We're asking the wrong questions about Sovereign AI.

As the UK’s ambitions for Sovereign AI accelerate, Aiimi Head Architect Mike Dixon argues that the real conversation shouldn’t start with technology or adoption speed – but with understanding the requirements that should shape every AI decision.

In a speech delivered in June 2026, Chancellor Rachel Reeves highlighted the UK's growing Sovereign AI ambitions and the organisations that are helping shape that journey. For me, the most interesting part isn't the technology itself – it's the architectural challenge it creates. 

Start with requirements, not models

The AI market is moving incredibly quickly. New models appear almost weekly, each claiming better performance, lower costs, or greater capability. The temptation is to start by asking which model we should use. But as architects, we know that's the wrong place to begin. The starting point should always be the requirement. 

Before selecting any AI capability, organisations need to understand: the nature of the data being processed; the level of governance required; any regulatory obligations; whether data or model sovereignty forms part of the requirement; the need for explainability and auditability; the role of human oversight; and the impact of an incorrect decision or output. Only once those requirements are understood should model selection begin. 

This is where Sovereign AI becomes particularly relevant. Sovereignty is no longer a theoretical concept or a future aspiration; it is becoming a genuine requirement that some organisations must consider alongside security, cost, performance, ethics, and operational risk. 

74% of companies say AI adoption is now a top-three strategic priority. And this has understandably led to questions like: How quickly can we deploy it? Which model should we use? How do we get AI into the hands of our users? But I think these are the wrong places to start. The real question is: Which AI is acceptable for what purpose? 

As architects, we've spent decades classifying data: Public, Internal, Confidential, Restricted. We've built governance frameworks, security models, and controls around that data. Then AI arrived and suddenly many organisations threw all of that thinking out of the window. A model is a model, right? Not quite. 

Defining what makes AI acceptable

A public Large Language Model helping someone draft a blog (!) is very different from a model analysing regulated customer information, critical infrastructure data, or commercially sensitive intellectual property. Yet many organisations still treat AI as one thing. It isn't. 

For some workloads, a global frontier model may be entirely appropriate. For others, a privately hosted or sovereign model may provide the governance, control, and jurisdictional assurances required. 

This is where Sovereign AI gets interesting. For me, Sovereign AI isn't about building our own models or creating barriers to innovation. It's about understanding what is acceptable: Can this model process our data? Where is it hosted? Who owns it? Can we explain its decisions? Would we be comfortable explaining its use to a regulator, a board member, or a customer? And increasingly, can we depend on it?

Sovereignty, resilience, and risk

The recent suspension of access to Anthropic services at the request of the US Government, citing national security concerns, highlights a risk that many organisations have yet to fully consider: ongoing access to AI services cannot be taken for granted. Commercial decisions, regulatory intervention, national security considerations, and geopolitical factors all have the potential to affect the availability of AI services. 

It’s not enough to select a model that meets the current requirements; our choices must be resilient, safe, secure, and ethically aligned. That means understanding not only how a model is governed today, but also what happens if a model is withdrawn or compromised tomorrow. Just as organisations create continuity plans for essential systems, they should do the same for critical AI capabilities – ensuring a viable alternative is ready to deploy if circumstances change, to minimise disruption and maintain trust. 

These are architecture questions. They are governance questions. And they're rapidly becoming business questions. 

Why organisations need AI acceptability frameworks

The challenge isn’t deciding whether one model is better than another – it is to establish a policy framework that defines which models are acceptable for which types of information, business processes, and decisions. 

I believe the next evolution of data governance will be AI governance. Organisations already have policies governing data classification, access, and retention. The next step is creating AI Acceptability Frameworks that align model choice with business requirements, governance obligations, and risk appetite. Over the next few years, I believe we'll stop talking about AI policies and start talking about frameworks that define: 

• Which models are approved 

• What data they can access 

• What decisions they can influence 

• What levels of security and oversight are required 

• Where human accountability remains 

• What resilience and continuity arrangements exist

The future of AI governance

The organisations that succeed with AI won't necessarily be those using the largest models or adopting AI the fastest. They will be the organisations that can clearly explain why a particular model was selected, how it is governed and secured, and how it aligns with business, ethical, and regulatory requirements. In other words, they will treat AI as an architectural capability rather than simply another technology purchase. 

As architects, our job has never been to stop innovation, but to make sure innovation doesn't create tomorrow's problems. For me, that's what Sovereign AI is really about. It’s not “Can we use AI?” but “Can we justify why this AI was the right choice?”

Architecture has always been about balancing requirements, risk, and value. AI should be no different.