Apr 7, 2026

Sovereignty is an architecture decision

AI vs AI
| Part
4

Reading time:

6 minutes

Everyone's saying sovereign. None of them are talking about who their cloud vendor actually answers to. On jurisdiction, the CLOUD Act, and architecture that lets you move when the world shifts.

Read the full AI Security Series

1. The gap nobody's watching
93% confident. 29% prepared. One person jailbroke a chatbot and emptied ten government agencies. The distance between the story the boardroom hears and the one the incident report tells.

2. They're faster than you
27-second breakout times. AI-generated phishing that knows your team by name. The dark hoodie hacker lost their job to AI too. What replaced them doesn't sleep.

3. Your AI is their way in
76% of organizations have shadow AI. The threat isn't at the gate. It has a badge you issued. Vendor-embedded models, compromised plugins, and the tools your team invited in.

4. Sovereignty is an architecture decision
Everyone's saying sovereign. This article is about what happens when your customer asks and your answer needs caveats. Interchangeability, vendor independence, and what the CLOUD Act means for Canadian data.

5. The people problem
The AI security job posting asks for four careers in one person. That person doesn't exist. The work does. Hour banks, returnable context, and a PMO that holds it all together.

6. What to ask your vendor
Seven questions. Print them out. Bring them to the meeting. Look for straight answers, not carefully worded topic changes. Use them on everyone. Including us.

7. What it looks like when AI security works
Tuesday morning. The phone didn't ring. The customer didn't leave. The Reddit thread didn't get written. That's what good looks like.

Author

Dimitri Phalen is the marketing lead at ISM who prefers plain language over big claims. For years, he’s worked behind the scenes, translating messy, complex IT problems into something teams can actually use. If something sounds like it was written by someone with not enough coffee, who’s been sitting too close to the delivery team for too long, that’s probably his fault.

Everyone in Canada is saying sovereign right now. Telus has a sovereign AI factory in Rimouski. Bell is building a sovereign supercluster in BC. CGI has a page for it. DXC opened a centre for it in Halifax. Your toonie’s worth of LinkedIn ads before your morning Tim’s and every last one has the word in the headline.

None of them are talking about who their cloud vendor actually answers to.

That’s the question underneath the press releases. Not where data lives. Who can compel access to it. Which court has jurisdiction over the company that operates the infrastructure your data sits on. What happens to your sovereignty position when that company signs a new partnership, gets acquired, or restructures its corporate entity into a jurisdiction that isn’t yours. Those are architecture questions, not branding questions, and right now the branding is doing all the talking.

The jurisdiction you didn’t choose

The US CLOUD Act gives American law enforcement authority to compel US-based companies to produce data regardless of where it’s stored. In June 2025, Microsoft France’s director of public and legal affairs told the French Senate, under oath, that he could not guarantee French citizen data would stay out of US hands. Not in a press release. Under oath. The most valuable admission in that testimony wasn’t the legal exposure. It was the confirmation that storing data in-country doesn’t solve the problem when the company storing it answers to a foreign court.

Research cited in the Balsillie Papers documented that a significant portion of Canadian internet traffic boomerangs through US network exchange points before reaching its destination. Your data left Canada for three milliseconds on its way from Toronto to Montreal, and nobody told you. That’s the architecture problem underneath the legal problem. A Canadian data centre with a Canadian flag on the website and a parent company incorporated in Delaware.

And then there’s the AI layer. The one that connects this to everything in the first three articles of this series. The vendor-embedded models your CRM added in a software update. The AI assistant your service desk uses to triage tickets. The chatbot that summarizes customer interactions. Each one processes your data inside a platform whose parent company may answer to a court in another country. Some train on the data they touch, under terms of service buried in a release note nobody flagged. When that trusted SaaS vendor announces a partnership to train a new LLM backed by a foreign investment fund, your customer data might be in the training set. Not because anyone breached anything. Because the architecture allowed it and nobody asked.

You can’t secure AI running on infrastructure you don’t control. And you can’t call it sovereign when the company holding the keys takes orders from someone who isn’t you.

