. This includes clear policies on access, usage, encryption and ownership.
Welcoming technical freedom is equally important. Geopolitical uncertainty is fuelling momentum behind localisation strategies, but organisations should recognise that closed environments can narrow their field of operation, reduce interoperability and limit portability. Instead, they should move towards technical openness. Architectures built on open standards and interoperable technologies give organisations the flexibility to adjust as regulations evolve, and to adopt new ecosystems more easily when required.
Choice is central to sovereignty, and maintaining the ability to make choices relies on technical freedom to change course when needed, without incurring unnecessary cost or risk. This flexibility ensures organisations are not locked into rigid systems that may quickly become outdated or non-compliant in a rapidly shifting regulatory environment.
Prioritising transparency is the next critical step. By 2028, 65 % of governments worldwide will introduce some form of technological sovereignty requirements to improve independence. Transparency is increasingly sought-after, particularly among organisations that are well established on their AI journeys. They want visibility into how models are built and behave, to understand the origin of training data, and to know how decisions are made.
Embedding governance into everyday processes and decision making ensures it becomes a natural part of operations. This consistency strengthens confidence in the technology and helps build the public and organisational trust required for adoption at scale.
Designing for a moving target is essential as regulation continues to evolve across Europe and the UK. Organisations must create adaptable systems that can flex to meet different jurisdictional requirements without rebuilding entire technology stacks. Sovereignty then becomes a strategic lever, enabling innovation while maintaining control. Ultimately, sovereignty is defined by who holds authority over systems, and the ability to sustain that authority as conditions change. •
18
INTELLIGENT CIO EUROPE www. intelligentcio. com