Organisations are starting to look more closely at how they can establish greater independence and better control over their technology stack, especially as they expand their artificial intelligence (AI) deployments to include agentic workflows.
Most organisations are increasingly reliant on external services and providers of infrastructure, such as cloud and software-as-a-service (SaaS) platforms and externally managed agentic workflows, said Josephine Teo, Singapore’s Minister for Digital Development and Information and Minister-in-charge of Cyber Security Agency (CSA) and Smart Nation.
This dependence can become a vulnerability if not managed properly, Teo told FutureCIO via email.
Asked if the government had plans to provide guidelines to help organisations establish AI sovereignty, she noted that “sovereign AI” means different things to different stakeholders.
“What matters is the ability to maintain meaningful control over your data, your decisions, and your AI workflows,” she said.
Many of the controls required to manage the risks are not new, she added.
Third-party risk management, for instance, is embedded in frameworks such as CSA’s Code of Practice for Critical Information Infrastructure Owners, which offers best practices that should be applied to AI deployments, too, she said.
These include data management obligations, access controls, and incident notification requirements, Teo said.

She added that CSA has been working with industry players to boost awareness of emerging risks associated with AI systems and push organisations to incorporate cybersecurity and resilience measures into their AI deployments from the start.
Geopolitical and supply chain risks drive interest
In fact, AI sovereignty has become a higher priority for Asia-Pacific governments, climbing from seventh to second in investment priority within a year, according to a study commissioned by Dell Technologies.
Some 46.1% are actively evaluating sovereign AI technologies, with 36.1% running initial proofs of concept.
Conducted by research firm IDC last December, the study polled 360 government IT decision makers across eight Asia-Pacific markets, including Singapore, India, Indonesia, Japan, and South Korea. Respondents were from various public sectors including defence, healthcare, and education.
Some 76.9% believe investing in sovereign AI enhances their agency’s resilience against geopolitical risks and supply chain disruptions.
However, just 3.1% currently are investing significantly in it, while 1.7% say they have no plans to adopt sovereign AI, the study found.
Some 45.6% cite national security and cyber resilience as the top citizen benefit of sovereign AI, while 37.5% each point to justice and public safety as well as taxation.
In addition, 53.3% highlight alignment with national security and sovereign priorities as the top factor in their technology investment decisions, while 52.5% cite a technology provider’s security capabilities and reliability.
Interest in sovereignty has grown due to the uncertain geopolitical environment and awareness that “you can’t take anything for granted anymore”, said Jan Wuppermann, NTT Data’s head of service assurance for data and AI.
AI also is perceived as a competitive advantage and valuable national capability, Wupperman said in a video chat with FutureCIO.
This and the geopolitical landscape have driven emphasis on sovereignty and the need to have control over the fundamental AI stack and value chain, he said.
Countries are looking to secure their national and economic independence going forward, he added.
They want to figure out how to make AI scalable and interoperable and, at the same time, sovereign, he said.
According to the Dell study, 99% of Asia-Pacific government IT leaders view agentic AI as an accelerator, including 36.9% who believe the technology will play a major role.

Another 62.1% highlight its potential when coupled with governance and oversight frameworks. Just 1.1% are uncertain about agentic AI, the study found.
Ravikant Sharma, IDC’s research director, noted in the report that public sector leaders are looking to autonomous systems to help close skills gaps, ease workforce pressure, and accelerate AI adoption.
“However, that momentum is conditional” Sharma said. “Governments will only move at scale if they have confidence in the security, privacy, sovereignty, and infrastructure foundations underpinning these systems.”
Without visibility, there can be no sovereignty
Most organisations in the region are at a critical inflection point of their AI journey, where they are moving from experimenting to deploying AI, including agentic AI.
This has created challenges since agents act autonomously across platforms, including cloud and edge, and introduced a governance blindspot, said Amitabh Sarkar, vice president and Asia-Pacific Japan head for Tata Communications.
AI governance and sovereignty are fundamentally an infrastructure issue, where having visibility and traceability across the connectivity layer is critical — without which, CIOs today would be “flying blind”, Sarkar said in a video call.
And because autonomy has increased multiple folds, it creates a multiplier problem, he noted.
AI sovereignty is about having agency and retaining control, including how the AI and data moves, and how it is audited, he said.
And the diversity of the regulatory environment, especially in Asia, also needs to be taken into consideration, he added.
Sakar stressed that infrastructure is the governance blindspot today because conversations need to move beyond LLMs (large language models) and focus on how AI runs across fabrics.
If their infrastructure remains fragmented, organisations cannot reliably track policies and maintain governance, he said.
Containment is a significant discussion point, with enterprises having to figure out how to control risks when AI agents are autonomous and can act across multiple systems, including CRM, ERP and contact centres, creating workflows and escalating actions.
It goes beyond data residency, he said.
Organisations need to look at how the AI models interact with their infrastructure, how the policies are governed, and the approach that is taken.
These also will depend on nuances in data sovereignty requirements across different countries and the ecosystem within which the organisation interacts, including the industry in which it operates, Sarkar said.
There may be sector-specific sovereignty needs related to building the AI models that are unique to that industry. For instance, AI models required to solve a problem in manufacturing will be different from that in banking.
Tech decisions can impact sovereignty

Discussions concerning AI sovereignty have brought up more questions for CIOs and the decisions they make that can impact their organisation’s tech roadmap, according to Wuppermann.
“Which models do I want to put my lifeline on? Do I want to be model-independent?” he posed. “Do I put certain workloads in an optimised environment that runs [Google] Gemini or Anthropic or Mistral? Or do I make a long-term strategic choice and buy into one [model] over others?”
These questions can be difficult to answer since the market is still evolving and there are no clear paths, he said.
CIOs need to determine how to establish long-term independence, so they are not stuck on the wrong technology three to five years down the road, he noted.
This is not a new challenge, but nonetheless a sticky problem when organisations are driving all their business processes and agentic workloads on the decisions they make, he said.
They are wrapping their business around an infrastructure model that needs continuous training and investment, making it harder to change direction, Wuppermann said.
So what should companies focus on to gain AI sovereignty?
Sarkar pointed to four key components: data sovereignty, model governance, infrastructure sovereignty, and governance sovereignty.
These will ensure they know how their data moves across borders and that it complies with regulatory requirements.
With model governance, they have clear understanding of which model is used, how it is trained and tuned, as well as the risks it carries, he explained.
Infrastructure sovereignty will further ensure they are running trusted cloud and security frameworks that allow AI to operate securely.
In addition, governance sovereignty provides the ability to enforce policies and decisions, and ascertain the AI reflects local laws and standards, he said.
Ultimately, AI sovereignty should be risk-based, Sarkar said.
“The higher the sensitivity and regulatory impact, the stronger the impact and visibility,” he said. “So you need to cut it into three vectors, whether it’s highly sensitive, highly autonomous, or highly regulated. With that, you then decide on the model, data, and infrastructure sovereignty.”
Wuppermann also urged frontier and LLM players to look at how they can better support AI sovereignty and not simply deliver one-size, monolithic models.
He noted that this is likely to happen anyway since the market is moving in that direction, and organisations will not deploy a technology unless it is aligned with their AI sovereignty approach.









