Sovereignty Without Stagnation And The Real Cost of Operational Autonomy

Sovereignty Without Stagnation And The Real Cost of Operational Autonomy

Jul 1, 2025 | OCI Dedicated Region, Oracle Alloy, Oracle Cloud Infrastructure, Sovereign Cloud

Everyone talks about sovereignty. But few talk about the trade-offs.
Across Europe, especially in Germany and Switzerland, operational autonomy is often seen as the gold standard for digital sovereignty. The idea: full control, no external dependencies, no surprises.

In theory, it’s a strong posture.
In practice? It can easily slow you down.

For highly regulated industries, it’s tempting to build walls around your systems to reduce exposure. But when operational autonomy becomes the central design principle, innovation suffers. You are no longer building for performance or scalability. You are building to minimize risk. And over time, that architecture becomes hard to evolve.

This is the balance we need to strike: Sovereignty without stagnation.

Autonomy Comes at a Cost

Operational autonomy/sovereignty means exactly what it says. It is the ability to run your digital environment independently, without reliance on foreign entities, external support teams, or global platforms. In regulated markets, that’s attractive. It means you control access, processes, and ultimately, risk.

But here’s the thing: autonomy isolates.

To maintain autonomy, many institutions move to self-managed stacks, siloed environments, or custom platforms that minimize external control, but also block external innovation.

Security updates? Slower.
Platform upgrades? Riskier.
Integration with modern SaaS or AI services? Most probably not.

In Germany and Switzerland, I have seen several projects stall for months. Not because the technology wasn’t ready, but because the operational model couldn’t support agile change. Teams were so focused on controlling every layer that they lost the ability to adopt new capabilities at speed.

Autonomy must not come at the cost of adaptability!

What really matters is who controls your operations:

  • Who can push updates to your systems?

  • Who manages escalation paths during outages?

  • Whose legal jurisdiction governs your support team?

This is the level of detail that regulators (and boards) now care about.
And yes, achieving this depth of control is hard. That is why many organizations default to “isolation”: they lock down their stack and cut themselves (disconnect) off from global services.

But this model only works for a while. Eventually, innovation pressure builds. AI, automation, cloud-native services – none of that fits cleanly into a closed system. Without a platform to safely absorb innovation, operational autonomy becomes a bottleneck, not a strength.

The Open Source Conversation – Freedom With Limits

Open source has always played an important role in reducing lock-in and increasing transparency. It gives you flexibility, choice, and in many cases even real control.

But we also need to acknowledge its limits, especially in enterprise environments.

Take the example of a Swiss industrial company. They run over 400 applications – a mix of off-the-shelf software, legacy platforms, and newer cloud-native solutions. They have adopted Kubernetes, Grafana, Prometheus, and open-source databases where it made sense. But they also rely on integrated enterprise systems for finance, HR, procurement, and logistics.

Could they replace every component with open source?
Maybe. But at what cost?

Who supports the platform during an audit?
Who integrates change management and compliance controls?
Who signs off on operational resilience?

This is where the promise of open source meets the reality of enterprise IT: not everything can or should be rebuilt just to reduce dependency. Open source is an important ingredient. But sovereignty also means being able to make informed choices, not ideological ones.

What I am seeing is this: teams spend months assembling monitoring stacks, security tools, compliance scripts etc., only to realize they have created something fragile, difficult to maintain, and sometimes completely undocumented for auditors.

The irony? In chasing autonomy, some organizations built systems less resilient than the platforms they were trying to avoid.

This is where pre-built sovereign cloud platforms can help. Not by locking you in, but by giving you compliance-aligned services that still let you move fast. With built-in logging, encryption, incident management, and support under local legal control, the platform handles the regulatory foundation. So your team can focus on what matters.

Isolation vs. Informed Independence

So, to summarize it, there are two paths organizations typically choose:

1. The Isolation Model

Control everything, self-manage infrastructure, and avoid foreign providers. This delivers maximum autonomy but at the cost of agility. Teams fall behind on updates, and integration becomes painful. Yep, innovation slows. Eventually, autonomy becomes a form of isolation.

2. The Informed Independence Model

Use a sovereign cloud platform with built-in compliance, local operations, and enterprise-grade services. Maintain flexibility and adopt open standards. But don’t reinvent what is already secure and certified. This lets you meet regulatory requirements without stalling digital progress. An example would be the EU Sovereign Cloud from Oracle.

Control Matters – But So Does Momentum

Sovereignty is about control. But let’s not forget: innovation needs momentum.

