Sovereign AI does not necessarily mean running everything on your own servers, nor using only European providers. It means keeping demonstrable control over data, identities, models, keys, operations and the ability to exit. For an SMB, the right architecture is usually hybrid: keep sensitive data and processes under tighter control and use external services for workloads where their scale and maturity add value.
What dimensions make up sovereignty
- Data: location, access, encryption, reuse and deletion.
- Technology: models, formats, APIs and portability.
- Operations: the ability to monitor, stop and recover.
- Jurisdiction: laws, contracts and requests from third countries.
- Vendor: concentration, subprocessors and an exit plan.
- Know-how: staff able to operate or migrate the system.
EU residency alone does not guarantee sovereignty, and hosting locally does not guarantee security.
Deployment models
| Model | Advantage | Risk |
|---|---|---|
| Public API | Speed, scale and advanced models | Dependency and less control |
| Private cloud | Isolation and managed services | Cost and platform lock-in |
| On-premise | Control of infrastructure and data | Operations, hardware and talent |
| Hybrid | Control proportional to risk | More complex integration and governance |
The decision is made case by case, not with a single policy for the whole company.
Classify data and actions
Before choosing a provider, inputs, outputs, logs, embeddings, memory and tools are inventoried. They are then classified by sensitivity and consequence.
Example:
| Workload | Data | Impact | Initial choice |
|---|---|---|---|
| Public copywriting | Not sensitive | Low | Controlled API |
| Internal search | Confidential | Medium | RAG with permissions and a defined region |
| Clinical records | Health | High | Segregated environment and reinforced evaluation |
| Agent with payments | Financial and action | Critical | Local permission control and human approval |
The decision is never based on prompt text alone: tools and actions can be more sensitive than the content itself.
Residency, access and transfers
You need to distinguish where data is stored, from where it is administered and which entities can access it. Remote support, telemetry, backups or subprocessors can involve other countries.
The contractual review covers:
- processing and backup regions;
- subprocessors;
- transfers and safeguards;
- use for training;
- retention of prompts and outputs;
- keys and privileged access;
- notification of changes;
- return and deletion.
Cryptographic control
Encryption is only useful if keys, identities and logs are governed. You need to define who can decrypt, how keys are rotated, what happens when the contract ends, and whether the provider retains technical access.
For critical workloads, consider customer-managed keys, separation of duties, HSMs and encrypted backups. These measures must be tested, not treated as a marketing label.
Open and proprietary models
An open model allows inspection and self-hosting, but requires validating licence, provenance, security, weights, updates and capacity. A proprietary model can offer quality and support, but requires a contract, portability and a replacement strategy.
The comparison matrix should cover:
- quality on real tasks;
- total cost;
- hardware requirements;
- licence;
- languages;
- context and tools;
- security and support;
- export and replacement.
"Open weights" should not be confused with fully open-source software.
Dependency and the Data Act
The EU Data Act sets out a framework to make switching between data processing service providers easier and to improve interoperability. This reinforces the need for contracts and architectures that allow data and digital assets to be ported.
The SMB should test the exit:
- export data, configurations and logs;
- rebuild indexes and embeddings;
- change endpoints and credentials;
- validate results with the alternative provider;
- confirm deletion at the previous provider.
A contractual right without a technical test does not guarantee reversibility.
A practical hybrid architecture
A common setup:
- master data and permissions stay in corporate systems;
- RAG retrieves only authorised fragments;
- a gateway removes or pseudonymises data;
- the model is selected based on sensitivity;
- tools run on controlled infrastructure;
- critical actions require approval;
- logs and metrics remain under the organisation's governance.
The external model receives the minimum context needed and never direct credentials.
Total cost
On-premise is not free. It includes GPUs, power, availability, updates, security, observability and staff. Cloud includes usage, data egress, services, support and dependency.
The right unit is cost per valid task, including human review and incidents. Growth and replacement scenarios should be calculated.
Security and operations
- a dedicated identity per service;
- least-privilege permissions;
- network segmentation;
- secrets management;
- injection and extraction testing;
- access and cost monitoring;
- backups and restoration;
- patching of models and components;
- a kill switch;
- an incident runbook.
An outdated local model can, in practice, be less sovereign if no one can maintain it.
Decision plan
Phase 1: inventory
Use cases, data, actions, providers and obligations.
Phase 2: classification
Impact, reversibility, residency, performance and continuity.
Phase 3: comparative testing
Same evaluation set across a public API, private cloud and on-premise. Measure quality, cost, latency and operations.
Phase 4: exit
Run portability and deletion tests before committing.
Phase 5: approval
Record the architecture, risks, conditions and review date.
Common mistakes
- Equating sovereignty with location.
- Buying hardware without an operations team.
- Ignoring telemetry and support.
- Not controlling embeddings and logs.
- Choosing based on a general benchmark.
- Relying on a single model.
- Never testing the export.
- Giving credentials to the model.
- Keeping everything local even when risk is low.
- Not calculating the cost of continuity.
Checklist
- Use cases, data and actions classified.
- Regions, subprocessors and transfers reviewed.
- Keys and identities governed.
- Quality assessed with real tasks.
- Contractual and technical portability.
- Tools kept separate from the model.
- Total cost and operational capacity.
- Alternative provider or contingency plan.
- Restoration, exit and deletion tested.
Frequently asked questions
Does sovereign AI require a European cloud?
Not necessarily, although jurisdiction and control matter. Data, technology, contract and operations must all be assessed together.
Is on-premise more secure?
Only if the organisation can configure, patch, monitor and recover it properly.
Can an SMB use a hybrid architecture?
Yes. It is usually the most proportionate option: it reserves tighter control for sensitive workloads and uses external services for the rest.
How can dependency be reduced?
With proprietary interfaces, exportable formats, separated data, reproducible evaluation and periodic switching tests.
Summum IA can support classification, testing, hybrid architecture and the exit plan.