Sovereign is Not a Postcode
Technology Vendors miss the point about Sovereignty
Domain: Technology & AI | Arc 9: The Language of Technology | Theme: A word doing work it was never designed for.
The meeting had been going well. The vendor was confident, the slides were clean, and the technology was genuinely impressive. Then someone asked the question that is supposed to end the conversation before it gets uncomfortable.
Is this sovereign?
The answer came back without hesitation. The data would be hosted in a UK datacentre. No information would leave the country. Everything would be compliant with UK data protection requirements.
The person who asked nodded. The meeting moved on.
Nobody in the room asked what sovereign actually means. Nobody asked about the development team building the platform, or where they were based. Nobody asked about the support engineers who could access the environment when something went wrong, or which jurisdiction their employment contracts sat in. Nobody asked about the legal entity that owned the platform, or where a court order served on that entity would be processed. Nobody asked about the hyperscaler underneath it all — the American infrastructure company whose terms and conditions, whose legal obligations under foreign law, whose response to a lawful request from a foreign government, applied to every byte of data sitting in that UK building.
And nobody, not once, asked about the model itself. Where it was trained. On whose data. Under whose law. By people with what access to what systems, in what country, with what relationship to what state.
A postcode is not sovereignty. It never was.
The word has been doing a lot of work it was never designed to carry. Sovereignty, in the context of technology, has a precise meaning: the ability to maintain full, uninterrupted, legally enforceable control over your data, your systems, and the decisions they make, independently of any foreign entity, any foreign jurisdiction, and any foreign infrastructure, even if every external dependency were removed.
That is a demanding definition. Most organisations that claim to have sovereign AI do not meet it. Most of them know this, somewhere, and have decided not to look too closely. That is a legitimate business decision, but only if it is a conscious one, made with a clear understanding of what risk is being accepted. What is happening instead, in most cases, is something different: a decision made without examination, based on a reassurance that sounded like an answer but was not one.
The datacentre location is the most common form of this non-answer. It is offered sincerely, in many cases, by people who genuinely believe it addresses the question. It does not. A datacentre in the UK that runs on Amazon Web Services, Microsoft Azure, or Google Cloud is subject to the Cloud Act — American legislation that allows US law enforcement to compel US cloud providers to produce data stored anywhere in the world, including the UK. The building is British. The infrastructure is not. The legal exposure follows the infrastructure.
This is not a theoretical concern. It is a structural reality of how the major hyperscalers operate, and it has been established in law. Any organisation told that UK datacentre location equals sovereignty should ask one further question: on whose infrastructure? The answer will tell them whether the reassurance they received was accurate.
But even that is the shallow version of the problem. The datacentre and the hyperscaler are at least visible, they appear in contracts, in procurement documents, in the architecture diagrams. The model is different. The model is almost invisible to the organisations deploying it.
When an AI platform is trained, it is trained by people — engineers, researchers, data scientists — operating in a specific geography, under specific employment law, with specific access to the weights, the training pipeline, and the data used to build it. When the model is updated, those same people are involved. When something goes wrong and the vendor’s support team needs access to diagnose it, those people may be anywhere.
Nationality of a datacentre and nationality of a model are entirely different things. A model trained in a country with a history of state-directed corporate intelligence gathering does not become a different model because its outputs are served from a server in London. The intellectual property it has absorbed, the access that was granted during its development, the data it was trained on, none of that changes because of where the inference happens.
Now ask the question that most organisations are not asking: would you host your most sensitive commercial models, your proprietary research, your competitive intelligence, in a country whose government is known for systematic intellectual property theft? Not the data centre. The model. The thing that learns from your data, absorbs the shape of your thinking, and reflects your organisation’s knowledge back at you.
For a commercial research organisation, the answer to that question has direct consequences for competitive position. For a defence contractor, it has consequences of a different order entirely. For a law firm, a financial institution, a pharmaceutical company, the question is not abstract. The model that your organisation trains on your proprietary data is an asset. Where that asset sits, who can access it, and under whose law it is protected are questions that belong in the boardroom, not the IT department.
The third layer is the one that requires the most honesty to examine, because it does not come from the vendor, it comes from within the organisation itself.
A genuinely sovereign AI capability means the ability to continue operating, at full functionality, if every external dependency were severed tomorrow. The development team would need to be domestic, or at minimum operating under domestic legal frameworks with no access obligations to foreign states. The infrastructure would need to be owned or exclusively licensed, not rented from a hyperscaler. The model would need to be trained, maintained, and updated under the organisation’s control, with documented oversight of who has accessed it and when. The legal entity holding the contracts would need to be subject to domestic courts.
Almost no commercial AI deployment meets all of these criteria. That is not, in itself, a crisis as most organisations do not need full sovereign capability. The question is whether the level of sovereignty actually achieved matches the sensitivity of what is being processed.
A company running AI over its marketing copy does not need sovereign infrastructure. A company running AI over classified government contracts probably does. A pharmaceutical company using AI to accelerate drug discovery research sits somewhere between those two points, and where exactly depends on judgments about competitive sensitivity, regulatory obligation, and acceptable risk that only that organisation can make.
The problem is not that organisations are accepting imperfect sovereignty. The problem is that they are accepting it without knowing they are doing so, reassured by a datacentre location, a compliance certificate, or a vendor’s confident answer to a question that should have been examined rather than closed.
Sovereignty is a business decision. It always has been. Organisations make risk-based decisions about data residency, vendor access, and infrastructure dependency all the time. The question is whether those decisions are being made deliberately, with the full picture, or whether they are being made by default by accepting the first answer that sounds like a satisfying conclusion.
The satisfying conclusion, in this case, is a postcode. It tells you where the data is stored. It tells you nothing about who controls what happens to it, who can access the systems processing it, whose law governs it when there is a dispute, or what the model that is learning from it is doing with what it learns.
Those are the questions that determine whether sovereignty is real or decorative. And they are not being asked, in most of the meetings where the word is used.
Four questions to sit with:
If you asked your AI vendor today which hyperscaler provides the underlying infrastructure for your deployment, could you get a complete answer and do you know what the legal implications of that answer are for your data?
Do you know where the people are who can access your AI environment — developers, support engineers, operations teams — and what legal obligations they operate under in relation to your data?
If your organisation trains or fine-tunes an AI model on proprietary data, do you know where that model sits, who has had access to it, and what the contractual position is on intellectual property ownership?
And the question underneath all of these: when your organisation last said yes to something because it was described as sovereign did anyone in that conversation define what the word meant?
You’re reading The Next Evolution by Neil Catton, articles that explore the human world and the intersection of technology, they try and ask difficult questions - not to scare - but to inform. If someone forwarded this to you, you can subscribe free at neilcatton.substack.com.
Neil Catton is the author of The Next Evolution, The Cognitive Crucible and The Shadow System - available on Amazon, and writes at the intersection of technology, ethics, and human purpose.