Is Sovereign GenAI the Right Choice for Your Company?

Until recently, data sovereignty was an issue of concern only to a CDO and compliance teams. However, the topic has moved to the forefront of debate in recent months: in a recent survey, every respondent – 100% of those interviewed – said data sovereignty risks, including the possibility of service disruption, have caused their organizations to consider where their data is located. In the same survey, 92% of respondents said not adequately dealing with data sovereignty concerns can lead to reputational damage, and 85% said this would result in loss of customer trust2. 

So why has a previously niche topic moved to the forefront of executive thinking? The answer – as is invariably the case lately – is the accelerating use of GenAI. GenAI needs access to data – often an organization’s most sensitive data: and there is a perfect storm of events that makes the decision of where to store data a vitally important one.  

Firstly, there is a surge in global data protection laws, such as GDPR, the California Consumer Privacy Act (CCPA), and India's Digital Personal Data Protection (DPDP) Act, which impose strict rules and severe penalties for mishandling data. At the same time, geopolitical tensions and regulations like the U.S. C.L.O.U.D. (Clarifying Lawful Overseas Use of Data Act) have heightened concerns about safeguarding intellectual property. (The C.L.O.U.D Act requires U.S. technology companies to provide requested data to U.S. law enforcement, regardless of where the data is stored globally: this creates a direct conflict with other jurisdictions' data protection laws, such as the EU's GDPR, and is driving demand for sovereign cloud solutions that keep data under local control).  

Meanwhile, the expansion of cloud computing and AI technology makes it even harder to guarantee data stays within a desired jurisdiction, amplifying challenges around compliance and intellectual property security. As a result, many organizations lack clear visibility into their data’s whereabouts, highlighting the urgent need for stronger governance and tools to track data across borders. Simultaneously, customers are becoming increasingly privacy-savvy, demanding robust data protection and rewarding brands that deliver transparency and control.

Together, these factors underscore why mastering data sovereignty is now essential for regulatory compliance, customer trust, and business resilience.

The Gartner research highlighted above points to several key challenges. The first is the absence of a uniform set of global best practices and standards for AI governance: this is forcing enterprises to develop region-specific strategies, which limits the scalability of AI solutions and creates operational inefficiencies. Many of these arise from the complexity of managing data flows across borders, each with different and evolving AI regulations, and each increasing the risk of non-compliance and potential legal disputes. 

In addition, the rapid uptake of GenAI technologies has outpaced the development of robust data governance and security measures, raising significant concerns about data localization and proper data handling. Employees’ use of unapproved AI tools ("shadow AI") further escalates these risks, as sensitive data can be inadvertently exposed to systems outside the corporate security framework. 

Sovereign GenAI refers to solutions that operate strictly within defined jurisdictional boundaries, ensuring data remains protected under local regulations. Deploying GenAI on a private cloud takes this concept further by giving organizations direct control over their data storage and processing environments. This approach not only helps meet legal and regulatory requirements but also addresses mounting concerns about inadvertent data leaks associated with public cloud services.

In 2025, Microsoft suspended the email access of the chief prosecutor for the International Criminal Court (ICC), Karim Khan (although the company denied claims that it had cut off email access to the ICC as a whole). This action was taken in direct response to US government sanctions imposed against ICC personnel investigating Israeli politicians. 

Although not related to GenAI, the move highlighted the power of the US government to influence data access over international and European customers using US-based tech services, even when the data is stored in European data centers. It caused significant alarm among European Union officials regarding the reliance of European entities on US-controlled technology and fueled calls for greater "digital sovereignty".

Deploying GenAI in a private cloud environment offers several advantages. Organizations gain enhanced control over data localization, reducing exposure to external threats and regulatory uncertainties. Private cloud implementations also support tailored security measures, allowing businesses to address specific compliance requirements and risk profiles. By keeping critical data within trusted boundaries, companies can maximize the value of their information assets while minimizing the fear of unauthorized access or misuse. 

On the other hand, setting up and running a private cloud requires a big investment in equipment, software, and skilled staff and, unlike public clouds that offer nearly unlimited resources, private clouds are limited by their physical size and must be upgraded as needs grow. In addition, maintaining the privacy and compliance of a private cloud secure and compliant takes constant monitoring and maintenance, which can put a strain on IT teams. Finally, public cloud providers introduce new AI features and updates very regularly, advancements that may be slower to reach the private cloud environment.

Sovereign GenAI is particularly beneficial for sectors where data confidentiality is crucial. Defense companies, contract managers, and product development teams frequently require tools that guarantee data sovereignty, especially when working on sensitive projects or strategic roadmaps.  

For these organizations, adopting sovereign GenAI solutions like those offered by Orange Business not only reduces risk but also provides a competitive edge by ensuring compliance and building stakeholder trust. Conversely, smaller organizations or those with less stringent data requirements may find public cloud GenAI solutions more cost-effective and flexible, provided they implement strong data governance measures.

Orange Business addresses these challenges with a suite of sovereign data offerings designed to safeguard customer information and maintain regulatory compliance. Live Intelligence provides differentiated levels of data protection, making it possible for defense companies and contract managers to operate securely. By enabling a sovereign mode, Orange Business ensures that sensitive data remains under customer control, protected from external access and cross-border legal complexities.  

Orange Business also puts a trusted-by-design philosophy at the heart of its approach to mitigate risks such as bias and to ensure accountability. All its AI systems are developed with:

• human oversight
• integrated safeguards
• adherence to an internal Data & AI Ethics Charter
• a Responsible AI Design Authority, which classifies AI projects by risk level to ensure appropriate safety measures are in place

As AI adoption accelerates, the need to safeguard data integrity and comply with local regulations is becoming a decisive factor in technology strategy. Sovereign GenAI, particularly when deployed on private clouds, offers compelling advantages for organizations that prioritize data protection and regulatory compliance. However, businesses must also consider the associated costs and operational challenges.  

Orange Business’s sovereign data capabilities address the unique challenges of cross-border breaches and cloud vulnerabilities, offering business leaders a reliable path to secure, compliant, and trustworthy AI adoption. By working with Orange Business to carefully evaluating their risk profile, industry requirements, and long-term goals, companies can determine whether sovereign GenAI is the right choice for them.