You can’t afford to build static systems in a dynamic world.
Yes, autonomy protects you, but only if you can also evolve, scale, and adapt.

The real challenge in sovereign cloud isn’t just achieving control.
It is doing it without losing your ability to build and innovate.

And that’s the future we need to design for: Sovereignty, without stagnation.

Open-Source Can Help With Portability And Lock-In But It Is Not A Silver Bullet

Open-Source Can Help With Portability And Lock-In But It Is Not A Silver Bullet

May 11, 2025 | Alibaba Cloud, AWS, Azure, Google Cloud, Kubernetes, Oracle Cloud Infrastructure, Sovereign Cloud, VMware Cloud

We have spent years chasing cloud portability and warning against vendor lock-in. And yet, every enterprise I have worked with is more locked in today than ever. Not because they failed to use open-source software (OSS). Not because they made bad decisions, but because real-world architecture, scale, and business momentum don’t care about ideals. They care about outcomes.

The public cloud promised freedom. APIs, managed services, and agility. Open-source added hope. Kubernetes, Terraform, Postgres. Tools that could, in theory, run anywhere. And so we bought into the idea that we were building “portable” infrastructure. That one day, if pricing changed or strategy shifted, we could pack up our workloads and move. But now, many enterprises are finding out the truth:

Portability is not a feature. It is a myth, and for most large organizations, it is a unicorn, but elusive in reality.

Let me explain, and before I do, talk about interclouds again.

Remember Interclouds?

Interclouds, once hyped as the answer to cloud portability (and lock-in), promised a seamless way to abstract infrastructure across providers, enabling workloads to move freely between clouds. In theory, they would shield enterprises from vendor dependency by creating a uniform control plane and protocols across AWS, Azure, GCP, OCI and beyond.

David Bernstein Intercloud

Note: An idea and concept that was discussed in 2012. It is 2025, and not much has happened since then.

But in practice, intercloud platforms failed to solve the lock-in problem because they only masked it, not removed it. Beneath the abstraction layer, each provider still has its own APIs, services, network behaviors, and operational peculiarities.

Enterprises quickly discovered that you can’t abstract your way out of data gravity, compliance policies, or deeply integrated PaaS services. Instead of enabling true portability, interclouds just delayed the inevitable realization: you still have to commit somewhere.

The Trigger Nobody Plans For

Imagine you are running a global enterprise with 500 or 1’000 applications. They span two public clouds. Some are modern, containerized, and well-defined in Terraform. Others are legacy, fragile, lifted, and shifted years ago in a hurry. A few run in third-party SaaS platforms.

Then the call comes: “We need to exit one of our clouds. Legal, compliance, pricing. Doesn’t matter why. It has to go.”

Suddenly, that portability you thought you had? It is smoke. The Kubernetes clusters are portable in theory, but the CI/CD tooling, monitoring stack, and security policies are not. Dozens of apps use PaaS services tightly coupled to their original cloud. Even the apps that run in containers still need to be re-integrated, re-tested, and re-certified in the new environment.

This isn’t theoretical. I have seen it firsthand. The dream of being “cloud neutral” dies the moment you try to move production workloads – at scale, with real dependencies, under real deadlines.

Open-Source – Freedom with Strings Attached

It is tempting to think that open-source will save you. After all, it is portable, right? It is not tied to any vendor. You can run it anywhere. And that is true on paper.

But the moment you run it in production, at enterprise scale, a new reality sets in. You need observability, governance, upgrades, SLAs. You start relying on managed services for these open-source tools. Or you run them yourself, and now your internal teams are on the hook for uptime, performance, and patching.

You have simply traded one form of lock-in for another: the operational lock-in of owning complexity.

So yes, open-source gives you options. But it doesn’t remove friction. It shifts it.

The Other Lock-Ins No One Talks About

When we talk about “avoiding lock-in”, we usually mean avoiding proprietary APIs or data formats. But in practice, most enterprises are locked in through completely different vectors:

Data gravity makes it painful to move large volumes of information, especially when compliance and residency rules come into play. The real issue is the latency, synchronization, and duplication challenges that come with moving data between clouds.

Tooling ecosystems create invisible glue. Your CI/CD pipelines, security policies, alerting, cost management. These are all tightly coupled to your cloud environment. Even if the core app is portable, rebuilding the ecosystem around it is expensive and time-consuming.