Gary signed a three-year contract and a twelve-month exit clause

Gary’s procurement team chose the cloud vendor. The sales team said Canadian data centre, pointed to a map, smiled. Gary’s team signed. The compliance review checked the residency box. Everyone moved to the next project.

Nobody asked who owns the company that owns the data centre. Nobody asked what happens if that company gets acquired by a firm incorporated somewhere Canada is currently having a trade dispute with. Nobody asked what the exit clause actually requires, which turns out to be twelve months’ notice and a migration that was never scoped, involving dependencies that were never documented, touching systems that were wired together by a contractor who left in 2021.

Last month a tariff hit the news. The CFO asked: can we move this? The room went quiet. Not because the answer is no. Because the answer is “not without breaking things we can’t see, on a timeline we can’t predict, at a cost we haven’t estimated.” Meanwhile the vendor just announced a new AI partnership with a company Gary’s never heard of, headquartered in a country Gary’s government is currently arguing with about softwood lumber and auto parts. Gary’s architecture can’t respond to any of this. It was built to run, not to move.

That’s not sovereignty. That’s a hostage situation where the ransom is your own integration architecture.

Sovereignty means you can change your mind

Every press release about sovereign AI is about where data lives. Nobody’s talking about what happens when you need to move it.

Interchangeability is sovereignty with teeth. It means you understand your dependencies well enough to replace any piece of your stack without the rest of it collapsing. It means no vendor, including the one writing this article, holds the keys to your data or your platforms. It means your AI governance layer knows which models touch which data, where the outputs go, and what changes if you swap a vendor next quarter. It means when the world changes on a Tuesday morning, you make a decision instead of discovering you can’t.

That requires the boring work. Dependency mapping. Data flow documentation. Integration architecture designed to be unwound. AI asset inventory so you know which tools train on what, and where the data goes when they do. The kind of work that doesn’t get a press release but shows up in the meeting where the CFO asks “can we move?” and someone answers yes, and means it. We’ve written about the foundations in the Data Series and on the Data Sovereignty page.

The answer your customer never has to ask for

ISM has been deepinside Canadian government and enterprise infrastructure for over fifty years. Not rotating through on three-year consulting cycles. Embedded. The people who built the systems, who know where the undocumented dependencies live, who remember why the workaround from 2004 is still load-bearing and which three things break if you move it.

Kyndryl’s alliance depth means the architecture isn’t locked to one vendor’s stack. When a workload needs European or Japanese routing for compliance or latency, those aren’t subcontracted teams. They’re colleagues in the same company, same governance framework. The Barrie SOC is staffed by cleared Canadians under Canadian law. Encryption keys stay where the client puts them. Corporate governance runs through Saskatchewan, not Virginia.

The goal is architecture where you call the shots. Where you fully understand where your data lives and moves. Where the story your customers tell each other is the one you’d want them to: their data is in Canada, managed by Canadians, under Canadian law. No caveats. No footnotes. No fine print that unravels when someone in Virginia picks up a phone. The customer who stays does so because they never had a reason to wonder. The cost of getting sovereignty right isn’t an infrastructure line item. It’s the question that never needs asking.

Read next

You can get the architecture right and still not have the people to build it. The next article is about the AI security job posting nobody can fill: security architecture, data governance, ML ops, and compliance in one person. That person doesn’t exist. The work does. There’s a different way to staff it. The people problem.

Cites

Government of Canada: Data Sovereignty and Public Cloud (white paper on sovereignty limitations with foreign cloud providers)

The Balsillie Papers: US CLOUD Act implications for Canadian data, internet traffic routing through US exchange points

Microsoft France testimony to French Senate, June 2025: inability to guarantee data sovereignty regardless of storage location

OVH v. RCMP, Ontario Court of Justice, September 2025: Canadian court ordering a French company to produce data stored in Europe

Want to understand how we work?

Every conversation starts with your environment. Not our product list.

Get in touch
ArrowArrow

It's not about the technology, or the processes. It's about your clients, your users, and the hard won trust you've built. Every team here keeps that at heart.

Mobile CTA