When a scientific synthetic intelligence (AI) system fails in a hospital, the difficulty isn’t uptime – it’s who will get harm and the way far the influence spreads. For Rayed Saad Altukhais, vice-president of digital transformation and CIO at Riyadh First Well being Cluster, that query decides whether or not an AI system stays on sovereign infrastructure or strikes to a hyperscaler.
“If affected person outcomes, nationwide well being intelligence, or lack of management are at stake, sovereignty isn’t negotiable, even when it slows us down or prices extra,” says Altukhais. That logic displays a wider shift throughout enterprises within the Center East and North Africa (MENA) area, the place sovereignty isn’t about shutting out hyperscalers, however about drawing clear traces round threat, accountability and what can’t be reversed.
Throughout the Center East, CIOs are strolling a superb line. Governments are pushing for sovereign AI, whilst most enterprises nonetheless rely upon hyperscalers reminiscent of Amazon Net Providers (AWS) and Microsoft Azure for pace and scale. The actual problem is not selecting one over the opposite, however utilizing each with out drifting into lock-in that makes exit gradual and costly.
In accordance with PwC’s 2025 EMEA Cloud Enterprise Survey, 82% of organisations are actively refining their cloud methods in response to geopolitical and regulatory shifts, whereas 94% plan to develop or regulate their cloud structure, pushed more and more by sovereignty alongside scale and suppleness.
The place CIOs draw the road
The sensible dividing line is much less about infrastructure and extra about jurisdiction and operational management. Ashish Banerjee, senior principal analyst at Gartner, observes that MENA IT leaders are more and more conserving regulated “cores”, id programs, encryption keys, delicate citizen information and audited decision-making in sovereign or on-premise environments, whereas nonetheless utilizing hyperscalers for “pace layers” reminiscent of growth, testing, experimentation and non-sensitive analytics.
“The acceleration of sovereign cloud initiatives within the area displays this hybrid actuality slightly than a tough break up,” Banerjee notes. This aligns with Gartner’s broader prediction that by 2030, greater than 75% of enterprises outdoors the US could have carried out a digital sovereignty technique supported by sovereign cloud infrastructure.
For healthcare, the stakes are uniquely excessive. Altukhais attracts a tough line round AI that touches actual sufferers over time. “Something skilled on identifiable scientific information, determination assist, threat prediction, inhabitants well being, or fashions linked to nationwide registries has to remain on sovereign infrastructure,” he says. “In healthcare, you’ll be able to’t conceal accountability behind a cloud SLA [service level agreement].”
Something skilled on identifiable scientific information, determination assist, threat prediction, inhabitants well being, or fashions linked to nationwide registries has to remain on sovereign infrastructure Saad Altukhais, Riyadh First Well being Cluster
Nonetheless, hyperscalers nonetheless have a transparent position. Altukhais depends on world cloud platforms for operational AI – issues like scheduling, capability planning, income cycle administration and provide chain optimisation – and makes use of them as a sandbox for experimentation, from mannequin prototyping to de-identified analysis. “Hyperscalers can speed up concepts,” he says, “however they’ll’t personal scientific reality.”
Banks are drawing comparable boundaries. Jassim Al Awadhi, government director and head of enterprise platforms at Emirates NBD, says establishments are cautious about the place duty sits. “Buyer, transaction and threat information keep inside sovereign or regulator-approved environments,” he explains. Hyperscalers nonetheless have a task, however regulated workloads are designed so delicate information by no means leaves authorised jurisdictions.
The actual distinction, says Al Awadhi, is between borrowing intelligence and proudly owning it. World basis fashions might present a place to begin, however something that shapes credit score choices, fraud detection, anti-money laundering or regulatory reporting is more and more constructed, ruled and maintained in-house throughout its total lifecycle.
Comparable patterns emerge past banking. Manish Ranjan, analysis director for software program and cloud at IDC EMEA, says the identical architectural break up is now normal throughout vitality and authorities, the place sovereign cloud and sovereign AI are most well-liked for affected person information, core monetary programs, nationwide safety workloads and different property that carry irreversible threat.
IDC’s regional cloud survey for the Center East displays this, exhibiting that CIOs now prioritise AI-ready infrastructure, information sovereignty and governance as core determination components when deciding on cloud platforms for AI workloads, not simply price or scale.