Skills and culture are rarely discussed, but they are often the biggest blockers. A team trained to build in cloud A doesn’t instantly become productive in cloud B. Tooling changes. Concepts shift. You have to retrain, re-hire, or rely on partners.

So, the question becomes: is lock-in really about technology or inertia (of an enterprise’s IT team)?

Data Gravity

Data gravity is one of the most underestimated forces in cloud architecture. Whether you are using proprietary services or open-source software. The idea is simple: as data accumulates, everything else like compute, analytics, machine learning, and governance, tends to move closer to it.

In practice, this means that once your data reaches a certain scale or sensitivity, it becomes extremely hard to move, regardless of whether it is stored in a proprietary cloud database or an open-source solution like PostgreSQL or Kafka.

With proprietary platforms, the pain comes from API compatibility, licensing, and high egress costs. With open-source tools, it is about operational entanglement: complex clusters, replication lag, security hardening, and integration sprawl.

Either way, once data settles, it anchors your architecture, creating a gravitational pull that resists even the most well-intentioned portability efforts.

The Cost of Chasing Portability

Portability is often presented as a best practice. But there is a hidden cost.

To build truly portable applications, you need to avoid proprietary features, abstract your infrastructure, and write for the lowest common denominator. That often means giving up performance, integration, and velocity. You are paying an “insurance premium” for a theoretical future event like cloud exit or vendor failure, that may never come.

Worse, in some cases, over-engineering for portability can slow down innovation. Developers spend more time writing glue code or dealing with platform abstraction layers than delivering business value.

If the business needs speed and differentiation, this trade-off rarely holds up.

So… What Should We Do?

Here is the hard truth: lock-in is not the problem. Lack of intention is.

Lock-in is unavoidable. Whether it is a cloud provider, a platform, a SaaS tool, or even an open-source ecosystem. You are always choosing dependencies. What matters is knowing what you are committing to, why you are doing it, and what the exit cost will be. That is where most enterprises fail.

And let us be honest for a moment. A lot of enterprises call it lock-in because their past strategic decision doesn’t feel right anymore. And then they blame their “strategic” partner.

The better strategy? Accept lock-in, but make it intentional. Know your critical workloads. Understand where your data lives. Identify which apps are migration-ready and which ones never will be. And start building the muscle of exit-readiness. Not for all 1’000 apps, but for the ones that matter most.

True portability isn’t binary. And in most large enterprises, it only applies to the top 10–20% of apps that are already modernized, loosely coupled, and containerized. The rest? They are staying where they are until there is a budget, a compliance event, or a crisis.

Avoiding U.S. Public Clouds And The Illusion of Independence

While independence from the U.S. hyperscalers and the potential risks associated with the CLOUD Act may seem like a compelling reason to adopt open-source solutions, it is not always the silver bullet it appears to be. The idea is appealing: running your infrastructure on open-source tools in order to avoid being dependent on any single cloud provider, especially those based in the U.S., whose data may be subject to foreign government access under the CLOUD Act.

However, this approach introduces its own set of challenges.

First, by attempting to cut ties with US providers, organizations often overlook the global nature of the cloud. Most open-source tools still rely on cloud providers for deployment, support, and scalability. Even if you host your open-source infrastructure on non-U.S. clouds, the reality is that many key components of your stack, like databases, messaging systems, or AI tools, may still be indirectly influenced by U.S.-based tech giants.

Second, operational complexity increases as you move away from managed services, requiring more internal resources to manage security, compliance, and performance. Rather than providing true sovereignty, the focus on avoiding U.S. hyperscalers may result in an unintended shift of lock-in from the provider to the infrastructure itself, where the trade-off is a higher cost in complexity and operational overhead.

Top Contributors To Key Open-Source Projects

U.S. public cloud providers like Google, Amazon, Microsoft, Oracle and others are not just spectators in this space. They’re driving the innovation and development of key projects:

  1. Kubernetes remains the flagship project of the CNCF, offering a robust container orchestration platform that has become essential for cloud-native architectures. The project has been significantly influenced by a variety of contributors, with Google being the original creator.
  2. Prometheus, the popular monitoring and alerting toolkit, was created by SoundCloud and is now widely adopted in cloud-native environments. The project has received significant contributions from major players, including Google, Amazon, Facebook, IBM, Lyft, and Apple. 
  3. Envoy, a high-performance proxy and communication bus for microservices, was developed by Lyft, with broad support from Google, Amazon, VMware, and Salesforce.
  4. Helm is the Kubernetes package manager, designed to simplify the deployment and management of applications on Kubernetes. It has a strong community with contributions from Microsoft (via Deis, which they acquired), Google, and other cloud providers.
  5. OpenTelemetry provides a unified standard for distributed tracing and observability, ensuring applications are traceable across multiple systems. The project has seen extensive contributions from Google, Microsoft, Amazon, Red Hat, and Cisco, among others. 

