The argument for sovereign AI usually gets framed as a values question: do you trust European law more than American law to govern your data?
That framing is comfortable and largely beside the point. Can you produce the documentation and audit trail the EU AI Act demands when the people running your compute answer to a legal system outside your auditors’ reach?
For high-risk systems, the honest answer is increasingly no, and that is what turns localised compute from a preference into a structural requirement.
Compliance pushes the control question down to the silicon
The EU AI Act’s high-risk obligations were originally due to take effect from 2 August 2026, with the rules for systems embedded in regulated products following a year later. The Digital Omnibus agreed on 7 May 2026 pushed both back, to 2 December 2027 for standalone high-risk systems and 2 August 2028 for embedded ones.
The risk-based classification and the core obligations did not change, and the delay exists because the technical standards needed to implement the rules were not ready in time.
Treating the new dates as room to defer would be a mistake because the engineering work the obligations require is identical whenever the clock runs out.
High-risk is a broad label. Annex III reaches biometric identification and critical-infrastructure systems among other categories, so a large share of regulated AI, including identity and access-control products, sits inside it.
The substance of those obligations is what matters for infrastructure. Providers of high-risk systems must draw up technical documentation covering the training and testing process, and run a quality management system that meets the Act’s accuracy and cybersecurity requirements.
Deployers must retain the logs the system generates automatically, for a period appropriate to its purpose and no less than six months.
Read those requirements as an engineer rather than a lawyer and a pattern appears: each one assumes you can reach into the running system.
You cannot vouch for the integrity of an audit log you do not administer, and you cannot make cybersecurity claims about a cluster whose physical and administrative access belongs to someone else.
The Act legislates control rather than location, and on shared, foreign-operated infrastructure, control is the thing that leaks.
The CLOUD Act is why an EU region is not EU control
The standard rebuttal is that hyperscalers already offer EU regions and locally marketed “sovereign” tiers. The problem is jurisdictional rather than geographic.
Under the US CLOUD Act, US law enforcement can require any US-based company to produce stored data regardless of where it physically sits, so a US provider holding your data in a Frankfurt facility can still be compelled to hand it over by a US court order.
This is not a hypothetical edge case. In June 2025, Microsoft’s French legal director told the French Senate under oath that the company could not guarantee French customer data would be shielded from US authorities, even data held in the EU.
The conflict has no contractual escape hatch: Standard Contractual Clauses document an intent to protect data but cannot override US legal compulsion.
For AI specifically, this bites at the training lifecycle, where pipelines and the resulting model weights can each become a transfer event under GDPR’s Chapter V and the EU Data Act’s Chapter VII.
If the entity operating any of those steps sits under US jurisdiction, the sovereignty claim fails at the layer of legal compulsion, well above where the data physically sits.
How Europe is turning sovereignty into a measurable standard
The most instructive development is that sovereignty is no longer rhetorical.
France has codified it with numbers attached. Under ANSSI’s SecNumCloud 3.2 framework, which underpins the national “Cloud de Confiance” label, a qualifying provider must ensure that neither share capital nor voting rights exceed 24% held individually, or 39% collectively, by companies based outside the European Union.
The purpose is explicit: a SecNumCloud provider has to be immune to non-EU law, and that immunity is established through the ownership structure itself.
This is precisely the test that geography cannot satisfy and that a US-parented EU subsidiary structurally fails. It is also no longer optional for the workloads that matter most.
SecNumCloud-certified services are mandatory for public agencies, and ANSSI is pushing adoption across the firms in health, energy, finance and transport classified as operators of vital importance or essential services, the same population now captured by NIS2.
The framework is demanding by design, running to several hundred security and sovereignty requirements rather than a short checklist.
The direction of travel is regional rather than only French. In November 2025, ANSSI and Germany’s BSI published a joint statement on cloud sovereignty criteria, committing to develop common criteria and a shared method for assessing them.
When the bloc’s two largest member states begin aligning their definitions of sovereign infrastructure, the question for everyone else shifts from whether such standards spread to how fast.
Localised compute as industrial policy
If the regulatory layer pulls workloads toward sovereign control, the hardware layer is where Europe is trying to make that control physically possible.
The EuroHPC Joint Undertaking has built publicly governed supercomputing capacity, including Germany’s exascale Jupiter and Finland’s LUMI, and is extending it toward AI through a network of AI Factories sited at these centres, with one planned in Lithuania.
The aim is to give European institutions and companies access to advanced accelerated compute under European governance rather than renting it from infrastructure whose ultimate control sits elsewhere.
This matters because the alternative is not neutral. Outsourcing the compute layer for citizen-facing or critical-sector AI hands a piece of state and economic capacity to entities under a foreign legal regime.
None of it requires Europe to out-scale the hyperscalers. The most advanced accelerators these clusters depend on are still designed in the US and fabricated almost entirely in Taiwan, so no European stack is fully insulated from supply-chain geopolitics.
The objective is narrower: a coherent legal perimeter around the workloads that genuinely demand one, backed by enough domestic capacity to make that perimeter real rather than aspirational.
What the mandate asks of European organisations
The sovereign AI mandate is not a single statute you can tick off. It is the cumulative weight of the AI Act’s control-dependent obligations, the transfer regime under GDPR and the Data Act, sector rules like DORA and NIS2, and national doctrines like Cloud de Confiance, all pulling in the same direction.
Our guide to data sovereignty in AI maps that full picture. The point for infrastructure is that the combined effect, for high-risk and sensitive workloads, makes any non-sovereign choice steadily harder to defend.
The practical shift is to treat localisation as an architectural property rather than a deployment-region setting.
That means asking, of every layer of the stack, one question: who can be legally compelled to act on this, and under whose law? Where the honest answer is a US parent under US jurisdiction and the workload is high-risk, the AI Act has effectively already decided.
For the workloads the mandate actually targets, localised compute is what lets the compliance claims hold, which makes it a baseline requirement rather than a costly imposition.
If your organisation is mapping which AI workloads belong inside a sovereign perimeter, SkyBiometry engineers AI factory environments and operates private AI cloud services from EU-resident infrastructure, with operational control held entirely within the European Union.
