Compute sovereignty: The strategic importance of digital infrastructure

Compute sovereignty has been reframed from a compliance matter to a major strategic initiative. The convergence of compute infrastructure and AI capability means digital infrastructure carries weight similar to energy, water and transportation networks. Disruption — whether through technical failure, geopolitical action or regulatory intervention — can cascade into cross-sector operational failures. Regulatory frameworks are beginning to reflect this, but enterprise governance is still catching up.

Three structural forces are elevating the importance of compute sovereignty:

AI and advanced computing as strategic assets

AI and advanced computing have transformed digital infrastructure into a strategic asset. Rapid adoption of AI and advanced computing means computing power, specialized chips, frontier models and energy assets have become foundational to autonomy, economic competitiveness and national security. Access to compute capacity, accelerators and cloud services impacts innovation velocity, operational performance and ecosystem development — all of which raise the stakes for availability, cost, business continuity and operational resilience.

Large language models and AI as a service introduce new categories of sovereignty risk. Large-scale frontier models, developed primarily by US- and China-headquartered labs, are offered as managed API services and trained on data that may include enterprise content, representing a dependency that combines software, data, intellectual property and compute risks. Sovereignty issues arise regarding training (where it occurs; who can access data; data provenance), models (who owns and controls the "weights"  that assign importance in AI decision-making; where weights reside), inference (where prompts and outputs are processed; retention policies) and evaluation (auditability, bias testing, security testing).

Geopolitical fragmentation and expanding regulation

Sanctions and export controls on AI chips, cross-border disputes related to data access, extraterritorial legal instruments, and expanding national and regional frameworks spanning privacy, cybersecurity, resilience and AI governance increasingly shape what technology can be used, where, and by whom.

A concrete manifestation is that governments may compel disclosure of data held by companies subject to their laws, regardless of physical data location (e.g., the USA CLOUD Act and FISA section 702), creating legal exposure for enterprises handling personal data, regulated content or commercially sensitive information. Policy responses aim to reduce exposure to extraterritorial reach through ownership and operational constraints, but the effectiveness of such regimes remains an important consideration for risk owners. 

Market concentration in key technology layers

The dominance of US-headquartered firms across the cloud, AI and semiconductor sectors makes sovereignty a matter of strategic autonomy and national economic competitiveness, intensifying perceived concentration and dependency risks. As a result, the sovereignty "surface area" expands beyond data residency to include operational controls and resilience, procurement and supply-chain dependencies, and legal jurisdiction.

Software sovereignty is equally critical but often overlooked. Commercial software licenses can be suspended or revoked, either by the vendor or under government compulsion. Software dependencies — particularly those embedded in managed cloud services — can create invisible ties that make workload migration difficult or impossible, even when the underlying compute infrastructure is portable.

Technology pillars of sovereignty

The transition of sovereignty from abstract principle to architectural implementation raises questions of "where" (workload and data placement) and "how" (operational control and assurance).

Compute infrastructure, control planes and security

The control plane — IT software that manages compute resources, directs data flows and enforces policies — is the most sovereignty-sensitive technology component. Whoever controls the control plane controls the infrastructure. In hyperscale cloud environments, the provider operates the control plane, and customer access is limited. And when the control plane resides outside local jurisdiction, sovereignty can be compromised. Sovereignty requires either operational authority over the control plane by local, trusted personnel or the technical ability to verify and constrain what the control plane can do.

Ownership and operational control of physical compute infrastructure — servers, networking equipment, storage — represents one path to compute sovereignty, but it involves capital expenditure and operational complexity. Private cloud and on-premises deployments operated by trusted entities can offer strong sovereignty guarantees but require significant investment and may fall short of hyperscalers' global reach, performance and breadth of services.

Encryption, key management and secrets management are crucial to sovereignty, ensuring that the data owner maintains legal and operational control. Encryption backstops data residency regulations by rendering data unreadable to unauthorized entities. Cloud service providers are increasingly highlighting cybersecurity measures as part of the sovereign cloud value proposition.

Technology supply chain

The global technology supply chain is concentrated and geopolitically exposed. Most silicon-based semiconductors and microprocessors are manufactured in Taiwan, the US, Mainland China and the Far East, and chip export limits can curtail local AI model training. Advanced chip designers and semiconductor manufacturers (NVIDIA, TSMC, Intel, AMD, ARM) wield structural power through hardware supply, with export controls shaping regional AI capabilities. Networking hardware is similarly concentrated, with some vendors facing persistent — if largely unsubstantiated — concerns about potential hidden access capabilities in defense and national infrastructure contexts.

The current US administration’s shifting positions on semiconductor export controls illustrate how chip supply can be used as a geopolitical instrument. The 2022 CHIPS Act restricted NVIDIA GPU exports (primarily to China) to limit access to frontier AI compute capabilities. Subsequent Trump administration modifications have shifted the focus from subsidies promoting domestic semiconductor manufacturing to export tariffs. Enterprises operating globally must recognize supply chain concentration risk and prioritize supply chain diversification.

Further, US-based AI model builders (OpenAI, Anthropic, Google, Meta, xAI) dominate, with emerging competitors in China (Qwen, DeepSeek) and notable exceptions including Mistral (France) and Flacon (UAE).

Software stacks and open source

Software is an often-overlooked dimension of the sovereignty discussion. Access to software-dependent cloud services can be suspended or revoked, either by vendors or at the direction of their home country governments. As noted above, software dependencies embedded in cloud services can significantly hinder workload migration.

The EU’s emphasis on open source and open digital ecosystems reflects the homegrown technology dimension of its digital sovereignty strategy. However, open source requires skilled personnel, may lack the managed service capabilities of commercial offerings, and can itself develop concentration risks around a few dominant contributors.

Governments and enterprises increasingly look to open-source software to mitigate sovereignty risk and vendor lock-in. Technologies such as Kubernetes for container orchestration and the Linux operating system provide vendor-neutral foundations that can be deployed, modified and supported by any competent technical team. At the AI layer, open-weight models from Meta (Llama), Mistral, and the broader Hugging Face ecosystem provide alternatives to proprietary API services.

Energy and capital

Energy, once background infrastructure in the technology landscape, has become a foundational component and constraint in the AI era. Compute sovereignty for AI and cloud requires a massive, continuous and secure electricity supply to power data centers and the AI factories housed within them. Jurisdictional controls and data residency and processing requirements necessitate localized infrastructure, which, in turn, requires reliable access to cost-efficient power and associated infrastructure (e.g., generators, power distribution, cooling and battery energy storage systems). Energy access is emerging as a determining factor in the feasibility and cost of compute sovereignty.

The energy intensity of GPU-based compute for large-scale AI training and inference is well documented. The figure below shows the estimated power capacity required for IT equipment in current and announced data centers at regional and select country levels.