One AI system, many rulebooks: how data residency is rewriting global vendor strategy
The AI system that works in New York need not necessarily work in Frankfurt, UK, UAE or Saudi Arabia - and a growing number of multinationals are finding that out the hard way. While the model is the same in both places, what changes at the border is simply everything around it.
Where the data may sit, who is permitted to touch it, and which regulator can demand a look inside. These rules are pulling apart faster than most procurement teams expected, and the idea of one global architecture is going with them.
For vendors, the consequence shows up in the only place that counts, which is who wins the contract. Across the European Union, India, the Gulf and a lengthening list of other markets, data residency and sovereign compute mandates have pushed sovereignty from a late-stage compliance check to the opening question in any AI purchase: where does the data live, who processes it, and under whose law?
Increasingly, the vendors with a good answer are the ones who own or can govern infrastructure inside the jurisdiction that matters, rather than the frontier model companies that led the first wave of enterprise adoption.
That dependence became clear in June this year, when access to Claude Fable 5 was briefly suspended. The outage was short, but it made a deferred question suddenly urgent - how much of the business now runs through a few external AI systems governed by foreign law, and what happens when one of them goes dark?
Levent Ergin, Chief Industry Strategist (CDAO) - Agentic AI and Data Foundations at Informatica, now part of Salesforce, has spent years watching institutions build up that kind of exposure. “You’re outsourcing the cognitive function of a workflow to a third party,” Ergin said. He does not argue that companies should walk away from frontier models, only that reliance on any single external stack has become a resilience risk that procurement must now price into the purchase.
Four markets, four rulebooks that agree on almost nothing
A single architecture no longer travels because the rules it has to satisfy have stopped resembling one another. For example, take India, the UAE, Germany and the UK: four markets whose frameworks share almost no common infrastructure, down to which authority is entitled to audit which system.
India’s Digital Personal Data Protection Act of 2023 is still being operationalised, but its intent is settled, with data generated in the country expected to stay there. The UAE governs sensitive records through its health data confidentiality law and its federal data protection decree. Germany stacks data protection rules on top of health regulations stricter in places than the Gulf equivalent, and the UK reads its post-Brexit GDPR its own way. The thread running through all of them, and through dozens of jurisdictions writing similar rules, is residency: data stays in the country, on infrastructure the local authority can inspect.
Inside many organisations, this has changed what sovereignty even means. Mena Migally, Regional Vice President, EMEA East at Veeam, has watched it climb from the legal department to the board. “We are seeing a clear shift from data sovereignty being treated as a compliance requirement to being recognised as a strategic priority,” Migally said, citing research in which most organisations across the Middle East and Africa now rank sovereignty among their top concerns. The demand has widened well past storage.
“This is not just about where data is stored, but how it is governed, who can access it, and under what conditions,” Migally said, and that fuller definition is what now shapes what companies buy.
The expense lies less in any single rule than in honouring all of them at once. Kalle Bjorn, Senior Director Systems Engineering at Fortinet, put it in those terms. “The challenge is not necessarily the existence of different regulatory requirements; it is managing them without creating unnecessary complexity,” Bjorn said.
What companies want in return is the freedom to move workloads without redesigning their approach market by market. “Many organisations want the ability to choose where AI workloads run, whether in their own environments, private clouds, public clouds or hybrid deployments, while maintaining consistent security and governance controls,” he said.
Ergin has seen this from inside heavily regulated banks, where every legal entity answers to its own local regulator on top of the head office one, and his fix is organisational rather than technical. “You set up a safe AI deployment committee which interprets all the different regulations from a business perspective,” he said, describing a cross-functional body that agrees on a single group reading of each rule rather than a patchwork of national ones.
He would rather lift the strictest local requirement into the group standard than fall into “doing patchwork risk and control frameworks that are country specific,” and standardising upward like that is exactly what rewards vendors already holding ground in each jurisdiction.
The vendors who own their infrastructure are the ones sitting comfortably
When residency is the test, the vendors who pass it most easily are those whose infrastructure already sits where the data must stay. Ramprakash Ramamoorthy, Director of AI Research at Zoho Corp., argued that the debate goes wrong the moment sovereignty is reduced to a storage address. “Real sovereignty starts at the infrastructure level, in how the stack is built and owned,” Ramamoorthy said, extending the idea down to the hardware and firmware beneath the data and out to whether the models were trained without exposing customer information.
