Not Everything Belongs in the AI Factory: Why Digital Sovereignty Is More Than Technology

Giant new AI data centers, billion-dollar bets on AI chips, and ever-larger cloud infrastructures currently dominate the conversation around artificial intelligence. The narrative often sounds like there's no alternative: more cloud, more centralized infrastructure, more AI compute.
But right now, a different question deserves more attention: does every AI application really need to be outsourced to a centralized AI factory?
As an IT professional with more than 25 years of experience, I keep coming back to a personal question: what's the value of what I do in this world? Should a solopreneur in Austria really keep betting on digital sovereignty, GDPR-compliant architectures, open source, local systems, and controllable IT, while more and more digital infrastructure keeps getting centralized?
My answer is yes. And I'm not alone in that.
More and more people, companies, public authorities, and governments are recognizing that AI isn't just a software question. AI is an infrastructure question – and therefore, automatically, a question of power.
The illusion of centralized efficiency
The story often told is that centralizing all digital infrastructure with a handful of large providers is the only logical path.
The cloud is supposedly more efficient. Cheaper. More secure. Unavoidable.
Some of that is true. For certain workloads, centralized infrastructure genuinely makes sense: training large foundation models, running global services, absorbing massive load spikes, running complex simulations.
But that doesn't mean every digital task, every AI request, and every business process belongs in someone else's cloud.
Many practical AI applications don't need an AI factory at all. Analyzing documents, searching internal knowledge, reading receipts, pre-sorting emails, transcribing speech, preparing workflows, or making domain knowledge accessible – much of this can run locally, in a hybrid setup, or on controlled European infrastructure.
So the real question isn't: can this run in the cloud? Of course it can.
The better question is: does it have to run there?
Stargate shows what this is really about
A good example is the Stargate project by OpenAI, Oracle, SoftBank, and MGX.
In January 2025, OpenAI announced plans to invest up to $500 billion in new AI infrastructure in the US over four years, with $100 billion to be deployed immediately, according to OpenAI's official announcement of the Stargate Project.
The project was later expanded with additional planned data center sites. OpenAI's announcement of five new Stargate sites reiterates the target of $500 billion and 10 gigawatts of AI infrastructure.
This is no longer a routine IT expansion. It's the buildout of industrial-scale AI utility infrastructure. Data centers are becoming strategic infrastructure – comparable to energy, telecoms, transport, or payment systems.
Which is exactly why the debate shouldn't be reduced to "the cloud is convenient."
When AI infrastructure is built at this scale, it's not just about chatbots. It's about control over compute, data flows, models, interfaces, energy, and economic dependencies.
Model access can be politically controlled
Another point that's often underestimated: access to AI models is not neutral.
In July 2026, Reuters reported on the delayed rollout of OpenAI's GPT-5.6. According to the report, OpenAI had initially limited access to vetted partners after the US government requested a delay over national security concerns.
Anthropic was affected too – as I described in more detail in “AI Sovereignty: Who Decides Which Models Companies Are Allowed to Use?”. The Associated Press more recently reported that the US government had lifted restrictions on certain Claude models after previously limiting access over cybersecurity concerns. According to AP News' coverage of the Anthropic restrictions, the more capable Mythos 5 model remained accessible only to select organizations approved by the US government.
None of this needs to be condemned outright – there can be legitimate security reasons behind it. But it makes one thing clear: if you don't control a model yourself, you don't permanently control access to it either.
A provider can change prices. A government can restrict access. A model can be replaced. An API can change. Terms of use can shift. A service can be blocked for certain regions, industries, or use cases.
For personal tinkering, that might just be annoying. For businesses, public institutions, critical processes, or entire economies, it's a strategic risk.
Digital sovereignty is no longer a niche topic
The EU, too, is officially pursuing its own AI infrastructure buildout.
The European Commission describes, as part of its AI Continent strategy, a goal of building up to five AI gigafactories and at least tripling the EU's data center capacity within five to seven years.
The EU's AI Continent Action Plan similarly references up to five AI gigafactories, €20 billion through InvestAI, and a tripling of EU data center capacity.
Whether more large data centers is the right answer is debatable. But the direction is clear: digital sovereignty is no longer a fringe topic. It has moved to the center of industrial, security, and location policy.
And this is where an important distinction emerges: sovereignty doesn't automatically mean building new giant centralized structures of one's own.