While these projects are open-source and governed by the CNCF (Cloud Native Computing Foundation), the influence of these tech companies cannot be understated. They not only provide the tools and resources necessary to drive innovation but also ensure that the technologies powering modern cloud infrastructures remain at the cutting edge of industry standards.

Final Thoughts

Portability has become the rallying cry of modern cloud architecture. Real-world enterprises aren’t moving between clouds every year. They are digging deeper into ecosystems, relying more on managed services, and optimizing for speed.

So maybe the conversation shouldn’t be about avoiding lock-in but about managing it. Perhaps more about understanding it. And, above all, owning it. The problem isn’t lock-in itself. The problem is treating lock-in like a disease, rather than what it really is: an architectural and strategic trade-off.

This is where architects and technology leaders have a critical role to play. Not in pretending we can design our way out of lock-in, but in navigating it intentionally. That means knowing where you can afford to be tightly coupled, where you should invest in optionality, and where it is simply not worth the effort to abstract away.

The State of Application Modernization 2025

The State of Application Modernization 2025

May 4, 2025 | Artificial Intelligence, AWS, Azure, Cloud Native Apps, CNCF, Edge Computing, Google Cloud, Kubernetes, Oracle Cloud Infrastructure, Sovereign Cloud

Every few weeks, I find myself in a conversation with customers or colleagues where the topic of application modernization comes up. Everyone agrees that modernization is more important than ever. The pressure to move faster, build more resilient systems, and increase operational efficiency is not going away.

But at the same time, when you look at what has actually changed since 2020… it is surprising how much has not.

We are still talking about the same problems: legacy dependencies, unclear ownership, lack of platform strategy, organizational silos. New technologies have emerged, sure. AI is everywhere, platforms have matured, and cloud-native patterns are no longer new. And yet, many companies have not even started building the kind of modern on-premises or cloud platforms needed to support next-generation applications.

It is like we are stuck between understanding why we need to modernize and actually being able to do it.

Remind me, why do we need to modernize?

When I joined Oracle in October 2024, some people reminded me that most of us do not know why we are where we are. One could say that it is not important to know that. In my opinion, it very much is. Something has fundamentally changed in the past that has led us to our situation.

In the past, when we moved from physical servers to virtual machines (VMs), apps did not need to change. You could lift and shift a legacy app from bare metal to a VM and it would still run the same way. The platform changed, but the application did not care. It was an infrastructure-level transformation without rethinking the app itself. So, the transition (P2V) of an application was very smooth and not complicated.

But now? The platform demands change.

Cloud-native platforms like Kubernetes, serverless runtimes, or even fully managed cloud services do not just offer a new home. They offer a whole new way of doing things. To benefit from them, you often have to re-architect how your application is built and deployed.

That is the reason why enterprises have to modernize their applications.

What else is different?

User expectations, business needs, and competitive pressure have exploded as well. Companies need to:

  • Ship features faster
  • Scale globally
  • Handle variable load
  • Respond to security threats instantly
  • Reduce operational overhead

A Quick Analogy

Think of it like this: moving from physical servers to VMs was like transferring your VHS tapes to DVDs. Same content, just a better format.

But app modernization? That is like going from DVDs to Netflix. You do not just change the format, but you rethink the whole delivery model, the user experience, the business model, and the infrastructure behind it.

Why Is Modernization So Hard?

If application modernization is so powerful, why is not everyone done with it already? The truth is, it is complex, disruptive, and deeply intertwined with how a business operates. Organizations often underestimate how much effort it takes to replatform systems that have evolved over decades. Here are 6 common challenges companies face during modernization:

  1. Legacy Complexity – Many existing systems are tightly coupled, poorly documented, and full of business logic buried deep in spaghetti code. 
  2. Skill Gaps – Moving to cloud-native tech like Kubernetes, microservices, or DevOps pipelines requires skills many organizations do not have in-house. Upskilling or hiring takes time and money.
  3. Cultural Resistance – Modernization often challenges organizational norms, team structures, and approval processes. People do not always welcome change, especially if it threatens familiar workflows.
  4. Data Migration & Integration – Legacy apps are often tied to on-prem databases or batch-driven data flows. Migrating that data without downtime is a massive undertaking.
  5. Security & Compliance Risks – Introducing new tech stacks can create blind spots or security gaps. Modernizing without violating regulatory requirements is a balancing act.
  6. Cost Overruns – It is easy to start a cloud migration or container rollout only to realize the costs (cloud bills, consultants, delays) are far higher than expected.

