As AI systems move into production across regulated industries, digital sovereignty is increasingly being defined not by where data lives, but by who controls the platforms running it. To address this, IBM has introduced IBM Sovereign Core, a self-managed software platform for deploying and running AI and cloud workloads in environments governed entirely by the customer. Announced Thursday, the platform is built on open source Red Hat technologies and is meant for organizations that must operate infrastructure within specific legal and regulatory jurisdictions.
At the core of the platform is a customer-operated control plane that remains under direct customer authority for configuration, deployment, and ongoing management. IBM does not operate the environment, and administrative control does not pass through infrastructure or service providers outside the region. Identity and access management are also designed to remain within jurisdictional boundaries. Authentication systems, authorization policies, and encryption keys are generated, stored, and managed locally under customer control, rather than being tied to external identity providers or global key management services.
(Shutterstock)
IBM says Sovereign Core enables continuous compliance by generating comprehensive operational data, system telemetry, and audit trails as workloads run, with compliance data stored inside the sovereign environment. As AI systems evolve, this approach could help organizations prove they are meeting regulatory and governance requirements. For AI workloads, the platform enables locally governed inference. Models are deployed and executed on in-region infrastructure, including local GPU clusters, with inference and agent operations remaining under local governance. Data used during inference is not exported to external platforms, and model activity is intended to be traceable for oversight and auditing purposes.
Analysts say the conversation around sovereign AI is shifting from abstract policy to operational reality. Much of the early discussion focused on data residency, but it only addresses part of the problem as AI systems move into production. Organizations now need to demonstrate not just where data resides, but who operates the system and how that control can be verified.
“The sovereign AI conversation has focused on data residency, but that’s only part of the equation,” said Sanjeev Mohan, principal at SanjMo, an independent research and advisory firm specializing in data, analytics, and AI governance. System control and regulatory proof are the more difficult challenges that Sovereign Core addresses, he says, and require approaches that span data, operations, and assurance, combined with continuous monitoring, noting, “As AI moves into production, that kind of ongoing accountability becomes non-negotiable.”
IBM Sovereign Core Architecture Overview (Credit: IBM)
Erik Fish, director of geotechnology at Eurasia Group, frames the issue in geopolitical terms. As AI adoption accelerates, he says that sovereignty questions are moving “from theory to daily operations,” driven by the convergence of regulation, geopolitics, and data governance. In that environment, governments and enterprises face growing pressure to demonstrate clear control over critical data and infrastructure. “The challenge is no longer a trade-off between openness and sovereignty, but governing data, access, and infrastructure amid growing regulatory and geopolitical constraints,” he said in a release.
IBM says Sovereign Core is designed to simplify deployment across a range of infrastructure options. Organizations can deploy isolated environments with built-in multitenancy on hardware and infrastructure of their choosing, including on-premises systems, supported in-region cloud infrastructure, or environments operated by local IT service providers. IBM says this approach is intended to reduce the time and complexity typically involved in assembling sovereign environments from separate components. As part of that strategy, IBM is working with regional IT service providers to deliver and operate sovereign environments locally. Initial deployments are planned in Europe, with partners including IT services firms Cegeka in Belgium and the Netherlands and Computacenter in Germany. IBM says these partnerships are designed to support local operational independence and compliance management, while enabling service providers to offer sovereign infrastructure and AI environments to enterprise customers.
IBM plans to make Sovereign Core available in a technology preview starting in February, with general availability later this year. The company says additional capabilities will be introduced at GA, though it has not yet detailed what those features will include. More information will be available at the IBM Tech Summit on January 27.
This article first appeared on HPCwire.
The post IBM Launches Sovereign Core as AI Sovereignty Moves From Policy to Operations appeared first on AIwire.
