At a recent event, someone compared data governance to opening the bonnet of your car for the first time and finally seeing the engine. It’s a good analogy, but not quite right. Data is less like the engine and more like the fuel, essential, powerful, and increasingly scrutinised. And data sovereignty? That’s the moment you start asking where your diesel came from in the first place, and whether it passed through the Strait of Hormuz.

That shift in mindset is happening fast. For years, the conversation in Luxembourg and across Europe focused heavily on Chinese hardware risks. Today, the spotlight has flipped. Cloud professionals are far more likely to debate the implications of the US Cloud Act, FISA warrants, and the very real possibility of foreign access to European data. End users are no longer indifferent, they are asking questions.

The uncomfortable truth is that the global digital economy runs on US-owned technology, chips, infrastructure, platforms, and now AI models. Against that backdrop, Europe’s push for sovereignty feels too little, too late. The question is no longer whether the concern is valid, but is it actionable.

In practice, sovereignty is no longer just about where data is stored. AI has changed the game. The real risk has shifted from data control to inference. Even if your data sits securely in Europe, what happens when an AI model processes it, learns from it, and generates outputs based on it? Who owns that intelligence?

Audric Lhoas, Head of Product Management at Proximus, understands the challenges more than most, after speaking with clients going through digital transformations.

In 2026, data sovereignty is no longer just about where data is stored. With AI, the real question is who can access it, how it is used, and what intelligence is created from it. For Luxembourg’s regulated sectors, this has become a strategic governance issue, not just a compliance one.

The reality is that most companies are already using AI, often without visibility or control. Shadow AI is widespread, quietly exposing sensitive information and creating new forms of data leakage. At the same time, adoption is accelerating faster than governance frameworks can keep up.

For regulated markets like Luxembourg, this is no longer a technical debate, it is a governance issue. Data sovereignty must evolve from a compliance checkbox to a strategic capability. It is not just about protecting where your data sits, but controlling how it is used, interpreted, and transformed.

Because in the age of AI, the real asset is no longer just your data. It is the intelligence built on top of it.

Meet Audric Lhoas at the Golden-i Masterclasses on May 21 — get your ticket here.