Do partnerships actually scale back lock-in?
To steadiness native management with world scale, hyperscalers are leaning into “sovereign-aligned” partnerships. Tie-ups reminiscent of AWS’s Sovereign Launchpad with e&, Oracle Alloy with Du, and Microsoft’s partnership with G42 give enterprises entry to superior AI capabilities whereas conserving information and oversight firmly inside nationwide borders.
Ranjan sees these fashions as a sensible response to the true price of AI. “Working AI, particularly generative AI, is dear, and the prices rise quick if all the pieces is constructed on a personal cloud,” he says. “To keep away from heavy capex [capital expenditure], many organisations leverage hyperscaler IaaS [infrastructure as a service] for straightforward entry to compute and storage whereas conserving delicate information ruled domestically.”
However price effectivity doesn’t robotically translate into strategic independence. Banerjee argues that such partnerships can scale back compliance and audit threat by means of native residency and managed operations, “however they don’t scale back strategic dependence if enterprises proceed to construct closely on proprietary PaaS [platform as a service] and AI companies”.
The actual price seems at exit
For Riyadh First Well being Cluster’s Altukhais, the true threat emerges as soon as AI is embedded in every day operations. “When AI goes dwell, it turns into a part of the workflow,” he says. “You’re not transferring infrastructure; you’re remodeling care pathways. The price of hyperscaler dependence isn’t paid upfront. It’s paid whenever you attempt to depart.”
Banks that preserve flexibility separate information from fashions, guarantee governance is platform-agnostic, and prepare groups on architectural ideas slightly than particular merchandise Jassim Al Awadhi, Emirates NBD
For banks, probably the most important lock-in dangers typically stem from surrounding layers slightly than the fashions themselves. Emirates NBD’s Al Awadhi identifies three types of lock-in that decide exit feasibility: information and integration lock-in, the place function shops or vector databases change into intertwined with proprietary programs; control-plane lock-in, the place governance and monitoring workflows embed right into a single provider’s platform; and expertise lock-in, the place groups skilled in a single setting face execution threat when trying migration.
“If groups are skilled inside a single setting or toolset, exit choices are restricted by execution threat slightly than contractual obligations,” Al Awadhi explains. “Banks that preserve flexibility separate information from fashions, guarantee governance is platform-agnostic, and prepare groups on architectural ideas slightly than particular merchandise.”
Wanting forward, Banerjee says probably the most “irreversible” choices contain deciding on a major agent runtime or orchestration layer, committing to a closely fine-tuned mannequin household, and locking in id and key custody patterns, as these decisions embed governance and operations into the stack.
Ranjan notes that suppliers excelling throughout technical and regulatory dimensions will lead AI offers within the Gulf Cooperation Council’s (GCC) sovereign AI area.
Sovereignty is greater than information residency
For Altukhais, sovereignty extends to all the mannequin lifecycle. “Who can retrain it, audit it, shut it down, or clarify its behaviour? If we don’t totally management that lifecycle, particularly for scientific AI, it doesn’t belong outdoors sovereign boundaries,” he says.
Below Saudi Imaginative and prescient 2030, this management is a strategic crucial. Many organisations fall into the entice of considering they’ll “localise” their tech later, however as soon as operations groups depend on AI, exiting turns into pricey, Altukhais argues. Avoiding this “drift” in the direction of whole dependence requires extra than simply information scientists; it requires architects and leaders who can design AI to remain moveable and controllable from day one.
For banking, Al Awadhi describes an analogous technique: “Governance is best when thought of an important banking competency slightly than a vendor benefit.” This implies separating the execution layer from the management layer, utilizing hyperscale for computation and instruments whereas retaining governance, approval and auditing internally. The organisations that design for this separation from day one, he argues, are those that retain real optionality as geopolitical or regulatory circumstances shift.
The broader lesson throughout MENA is that sovereignty and hyperscaler dependence are parallel realities. As Banerjee places it: “Geopatriation is already taking form within the GCC as an architectural sample slightly than a mass hyperscaler exit.” In contrast to Europe’s broad supplier shifts, the GCC strategy is investment-driven, targeted on constructing home capability to retain management over key AI programs.