Zoho rests its case on owning that whole path. “Zoho runs its own data centres regionally and trains its own models, which gives us sovereignty over the full path from silicon to model,” he said, adding that regional deployment across the company’s global network of data centres lets customers meet residency requirements without re-architecting anything.
If Zoho shows how ownership answers residency, the advantage sharpens for a company built entirely inside the market it serves. TERN runs AI inside a UAE government health system, and it treats residency less as an obstacle than as a wall keeping larger rivals out, in the Gulf and past it.
Avinav Nigam, Founder and CEO of TERN Group, said there was never another route in. “We built TERN on sovereign UAE infrastructure from day one, not because it was the path of least resistance, but because there was no other way to deploy inside a government health system,” Nigam said. The constraint turned into a defence. “No global cloud-first AI vendor can walk into Emirates Health Services and offer what we offer,” Nigam said, and on how lasting that edge is, he stated, “The sovereignty requirement is a moat if you build for it. It is a barrier if you do not.”
Owning a data centre in every market, though, is not the only way through, and vendor strategies split here. Gabriele Obino, Vice President Southern Europe and Middle East at Denodo, treats deployment as a question of access rather than movement, letting organisations reach data across environments without relocating it. Architectures should “allow them to access and utilise data across several environments without necessarily moving or copying it,” Obino said, keeping records under local governance while still feeding AI initiatives.
His answer to fragmentation is one governed layer rather than a separate build per market. “Organisations should establish a unified data layer that applies consistent governance, security, and semantic understanding instead of creating isolated data silos for every market,” he said. Zoho and TERN meet residency by owning regional hardware; Denodo meets it by governing access wherever the data already rests. Both routes lead away from the frontier-first model that procurement is quietly retiring.
Nobody disputes who owns the data; the fight is over who controls it
Ask who owns the data, and the answers converge, and the agreement itself shows where the real fight has gone. Ownership is rarely in dispute; the customer, the health system or the employer holds the data, and the provider processes it and leaves no residual claim. Ramamoorthy called this the condition that keeps the arrangement clean across borders. “The customer owns their data, and the AI provider should never use it to train its models,” he said.
Control is the harder matter, resting on who may process data and under whose law. Owning data and being bound by a country’s rules are not the same thing, Obino said. “Data ownership means who’s in control and is accountable for the data, while data sovereignty determines which laws apply to that data,” he said, noting that ownership buys no exemption from the jurisdiction where processing happens.
Bjorn made a related point about agent-driven systems, where the trouble is not that ownership moves but that oversight has to be shared. “Ownership remains with the organisation responsible for the data, but governance becomes a shared responsibility between business leaders, security teams, compliance teams and technology stakeholders,” he said.
That same complexity, Migally noted, is what blurs ownership as AI grows more distributed and agent-driven. “Data ownership is no longer just defined at an organisational level. It is shaped by regulation, jurisdiction, and context,” Migally said, and the practical answer has been to keep data local and share only what sits above it. Organisations are turning to “more federated approaches, where data remains within local boundaries while insights are shared at a higher level,” Migally said, and the other spokespeople reach for the same design independently.
On architecture, they all point the same way: process data where it lives, and let only the results travel. Picture an employee whose records sit in one country while the systems acting on them run in another. For that case, Nigam said, a single shared data lake is the wrong design. “It is a federated architecture where each country’s data is processed locally and only aggregated outputs, not raw records, cross borders,” he said, an approach he called harder to build and the only one that holds.
Obino made the same case commercially, arguing that a shared foundation need not mean an identical build. Organisations can run agentic systems “with a common data foundation” that share governance and semantics, “allowing local teams to access only the data they are authorised to use,” he said.
This is the settlement taking shape across the major markets, and it moves in one direction. Sovereignty has left the compliance department for the procurement decision, breaking the assumption that one architecture can serve a global business and favouring the vendors who own, or can govern, infrastructure where the rules require it. Ergin describes the destination as composable, with resilience built in rather than added later.
“What the private sector needs is a composable architecture, one in which they can pick and choose what they like,” he said. The providers who can supply the regional pieces of that architecture are the ones this new logic rewards, while the frontier companies that set the pace of the last cycle now have to show they can meet a residency test they were never designed to pass.