Going Vendor-Agnostic: Knowing When to Leave a Single AI Provider
The Board-Level Shift: From Preference to Prerequisite
Data sovereignty is no longer a procurement preference. It is becoming a structural constraint on who can bid, who can partner, and who can operate in Europe.
The numbers are unambiguous. Eighty-three percent of enterprise leaders view sovereign AI as strategically important. Seventy-seven percent factor country of origin into AI vendor decisions. Fifty-eight percent are building their AI stacks primarily with local vendors (Deloitte, State of AI in the Enterprise 2026, survey of 3,235 leaders across 24 countries). European sovereign cloud spending is growing 83% year-over-year (Gartner, via ASEE, April 2026). Organizations are voting with their budgets.
Yet in EMEA, 32% of companies still rely on foreign-sourced AI solutions, the highest dependency of any region. That gap between intent and architecture is where the risk lives.
Let me state upfront that I have nothing against Microsoft, Google, or Amazon. We run services on Azure, and its stability and breadth of services are second to none. The gap I flag here is driven by external forces, not by the providers.
01 | The CLOUD Act: An Active Legal Conflict
The US CLOUD Act (2018) requires US-headquartered companies to produce data they control in response to valid US legal process, regardless of where the data is physically stored. A demand served on a provider's US headquarters compels production from Frankfurt, Amsterdam, or Dublin servers.
This is not a theoretical risk from 2018. It is actively being triggered, and it is starting to drive European policy in 2026.
Example 1: EU Legislation
On June 3, 2026, the European Commission formally presented its Tech Sovereignty Package, built around the new Cloud and AI Development Act (CADA), explicitly naming the CLOUD Act as the structural legal problem. The package routes sensitive public-sector cloud and AI contracts through jurisdictional risk tests that Amazon Web Services, Microsoft Azure, and Google Cloud cannot satisfy, restricting them from the most sensitive government data in healthcare, finance, and judicial systems across all 27 member states.
Example 2: Acquisition Approval
Just over a week earlier, on May 26, 2026, the Dutch government blocked IBM spinoff Kyndryl from acquiring Solvinity, the Dutch cloud provider hosting DigiD, the national digital identity system. This was the first-ever acquisition prohibition by the Dutch Investment Screening Bureau (BTI), explicitly grounded in CLOUD Act jurisdictional risk. State Secretary Willemijn Aerdts announced the prohibition only days before the Commission unveiled its package.
Example 3: Data Leaks
On May 14, 2026, a security researcher discovered that a CISA contractor had exposed administrative credentials for three AWS GovCloud accounts in a public GitHub repository, where they had been visible since November 2025. The leak included plaintext passwords, SSH keys, and Kubernetes configurations. EU officials cited the incident as reinforcing the sovereignty argument: if even hardened US government cloud accounts are exposed, the risk model for European data under US legal jurisdiction is not abstract.
The German Federal Ministry of the Interior commissioned a legal opinion from the University of Cologne that concluded US data access laws, including the CLOUD Act, are irreconcilable with the EU's fundamental rights framework and GDPR.
The EU Data Act, applicable EU-wide since September 12, 2025, legally requires cloud providers to implement technical measures preventing unlawful third-country government access to EU-stored non-personal data, and to actively challenge access requests that conflict with EU law. The CLOUD Act and the EU Data Act impose directly opposing legal obligations on the same providers.
02 | Residency Is Not Sovereignty
The common misconception is that data sovereignty is solved by choosing "EU West" as your Azure region. It is not. Sovereignty is a full-stack problem, and most European workloads remain exposed at multiple layers.
Layer 1: Server and Storage
Production data stored in European Azure regions is physically resident in the EU. But residency is not sovereignty. Under the CLOUD Act, the legal control point is the US headquarters of the provider, not the server rack. If Microsoft receives a valid US legal order, the data stored in Ireland or Sweden is within scope of compelled disclosure.
Layer 2: LLM Processing and Temporary Retention
For organizations using Azure OpenAI Service, an additional exposure exists at the inference layer. Azure OpenAI retains prompts and completions for up to 30 days for abuse monitoring. While Microsoft states this data is stored within the customer's chosen Azure region and not used for model training, the retention itself creates a temporary data store that is subject to the same provider control and legal process as persistent storage.
