IT Brief Canada - Technology news for CIOs & IT decision-makers
Canada
International Women’s Day
366 opinions Read now

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Ai sovereignty secure datacenter on bedrock shield circuitry
#
Data Protection
#
Private Cloud
#
Hybrid Cloud

No compromise: Designing AI operations for sovereignty and reliability

Thu, 26th Feb 2026
By Shankar Gomathi, SVP, Software Engineering, OpenText

Think globally but execute locally. That is easier said than done as AI sovereignty has become a defining challenge for modern IT operations. As organizations expand their use of artificial intelligence, IT Ops leaders must navigate a dense and often contradictory landscape of geopolitical data privacy and AI governance regulations. 

The scale of regulatory complexity is immense: 144 countries have enacted national data privacy laws and 70 countries have implemented national AI strategies or policies. These overlapping rules place AI systems under unprecedented scrutiny while simultaneously demanding high performance, resilience, and reliability. That challenge is reflected in a recent Ponemon Institute study, in which 53% of respondents say it is very or extremely difficult to reduce potential AI security and legal risks.

AI sovereignty: One core requirement and multiple operational risks

At the heart of AI sovereignty is a simple but demanding requirement: Sensitive data, model artifacts, and operational telemetry must remain within approved national or regional boundaries. AI sovereignty goes together with Cloud sovereignty, which is architected, operated and governed such that all data remains entirely within a specific legal jurisdiction -- and with strict controls for data residency, access, and regulatory compliance. It's simple yet demanding: Sensitive data, model artifacts, and operational telemetry must remain within approved national or regional boundaries.

These concepts align with the broader definition of digital sovereignty, which emphasizes the need to develop, deploy, and govern AI systems using infrastructure, data, and models that organizations fully control within their legal and strategic borders. For IT operations, this means rethinking everything from infrastructure design to observability. Systems that once relied on locally centralized architectures now must operate globally with data residency shaping deployment patterns, access models, and incident response workflows. 

This shift introduces new operational risks. Regionalizing AI workloads can slow deployments, reduce the uniformity of reliability across environments, and complicate incident response, especially when telemetry cannot cross borders. How, then, can AI operations be engineered so sovereignty and reliability reinforce one another rather than compete?

Building a solid foundation with IT operations

To build such systems, IT teams must understand sovereign AI's foundational elements. These include: 

  • Infrastructure sovereignty:  AI can run in the organization's on-premises private cloud, in a sovereign private cloud, or in applications running in a sovereign cloud. This ensures full organizational control, reducing dependence on hyper-scalers, and minimizing risks from external or foreign influence.
  • Data sovereignty: AI keeps data stored and processed under local laws and gives full control over model training and updates
  • Governance sovereignty: AI enables internal oversight for fairness, accountability, and auditability. 
  • Operational Continuity: AI systems continue to operate if external services become unavailable.

Together, these components illustrate why sovereignty is fundamentally an IT operations concern. Teams are responsible for the infrastructure that enforces boundaries, pipelines that ensure compliant data flow, controls that secure model behavior, and operational processes that preserve system continuity under legal constraints. Organisations also can rely on third-party, AI-sovereign solutions to handle many of the tasks, but the IT Ops Team then must play a significant role in selecting the right vendor.

Creating environments where sovereignty and reliability coexist requires deliberate engineering. One critical approach is adopting policy as code. By embedding regulatory rules directly into deployment and operational workflows, they become enforceable, testable, and version controlled. This reduces the risk of drift across regions and ensures operational compliance. 

A second pillar is establishing controlled access that reflects the realities of sovereign boundaries. Teams must incorporate systems – whether built internally or purchased from a trusted vendor -- in which data, models, and operational tooling are segmented regionally with strict access controls tied to jurisdictional constraints. Instead of broad administrative roles, access must be contextual and narrow to ensure users and systems interact only with permitted data and resources. This reduces the risk of cross-border exposure and allows teams to maintain clarity and efficiency in daily activities. If the right vendor solutions are in place, IT Ops will not break the sovereignty offered by those solutions.

Equally important is rigorous observability. Traditional monitoring approaches assume unrestricted data flow into centralized logging and analytics systems. Sovereignty requires IT operations adopting federated observability models where logs, metrics, and traces remain local, while sharing only essential, nonsensitive insights globally. This gives regional teams visibility required for timely incident response, enables global coordination without violating data residency rules, and helps preserve system reliability across distributed environments. Also, a CMDB can further strengthen compliance and reliability coexistence with a unified, continuously updated view of AI models, data sources, infrastructure components and interdependencies across regions. 

A clear to path coexistence

Sovereignty does not have to undermine operational resilience. For IT operations, the path forward lies in building AI systems that are compliant by construction, controlled with precision, and observable without compromising data boundaries. When sovereignty is incorporated into architecture from the outset, organizations can maintain the high-performance AI capabilities they require while meeting the legal and ethical standards increasingly expected worldwide.

In turn, AI sovereignty is not an obstacle but a design constraint. When addressed thoughtfully, AI sovereignty enables both control and reliability to coexist without compromise.

Related stories
AI agents and enterprise transformation: Turning hype into measurable value in 2026
Siemens boosts circuit protection with circular soft starter
Survey shows pentesters favour PTaaS over bug bounties
The courage to lead: Women, technology, and the work that remains
Women push for faster gender parity in fintech & tech

Top stories

5 ways women in tech can negotiate a pay rise
TestGorilla unveils AI fluency tests to reshape hiring
Structural stress rises for sysadmins in hybrid IT era
Cato unveils Dynamic Prevention engine for SASE security
Don't rule yourself out of a career in STEM