Following a series of stimulating discussions with IDC last week, I have been reflecting on the intersecting themes of sovereignty, cloud platforms and AI (Agentics, projection of 1.2B serving over 217B daily actions by 2029) issues now firmly at the top of Europe’s strategic agenda. The conversation, however, is often framed in terms of ownership, who builds, who hosts, who controls the infrastructure and thus influences the economics. That framing I feel misses the point and gets me thinking, does Europe really need to own all compute; my interpretation is this is more a control necessity of the conditions under which compute is trusted and used.
This becomes even more acute with the rise of agentic AI. As autonomous agents begin to act on behalf of organisations making decisions, executing transactions and interacting across systems the locus of risk shifts from static infrastructure to dynamic behaviour. It is no longer enough to secure environments at a point in time; trust must be established in motion. Who authorised the action? Under what constraints? With what data and to what outcome? In an agentic world, sovereignty is increasingly being defined not by where systems reside but by who governs their behaviour through verifiable policies, continuous validation and enforceable controls. Without that, autonomy quickly becomes exposure.
For too long, the sovereignty debate has been framed as a question of ownership; build European clouds, fund European hyperscalers, reduce dependency, keep data on European soil. It is an understandable instinct but increasingly a dated one. The hyperscaler model is not collapsing but it is evolving. Infrastructure still matters but it is no longer where control or value truly resides. Ownership without control is theatre. Infrastructure without authority is dependency in disguise.
The first wave of cloud was built on a simple premise: centralise compute, scale relentlessly and capture the market. That premise is now fragmenting. AI workloads, multi-cloud strategies and regulatory pressure are redistributing power. Compute is becoming ubiquitous.
The real battleground is not where compute sits but who defines the terms under which it is considered safe, compliant and sovereign. Today, those terms are largely set by the providers themselves wrapped in certifications, reports and assurances that regulators and enterprises are expected to trust, but rarely verify in any continuous or meaningful way.
True autonomy lies elsewhere. What matters is not who owns it but who governs it. It lies in establishing independent control planes of trust, the ability to validate code, configurations, identities and behaviours at runtime, continuously, objectively and with evidence that stands up to regulatory scrutiny. It means shifting from inherited trust to provable trust.
Today, trust is still largely inherited defined by providers, asserted through certifications and accepted with limited verification. That model is under strain. As systems grow more complex and opaque, particularly with AI, the gap between what is claimed and what is provable becomes harder to ignore.
Europe’s opportunity is not to outscale hyperscalers, but to outgovern them. Which starts with defining and enforcing the standards by which digital systems earn trust in the first place.
Control will sit with those who can define and enforce the conditions of trust at runtime, independently, continuously and with evidence. In that world infrastructure becomes secondary.
To extend the theme into the realms of a thought exercise pulls together threads of past disruptions of what this could mean in this era. For me this spins up notions of a form of open, peer-to-peer orchestration model built on open standards and open source. This could shift power back to the user by decoupling control from any single provider. When workloads, agents and data can run across environments of choice, policy, identity and assurance can travel with them. That would suggest trust is no longer inherited from where something runs but enforced by how it runs, through portable policies, verifiable execution and continuous validation across every node. In that model, organisations would be free to choose infrastructure without surrendering control and sovereignty becomes practical rather than aspirational. Back to reality ….
Own the conditions and you own the outcome. Everything else is just rented infrastructure dressed up as sovereignty.
Posted on April 29, 2026
0