Microsoft documentation updated May 19, 2026 confirms that abuse monitoring is enabled by default. Eligible customers can apply for "modified abuse monitoring" that eliminates data storage, but this requires additional Limited Access eligibility criteria and approval. Most standard deployments retain the 30-day window.
Don't get me wrong: Microsoft offers a great service, and Azure's stability and leading-edge services are impressive. But the implications for sovereignty are out of their control and very real. Even if your database is EU-resident, your LLM inference traffic creates a secondary, temporary data pool under the same US-jurisdictional provider control.
Layer 3: Office 365 and Collaboration Data
The sovereignty exposure extends beyond AI workloads to the productivity layer. Microsoft 365, covering email, documents, Teams conversations, and SharePoint repositories, is subject to the same CLOUD Act jurisdiction. European organizations routinely handle sensitive contract negotiations, board deliberations, and regulatory correspondence in Office 365 environments that are legally accessible to US authorities regardless of datacenter location.
When the Dutch government blocked the Kyndryl-Solvinity acquisition, the concern was not about a niche technical system. It was about national digital identity infrastructure. The same logic applies to any European organization whose executive communications, legal strategy, or regulatory submissions flow through US-controlled collaboration platforms.
The Governance Gap
Only 21% of enterprises have mature governance models for autonomous AI agents, even as 73% cite data privacy and security as their top AI risk concern. Layering cross-border data flows on top of immature governance creates an unmanageable audit trail, particularly as the EU AI Act's high-risk obligations approach enforceability.
03 | The Enforcement Horizon Is Now
The EU AI Act's top tier carries penalties of up to €35 million or 7% of global revenue for prohibited practices, which have been enforceable under Article 5 since February 2025. High-risk obligations, which carry their own penalties of up to €15 million or 3%, are due to apply from August 2, 2026. A provisional political agreement reached on 6 to 7 May 2026 seeks to postpone that, but until it is formally adopted, the August 2 deadline remains the operative legal text.
More fundamentally, the EU is no longer negotiating. It is screening acquisitions, restricting procurement, and legislating against extraterritorial access. The question is no longer whether your data is "GDPR-compliant." It is whether your architecture can survive a world where US cloud providers are structurally excluded from sensitive European systems.
IDC predicts that by 2028, 60% of organizations with digital sovereignty requirements will migrate sensitive workloads to new cloud environments. Gartner predicts that by 2030, over 75% of companies in Europe and the Middle East will relocate data and workloads to reduce geopolitical risks.
The organizations that architect EU sovereignty now will have audit-ready, defensible AI operations. Those that wait will be retrofitting under enforcement pressure, or exiting markets they can no longer access.
Conclusion | So What? The Questions To Be Asking Now
The evidence above points to four questions worth putting in front of your own board.
Do we know exactly who can compel access to our data, and are we prepared to refuse a legal order from a third-country government?
The honest answer turns on jurisdiction, not datacenter location, and most organizations cannot answer it cleanly.
Are we treating sovereign AI as a procurement preference, or as an operational necessity?
The gap between strategic intent and institutional readiness is not a margins issue. It is a liability issue.
When did we last audit the operational security of the platforms holding our most sensitive credentials?
Extraterritorial legal reach and ordinary operational failure are not separate risks. They compound.
Is our migration timeline aligned with geopolitical reality, or with procurement convenience?
The market and the regulation are both moving faster than most enterprise roadmaps can adapt. If you are not already engineering for relocation, you are engineering for exposure.
WHERE GYSHO FITS
The exposure this piece describes is architectural, so the answer has to be architectural too. You cannot buy your way out of it with a region setting or a sovereign-cloud label. What decides your risk is which workloads can be compelled, and that comes down to where each one is actually processed and who has legal reach over it.
That is the layer we build. Gysho sits between your applications and the models behind them, so you decide what stays inside your own walls, on EU or on-premise infrastructure, and what, if anything, leaves them. Sensitive processing can run locally by default, with external providers used only where you explicitly choose. And because the routing layer is ours rather than any single vendor's, who can touch your data stays a decision you can revisit as the law moves, not a dependency you are stuck with.
If you are not sure which of your workloads are exposed today, that is the conversation worth having now, while you are still architecting by choice rather than under enforcement.