Modernization is not just a technical migration. It’s a transformation of people, process, and platform (technology). That is why it is hard and why doing it well is such a competitive advantage!

Technical Debt Is Also Slowing Things Down

Also known as the silent killer of velocity and innovation: technical debt

Technical debt is the cost of choosing a quick solution now instead of a better one that would take longer. We have all seen/done it. 🙂 Sometimes it is intentional (you needed to hit a deadline), sometimes it is unintentional (you did not know better back then). Either way, it is a trade-off. And just like financial debt, it accrues interest over time.

Here is the tricky part: technical debt usually doesn’t hurt you right away. You ship the feature. The app runs. Management is happy.

But over time, debt compounds:

  • New features take longer because the system is harder to change

  • Bugs increase because no one understands the code

  • Every change becomes risky because there is no test safety net

Eventually, you hit a wall where your team is spending more time working around the system than building within it. That is when people start whispering: “Maybe we need to rewrite it.”  Or they just leave your company.

Let me say it: Cloud Can Also Introduce New Debt

Cloud-native architectures can reduce technical debt, but only if used thoughtfully.

You can still:

  • Over-complicate microservices

  • Abuse Kubernetes without understanding it

  • Ignore costs and create “cost debt”

  • Rely on too many services and lose track

Use the cloud to eliminate debt by simplifying, automating, and replacing legacy patterns, not just lifting them into someone else’s data center.

It Is More Than Just Moving to the Cloud 

Modernization is about upgrading how your applications are built, deployed, run, and evolved, so they are faster, cheaper, safer, and easier to change. Here are some core areas where I saw organizations are making real progress:

  • Improving CI/CD. You can’t build modern applications if your delivery process is stuck in 2010.
  • Data Modernization. Migrate from monolithic databases to cloud-native, distributed ones.
  • Automation & Infrastructure as Code. It is the path to resilience and scale.
  • Serverless Computing. It is the “don’t worry about servers” mindset and ideal for many modern workloads.
  • Containerizing Workloads. Containers are a stepping stone to microservices, Kubernetes, and real DevOps maturity.
  • Zero-Trust Security & Cybersecurity Posture. One of the biggest priorities at the moment.

  • Cloud Migration. It is not about where your apps run. it is about how well they run there. “The cloud” should make you faster, safer, and leaner.

As you can see, application modernization is not one thing, it’s many things. You do not have to do all of these at once. But if you are serious about modernizing, these points (any more) must be part of your blueprint. Modernization is a mindset.

Why (replatforming) now?

There are a few reasons why application modernization projects are increasing:

  • The maturity of cloud-native platforms: Kubernetes, managed databases, and serverless frameworks have matured to the point where they can handle serious production workloads. It is no longer “bleeding edge”
  • DevOps and Platform Engineering are mainstream: We have shifted from siloed teams to collaborative, continuous delivery models. But that only works if your platform supports it.
  • AI and automation demand modern infrastructure: To leverage modern AI tools, event-driven data, and real-time analytics, your backend can’t be a 2004-era database with a web front-end duct-taped to it.

Conclusion

There is no longer much debate: (modern) applications are more important than ever. Yet despite all the talk around cloud-native technologies and modern architectures, the truth is that many organizations are still trying to catch up and work hard to modernize not just their applications, but also the infrastructure and processes that support them.

The current progress is encouraging, and many companies have learned from the experience of their first modernization projects.

One thing that is becoming harder to ignore is how much the geopolitical situation is starting to shape decisions around application modernization and cloud adoption. Concerns around data sovereignty, digital borders, national cloud regulations, and supply chain security are no longer just legal or compliance issues. They are shaping architecture choices.

Some organizations are rethinking their cloud and modernization strategies, looking at multi-cloud or hybrid models to mitigate risk. Others are delaying cloud adoption due to regional uncertainty, while a few are doubling down on local infrastructure to retain control. It is not just about performance or cost anymore, but also about resilience and autonomy.

The global context (suddenly) matters, and it is influencing how platforms are built, where data lives, and who organizations choose to partner with. If anything, it makes the case even stronger for flexible, portable, cloud-native architectures. So you are not locked into a single region or provider.

