In the GCC, AI sovereignty is often framed as a data issue, but the real challenge runs much deeper. It is easy to focus on where data is stored, but that captures only the surface. AI sovereignty in the Gulf is ultimately a control problem.

Data residency may define location, but real authority lies with those who hold encryption keys, govern identity, manage access, and determine how systems evolve. Data can remain local while decision-making quietly sits elsewhere. Across the region, the focus is shifting from where data lives to where control actually sits in the stack, bringing renewed attention to who ultimately holds authority when it matters most. Nizar Hneini, Senior Partner and Managing Director at Roland Berger Middle East, and Hugo Carreira, Principal at Roland Berger Middle East, explain why that distinction is becoming increasingly important.

For many organizations, that conversation has become far more urgent in recent years.

According to Hneini, recent regional instability has pushed governments and enterprises to rethink digital infrastructure through a different lens. “The recent period of regional instability has fundamentally accelerated how GCC governments and enterprises think about digital infrastructure.”

What was treated as a compliance consideration has become a matter of national resilience. Despite this urgency, the most common confusion is equating physical data location with sovereignty.”

He adds that the misunderstanding begins there. “Storing data locally is necessary but not sufficient. True control breaks down long before it reaches the question of where servers sit.”

That is why sovereignty is weakened not at the storage layer, but in the systems around it. Even if data is stored locally, a foreign jurisdiction, such as a CLOUD Act-style reach, can still apply. And when encryption keys, identity management, and access governance sit offshore, true control remains out of reach.

He also points to a layer that is often overlooked. “There is a further layer that often goes unexamined: the operational layer. Patching, upgrades, model updates, and incident handling that are executed remotely by foreign vendors represent a transfer of operational authority that no data residency requirement addresses.”

The same applies to managed AI services. “Model hubs impose centralized update cycles, policy changes, and evaluation standards entirely outside local control.”

For Hneini, the distinction is ultimately about authority, not geography. “True sovereignty means asking not just where data is stored, but who can access it, administer it, move it and modify it, and under whose law they operate when they do.”

CONTROL DEFINES SOVEREIGNTY, NOT LOCATION

For governments and enterprises alike, sovereignty is increasingly being defined not by where data sits, but by who retains operational control when systems are under pressure. As AI infrastructure becomes more deeply embedded into critical operations, questions around ownership, oversight, and decision-making are moving to the forefront.

Against that backdrop, Carreira believes “a genuinely sovereign AI stack is not a single technology choice, but a set of enforceable design decisions across every layer.”

That starts with contracts. Sovereignty depends on guardrails for cross-border data transfers, limits on subcontractors, and governing law that avoids backdoor exposure. Contracts must prevent indirect loss of control, not just record compliance.

The same logic extends to infrastructure, with in-country compute, real disaster recovery, and multi-vendor resilience. But the biggest gaps emerge at the operational layer. Control over identity, access, keys, logging, and incident response is often left offshore, weakening sovereignty in practice.

This principle carries into the data and AI layers. “Local control over identity management, privileged access, cryptographic key management, logging, audit evidence, and incident response cannot be contracted to a foreign managed service and still be called sovereign.” Rules on retention, sharing, and breaches must be technically enforced, while models require continuous oversight through evaluation, monitoring, and approval gates.

At scale, procurement becomes a critical lever. “Trusted and qualified cloud and AI supplier frameworks translate sovereignty into scalable, usable buying rules,” turning procurement into a mechanism for enforcing control rather than diluting it.

The broader shift is clear. “Sovereignty is about effective authority rather than nominal ownership,”  Carreira says. Foreign jurisdiction is structural, embedded in global technology systems, regardless of where data sits.

That is why the focus moves from infrastructure to control. Especially in times of instability, the question is not who owns systems, but who can operate them. As he puts it, “jurisdiction follows the operator, not the server.”

INDUSTRIAL POLICY RESHAPES AI SOVEREIGNTY

“The shift is already happening in the most strategically aware capitals in the region, even if the language has not yet caught up with the intent,” Carreira says.

At the center of this shift is the positioning of compute and data centers. “Compute and data centers are treated as critical national infrastructure, comparable to energy grids or telecom networks,” he notes, anchoring them in long-term state capacity rather than short-term IT upgrades.

From there, the focus moves beyond deployment to control of the ecosystem. It is no longer just about deploying technology, but “deliberately shaping who builds, supplies, and operates that infrastructure.” As more of the data center value chain becomes localized, the emphasis shifts toward building regional capabilities.

This is where industrial intent becomes explicit. “As the pieces of the data center value chain are consciously built or sourced locally, there is a clear industrial intent to make capacity building itself a sovereign capability,” he explains. The framing moves beyond modernization. “The decision is no longer simply about IT modernization,” Carreira adds, as infrastructure investment ties into economic diversification, SME adoption, workforce development, and national competitiveness.

At the same time, the efficiency gains of global AI platforms remain hard to ignore. “The efficiency gains of major AI platforms are real, and no serious sovereignty strategy asks organizations to forgo them entirely,” he says. The risk lies in the trade-offs. “The question is whether those gains are being purchased at a cost in strategic operationality that will only become visible when it is too late.”

Mitigating that risk depends on how dependency is structured. “The most concrete risk mitigation lever involves multi-vendor strategies at every layer: compute, cloud, and model, combined with workload portability and failover as baseline contractual requirements,” he explains. Procurement becomes a key control point. “Procurement governance that limits over-concentration in vendors subject to foreign jurisdiction is not a theoretical safeguard; it is a practical constraint on the accumulation of dependency that compounds over time.”

