What aspects and methods do states use to build sovereign AI?

States typically work across six areas - digital infrastructure (data centres, localization), workforce development, R&D and innovation, regulatory and ethical frameworks, stimulating the AI industry, and international cooperation. Methods include data residency rules, domestic or regional AI clouds, open-weight models, risk-based regulation, and public–private partnerships.

How does LLM self-hosting support AI sovereignty?

Running LLMs on your own infrastructure keeps prompts, model weights, and inference logs under your control. That supports data residency, regulatory compliance, and independence from cloud API vendors-whether for a team, a company, or a nation.

How do different countries address sovereign AI?

The EU uses the AI Act and Franco-German partnerships with Mistral and SAP; the UK has a Sovereign AI Unit (£500M); the US leans on private investment and federal preemption of state laws; Canada invests $2B in sovereign compute; Australia has a government AI policy with security carveouts; the UAE and Saudi Arabia pursue national strategies and regional data centres.

How do US and China approaches to sovereign AI differ?

The US leads in compute (~75% of global AI supercomputer performance in 2025) via private funding and export controls; China pursues state-led self-reliance, domestic chips, and scale. Both invest heavily; the gap in model performance is narrowing.

LLM Self-Hosting and AI Sovereignty

Q: What is AI sovereignty?

AI sovereignty means a country, organization, or individual can develop, run, and control AI systems on their own terms-in line with their own laws, values, and security needs-rather than depending entirely on foreign or opaque providers.

Control data and models with self-hosted LLMs

Page content

Self-hosting LLMs keeps data, models, and inference under your control-a practical path to AI sovereignty for teams, enterprises, nations. Here: what sovereign AI is, which aspects and methods are used to build it, how LLM self-hosting fits in, how countries are addressing the challenge.

onprem-servers-self-hosted-llms

What is AI sovereignty?

AI sovereignty (or “sovereign AI”) is the idea that a country, organisation, or individual can develop, run, and control AI systems on their own terms-in line with their own laws, values, and security needs-rather than relying entirely on foreign or opaque providers.

It is about control over AI infrastructure, data, and models: extending data sovereignty (where data is stored and processed) to the whole AI stack-training data, models, compute, and governance. Typical goals are: keeping sensitive data and AI operations within a chosen legal jurisdiction (e.g. EU or Australia); ensuring compliance with local rules on privacy, security, and AI risk (GDPR, EU AI Act, national security); and avoiding over-dependence on a small number of foreign cloud or AI vendors.

Governments care for national security, critical infrastructure, and public services; regulated sectors (healthcare, finance, defense) need compliance with strict data and AI rules; and large enterprises want strategic independence and to align AI with their own roadmap, not a vendor’s. In practice, sovereign AI shows up as national or regional AI clouds and data centres, domestic or co-developed AI models instead of foreign “black-box” systems, and strict rules for data residency, access control, and auditing of AI systems.

Aspects and methods: how sovereign AI is built

States and organisations typically build sovereign AI along several aspects (strategic pillars) and use concrete methods (technical and governance measures).

Six strategic pillars (aspects)

The World Economic Forum and similar frameworks describe six strategic pillars that guide how nations build sovereign AI:

Digital infrastructure - Data centres with sufficient compute, data localisation policies so that data generated within borders is stored and processed locally, and networks that support AI workloads. This is the backbone for developing and deploying AI under national or regional control.
Workforce development - STEM and AI education, updated curricula, vocational training, and lifelong learning so that a country has the talent to develop and operate sovereign AI systems.
Research, development and innovation (RDI) - Public and private funding for foundational and applied AI research, incentives for commercialisation, and ecosystems that link startups, large firms, and academia.
Regulatory and ethical framework - Clear rules for AI development and deployment: privacy, transparency, data protection, cybersecurity, and ethical use, plus oversight and accountability mechanisms.
Stimulating the AI industry - Tax incentives, grants, streamlined patents, and public-sector adoption of AI to create demand and set standards. Public–private partnerships (PPPs) help deploy AI in high-impact sectors (energy, health, finance, transport, manufacturing).
International cooperation - Engagement with other countries on standards, cross-border data flows under agreed norms, and shared challenges (e.g. privacy, cybersecurity), without giving up the ability to set local rules.

Sovereign AI is not about isolation but about strategic resilience: the ability to operate and innovate on one’s own terms while still participating in global cooperation.

