Is Sovereign AI right for you?

Where ChatGPT Enterprise, Microsoft Copilot, and Claude for Work do the job

Since 2024 these enterprise tiers have closed most of the data exposure problem. Documented processing terms. UK or EU data residency on most plans. An undertaking not to use your inputs for training. Audit logs. Single sign on. They are not the same product as consumer ChatGPT.

For most general business use, these tiers are the right answer.

• Drafting and summarising. Emails, internal documents, first drafts of marketing copy, meeting notes, briefings.
• Research that doesn't touch confidential client information. Looking up procedures, summarising public material, finding the right way to phrase something.
• Coding assistance on internal code or your own products. Tools you own, prototypes, scripts, infrastructure work where the source is yours.
• Productivity inside the office suite. Microsoft 365 Copilot in Word and Outlook, Gemini in Google Workspace. The AI sits where the work already happens, under the same contractual umbrella.

If your AI use falls inside that envelope, you don't need a private build. You need an enterprise plan, a clear policy, and some training. Don't let anyone tell you otherwise.

Where those plans run out

The enterprise tiers close most of the data exposure. They don't solve every problem. Five conditions tilt the calculation toward a private build, and any one of them can be enough.

You need behavioural control the vendor cannot offer

The vendor decides what the AI will and won't do, and your account inherits those decisions. If your work needs the AI to always cite its sources, refuse certain document types, flag answers with low confidence, or follow a specific procedure on specific matters, the vendor controls that and you don't. System prompts get close. They don't go all the way.

You need audit evidence at the level a regulator or client will expect

When a regulator or a client asks how AI was used on a matter, an enterprise account gives you usage logs at the account level. Not a forensic record of every prompt, every retrieved document, and every AI response, signed and retained in your own systems. For regulated work, the difference matters.

Your volume has crossed the licence cost line

Per seat licensing scales with headcount. A private build scales with usage, and heavy use barely adds to the bill. There's a crossover point. For an organisation of fifty with serious daily use across several tools, the combined monthly licence bill can match the cost of running one private build that does the lot.

You need integration depth the vendor APIs do not reach

Enterprise AI tools integrate well with their own ecosystems. With anything else, only as well as their APIs allow. A private build wires directly into your case management system, your finance system, your document management system. For organisations whose work lives in specific internal systems, this is often the deciding factor.

Your work needs to stay inside your own perimeter

Some organisations have decided, as a matter of professional standing, that confidential client work stays inside their controlled systems, regardless of who promises what in which contract. Several serious commercial litigation firms have taken that position.

The enterprise contract is the floor. The organisation's own policy is the ceiling, and the ceiling is lower. A private build is the only answer that meets it.

What you actually get from the harder path

The benefits of a private build are easier to see when they're tied to the scenarios where they pay off.

• Cost shape at scale. Per seat licensing has a clean monthly number, but it climbs with headcount and depth of use. A private build has a heavier upfront cost and a flatter monthly number that doesn't climb the same way. Above a certain volume, this matters.
• Customisation specific to your work. Not just system prompts. The way the AI looks things up, the document handling, the refusal patterns, the citation style, the workflow integrations. All under your control. All changeable when the work changes.
• Audit and oversight that meet regulator or client expectations. Every query logged in your own systems, retained on your own schedule, reviewable on your own terms. Not a vendor's idea of what an audit log should look like.
• Behavioural control by design. The build does what you tell it to do, refuses what you tell it to refuse, escalates what you tell it to escalate. Not as terms in a contract. As code in a system you own.
• Model independence. Open weights mean the underlying AI can be swapped as the field moves. If Mistral or Meta release a stronger AI next quarter, your assistant uses it without anyone signing a new contract. If a vendor changes its pricing or its policies, you're not exposed.
• No vendor risk. Outages, rate limits, surprise terms changes, AIs getting retired without notice, all someone else's problem on SaaS. All under your control on a sovereign build.

Where a Sovereign AI build is overkill

This is the part most consultancies skip. I'd rather you read it.

• Your AI use is general productivity at modest scale. Drafting, summarising, polishing copy, finding the right phrase. Enterprise Copilot or ChatGPT does this well enough. A private build pays for capability you won't use.
• You don't have an in house technical function, or the appetite to retain one. A private build is real software with real maintenance. It needs someone in or near your organisation to keep it running. Without that, you take on the costs of ownership without the benefits.
• You don't have a specific reason beyond "we don't want our data leaving". That instinct is reasonable. On its own it doesn't justify the cost. The enterprise tier of a reputable vendor doesn't leak your data in any practical sense. If the worry is real and named, it earns the harder path. If it's a vague unease, the policy work hasn't been done yet. Do that first.
• The work you'd automate isn't actually that sensitive. Plenty of work feels sensitive but, on closer look, an enterprise AI tool handles it fine. The careful version of the question: what specifically would expose us if it left our perimeter? If the honest answer is "not much", the easier path is the right one.

How to tell which side of the line you're on

If the easier paths cover your work, that's good news. The market has moved in your favour. Take the enterprise plan, write a clear policy, train your staff, get on with it.

If, on reading this, you find yourself ticking off several of the conditions above, the harder path is probably the right one. The shape of the decision usually looks like this:

• You routinely work with client confidential material you'd rather not send to a US AI service, even under an enterprise contract.
• You can foresee a regulator or client asking how AI was used on a matter. You'd want the answer in your own systems.
• Your AI use is heavy enough that per seat licensing on multiple tools is starting to look expensive next to one private system.
• You have someone who can look after the build, or you'd retain one.

Three or more of those, you probably need a private build. One, probably not yet. None, you're in the comfortable middle of the market, and the enterprise plan is the right answer.