05 June 2025

The study underscores the increasing importance of local, European-controlled AI infrastructure amid concerns over non-EU data laws and geopolitical risks.

The findings show that 81% of UK decision-makers are highly concerned about the impact of non-EU data legislation — such as the US PATRIOT Act — on their ability to control and protect AI systems and data. This concern is especially pronounced among enterprise C-suite executives (93%) and AI startup leaders (79%), reflecting the high stakes for those developing and deploying AI at scale.

Key risks fuelling these concerns include potential non-compliance with EU regulations like GDPR and the upcoming AI Act (77%), the inability to maintain long-term control over critical AI infrastructure (74%), and geopolitical instability or government interventions that could disrupt data access (74%). These factors are prompting organizations to scrutinize who they trust to manage their AI infrastructure.

Trust in infrastructure providers varies, with a notable tilt toward European providers. While just over a third of respondents (36%) express full trust in European sovereign cloud providers, only 35% trust US-based cloud service providers to securely handle their AI data within regulatory boundaries. Meanwhile, 20% report having no trust at all in US providers. In contrast, nearly half (47%) have complete trust in in-house or on-premise solutions, underscoring a preference for direct control and regulatory certainty.

This trust divide highlights why half of UK decision-makers see sovereign AI infrastructure as a key competitive differentiator in the next two years, viewing it as essential for compliance, trust, and market positioning.

When selecting AI infrastructure partners, over 90% of respondents prioritize performance, security, data sovereignty, and cost-effectiveness. Role-specific priorities include:

• Start-ups focusing on security (97%), performance (96%), and cost (97%).
• C-suite executives emphasizing scalability (98%), transparency (97%), and performance (97%).
• IT leaders valuing performance (100%), security (99%), and customer support (99%).
• AI/ML developers stressing security (97%), transparency (95%), and cost (95%).
• Risk and compliance managers highlighting performance (97%), sustainability (96%), and security (96%).

Despite broad recognition of sovereignty’s importance, significant internal perception gaps exist. While 57% of enterprise C-suites and IT leaders see sovereignty as a strategic priority, only 35% of developers share this view, indicating a need for better internal alignment around sovereignty’s benefits and risks.

Perceptions of transparency also vary. Over half (54%) of UK respondents believe their AI or cloud provider is highly transparent, with the highest confidence among enterprise IT leaders and start-up C-suites (both at 97-99%). However, 8% of enterprise developers remain sceptical about provider transparency, highlighting ongoing trust challenges.

Market demand for sovereign AI solutions is strong, with half (50%) of organizations reporting customer and partner expectations for AI systems hosted on sovereign infrastructure. This trend underscores sovereignty’s role not only in compliance but also in brand reputation and trust.

“It’s often misunderstood as just data residency, but true sovereignty involves ownership, operational control, compliance, and transparency across the entire AI infrastructure stack. It ensures that AI-generated value stays within local communities and economies, supporting innovation and resilience. As AI becomes central to business strategies, sovereignty is evolving into a foundation of trust and security. European providers must elevate their offerings to deliver truly sovereign, transparent, and future-proof infrastructure in an increasingly complex geopolitical landscape,” said Karl Havard, Chief Commercial Officer at Nscale.