Methods used

Concrete methods used to implement these pillars include:

Data residency and localisation - Requiring that certain data (especially personal or sensitive) be stored and processed within a jurisdiction. This supports compliance with GDPR, sector-specific rules, and national security requirements.
Sovereign or regional AI clouds - Building or designating cloud and AI infrastructure (data centres, GPU clusters) that remain under national or regional legal and operational control, so that workloads and data stay in jurisdiction.
Domestic or open-weight models - Developing or adopting AI models (including LLMs) that can be audited, fine-tuned, and run on local infrastructure instead of relying only on closed, foreign APIs.
Risk-based regulation - Frameworks that classify AI systems by risk (e.g. unacceptable, high, limited, minimal) and impose requirements (impact assessments, human oversight, transparency, conformity) accordingly. The EU AI Act is the leading example.
Governance structures - Dedicated bodies (e.g. AI offices, advisory boards, market surveillance authorities) to oversee implementation, coordinate across government and industry, and enforce rules.
Public–private partnerships - Joint initiatives between government and industry to build shared infrastructure, develop use cases (e.g. for public administration), and align incentives for sovereign capability.
Certifications and compliance schemes - Sovereign cloud or “trusted AI” certifications that guarantee data location, access control, and adherence to local law, making it easier for public and regulated sectors to adopt AI safely.

Together, these aspects and methods define what sovereign AI aims at (infrastructure, talent, regulation, industry, cooperation) and how it is implemented (residency, clouds, models, regulation, governance, PPPs, certification).

LLM self-hosting as a technical path to sovereign AI

Running LLMs on infrastructure you control is one of the most direct technical ways to put sovereign AI into practice. You keep prompts, model weights, and inference logs in-house or in-region, which supports data residency, compliance with local rules, and independence from a handful of cloud API vendors.

From a technical standpoint, a sovereign or self-hosted LLM stack typically involves: a model layer (open-weight models, embeddings, optional rerankers); a serving layer (inference engine with APIs for chat, completions, embeddings); an application layer (orchestration, tool calling, workflows); a knowledge layer (e.g. RAG with chunking, indexing, retrieval); data and storage (object storage, databases, vector indices); and safety and governance (PII handling, policy enforcement, audit logs). Methods include on-prem or single-tenant deployment, air-gapped operation (e.g. with tools like Ollama, llama.cpp, or LM Studio) for maximum isolation, and gateway architectures that centralise access control, routing, and observability so that all prompts and responses stay within defined boundaries.

For a practical path: a comprehensive comparison of local LLM tools-Ollama, vLLM, LocalAI, Jan, LM Studio and more helps you choose the right stack. If you run on limited GPU memory, see which LLMs perform best on Ollama with 16GB VRAM for benchmarks and trade-offs. To get started with one of the most popular options, the Ollama cheatsheet lists the essential commands.

How countries address the challenge

Countries differ in how they combine the pillars and methods above. Below is a concise overview of how major jurisdictions are addressing sovereign AI, followed by a focused US–China comparison.

European Union

The EU has adopted the first comprehensive global AI law-the AI Act (Regulation (EU) 2024/1689)-with a risk-based approach: unacceptable-risk applications are prohibited; high-risk systems face strict requirements (impact assessments, human oversight, conformity); limited- and minimal-risk systems have lighter obligations. Governance is centralised in the European AI Office (within the Commission), with the European Artificial Intelligence Board, a Scientific Panel, and an Advisory Forum supporting implementation and enforcement across member states. This creates a single rulebook for the single market and encourages “Europe-first” deployment of compliant AI.

European sovereign AI also relies on domestic model and cloud providers. Mistral AI (France) follows an open-source–friendly approach, releasing models that governments and businesses can audit and run on European infrastructure. Aleph Alpha (Germany) focuses on explainability and safety for regulated industries and sovereign European hosting. Both align with the AI Act and help reduce dependence on non-EU providers-only a small share of global AI startup funding currently goes to the EU compared with the US.

France and Germany: joint sovereign AI for public administration

France and Germany have launched a joint sovereign AI initiative with Mistral AI and SAP aimed at public administration. It centres on four pillars: sovereign AI-native ERP systems for French and German administrations; AI-powered financial management (e.g. invoice classification, audit checks); digital agents for civil servants and citizens (compliance tools, eligibility chatbots); and joint innovation labs plus workforce training. A binding Framework Agreement is expected by mid-2026, with selected use cases deployed between 2026 and 2030. The initiative will be governed by a Franco-German European Digital Infrastructure Consortium (EDIC) board chaired by ministers from both countries. This is a concrete example of the “regional cloud + domestic models + PPP” method in practice.