Sovereign Clouds and Sovereign AI

Sovereign Clouds and Sovereign AI

Aug 21, 2024 | Artificial Intelligence, Sovereign Cloud

The concept of sovereign AI is gaining traction. It refers to artificial intelligence systems that are designed, deployed, and managed within the borders and legal frameworks of a specific nation or region. As the global reliance on AI intensifies, the necessity to establish control over these powerful systems has become of importance for governments, businesses, and citizens alike. The rise of sovereign AI is not only a technological shift – it is a rethinking of data sovereignty, privacy, and national security. 

Data Sovereignity

Sovereign AI offers a solution by ensuring that data, AI models, and the insights derived from them remain within the jurisdiction of the entity that owns them. This is particularly critical for industries such as finance, healthcare, defense, and public administration, where data is not only sensitive but also strategically important.

However, achieving data sovereignty is not without challenges. Traditional cloud and data management systems often involve storing and processing data across multiple jurisdictions, making it difficult to ensure compliance with local laws. We need to ensure that data remains within a specific legal framework, while still benefiting from the scalability, performance, and flexibility of cloud-based solutions.

Building the Infrastructure for Sovereign AI

Does sovereign AI imply that enterprises and national clouds need to be truly “sovereign”? I am not so sure about that, but the underlying infrastructure must be robust, secure, and compliant with local regulations. IT teams and CIOs need to think about the deployment of cloud and data management solutions that are tailored to the needs of specific regions, ensuring data sovereignty is maintained without sacrificing the benefits of cloud computing:

  • Localized Cloud Infrastructure: Think about an infrastructure that ensures data does not leave the country’s borders. Different private data centers in different regions must offer the same level of performance, security, and availability.
  • Data Security: Here we talk about end-to-end encryption, access controls, and continuous monitoring to prevent unauthorized access.
  • Compliance: Infrastructure must be built with compliance in mind, which means adhering to local laws or regulations regarding data protections, privacy, and AI ethics.
  • Interoperability and Integration: The goal here is to achieve a balance between control and an adaptable cloud infrastructure.

Use AI to provide Artificial Intelligence

What happened to compute, storage, and networking is happening with data (management) as well. We see different vendors enhancing their platform and database offerings with artificial intelligence. The basic idea is to use AI and machine learning to provide automation, which increases speed and security.

Think about self-optimizing intelligence-driven databases and systems that use AI to monitor performance, identify bottlenecks, and make adjustments without human intervention, ensuring that data is always available and secure. Systems and DBs that automatically detect and respond to threats based on anomaly detection. 

Balancing Innovation with Responsibility

One of the key challenges of sovereign AI is finding the right balance between innovation and responsibility (not only regulation). While it is important to protect data and ensure compliance with local laws, it is also essential that AI systems remain sustainable, innovative and able to leverage global advancements. 

Large Language Models (LLMs) have become a cornerstone of modern AI, enabling machines to generate human-like text, understand natural language, and perform a wide array of tasks from translation to summarization. These models, built on huge datasets and advanced neural architectures, represent a significant leap in AI capabilities. However, the creation and deployment of LLMs come with substantial costs in terms of time, financial investment, and environmental impact.

Green AI initiatives are one promising approach, focusing on reducing the environmental impact of AI development by using renewable energy sources, designing energy-efficient infrastructures, and promoting transparency around the energy consumption and carbon footprint of AI models. Collaboration and open research are also key, allowing the AI community to share resources, reduce duplication of effort, and accelerate the development of more efficient and sustainable models.

Conclusion

Recent trends indicate a growing emphasis on localized cloud infrastructure, where providers are building new data centers within national borders to comply with data sovereignty laws. This trend is driven by a combination of factors, including the rise of GDPR-like regulations and growing concerns over foreign surveillance and cyber threats. Additionally, the Digital Operational Resilience Act (DORA), introduced by the European Union, emphasizes the need for robust digital infrastructure resilience, pushing organizations to adopt sovereign cloud solutions that can guarantee operational continuity while adhering to regulatory requirements. This involves not only the localized deployment of AI models but also the creation of AI governance frameworks that ensure transparency, accountability, and fairness.

The integration of sovereign cloud and sovereign AI will likely become a standard practice for public sector organizations and industries dealing with sensitive data. The latest advancements in edge computing, federated learning, and secure multi-party computation are further enabling this shift, allowing AI systems to process data locally while maintaining global collaboration and innovation.