When Iranian suicide drones slammed into Amazon Web Services’ (AWS) data centres in the Persian Gulf in March, the impact made many governments and multinational businesses sit up.
If a relatively “safe” location, such as Bahrain, could have such critical infrastructure damaged so suddenly, should there not be contingency plans in place?
As AWS’ data centres continue to be disrupted, the thinking around sovereign AI, which has already been in the minds of many leaders earlier, has also moved up their priority list. Surely, something as important as AI can’t be left to chance.
In the simplest sense, sovereign AI just means to run AI on one’s own terms. Yet, there is so much more behind the idea, including the hardware involved, the training models and apps, and finally, the talent needed to operate AI.
So, it’s no surprise there isn’t a common understanding of what sovereign AI means. What’s clear, though, is the desire, from governments to big multinationals that operate across borders, to better control such a critical part of their operations.
In a study of close to 2,000 business and government leaders across 28 countries last year, Accenture found that 61 per cent were more likely to seek sovereign technologies as geopolitical risks rose.
Notably, this was before the latest Middle East conflict when data centres were bombed. The consulting firm used tariffs, trade tensions and sovereignty debates as examples of geopolitical turmoil.
In Asia-Pacific, there seems to be a “hybrid” strategy emerging, with 57 per cent of organisations balancing global hyperscaler capabilities with locally governed infrastructure.
One of Accenture’s customers, Indonesian telecom operator Indosat Ooredoo Hutchison, is offering pre-built AI solutions to the financial services and mining sectors while keeping data secure within national borders.
More organisations are looking at data sovereignty, said Hans Dekkers, IBM’s general manager for Asia-Pacific, at a recent media briefing.
Questions that governments are asking, he noted, include whether they can operate without external help, if they have access to control panels to use the data and if they can move their AI workloads quickly to another location.
This could mean moving flexibly from one cloud provider to another, or even back on-premise, he added, stressing that the key was being in control of where and how one can run the AI.
This is where some “neo-cloud” companies have come in to challenge established hyperscalers such as AWS, Google Cloud and Microsoft Azure.
Offering fast access to, say, Nvidia’s graphics processing units (GPUs) to train AI, players such as Coreweave in the United States and Bitdeer in Asia-Pacific are a little like cloud providers in the early days – quick to spin up to get a job done.
There is a lot more flexibility in the way AI is set up today because it is no longer constrained by the “gravity of data or the mobility of data,” said Elaine Chan, head of AI sales for Asia-Pacific at data storage vendor NetApp.
Many companies could do their model training on the cloud because that needs high-performance computing power but the inferencing which generates responses can be done on-premise, with sovereignty in mind, she added.
Of course, this is assuming governments and businesses know where their data is and that it is not stuck in silos. Unlocking this is just as important to get AI going.
There is also the question of cost. If AI sovereignty varies on a spectrum, from the most control to none at all, then the corresponding cost also tracks similarly.
A government can tap on hyperscale cloud providers that have the ready AI infrastructure, with data centres designed to run sustainably and optimally.
Yet, these providers often need uniformity and scale to be cost efficient, despite more “localised” versions, including even air-gapped ones, being set up for governments seeking sovereign clouds.
Few organisations, unsurprisingly, would go build everything themselves. Instead, a risk-based approach is what many will take up, say, to keep 10 per cent of sensitive data within one’s own borders.
“It’s legitimate that governments have their own standards and regulations, and cybersecurity mandates, but the reality today is the scale of the stack requires technology capabiltiies that most countries are not able to get to,” said Henry Worthington, managing director for economic consulting at Oxford Economics.
Notably, asserting too much control could cost Asia-Pacific countries more and hurt AI adoption, the consulting firm argued in a report last week.
Overly restrictive AI sovereignty policies could cost Singapore S$29.1 billion in direct investment and wipe out US$23.5 billion in GDP by 2035, equivalent to 3.2 per cent of the economy, it estimated.
Open, assurance-led approaches, like how Singapore currently runs its government cloud with commercial providers, could sustain AI adoption rates of 43.8 per cent by 2035, it predicted.
Ownership-centric models, requiring full domestic AI stacks, slash that to just 9.6 per cent, with a three- to five-year delay in deployment, it cautioned.
Ultimately, no country can be “fully sovereign” because the technology stack involves so many suppliers, a majority of which are in the private sector, said Worthington.
“Even a country with the capability and scale of the US would find it hard,” he added, noting its challenges trying to bring back chipmaking to its shores.