This approach extends to the national level. “At the national level, shared platforms, or AI factories, reduce reliance on any single commercial provider while creating the infrastructure conditions for broader and more equitable adoption,” he says. Internal capabilities reinforce these. “Model assurance and evaluation capabilities prevent blind dependence on vendor claims about performance, safety, and sovereignty compliance.”

Alongside these shifts, the region is investing in its own AI capabilities. “There is a growing and important effort across the region to develop local large language models and integrate them into sector-specific platforms,” Carreira adds, pointing to a broader goal of keeping critical AI decisions within regional control.

CONTROL SHIFTS TO ENTERPRISE USAGE

As AI adoption spreads across the enterprise, control increasingly depends on how employees use third-party tools in practice.

Carreira outlines a framework that starts with visibility. It begins with “comprehensive tool and data inventory, including third-party AI tools,” followed by “data classification and least privilege access, enforced technically.”

From there, governance moves into enforcement. This includes “approved toolchains and supplier registries, embedded into procurement,” alongside “audit logging and monitoring across AI usage” and “continuous detection and migration of shadow AI and shadow data.”

Managing risk requires clear response mechanisms. Organizations need “incident reporting and response playbooks for AI misuse or leakage,” supported by “intensive training programs” that help employees assess tools and understand the sovereignty implications of their decisions.

Alongside usage, data quality remains a structural constraint. Arabic data remains one of the region’s biggest bottlenecks, with the challenge lying more at the data layer than the model layer. As Hneini notes, only “around 15% of Arabic text online is clean enough for model training,” limiting out-of-the-box performance.

This is where reliance on global models falls short. Generic systems, he says, “cannot easily close Arabic performance gaps without curated data,” making local data development essential.

The opportunity, however, is substantial. “Ministries and public institutions hold large, untapped Arabic datasets in legal, administrative, and healthcare domains,” he adds, pointing to a foundation that could significantly improve model performance and regional relevance if properly structured and governed.

SCALING SOVEREIGNTY BEYOND LARGE ENTERPRISES

SMEs are at the core of GCC economies, but expecting them to independently build and maintain robust AI governance is unrealistic.

Hneini argues that the model cannot rely solely on bottom-up coordination. Instead, it depends on “shared national platforms that SMEs can plug into,” giving smaller businesses access to infrastructure and controls they cannot build themselves.

Adoption also needs to be simplified. This includes “packaged adoption mechanisms such as implementation bundles, financing, and incentives,” as well as “pre-qualified tools and templates that reduce governance burden.”

That shift changes how success is measured. “Top-down design, making SME adoption a sovereign KPI rather than a market afterthought,” ensures smaller enterprises are integrated into the system rather than left to navigate it alone.

Looking outward, global frameworks offer a reference point. In markets such as France, Japan, Singapore, and the U.S., sovereignty becomes real when it is embedded into procurement and assurance, not just policy.

The GCC, Hneini suggests, is not starting from scratch, but it is not fully operational either. The region is “structurally ready but operationally behind,” with policy direction largely in place.

The gap lies in execution. What is still missing are “mechanisms similar to FedRAMP, SecNumCloud, ISMAP, or MTCS,” which translate intent into enforceable standards.

Their real impact is not in legal language alone, but in application. These frameworks create “procurement-linked assurance,” turning policy ambition into something that can be consistently enforced and at scale.

OPERATIONAL CONTROL BECOMES THE PRIORITY

If one capability stands out over the next two years, it is operational control over AI systems.

Hneini points to a clear hierarchy of failure. “Data governance without enforcement fails,” he says, while “compute without control is exposed to licensing, supply, and dependency risk.” The pattern is consistent. “Sovereignty most often collapses at the operational layer,” particularly across access, administration, and system sprawl.

This is where the highest value opportunities are emerging, in areas where execution is hardest, and risk is greatest across the AI value chain.

He points to priorities that move beyond strategy into implementation. This includes “sovereign cloud and AI control planes,” alongside “compute resilience and supply risk management,” where dependency and continuity risks are most exposed.

Data remains a core lever. “Data product factories, especially in Arabic,” are critical to improving performance and relevance and are supported by “model assurance, evaluation, and monitoring services” that provide independent oversight of how systems operate.

On top of this, demand is growing for operational layers that translate capability into execution. “Managed services layered on top of sovereign infrastructure” are becoming key to day-to-day delivery.

At the application layer, value becomes more localized. This includes “Arabic language interfaces, Islamic finance applications, healthcare tools calibrated to regional epidemiology, and public sector workflows designed for local administrative realities,” where context defines impact.

For advisory firms, the role now shifts to execution. Hneini highlights the need to “translate policy into operating models and control architectures,” turning ambition into implementable, governable systems.

This extends into the commercial layer. Firms can support “designing procurement and supplier dependency frameworks” and “building portfolio prioritization and rollout sequencing for sovereign AI programs,” ensuring investments are structured effectively.

There is also a role in scaling adoption. This includes “structuring SME enablement models that actually scale,” alongside “standing up governance, assurance, and control plane capabilities” that embed sovereignty into daily operations.

Finally, advisory firms act as a bridge to global best practices. They can “follow the dynamic field of best practices worldwide, and inject them in the sovereignty strategy as well as in concrete initiatives,” keeping regional approaches practical and competitive.

The GCC has built the infrastructure. The policy frameworks are largely in place. What remains is whether the region can convert that structural readiness into operational authority it can actually enforce when it matters. The servers were always the easy part.