IBM Sovereign Core critical as APAC enterprises rethink data control

IBM introduced Sovereign Core as geopolitical and regulatory pressure pushes enterprises to seek stronger control over data and AI operations.

Rising geopolitical tension is forcing companies and governments to rethink who controls their data and infrastructure. Many people are concerned that sensitive information stored with foreign cloud providers could fall under outside jurisdiction.

The World Economic Forum has warned that this anxiety is pushing organizations to increase digital autonomy and local oversight. In Asia Pacific, the strain is already visible. IDC reports that more than 60% of enterprises in the region say regulatory disruption has affected their IT operations.

These pressures are shaping how organizations approach infrastructure planning, especially as artificial intelligence introduces new oversight challenges. In response, IBM introduced IBM Sovereign Core, software intended to help enterprises, governments, and service providers run AI and cloud workloads under their own authority while meeting evolving compliance demands.

Digital sovereignty now extends beyond simple data residency. It includes who operates the environment, how access is governed, where workloads run, and which legal framework applies when AI systems are deployed. Many organizations want environments that allow them to modernize applications while maintaining operational control. Gartner expects more than 75% of enterprises will adopt a digital sovereignty strategy by 2030, often tied to sovereign cloud plans.

Catherine Lian, General Manager and Technology Leader at IBM ASEAN, said organizations across ASEAN face mounting pressure to scale AI while navigating tighter regulatory and data sovereignty requirements. She explained that businesses increasingly want direct control over how sensitive data and AI workloads are accessed and operated.

In her view, this demand is driving interest in sovereign, AI-ready environments that balance operational independence with compliance. As she put it, "Businesses need greater control over how sensitive data and AI workloads are accessed and operated."

IBM positions Sovereign Core as a software base designed to support verifiable control. Built on open-source technology, the system allows organizations to manage cloud-native and AI workloads within chosen jurisdictions. Instead of layering sovereignty safeguards onto existing infrastructure, the design embeds operational authority into the environment itself.

The platform includes a customer-operated control plane that keeps deployment and configuration decisions under local authority. Identity management and encryption keys remain within jurisdiction boundaries, while telemetry and audit trails are stored locally to support ongoing compliance reporting. AI model execution and inference are designed to occur inside governed environments, limiting the need to send sensitive data to external systems. IBM says organizations can deploy isolated environments quickly while maintaining flexibility in hardware and infrastructure choices.

Industry analyst Sanjeev Mohan said discussions around sovereign AI often focus too narrowly on data location. He argued that operational proof of control is becoming just as important. In his words, the central issue is "who controls the system and can you prove it to regulators?" He added that continuous monitoring and accountability are becoming essential as AI moves into production environments.

Erik Fish, Director of Geotechnology at Eurasia Group, described sovereignty concerns as shifting from abstract policy debates into daily operational decisions. He said governments and enterprises are under pressure to show clear authority over data and infrastructure as geopolitical and regulatory issues converge.

According to Fish, organizations are no longer weighing openness against sovereignty; instead, they are managing governance under tighter constraints.

IBM says customers can deploy Sovereign Core in on-premises data centres, supported regional cloud environments, or through local IT service providers. The company is working with partners in Europe, including Cegeka in Belgium and the Netherlands and Computacenter in Germany, to support local deployment.

Gaetan Willems of Cegeka said organizations dealing with stricter compliance rules increasingly want platforms that keep sensitive data inside controlled boundaries. He noted that partnering with IBM allows Cegeka to offer a pre-architected environment that aligns with local standards.

Christian Schreiner of Computacenter added that having a structured sovereignty framework reduces the time spent assembling separate components, allowing teams to focus on tailoring deployments to client needs.