AI Sovereignty Requires More Than Regulation
AI sovereignty is not technological autarky or a rejection of global platforms. It is the capacity to adopt, govern, negotiate and, where necessary, replace critical AI dependencies while retaining access to innovation.

The most important question raised by Pope Leo XIV's encyclical Magnifica Humanitas is not whether artificial intelligence is good or bad, it is who has the power to shape it.
The encyclical observes that technological power is increasingly private, transnational and, in many cases, greater than the practical capacity of individual governments to understand, govern or direct it toward the common good. That is a useful diagnosis of the present moment.
A small number of companies control frontier models, cloud capacity, data infrastructure, developer platforms and the capital required to train and operate them. These capabilities are not merely products. They increasingly shape how organizations write software, conduct research, serve customers, make decisions and organize work.
The resulting problem is not private innovation itself. Private companies have created much of the AI capability that organizations can use today. The problem is dependency without meaningful choice.
Jurisdiction Changes the Nature of Dependency
This dependency is not distributed equally across countries.
When a frontier AI company is incorporated, operates and holds infrastructure within the United States, the US government retains important legal, economic and strategic levers over it. Those levers do not make the relationship simple, and they should be constrained by law and democratic oversight. But they exist.
For countries that depend on companies, models and cloud capacity governed elsewhere, the exposure is different. A commercial change, a regional restriction, an export-control decision, a security policy or a geopolitical conflict can become an operational problem for domestic companies and public institutions.
This is why AI sovereignty should not be understood as the fantasy of building every model, chip and data center inside national borders. That would be technologically and economically unrealistic for most countries.
It should mean retaining the capacity to choose.
A country needs enough technical, industrial and institutional capability to understand its dependencies, negotiate them, diversify them and change them when circumstances require it.
Europe's Risk: Regulation Without Capability
Europe has moved quickly to establish a comprehensive legal framework for AI. This is not inherently a weakness. Rules on transparency, accountability, safety and fundamental rights matter, especially when AI affects work, public information, reputation, access to services and democratic debate.
I contributed to the multi-stakeholder process supporting the drafting of the European Code of Practice on Transparency of AI-Generated Content under Article 50 of the AI Act. That experience reinforced a simple point: transparency is necessary. People and institutions need to know when content has been generated or manipulated by AI, particularly when it can deceive or alter public understanding.
But necessary is not the same as sufficient.
The AI Act is the world's first comprehensive legal framework for AI. Other jurisdictions regulate AI through a mix of sectoral rules, executive action, standards and platform requirements. Europe has chosen a more integrated and legally structured path.
The risk is that regulation becomes Europe's principal answer to a technological shift whose decisive assets are models, computing capacity, energy, talent, data, deployment experience and the ability to turn research into production systems.
If Europe regulates access to AI but does not build the capacity to develop, host, evaluate, deploy and replace critical AI systems, it may end up managing dependence rather than reducing it.
Do Not Confuse Governing AI With Restricting AI
This is not an argument for a regulatory vacuum. It is an argument for proportion.
Good regulation can create trust, clarify responsibility and make adoption safer. It can help organizations know what is expected when they use AI in sensitive contexts. It can require transparency where deception would otherwise be easy. It can set boundaries around harmful uses.
But regulation also has an economic effect. Every compliance burden is easier for a large multinational with legal teams, capital and established infrastructure to absorb than for a European startup, a public institution or a medium-sized company experimenting with a new use case.
An excessive or poorly sequenced regulatory response can therefore have an unintended result: it protects the market from some risks while making that same market more dependent on the few large providers already able to comply at scale.
Europe should not confuse governing AI with restricting access to AI. It should build a framework in which responsible adoption is possible for organizations of different sizes, while the capacity to innovate does not remain concentrated elsewhere.
Adoption Is Part of Sovereignty
A credible national or European AI strategy has to go beyond legal texts. It has to address how companies, public administrations, universities and technical communities will actually use AI.
That means investing in:
- technical and executive training for AI adoption;
- computing and data infrastructure where it is strategically necessary;
- open and interoperable technical options;
- procurement that develops domestic capability instead of only buying access;
- evaluation, security and governance competence inside institutions;
- practical support for companies that need to move from experimentation to production.
This is a question of organizational adoption as much as industrial policy. Technologies do not become strategic capabilities merely because a country can purchase them. They become strategic when people can operate them, assess their limits, integrate them into processes and adapt when the environment changes.
That is why technical and executive training is not a secondary social measure around AI. It is part of the infrastructure of autonomy.
What Companies Can Do Before Policy Catches Up
Private organizations do not have to wait for a complete national strategy before acting.
At WiNK, we are exploring self-hosted and privately controlled AI workflows for coding agents. As I explained in 5 Reasons We Are Moving Coding Agents Toward Self-Hosted AI, this is not a claim that cloud AI should be abandoned, nor is it a substitute for public policy.
It is a practical response to a specific operational question: if coding agents become part of a software company's production system, how can the company retain control over availability, sensitive workflows, cost and fallback options?
Self-hosting can reduce a particular dependency. It can build internal experience in model evaluation, deployment, security and governance. It can create an exit path from a single provider.
But one company's initiative is not technological subsidiarity. It becomes part of a larger system only when public institutions make this kind of capability easier to build, connect and scale.
Plurality Is the Alternative to Technocracy
The alternative to technocracy is not technological isolation. It is a plurality of capable actors.
Countries need to be able to govern. Companies need room to adopt and experiment. Universities and technical communities need to educate, scrutinize and develop knowledge. Citizens need safeguards against manipulation and opaque decision-making.
Regulation has a role in this system. So do infrastructure, investment, procurement, training and organizational capability.
The central question is not whether Europe should regulate AI or embrace it. It must do both. The question is whether Europe can build enough capacity to ensure that its rules are an expression of agency, rather than the administrative language of dependence.
If AI is becoming critical to your organization, design the capabilities and governance that keep its adoption resilient.
Discuss an AI adoption strategy