Enterprise artificial intelligence is beginning to face a less visible but much more challenging barrier: the architecture it must operate on. For years, many companies designed their systems to move data swiftly between applications, clouds, regions, and providers. This model fit well within a global digital economy but is starting to strain as sensitive data, regulations, geopolitics, and AI workloads require continuous access to large volumes of information.
NTT DATA summarizes this in their 2026 Global AI Report: A Playbook for Private and Sovereign AI with a clear message: artificial intelligence is no longer limited only by model quality but also by organizations’ ability to control where data resides, where models are run, and under which jurisdiction the entire chain operates. The firm has detected a growing gap between companies that redesign their infrastructure to gain control, security, and locality, and those still trying to add AI onto systems not built for these demands.
The new gap: everyone sees the problem, few act
The most striking data from the report is the gap between intention and action. Over 95% of organizations consider private or sovereign AI important, but only 29% are prioritizing sovereign AI concretely and in the short term. In other words: nearly everyone understands the current model has limits, but many companies have yet to turn that concern into architecture, investment, and operational governance.
The distinction between private and sovereign AI is important. Private AI focuses on protecting sensitive company data, controlling access, limiting exposure, and running workloads in more closed environments. Sovereign AI adds another layer: ensuring data, infrastructure, computing, and control comply with national, regional, or regulatory requirements. In sectors like government, healthcare, banking, energy, or telecommunications, this distinction can determine what models are used, where they are trained, and which provider can intervene.
| NTT DATA Report Indicator | Data |
|---|---|
| Organizations considering private or sovereign AI important | 95% |
| Organizations prioritizing sovereign AI in the short term | 29% |
| CAIOs citing private or sovereign model complexity as main barrier | 35% |
| AI leaders citing cross-border data restrictions as a key challenge | Close to 60% |
| Organizations with high confidence in their cloud security | 38% |
| Organizations fearing privacy breaches or data misuse by AI and GenAI | 96% |
| Organizations fully confident in meeting data sovereignty needs | 47% |
| Organizations citing hybrid integration complexity as main challenge | 51% |
Data indicates that the challenge isn’t a lack of desire for more control, but the ability to operate it. Keeping data within a region may seem straightforward on paper, but it requires storage capacity, processing power, resilient networks, identity controls, encryption, lifecycle governance, and contracts aligned with each jurisdiction. It’s not solely a legal or compliance decision but also a technological and organizational investment.
Jurisdiction is now part of technical design
AI relies on diverse, distributed, and up-to-date data. Modern architectures often assume data can move, combine, and process flexibly for training, tuning, or real-time inference. However, this assumption weakens when considering data residency rules, cross-border restrictions, regulated sectors, or national sovereignty requirements.
The NTT DATA report notes data jurisdiction has shifted from primarily a legal concern to an architectural constraint. This changes the work of CIOs, CTOs, data leaders, and security teams. It’s no longer enough to decide which model to use or which cloud provider to select. Architects must design where each workload runs, what data it accesses, what parts stay local, what can be shared, and how to demonstrate that controls are enforced.
The report outlines three layers of sovereignty: infrastructure, data, and models. Infrastructure sovereignty involves who controls the compute and platforms. Data sovereignty addresses where data resides and under which legal framework it is processed. Model sovereignty pertains to who controls how models are trained, tuned, and distributed. A company might keep its data within borders, but if the model and AI layer are governed from another country or provider, control remains incomplete.
This explains why private and sovereign AI are pushing towards hybrid architectures. Many organizations will reserve private, on-premise, colocation, or sovereign cloud environments for sensitive data, predictable performance, and regulated workloads, while leveraging public cloud or external services for lower-risk tasks. The choice won’t be simply “cloud or not,” but which workloads run where and with what level of control.
Leaders act before others
NTT DATA identifies a clear distinction between AI leaders and others. Leaders do not treat privacy and sovereignty as afterthoughts but embed them into design from the start. They align their AI strategy with infrastructure, formalize governance, establish executive sponsorship committees, and work with partners capable of covering everything from data centers to models and business flows.
The report states that AI leaders are nearly 2.5 times more likely to report revenue growth above 10% and 3.6 times more likely to operate with margins of 15% or more. This should be interpreted cautiously: sovereign architecture alone doesn’t guarantee these results but suggests a link between operational maturity, well-designed architecture, and the ability to scale AI with fewer frictions.
This trend varies by sector. Globally, the public sector and government are most inclined toward sovereign AI in the next two years, with 37%. Healthcare and natural resources (35%), and manufacturing (33%) follow. It makes sense: these sectors handle critical data, sensitive operations, or infrastructure where loss of control could entail economic, social, or security repercussions.
| Sectors Most Likely to Adopt a Sovereign AI Approach | Global Percentage |
|---|---|
| Public Sector & Government | 37% |
| Healthcare | 35% |
| Natural Resources, Mining, Oil & Gas | 35% |
| Manufacturing | 33% |
| Automotive | 31% |
| Logistics, Travel and Transportation | 30% |
| Telecommunications, Media & Tech | 29% |
| Financial Services | 28% |
Geography also influences trends. In the European Union, investments in sovereign AI tend to be more driven by regulation and compliance. In the Middle East, national strategy and technological autonomy weigh more heavily. In North America, healthcare is particularly significant. Sovereignty, therefore, is not a one-size-fits-all concept but varies depending on regional priorities and agendas.
More control also means more complexity
Sovereign AI sounds like independence, but in practice, it demands highly coordinated ecosystems. Few companies can build the entire stack alone—data centers, networks, cloud, storage, accelerators, data platforms, models, security, governance, and operations. The more control desired, the more critical vendor coordination becomes.
The report highlights that 51% of organizations cite hybrid environment integration complexity as a primary challenge for executing AI workloads in private cloud. Additionally, among firms advancing sovereign AI strategies for GenAI, 40% identify infrastructure modernization as their biggest hurdle. This aligns with the discovery many organizations are making: AI doesn’t scale well on legacy architectures with poor integration, dispersed data, and incomplete security controls.
Cloud security is another weak point. Only 38% of respondents express high confidence in their current cloud security posture, and 48% consider themselves very prepared to manage cloud and AI security risks with formal plans. This fragility poses risks, especially as models interact with sensitive data, generate automated decisions, or connect to critical applications.
The takeaway for companies is clear. The next phase of AI won’t depend solely on accessing the best model or the most GPUs. It will also hinge on building environments where data is classified, access is segmented, models are governed, providers are aligned, and jurisdiction is integrated into the design from the start.
The enterprise AI thus enters a more mature stage. It’s less about demos and more about architecture, compliance, security, and daily operations. For many organizations, the greatest barrier won’t be the model itself but the infrastructure they failed to prepare in time.
Frequently Asked Questions
What is private AI?
An approach where sensitive data, models, and AI operations run in controlled environments with restricted access, encryption, lifecycle governance, and minimal exposure to third parties.
How does private AI differ from sovereign AI?
Private AI focuses on control and data protection, while sovereign AI adds requirements around jurisdiction, residency, and national or regional control over infrastructure, data, models, and operations.
Why does data sovereignty impact AI architecture?
Because AI needs to continuously move, combine, and process data. If data can’t leave a region or must adhere to specific rules, the architecture must be designed to accommodate those restrictions.
Which sectors are most affected by these changes?
Public sector, healthcare, natural resources, manufacturing, financial services, telecommunications, and energy are among the sectors where privacy, regulation, and infrastructure control are particularly critical.
via: services.global.ntt