United Kingdom

The UK established a Sovereign AI Unit in July 2025 with up to £500 million in funding to build national AI capability and security. The Unit focuses on: investing in UK AI companies to develop national champions; creating UK AI assets (data, compute, talent); and partnering with frontier AI companies to secure reliable access and UK influence over cutting-edge development. The government has also published an AI Opportunities Action Plan (January 2025), emphasising AI’s role in economic growth and public services. The approach combines infrastructure and talent (pillars 1 and 2) with industry stimulus (pillar 5) and strategic partnerships.

United States

The US strategy emphasises private-sector leadership and federal coordination. In December 2025, the administration issued an Executive Order to ensure a national policy framework for AI, aimed at protecting American AI innovation and sustaining US global leadership through a “minimally burdensome” national framework. It directs the Department of Justice to challenge “onerous” state AI laws and advances federal preemption so that state rules do not fragment the market. This follows the July 2025 “America’s AI Action Plan” and responds to extensive state activity-over 1,000 AI-related bills introduced in US states and territories in 2025. The US also uses export controls on advanced chips to protect its lead in compute and to shape who can build frontier AI. Sovereign AI in the US is thus achieved largely through private investment (e.g. xAI, OpenAI), federal governance (59 federal AI-related regulations in 2024), and international deals (e.g. Stargate with the UAE) rather than a single state-owned AI cloud.

Canada

Canada has launched a Canadian Sovereign AI Compute Strategy with $2 billion over five years to boost domestic AI compute capacity. It has three components: mobilising private investment (up to $700M via an AI Compute Challenge for companies and academia to build integrated AI data-centre solutions); building public supercomputing infrastructure; and an AI Compute Access Fund for researchers and companies. The goal is to safeguard Canadian data and IP while leveraging Canada’s advantages in energy, land, and climate. Separately, Canada launched its first AI Strategy for the Federal Public Service (2025–2027) in March 2025, with priority areas: an AI Centre of Expertise, secure and responsible use, training and talent, and transparency. In September 2025, the government launched an AI Strategy Task Force and a 30-day national engagement to develop a broader national AI strategy.

Australia

Australia’s Policy for the Responsible Use of AI in Government (Version 2.0) took effect on 15 December 2025. It applies to non-corporate Commonwealth entities and includes national security carveouts: defence and intelligence agencies may voluntarily adopt elements while protecting security interests. The policy sets expectations for responsible adoption, risk management, and transparency within government, aligning with the “regulatory and ethical framework” pillar while leaving room for sovereign handling of sensitive and national-security AI.

UAE and Saudi Arabia

The UAE has a National Strategy for Artificial Intelligence 2031 (from 2017), aiming to make the UAE a global AI leader across eight strategic objectives (e.g. AI destination, ecosystem, governance) and nine priority sectors (transport, health, space, renewable energy, water, technology, education, environment, traffic). Saudi Arabia pursues large-scale AI and diversification under Vision 2030, with multibillion-dollar ventures. Both the UAE and Saudi Arabia are investing in regional data centre and AI infrastructure: UAE’s Khazna Data Centers (the region’s largest operator) has expanded into Saudi Arabia with a 200 MW data centre for cloud and AI hyperscale deployments and is working toward over 1 GW of AI-ready capacity across the UAE, Saudi Arabia, Italy, and other markets. The approach combines national strategy (pillars 4 and 5) with heavy investment in digital infrastructure (pillar 1).

US vs China: a comparative snapshot

The US and China pursue AI leadership through different methods. The US relies on private capital and export controls: e.g. $109B in private AI investment in 2024 (about 12× China’s at the time), 59 federal AI-related regulations in 2024, and restrictions on advanced chip exports. China emphasises state-led investment and self-reliance: e.g. $98B projected for 2025 (including $47.5B for semiconductors), domestic chip production (e.g. Huawei Ascend), and supportive national laws plus open-source and infrastructure diplomacy (e.g. Belt and Road).

Aspect	US	China	Note
Supercomputer share (May 2025)	~75% (~40M H100 equivalents)	~14% (~400K equivalents)	US 5×+ ahead
Flagship systems	e.g. xAI Colossus (200K GPUs)	Up to ~30K GPUs (various)	US scales larger
Data centres	Far more	Fewer, expanding (e.g. Digital Silk Road)	US advantage
Policy posture	Defensive (preemption, export controls)	Proactive (supportive laws, open-source, diplomacy)	Different levers
Model and application focus	Frontier models (40+ notable in 2024), talent attraction	Cost-efficient training (e.g. DeepSeek-V3), research volume, apps (e.g. Baidu autonomous rides)	Gaps narrowing

The US benefits from broad access to NVIDIA and a deep venture ecosystem; China builds alternatives and invests in energy and AI infrastructure in the Middle East and Asia. Model performance gaps are narrowing (e.g. a 1.7% LMSYS lead for the US in 2025).