AI raises a question most organizations haven’t answered yet: who really controls the foundation?
In a recent presentation at the AI-Ready Data Summit, Matthew Miller, Sr. Principal Chief Architect, Field CTO Office at Red Hat, showed that AI sovereignty isn’t a policy debate but an infrastructure strategy.
Every AI system depends on choices about data, technology, operations, and control. Those choices determine whether you own your AI – or rely on someone else’s. Sovereignty comes from designing environments that keep that control in your hands: portable across cloud, on-prem, and edge, resilient by design, and strengthened by open source rather than locked into dependencies.
Access to powerful models is no longer an advantage. The advantage is using them on your own terms, with the infrastructure and governance to support it.
Digital Sovereignty: What It Means and Why It Matters
AI sovereignty falls under the broader category of digital sovereignty.
Digital sovereignty is the ability of an organization to independently control and protect critical infrastructure, maintain legal jurisdiction over data, reduce external dependency, and preserve the freedom to innovate on its own terms.
From this perspective, sovereignty is a sliding scale, not a binary state. The more control an organization has over its infrastructure, operations, code, and data, the less exposed it is to third-party decisions, disruptions, and opaque practices.
Sovereignty breaks down into four connected dimensions:
- Data sovereignty, which focuses on control over the data itself.
- Technology sovereignty, which concerns control over the underlying technology stack.
- Operational sovereignty, which is about the ability to run and manage systems independently.
- Assurance sovereignty, which deals with verifying integrity, compliance, and security.
Together, these create the broader sovereignty posture of an organization.
Why AI Makes Sovereignty More Urgent
AI itself isn’t new. What’s new is the scale and accessibility of large foundation models.
The problem is that these models are not trained on most organizations’ proprietary data. In most cases, the intellectual property that gives a company its advantage is not inside the public foundation model.
That brings about a strategic decision: do we bring our data to someone else’s model, or do we build infrastructure that allows us to use AI while protecting our own information?
That question is really at the center of AI sovereignty.
Organizations need infrastructure that is resilient, protects their data, and supports AI workloads without exposing critical information to outside parties. Once AI becomes embedded in core workflows, this stops being a technical preference and becomes a business risk question.
Open Source and Digital Sovereignty
One of the clearest arguments in favor of sovereignty is the role of open source. A useful analogy is that open source is the blueprint, while digital sovereignty is the fortress.
Open source gives organizations access to the architectural plans. Teams can inspect the code, understand how it works, check for hidden risks, modify it to meet their needs, and avoid dependence on opaque black boxes. Sovereignty is what allows them to take that blueprint and turn it into a secure, independent, controlled environment.
You cannot really claim one without the other.
If sovereignty means independence and control, then open source is one of the strongest enablers because it removes the mystery from the underlying software. It allows organizations to verify how systems behave rather than simply trusting an external vendor’s word.
That matters even more in AI, where black-box behavior is often treated as normal. If organizations want systems that remain trustworthy years from now, they need transparency. Open source makes that possible by allowing teams to inspect, improve, and adapt what they run.
How Open Source Supports Sovereignty
Open source aligns closely with each dimension of sovereignty:
- In data sovereignty, open source reinforces the boundaries around proprietary information. It creates an environment in which organizations can decide how data is used, where it flows, and how it is protected from exposure or misuse.
- In technology sovereignty, it gives organizations access not just to the surface-level application but to the deeper mechanics of the technology itself. That reduces lock-in and increases control.
- In operational sovereignty, open source supports running anywhere: on-premises, at the edge, or in the cloud. That flexibility matters because operational resilience increasingly depends on avoiding single deployment assumptions.
- And In assurance sovereignty, it supports independent verification of integrity, security, and compliance. This matters when organizations work with highly sensitive intellectual property in rapidly changing environments.
At the national level, the same logic applies. Sovereignty enables governments and regulated sectors to operate critical systems without relying entirely on external services or foreign-controlled platforms.
Where Red Hat Fits In
From this perspective, Miller frames Red Hat’s role as extending its hybrid cloud foundation into AI.
The idea is to provide a trusted and consistent base across physical infrastructure, virtualization, private cloud, sovereign cloud, public cloud, and edge environments; not simply to run workloads anywhere. AI adds another layer of complexity, as organizations now need support for hardware acceleration, model serving, training, inference, and portability across accelerators.
That is a difficult problem, because enterprises increasingly want to run any model on any hardware in any environment without losing performance, control, or resilience.
