Sovereignty Theater
The AI sovereignty wars have begun. Almost everyone is measuring the wrong thing.
Earlier this month, Palantir and NVIDIA announced that open Nemotron models will run inside air-gapped government infrastructures, where agencies can customize models using their own data and, notably, retain ownership of the resulting models and their weights. The commentariat processed it as a product story, a stock story, and, on the more excitable podcasts, the opening salvo of the “AI sovereignty wars.”
At its core, it is a policy story, and a bigger one than the coverage suggests. But to see it clearly, you have to start with an uncomfortable truth: “sovereign AI” is becoming a marketing term faster than it is becoming a standard, and the gap between the two is where the next decade’s dependency risks will hide.
The Three-Part Test
Strip away the vocabulary, and sovereignty over a computational system reduces to three questions.
First: Whose infrastructure does it run on?
This is the easy one, and it is the one every vendor now answers. Air-gapped deployment, on-premise inference, data that never leaves the building. Necessary, solved, and increasingly table stakes.
Second: Who owns the models, the weights, and the improvements derived from the institution’s own data?
This is where the Palantir–NVIDIA announcement genuinely advanced the conversation. Explicit weight ownership for the customer is a meaningful commitment, and the industry should be held to it as a floor, not celebrated for it as a ceiling.
Third: Can the institution operate, extend, and audit the system without the vendor?
This is the question almost no one asks. If your “sovereign” deployment requires a specific vendor’s data ontology to function, a specific vendor’s forward-deployed engineers to modify, and a specific vendor’s roadmap to remain current, then you have not achieved sovereignty. You have achieved data residency with a dependency attached. The data may have never left your building, but the ability to operate without your vendor did.
Most offerings now marketed as sovereign AI pass the first test, gesture at the second, and quietly fail the third. Call it sovereignty theater: the security architecture of independence wrapped around the commercial architecture of lock-in.
This is not an accusation aimed at any particular company. It is a structural observation about how enterprise software has always worked, now arriving in a domain where the customer is the state and the switching costs are measured in national capability. Which brings us to the part of this story that policy people should be staring at.
Procurement is the Real AI Policy
Washington has spent three years arguing about AI regulation through safety frameworks, liability regimes, and disclosure requirements. Meanwhile, the decisions that will actually shape the American AI industry are being made somewhere far less glamorous: in acquisition offices.
What the government buys, and how it buys it, does more to structure this market than anything Congress has passed. Other Transaction Agreements determine which companies can reach federal customers at startup speed. Reference architectures determine which technical patterns become de facto standards. Platform consolidation determines whether an agency’s AI capability is a national asset or a single vendor’s annuity.
I saw this from the buyer’s side as the FDIC’s first Chief Innovation Officer. Federal technology dependency does not arrive as a single decision, but rather accretes as a series of individually reasonable procurements. No one chooses lock-in, but institutions wake up inside it. And when the locked-in capability is the analytical layer through which an agency understands its own mission (its intelligence, its fraud detection, its logistics, its examinations), vendor dependency stops being a contracting inefficiency and becomes a national-security exposure. A single point of commercial failure embedded in the machinery of the state.
The AI sovereignty conversation, properly understood, is not about where the servers sit, but about whether the government’s adoption of AI concentrates or distributes this dependency. That question is being answered right now, mostly by default, one task order at a time.
Watch What the State Mandates for Itself
I recently wrote about the executive orders that compressed federal post-quantum cryptography deadlines by five years (2030 for key establishment, 2031 for digital signatures) and argued that deadline movement is the closest thing to a declassified threat assessment the public will ever see. Governments do not voluntarily accelerate decade-long migrations. Revealed preference beats every press release.
The sovereignty turn is the same signal in a different register. Consider what the federal government now requires of its own computational stack, all within a span of months. Cryptography that survives a quantum adversary, models that run in closed environments, weights the government owns, and – in its stated ambitions if not yet its contracts – the ability to operate all of it as national capability rather than rented service.
These initiatives all center on hardening the computational substrate of statecraft under compressed timelines, against adversaries assumed to be more capable than public evidence confirms. Quantum resilience and AI sovereignty are the same story. The through-line for anyone trying to read the classified consensus from outside is simple: watch what the government mandates for itself, not what it recommends for you.
The corollary for every institution outside government, from banks to exchanges to hospital systems, is equally simple. The federal stack is your preview. The standards the state imposes on itself under threat pressure become the standards your regulators, counterparties, and adversaries hold you to, typically within one examination cycle.
What Would Non-Theatrical Sovereignty Look Like?
For acquirers, public and private, the three procurement questions operationalize the test. Demand weight ownership in writing, covering not just the base model but every artifact trained on your data. Demand an exit architecture that gives you a documented, tested path to operating the system without the vendor, priced and rehearsed like disaster recovery. And demand crypto-agility while you’re at it, because a sovereign stack that cannot swap its cryptography by 2030 is sovereign right up until it isn’t.
For policymakers, the agenda is to make the third test legible. We have decades of doctrine on supply-chain risk for hardware and single points of failure in financial infrastructure. We have almost nothing on ontology lock-in, model dependency concentration, or vendor operational leverage over the analytical systems of government. The frameworks are missing because the question is new. It will not stay new for long.
The AI sovereignty wars are real. But the decisive front is not America versus China, or hyperscaler versus hyperscaler, or anything currently being discussed on the podcasts. The real front is the quieter contest over whether “sovereign” comes to mean independent, or merely on-premise. That definition is being written now, in procurement language, largely unexamined, and its specifics will determine if acquirers actually control the systems they rely on.
Institutions deserve true independence. The definition deserves to be examined. Because sovereignty that fails the third test is not sovereignty.
It is theater with better security clearances.
Frontier Foundry’s Approach
Truly sovereign AI is a cornerstone of every Frontier Foundry engagement. We ensure that independence is engineered, not promised, using our library of 600+ models to configure custom solutions built around your specific data, workflows, and regulatory constraints.
Our systems run in institutions where failure is not an option, including the banking, asset management, healthcare, and government sectors. The critical nature of these operations is why we give our clients the technical expertise and legal right to operate and extend their own systems, all while staying an email away, ready to help maintain the value our solutions provide.
Explore our website to see how sovereign AI should actually work.
Sultan Meghji is the founder and CEO of Frontier Foundry, a Visiting Fellow at George Mason University’s National Security Institute, and previously served as the FDIC’s first Chief Innovation Officer. He has written on quantum computing and national security since 2017.
To stay up to date with our work, visit our website, or follow us on LinkedIn, X, and Bluesky.


