Digital sovereignty is often framed as a strategic objective. However, without governance, sovereignty remains largely theoretical.
Organisations may control their infrastructure or data, but without clear rules, accountability, and oversight, control cannot be enforced.
In Europe, this challenge is becoming increasingly relevant. Within Cronos Europa’s Sovereign Tech series, governance represents the layer that connects strategy with execution.
We spoke with Jens Meijen, co-founder of UMANIQ, a sister company within De Cronos Groep, to explore how governance and legal frameworks turn sovereignty into an operational capability.
Well, first of all, AI governance refers to the policies and processes you have in your organization to make sure you're using AI responsibly and safely. It's basically the backbone for how your organization handles AI. So sovereign AI governance is about setting up the right procedures to ensure you keep control over the AI systems and models you're deploying in your organization.
Think of an intake process where you assess AI model providers based on where they're headquartered, or how much an AI system would expose you to geopolitical risk. Remember when Anthropic was called a 'supply chain risk' by the US? Tons of organizations had to cut Anthropic from their supply chain immediately, which led to serious service continuity issues. Another example of sovereign AI governance is setting up a committee that evaluates key decisions in terms of how much they might increase your dependence on external, often non-EU providers.
Sovereign AI governance is essential for European organizations because we've grown so accustomed to external providers that we don't even think twice about giving away control. This will come back to bite us in the long term, and the early warning signs are already showing. We've fallen asleep at the wheel, and it's time to wake up.
Imagine you're playing a football game without knowing the rules. Every time you do something, the referee blows the whistle and takes the ball from you. After a while, you'll be afraid to make a move. This is what happens when you don't have proper AI governance: you don't have proper rules on what you can or can't do, which tools you can use, and how new tools can get introduced into the organization. That lack of clarity paralyzes people, which leads to low adoption. And what's the point of paying for an AI tool if no one's using it?
Another aspect is that AI governance is crucial to tackle risks, which helps maintain trust. If your AI systems discriminate, hallucinate, or leak data, people - whether employees or end customers - won't want to use or interact with your AI systems.
Again, sovereignty is crucial here: if you don't control your own data, your models, or your AI systems, you might think you're completely safe, but you may be in for a nasty surprise in the future.
Finally, you can't be compliant with the AI Act without proper AI governance. You wouldn't even know what systems you're using, let alone their risk classification or your obligations. And building compliant AI systems would be completely impossible without well-defined procedures.
Our clients often come to us to embed sovereignty into their daily operations. Many already have a clearly defined AI governance strategy, with clearly defined processes, rules, roles and responsibilities. In those cases, you just weave sovereignty considerations into the fabric of the existing governance structures. There's no need to overcomplicate things with arduous overhauls of everything you've been doing. Existing governance structures offer plenty of inroads to mitigate geopolitical risk.
Other clients aren't as mature in their current AI governance practices, and that's totally fine. In those cases, we set up everything they need while automatically taking sovereignty into account as a basic principle. Our "sovereignty-by-design" approach ensures that the turbulent world 'out there' doesn’t interfere with your organization's ability to deliver value.
Either way, you need practical, boots-on-the-ground-style AI governance to turn sovereignty from some vague idea mentioned in a strategy meeting into an operational reality. One tip I can give is to perform regular geopolitical risk audits to assess your organization's dependence on external, non-EU technologies, even beyond cloud services, AI models, or systems. You can start from that baseline to plug potential sovereignty leaks.
AI governance, and especially sovereign AI governance, allows you to scale with confidence. You can innovate faster while preserving the hard-earned trust you've built up. When we set up sovereign AI governance structures, clients immediately notice that this clarity really brings a renewed momentum to their AI projects.