The focus, then, is on combining open runtimes, validated models, and accelerator support in a way that lets organizations interact with their own data and models inside boundaries they control and trust.
AI Infrastructure Challenges
Portability
Enterprises don’t want to be forced into a single hardware vendor, a single cloud, a single inference path, or a single deployment location. They want the ability to move between on-premises, cloud, and edge based on business, regulatory, economic, or resilience needs.
That is why platform consistency matters so much.
A consistent foundation enables teams to validate popular models, work across accelerator ecosystems, and maintain high-performance inference without constantly redesigning the underlying architecture. It also supports cost control, because enterprises need to think about AI in terms of sustainable operations, not just raw experimentation.
Beyond Model Serving
The broader AI platform challenge is not only about serving models.
Organizations increasingly need support for retrieval-augmented generation, retrieval-augmented fine-tuning, synthetic data generation, model evaluation, training pipelines, workbenches, AI guardrails, and agentic workloads. That means the platform must be modular enough to support multiple AI development modes without forcing teams into fragmented or incompatible workflows.
This is where a full-stack approach starts to matter. The organization needs not just a model endpoint, but a broader application platform that supports scientists, developers, operators, and governance teams together.
The Real Bottleneck: Data
Even with all the excitement around models, the limiting factor for most organizations is still data. Data is often the part that slows adoption the most. It’s the piece that creates the most friction when teams try to scale AI beyond experimentation.
A practical example is token limits and service constraints. Teams may find that the provider they rely on can only support a certain inference window, or that their workload becomes uneconomical at scale. What starts as a simple test quickly turns into a platform design problem.
That becomes even more pressing as organizations move toward agents, coding assistants, or internal productivity systems. If a third-party service fails, becomes unavailable, or no longer fits the economics of the use case, the organization cannot afford to simply stop operating.
That is why the platform underneath matters: the infrastructure has to support the foundations that make AI reliable at enterprise scale.
Microservices, AI, and Enterprise Scale
The same principles that drove microservices adoption now shape AI platform design.
Microservices require resilient, portable, scalable platforms. AI does too. In many ways, AI inherits the same infrastructure logic and then adds even more complexity through accelerators, model runtimes, guardrails, agents, and data-intensive workflows.
The goal is to give organizations a platform they can deploy anywhere, use with any accelerator, and adapt to various AI workloads. That includes training, inference, model serving, agents, workbenches, guardrails, and model-as-a-service patterns.
From there, the strategic value becomes the ability to pivot. An organization may want to move from the cloud back to the data center, route traffic differently between self-hosted and third-party inference services, or adopt more autonomous, agentic systems without being trapped by its current choices.
That flexibility is one of the strongest expressions of sovereignty.
AI Sovereignty in the United States
A useful question came up during the discussion: Does sovereignty only matter outside the United States? The answer is no. In the US, the same concerns often appear under a slightly different label: operational resiliency.
Most organizations understand that the AI services they consume come with service-level agreements, token limits, dependencies, and constraints. But many business-critical workflows cannot tolerate those external limitations if they become too restrictive or unreliable.
In that context, sovereignty becomes the ability to control scale, availability, and cost in a way the organization understands. It provides a path for experimenting with new AI technologies while still preserving the option to run them inside internal environments when needed.
This is especially important when regulatory requirements, security incidents, or service disruptions make reliance on external systems risky. If a service becomes unavailable, compromised, or economically unviable, the organization must still function.
Data sovereignty also matters in the US context because control of intellectual property depends on more than where the data sits: bringing data into outside services can create paths for reconstruction, leakage, or clean-room replication of proprietary value.
So, even when the legal framing differs, the underlying business issue is the same: control matters.
Final Takeaways
AI sovereignty is an infrastructure strategy.
Organizations need to think carefully about who controls the foundation beneath their AI systems. That means control over data, technology, operations, and assurance. It also means understanding that open source and sovereignty reinforce each other. And building environments that can run across clouds, data centers, and edge locations while preserving resilience and flexibility.
Most of all, it means recognizing that AI success depends on the infrastructure and governance to use powerful models on your own terms.
As AI adoption accelerates, the organizations that will benefit most are the ones that maintain control over their foundations.
That control comes from sovereignty: the ability to protect data, reduce dependence, preserve operational resilience, and keep strategic options open as technologies change.
In that sense, AI sovereignty is as much about freedom as protection: the freedom to innovate, adapt, and scale without giving away control of the most important parts of the business.
Want the full session? Watch Matthew Miller’s talk on demand at the AI-Ready Data Summit.
