Artificial intelligence is rapidly becoming a central pillar of digital transformation across Europe. From public sector organisations to private enterprises, AI is being deployed to improve decision-making, automate processes, and unlock new value from data.
At the same time, the rise of AI introduces new questions around control.
Where is data processed?
Who has access to models and outputs?
And how can organisations ensure that AI systems remain compliant with European regulations?
Within Cronos Europa’s Sovereign Tech series, AI represents one of the most dynamic and complex domains where innovation and sovereignty intersect.
We spoke with Jorge De Corte, Managing Partner at ReBatch, a sister company within De Cronos Groep, to explore what sovereign AI means in practice.
Sovereign AI refers to the ability of organisations to develop, deploy, and operate AI systems while retaining control over their data, models, and infrastructure. This includes where data is stored and processed, how models are accessed, which providers and platforms are involved, and how systems comply with regulatory frameworks.
In a European context, this is particularly relevant.
Organisations must navigate a complex regulatory landscape, including GDPR and the EU AI Act, while ensuring that sensitive data and intellectual property remain protected. At the same time, reliance on external AI providers can introduce new dependencies, particularly when models are accessed through proprietary APIs or hosted outside European jurisdictions.
Sovereign AI therefore becomes a way to balance innovation with control.
One of the main challenges in AI adoption is the speed at which organisations move from experimentation to production.
Many teams start with easily accessible tools and APIs, often provided by large hyperscalers. While this accelerates development, it can also introduce dependencies early in the process. Over time, these dependencies become harder to reverse.
A more deliberate approach starts with understanding where data flows, which models are used, and how systems are integrated into existing architectures. This allows organisations to make conscious choices about where control is required and where flexibility is acceptable.
In practice, this often leads to hybrid approaches.
Some AI workloads may rely on external services, while others are deployed in more controlled environments, depending on sensitivity, compliance requirements, and strategic importance.
AI sovereignty is not defined by a single component. It emerges from the combination of data, models, and infrastructure.
Data sovereignty ensures that sensitive information remains within controlled environments and complies with European regulations. Model sovereignty focuses on control over how models are trained, accessed, and adapted. This includes avoiding lock-in through proprietary APIs and ensuring transparency in how models operate. Infrastructure sovereignty determines where AI workloads run and under which conditions they are managed.
Organisations that align these three layers are better positioned to retain control while still benefiting from AI capabilities.
One of the main challenges is the trade-off between speed and control.
AI tools are becoming increasingly accessible, making it easy to build prototypes and deploy solutions quickly. However, this ease of use can obscure underlying dependencies.
Another challenge is regulatory complexity.
European organisations must ensure that AI systems comply with evolving frameworks, which requires a clear understanding of how data and models are used.
Finally, there is the challenge of capability.
Building sovereign AI requires not only technology, but also expertise in data management, model governance, and infrastructure design.
For organisations looking to take the first steps towards sovereign AI, the key is to start in a structured and pragmatic way.
This typically begins with mapping existing AI use cases, understanding where data flows, and identifying which workloads fall within regulatory scope.
From there, organisations can define their sovereignty requirements, select appropriate models and infrastructure, and gradually build governance and monitoring capabilities.
Rather than aiming for a complete transformation, most organisations benefit from a phased approach. Starting with a limited number of use cases allows teams to validate choices, build internal expertise, and scale with confidence.
It does not have to be expensive either.
Sovereign AI does not require a large budget or a dedicated infrastructure team. Open-source models can run locally or on European cloud platforms without licence fees. European cloud providers offer pay-as-you-go pricing comparable to the large hyperscalers. And through the EU’s AI Factories initiative, compute capacity is now accessible to startups and SMEs at reduced cost. A practical first step is often as simple as moving one workload to a European hosting environment, or replacing a proprietary API with an open-source alternative. The investment is minimal. The control you gain is significant.
Sovereign AI is not about limiting innovation.
It is about ensuring that innovation remains aligned with control, compliance, and long-term flexibility.
Organisations that take a structured approach to AI, understand their dependencies, and design for control from the start are better positioned to scale sustainably.
To support this transition, we have summarised a practical step-by-step approach in the accompanying overview below.
Within Cronos Europa, we see sovereign AI as a key component of digital sovereignty. Together with partners such as Rebatch, we support organisations in designing AI strategies that balance innovation with control.
If you would like to explore what this means for your organisation, feel free to reach out. Our teams are ready to support you
.jpeg)
