Data residency is not sovereignty: the four-layer map
Mario Beck

Data residency is not sovereignty: the four-layer map

Mario Beck

2026-06-16


"Our data is in an Amsterdam data center." I hear some version of that in almost every sovereignty conversation, said with real confidence, as if the matter is settled.

It isn't. The whole debate gets stuck on one word. Everyone argues about where data sits. Almost nobody asks where it gets processed. And that's the question that actually decides whether you're sovereign or just feel like it.

Here's the thing your EU data center doesn't tell you: when your team runs an AI query, that data often ships to a US inference endpoint and back. You've achieved storage sovereignty and processing dependence at the same time. The file rests in Amsterdam. The thinking happens somewhere else, under someone else's rules.

Storage sovereignty is not compute sovereignty

Data residency answers a narrow question: in which country does the file live at rest. It's real, and for some regulations it matters. But it's the easy layer, and it's the one every vendor will happily solve for you, because it lets everyone stop asking harder questions.

Compute sovereignty answers the question that counts: where does inference happen, who controls the model, and whose laws govern the moment your data is actually being read. That moment, when the model ingests your contract or your patient record to produce an answer, is when your data is most exposed. If that happens on infrastructure you don't control, your sovereignty claim has a hole in the middle of it.

If your data is "sovereign" at rest but every AI decision runs through someone else's infrastructure, you haven't reduced your dependence. You've added a round trip to it.

The four-layer map

The reason "is this sovereign?" is such a slippery question is that sovereignty isn't one thing. It lives at four different layers, and you can control some while completely missing others. Here's the map I use.

Layer 1 - Storage. Where the file sits at rest. This is data residency. It's the layer almost everyone solves, and the layer almost everyone mistakes for the whole picture.

Layer 2 - Transit. The path the data travels between systems. Encryption in transit matters here, but so does the simple question of which networks and borders the data crosses to get from A to B.

Layer 3 - Compute. Where the model reads and reasons over your data. This is the one most "sovereign AI" claims quietly skip. If inference runs on a foreign endpoint, the most sensitive moment in the whole pipeline is the least sovereign.

Layer 4 - Governance. Who can be compelled to hand your data over, and under which laws. This is the layer that survives every technical control you put in place, because it's about legal reach, not network diagrams.

Most vendors solve layer 1 and let you assume the rest. The interesting questions, the ones that actually protect you, live in layers 3 and 4. Take this map into your next procurement conversation and it turns a vague "is this sovereign?" into four specific, answerable questions.

The layer everyone forgets: jurisdiction

Layer 4 deserves its own section, because it's where the most expensive surprises hide.

Under the US CLOUD Act, a US-based provider must hand over data in its possession, custody, or control in response to a valid US legal demand, regardless of where that data is physically stored. The European Data Protection Board and European Data Protection Supervisor spelled this out plainly: the law lets US authorities require disclosure from providers under US jurisdiction "irrespective of where the data is stored." The US Congressional Research Service confirms the same: providers must produce data "regardless of whether the data is located in the United States."

In plain language: jurisdiction follows the provider, not the server. As long as your AI vendor is a US company or controlled by a US parent, localizing the data in Frankfurt or Amsterdam doesn't put it out of reach. No US hyperscaler can offer absolute protection simply by promising an EU region.

This isn't anti-American. It's just the law as written. And it's exactly why "where is our data stored?" is the wrong question, and "under whose jurisdiction is it processed and controlled?" is the right one.

The sovereign AI stack: what to own, what to rent

"Sovereign AI" sounds like an all-or-nothing moonshot. It isn't. It's a stack, and you can own the layers that matter without owning everything.

  • Your data and permissions. Non-negotiable. This is the crown jewels. Own it.
  • The index and retrieval. This should stay inside your boundary, because it's where sensitive content actually gets read and assembled into answers.
  • The model. It can be open-weight and run locally, or a controlled endpoint you choose. The point isn't to build your own foundation model. It's that you choose the model and can swap it without rebuilding everything.
  • The interface. Where people actually work. The least sensitive layer. Rent it on your terms.

The common mistake is thinking sovereignty means training your own GPT. It doesn't. It means controlling where your data is processed, and never getting locked into one provider's pipes. Own the data and the inference boundary. Rent the rest, deliberately.

On-prem is the fast track, not the fallback

There's an uncomfortable infrastructure reality in Europe. We don't have enough GPUs or large data centers, and the Netherlands is especially constrained. So you have two honest options. Wait for European hyperscale infrastructure that might take a decade to build. Or run locally, on-prem, today.

On-prem has real trade-offs. Maintenance. Capacity limits. Its own compliance work. I won't pretend otherwise. But it's achievable now for the tasks that matter most, and it sidesteps the entire "where does inference happen?" problem, because the answer becomes "in your building."

For a lot of regulated and IP-heavy companies, the fastest path to sovereignty isn't a national cloud that doesn't exist yet. It's a server they already control, running a capable model on the data they can't afford to send anywhere. Perfect sovereignty in a decade, or practical sovereignty this quarter. I'll take this quarter.

Sovereignty is a moat, not a cost

Most companies pursue sovereignty for one reason: compliance. Check the box, avoid the fine, move on. That mindset leaves the best part on the table.

Treat sovereignty as a checkbox and you only ever pay for it. Treat it as control over your own knowledge and it starts paying you back. The companies pulling ahead ask different questions. What can we build with our data that competitors literally can't access? What insights show up when we're not limited to what we're allowed to send to an external provider? What products become possible when the data never has to leave?

That's not a compliance posture. That's a moat. Your sensitive data is either a liability you spend money protecting, or an advantage you spend effort compounding. Same data, different strategy.

Ask better questions

You don't need to memorize the law or rebuild your stack tomorrow. You need to stop measuring sovereignty by where data sits and start measuring it by where it gets used and who controls that moment. The four-layer map is how you do that in a vendor call without getting lost in marketing language.

I put the full four-layer map together with the exact procurement questions to ask a vendor at each layer, as a free buyer's kit. You can get it through our newsletter here.

If you're weighing local versus cloud for a specific workflow, send me a DM. I'm happy to talk through where the line should sit for your case.

Keep me updated

One useful email a week on sovereign AI, governance, and enterprise AI that ships. Sign up and get the free Sovereign AI Playbook.

Subscribe on our newsletter page