When I began writing my ISACA Journal article on data sovereignty in the age of generative AI, I realized that most organizations aren’t struggling with the idea of sovereignty at all. What they’re really struggling with is how to operationalize it in a world where GenAI systems process data invisibly, quickly and often completely outside traditional governance boundaries.
In almost every organization I work with, the biggest surprise isn’t the complexity of the technology; it’s how quickly GenAI has slipped into daily workflows without anyone noticing. Employees paste text into public chatbots, upload documents to online summarizers or rely on browser extensions that quietly route sensitive data across borders. Before long, shadow AI became the default operating model.
The first practical step, therefore, is simply understanding your actual GenAI footprint. I recommend combining direct conversations with business units and technical validation through CASB or DLP logs. People will often reveal the tools they rely on when asked, but logs will reveal the tools they’ve forgotten to mention. This gives you a truthful foundation from which governance can start.
Once you can see the landscape, the next step is clarifying which data can – and cannot – flow into GenAI systems. Most employees want to do the right thing, but they rarely have concrete guidance. Instead of vague warnings like “don’t paste sensitive data into AI,” provide clear boundaries: what’s acceptable for public AI tools, what’s restricted to private or enterprise deployments and what’s prohibited entirely.
Instead of telling employees, “Don’t paste sensitive data into AI,” give them clear, enforceable categories:
Allowed in public GenAI:
- Public, non-sensitive text
- Dummy data
- Marketing drafts
- Code snippets without secrets
Allowed only in private/enterprise GenAI:
- Internal strategy documents
- Customer communications
- Source code with IP implications
Never allowed anywhere:
- PII
- Financial records
- Health data
- Regulated sector data (e.g., banking transactions)
When these rules are reinforced through training and day-to-day tools (such as prompt scanning or DLP classification), compliance becomes far more natural.
After establishing guardrails around data, attention needs to shift to the model itself - specifically, where inference occurs. In sovereignty discussions, this is the area that causes the most confusion. Traditional data governance is built around where data is stored, but GenAI models introduce a new question: where is your data processed when you send a prompt?
You cannot enforce sovereignty if the model is performing inference in an unknown or unapproved region. Cloud providers now offer region-restricted AI endpoints, sovereign cloud environments and enterprise GenAI platforms that guarantee data stays inside a designated geography. For the most sensitive workflows, private or self-hosted models remain the gold standard. They require more investment, but they provide certainty—your data never leaves your environment.
Another practical step is mapping how prompts and outputs travel inside your organization. Traditional data flow diagrams usually stop at the application boundary. With GenAI, you need visibility from the user prompt through preprocessing, API calls, model execution, logging and where outputs eventually land. This mapping exercise exposes hidden risks, such as outputs being copied into uncontrolled tools or prompts lingering in log stores you didn’t know existed. Once you understand these flows, enforcing sovereignty becomes far more actionable.
Vendor due diligence also needs to evolve. Traditional questionnaires aren’t enough when dealing with GenAI services. Organizations should expect clear documentation on where inference happens, how prompts are stored, whether customer data is used for training, and whether the vendor can prove regional isolation. If these questions can’t be answered, the tool likely isn’t suitable for regulated environments.
Finally, the most sustainable approach is integrating GenAI safeguards into the governance frameworks you already use. The EU AI Act, NIST AI RMF, ISO/IEC 42001 and existing frameworks such as ISO/IEC 27001 and COBIT provide a stable foundation. What I’ve seen work best is a cross-functional AI oversight group that brings together legal, compliance, security, data protection and engineering. This ensures that sovereignty isn’t achieved through ad hoc controls but through continuous, coordinated oversight.
In the end, data sovereignty in the GenAI era isn’t about building entirely new governance systems – it’s about adapting our existing ones to handle a technology that blurs traditional boundaries. When organizations approach GenAI with clarity around data, transparency around model location and the ability to trace how information flows, sovereignty becomes achievable rather than overwhelming.
In a world where AI adoption is accelerating, the organizations that take sovereignty seriously today will be the ones best positioned to maintain trust tomorrow.
