Sovereignty Over Storage Is Not Sovereignty Over Action

MIT Technology Review Insights and EnterpriseDB published Establishing AI and data sovereignty in the age of autonomous systems this week, drawing on a survey of more than 2,050 senior executives and a series of expert interviews. It is a prominent industry statement of where the sovereign-AI conversation currently sits. The headline finding is that 95% of organisations plan to establish their own AI and data platforms within three years. The centre of gravity in the report’s proposed answers is substrate: where the data sits, who owns the silicon, which jurisdiction’s subpoena reaches it, which open-source database can underwrite the stack. That is a real conversation and the architectural patterns the report surveys are mostly the right ones. They are also mostly answers to a different question than the one the rest of the report keeps gesturing toward.

Yesterday I argued that sovereignty, once an autonomous system is doing work, has to include the capacity to refuse an action it cannot authorise. I will not re-make that argument here. What this post does is examine where the MITTR report itself walks up to the line.

The Substrate Conversation Is Now Mainstream

Three years ago “sovereign AI” was a procurement phrase used mainly in defence and regulated banking. The MITTR report is one of several signals that it has become a broad enterprise concern: 85% of surveyed organisations cite security and resilience as a sovereignty motivation, 74% cite data localisation, 72% cite ownership and control. The proposed answers are infrastructure answers. Confidential compute, edge inference, post-quantum cryptography, hybrid cloud arrangements, a converged data platform that runs transactional, analytical, and AI workloads on a substrate the organisation owns. None of this is wrong, and the patterns the report surveys are the right ones at that layer.

Kevin Dallas, EDB’s CEO, supplies a separate data point on the demand side: internal EDB research indicates that 70% of global executives believe they need a sovereign data and AI platform to be successful. On the underlying demand reading, I agree with EDB. The appetite is real and not bound to one sector or jurisdiction; the question is what sovereign has to mean to satisfy it.

But the substrate question of where the work happens, who controls the equipment, and whose laws reach it has been answered with this kind of architecture before. The cloud-versus-on-premises debate, the data-residency conversation following Schrems II, the broader GDPR jurisdiction story: these are all variants of the same procurement question, and the same kinds of answers grew up around them. What is new in the autonomous-AI era is not the substrate question. It is what runs on top of the substrate, and what that runtime can do without anyone being asked.

Where the Report’s Own Quotes Walk Up to the Line

Look closely at the experts the report quotes and you find them reaching for vocabulary the report itself does not provide. Michael Schrage from MIT Sloan’s Initiative on the Digital Economy draws the distinction sharply: data sovereignty is about custody and control, but AI sovereignty is “the entire decision environment and the operational authority that surrounds it.” Later he warns that treating the work as box-ticking compliance misses the point: the question is “decision governance and decision rights, not just box-tick compliance.” Devin Pratt at IDC narrows it further: sovereignty must define “which agents can touch the data, in which region, under which policies, and how all of that is monitored and audited.” Mukesh Chandak at Thales surfaces the operational stake plainly. When a user engages an autonomous worker that taps another worker that taps a third, the question of who governs what becomes, in his words, increasingly unclear.

Each is naming the same gap, and none gets a structural answer in the report. The closest the report comes is a list of architectural building blocks at the substrate boundary: confidential compute, edge inference, hybrid deployment, converged data platforms, all useful and increasingly deployable but none of them answering the question Schrage names. The vocabulary stops where the substrate stops.

A Case the Substrate Cannot Reach

Air Canada’s chatbot, in 2022, made a commercial representation about the airline’s bereavement-fare policy that did not match the actual policy. The customer relied on it. The British Columbia Civil Resolution Tribunal found the airline liable for negligent misrepresentation in 2024 and rejected the suggestion that the chatbot was a separate entity from the company that deployed it. None of this turned on where the chatbot ran or whose silicon it ran on. What the case exposes architecturally is whether the autonomous system had been delegated the authority to make that representation, and whether anything had verified the delegation before the action crossed the boundary.

The chips were sovereign by anyone’s definition. The action that just left the boundary was nothing the airline had delegated. That is the gap the substrate framing cannot close, regardless of how onshore or how owned the substrate becomes.

What the Report Sees and What It Does Not

The MITTR report is an honest snapshot of where the field currently sits. The substrate question has been named clearly, deserves the architectural response the report surveys, and is on a path to mainstream deployment. The harder question — which Schrage, Pratt, and Chandak each gesture at without naming structurally — is what regulated deployments will need to add before audits get specific. The demand the report identifies is real. The architectural answer that satisfies it is not yet what the report describes.