§ Framework · 14 min read
A practical framework for evaluating true AI sovereignty. Because if you cannot answer “who controls this?” with certainty, you do not have sovereignty. You have a marketing claim.

Piyush Panchal
Research Team
The control test
legal · operational · technical · strategic
Plus three pillars
data · compute · model
65%
of governments adding sovereignty rules by 2028
92%
GPU market share held by NVIDIA
65%
cloud market controlled by 3 hyperscalers
$1.5T
global sovereign AI investment
Every AI vendor now claims to offer “sovereignty.” Data centres multiply across jurisdictions. Compliance certifications adorn marketing pages. Yet genuine sovereignty remains elusive because most organisations are testing for the wrong things.
The Control Test provides a rigorous framework for evaluating whether your AI deployment genuinely serves your interests or whether you have simply relocated your dependencies. It examines four dimensions of control that together determine whether you own your AI future or merely rent it.
§ 01
True sovereignty is not binary. It exists across a spectrum of control dimensions. The Control Test evaluates each dimension independently, because weakness in any single area can compromise the entire system.
Which jurisdiction's laws govern your AI system? Can a foreign government compel access to your data or models through legal mechanisms?
“If a foreign court issues a subpoena, can your provider refuse?”
Can you operate your AI systems independently? What happens if your vendor relationship ends through choice, conflict, or circumstance?
“Could you keep running if your provider shut down tomorrow?”
Do you control the technical stack from infrastructure to models to data pipelines? Can you audit, modify, and migrate without permission?
“Can you export everything and run it elsewhere?”
Does your AI deployment enhance or constrain your future options? Are you building capabilities or dependencies?
“Are you getting stronger or more dependent over time?”
§ 02
Beyond the four control dimensions, genuine sovereignty requires mastery of three distinct domains. Each pillar represents a critical capability that must be controlled, not merely accessed.
Your data remains under your jurisdiction, processed according to your policies, with complete audit trails you control. No foreign access without your explicit consent.
Processing occurs on infrastructure you control or can control. Not subject to foreign capacity allocation, throttling, or termination decisions.
You own or can modify your AI models. Training data, weights, and capabilities remain under your control. No black boxes you cannot inspect.
§ 03
Many organisations believe they have achieved sovereignty through partial measures. These approaches provide comfort without control and often create false confidence that delays genuine sovereignty investments.
Having data in your country does not guarantee sovereignty. The US CLOUD Act allows American authorities to compel access to data held by US companies regardless of where that data is physically stored.
Running in your own data centre means nothing if you depend on proprietary software, foreign-controlled models, or vendor-locked infrastructure. The kill switch may be software-based rather than physical.
Open weights do not equal sovereignty. You still need infrastructure to run them, expertise to fine-tune them, and systems to deploy them at scale. Open source is an ingredient, not a solution.
§ 04
Use this framework to evaluate any AI system, whether you are assessing current deployments or evaluating new solutions.
Control test checklist
“Sovereignty is not about isolation. It is about choice. A sovereign organisation can choose to collaborate, integrate, and partner. A dependent organisation can only comply.”
- The Sovereign AI Playbook · Katonic AI
The first step toward sovereignty is honest evaluation. Map your current dependencies, identify your gaps, and prioritise based on risk. Many organisations discover their largest vulnerabilities are also their easiest to address.
The Katonic solution
Katonic's Sovereign AI Factory is designed from the ground up to pass the Control Test. Our dual-zone architecture separates sovereign and non-sovereign workloads, while air-gapped deployment options eliminate foreign jurisdiction concerns entirely.

Piyush Panchal
Research Team
Katonic AI provides the Sovereign AI Factory, a complete platform for organisations to build, deploy, and scale AI agents while maintaining complete control over their data, compute, and models.
Start your sovereignty journey →§ Related articles
Discover how Katonic AI can help your organisation achieve genuine AI sovereignty with our comprehensive assessment framework.
