Sovereign Cloud–Sovereign AI Conundrum: Policy Actions to Achieve Prosperity and Security

Rising geopolitical competition, digital sovereignty, and the allure of AI are driving countries to adopt sovereign cloud and sovereign AI. Countries are reassessing their dependencies on the United States and hence on U.S. cloud providers. Many countries are requiring restrictive sovereign cloud controls that go well beyond strong security, data sovereignty, and local datacenters. They are now insisting on full operational control, full governance control, and in some cases majority local (non-U.S.) ownership. Further, the allure of sovereign AI is boosting interest in sovereign cloud—even though sovereign cloud is not needed for sovereign AI.

Governments have legitimate political, economic, and security interests in cloud computing. Yet do they achieve their goals in partnership with allies in ways that increase prosperity and security, or by building walls? If nationalistic sovereign clouds become isolated “splinter clouds,” it brings huge economic costs, and fragments the open, global technology system. Sovereign clouds offer greater control, but they do not provide greater technical security. Yet sovereign controls bring higher costs, slower growth, and less innovation—making the economies that use them less competitive. Sovereign infrastructure has a poor track record of success and often becomes stranded investment, burdening economies. Restrictive sovereign clouds may simply not achieve their goals, tie countries to rapidly depreciating infrastructure, and are likely unsustainable. This paper proposes ten recommendations to achieve sovereign priorities, minimize costs, and build prosperity and security among democratic, rule-of-law nations.

This report is made possible by general support to CSIS. No direct sponsorship contributed to this report.