Sovereignty can just as well mean strengthening local, regional, and hybrid alternatives – so that businesses and organizations don't have to outsource every task to a handful of global platforms.
Who benefits from centralization?
When digital infrastructure gets concentrated in the hands of a few platforms, a structural power imbalance emerges.
Whoever owns the infrastructure can set prices. Whoever controls the platform can change the rules. Whoever defines the interfaces controls access. Whoever sees the data flows gains strategic knowledge.
For large corporations, that's a strong business model. For SMEs, law firms, agencies, manufacturers, service providers, and public institutions, it can turn into long-term dependency.
We laid the tracks, and now the platforms charge rent for every single ride.
That's convenient as long as everything works. But it becomes a problem when prices rise, interfaces disappear, privacy questions stay unresolved, providers change their terms, or business-critical knowledge ends up in systems you don't actually control.
Sovereignty as a practical alternative
Digital sovereignty isn't a romantic longing for the old on-premise server room. It doesn't mean every company has to run everything itself. And it doesn't mean rejecting the cloud outright.
Digital sovereignty means making deliberate decisions:
- Which data is allowed to go where?
- Which processes need to stay controllable?
- Which systems need to remain exportable?
- Which vendor dependencies are acceptable?
- Which AI tasks can be solved locally or in a hybrid setup?
- Where does the cloud add real value – and where is it just convenient?
That's not ideology. That's risk management.
For European SMEs in particular, this matters. These companies are the backbone of our economy. When they permanently offload their data, processes, and knowledge into black-box systems, they don't just lose technical control – they lose a piece of their economic independence.
Privacy is not a comfort feature
Data today is no longer just a technical artifact. It's a digital reflection of people, companies, relationships, decisions, mistakes, knowledge, and behavior.
Centralizing data creates new possibilities: analysis, automation, efficiency.
But also new risks: surveillance, profiling, misinterpretation, misuse, lock-in, and loss of control.
That's especially true wherever AI doesn't just solve isolated tasks but pulls together data from many sources: documents, communication, location data, images, sensors, payments, devices, access logs, search behavior.
Such systems aren't all-powerful, and they aren't error-free. But they can be powerful enough to matter at a societal level.
That's why the architecture question matters so much.
A system where the customer holds the keys, where data flows stay traceable, and where sensitive information isn't transmitted unnecessarily, is more than a technical decision. It's a decision for dignity, accountability, and control.
Sustainability starts with architecture
There's an ecological dimension to this question, too.
Large data centers can be efficient for certain workloads. But "AI in the cloud" for every tiny task isn't automatically sustainable.
If a company wants to search internal documents, classify receipts, or automate recurring knowledge work, routing every single request through distant hyperscale infrastructure is often questionable.
Local models, efficient RAG systems, smaller specialized AI components, and hybrid architectures can be entirely sufficient for many tasks.
The most sustainable compute isn't always the biggest compute. Often, it's the compute you never had to burn in the first place.
I'm not against the cloud. I'm against dependency.
I'm not opposed to modern technology – quite the opposite. I work with AI, automation, APIs, cloud systems, local models, and modern architectures every day.
But I distinguish between usefulness and dependency.
The cloud can be genuinely useful. AI can be enormously valuable. Automation can take real load off businesses. Large infrastructure can be necessary for certain tasks.
But when every solution automatically gets centralized, when every innovation leads to new platform dependency, and when every business problem gets answered with "more cloud," something is going wrong.
The better future isn't a dogmatic "everything local" or "everything cloud." It lies in sovereign, modular, traceable systems: local where control matters, hybrid where flexibility is needed, cloud where it delivers genuine value.
The small contribution counts
It might seem small for a single solopreneur to work on alternatives like these. Measured against the billions flowing into global cloud and AI infrastructure, it is small.
But small doesn't mean meaningless.
Every local AI solution that keeps sensitive data from leaking out unnecessarily counts. Every open architecture that allows for an exit counts. Every SME that keeps its digital agency counts. Every system that serves people instead of making them dependent counts.
Digital sovereignty is more than technology. It's the question of whether businesses, organizations, and people will still have real choices in the future.
And that's exactly why it's worth working on alternatives. Not against technology – against unnecessary dependency.
Want to know which of your AI tasks really belong in the cloud – and which run just as well, or better, locally or in a hybrid setup? The Sovereignty Check brings clarity: where a local or hybrid architecture pays off, which cloud dependencies are acceptable, and where unnecessary risk is building up. → Learn more