Itility has seen this development unfold firsthand. More than ten years ago, the company was already building data platforms for customers, at the time in their own data centers. With the rise of cloud platforms, these solutions became more scalable and flexible. Now that data sovereignty is becoming increasingly important, Itility is once again developing its own data and AI stacks, this time on dedicated hardware in a secure and isolated environment.
According to Jens Leenders, Practice Lead Data at Itility, data sovereignty is directly connected to this development.
“It is about control, authority, and ownership of your own data and software.”
That goes beyond where data is stored. Just as important are where the data is processed, who has access to it, which software layers are used, where AI models run, and how much freedom an organization retains to reconsider those choices later.
The urgency comes from several directions at once: geopolitical shifts, new European legislation such as the AI Act, stricter compliance and security requirements, and the rapid rise of generative AI and agentic AI.
Many organizations have built their digital foundations on international cloud environments. This has delivered significant benefits, but it has also created new dependencies on vendors and cloud-specific services. As a result, organizations have gained less control over costs, flexibility, and strategic autonomy.
AI makes this dependency particularly visible. Training, hosting, and using models requires substantial computing power, while GPU capacity is scarce, expensive, and not always predictably available.
In the public cloud, these costs can rise quickly and are often difficult to forecast. Dedicated GPUs in a sovereign stack, by contrast, provide fixed and manageable capacity. Sovereignty therefore extends beyond data alone. It also affects compute, architecture, and operational continuity.
“For AI, it is about more than data,” Leenders says. “You also need to know where processing takes place, who manages the infrastructure, and which dependencies you are willing to accept.”
This does not mean that the public cloud has become obsolete. For many applications, it remains a logical and valuable choice. But for workloads involving sensitive data, strategic intellectual property, strict compliance requirements, or a strong need for predictability, a sovereign private stack may be a better fit.
It is not a return to old IT, but a conscious architectural choice.
Itility sees this shift up close. For years, the company has been building data and AI solutions for customers in high-tech manufacturing and earth observation, helping them make better decisions and improve their core processes.
Data sovereignty should not become an abstract policy program disconnected from day-to-day operations. It must result in working solutions that are secure, scalable, and manageable.
That is why Itility is developing an AI-ready sovereign cloud stack: a modular environment running on dedicated infrastructure, with GPU capacity and open-source tooling. It is designed for data and AI workloads where control and predictability are essential.
A first application is already running for Terramira, processing satellite imagery and training and hosting AI models on the stack. This makes data sovereignty tangible: a technical environment in which data, compute, and AI come together under the organization’s own control.
It does not stop with a single application. Itility is now discussing the stack with several customers: what the environment should look like, which data must remain local, and which laws and regulations it must comply with. Each sector has its own requirements.
At the same time, Leenders warns against taking an overly broad approach. Organizations should not treat data sovereignty as a platform migration program.
“Start with the use case and expand the platform by iteratively delivering vertical solutions,” he says. “Identify where the greatest value lies and where the need for sovereignty is strongest.”
That requires choices. Which data is truly critical? Which workloads directly affect intellectual property, compliance, or continuity? What needs to move to a sovereign environment, while the rest can remain in the public cloud?
Such a transition requires preparation. Data flows, applications, models, access rights, and integrations must all be assessed carefully. Organizations that only start thinking about exit options when a migration becomes necessary are already too late.
Vendor lock-in is not just a contractual risk. It is equally a technical and operational issue.
The value of data sovereignty is not always found in faster processes or lower costs. Its value lies in control: control over intellectual property, business data, insights, and continuity.
For executives, this is a strategic issue, particularly now that AI systems no longer only report, but also predict, advise, and control processes.
From that perspective, data sovereignty is not a barrier to innovation. It is a condition for scaling innovation responsibly.
Organizations that consciously decide where their data is stored, processed, and enriched create a foundation that is secure, compliant, and future-proof.
To benefit from the power of cloud and AI, organizations must therefore also retain control over their data, infrastructure, and the strategic choices surrounding them.