State of Sovereign AI. The case, stated plainly.
MissionOpsAI's first position paper on sovereign AI in the UK — the compulsion scenario, the Sovereign Capable standard, the assessment framework, and the structural case for treating AI independence as a governance question.
These are MissionOpsAI's own standards — the test we hold ourselves to first, and the basis on which we offer assessment to others. They are not regulatory or official guidance and do not represent the position of any government, regulator or standards body. The sovereign-AI landscape and the guidance around it are developing; we will update these standards as formal guidance emerges. Nothing here is legal advice; organisations should take their own.
This paper establishes MissionOpsAI's position on what sovereign AI means, why it matters for UK organisations, and how it is verified. It is published before any organisation is scored — so the assessment reads as research, not as marketing. The methodology is published separately and in full.
The central claim: sovereignty is a dial, not a gate
Most debate about sovereign AI has treated it as a binary — sovereign or not. That framing is both too demanding (no organisation meets a purity test) and too easy to game (a single UK-resident server qualifies). The position paper establishes a better question: where on the spectrum from full vendor dependency to complete operational independence does an organisation actually sit, and what would it take to move it? This framing — sovereignty as a dial — is the foundation of the Sovereign Capable standard.
The Compulsion Test
Sovereignty reduces to one scorable scenario: assume a foreign power compels its AI, cloud and data companies — which it lawfully can — to withdraw services, disclose held data, and act through the companies it controls. Three questions follow: could you still operate (Continuity), what do they already hold (Exposure), and can they direct or acquire you through your owners (Control)? The Compulsion Test is the headline instrument of the assessment framework. The six audit dimensions (Data, Model, Compute, Operational, Governance, Workforce/IP) are the evidence base that answers those three questions.
The structural case: why vendor dependency is now a governance question
The national-security relevance of AI sovereignty is stated plainly because a responsible buyer should be able to answer hard questions before trusting a system with sensitive workloads. Can a foreign government lawfully compel access to the data this system processes? Does the capability depend on a foreign model that could be withdrawn without UK consent? The paper establishes that these are not hypothetical concerns. On 12 June 2026, a US export-control directive disabled frontier AI models for all users worldwide — reaching even willing domestic providers with global effect. The structural reason this is the default rather than the edge case is that the leading AI developers are deeply embedded with one nation's national-security state. For any organisation outside it, the primary force behind its critical AI substrate is a foreign national-security interest. The paper's framing is informational, not alarmist.
Residency is not sovereignty
The paper draws clearly on the distinction now well established in the digital-sovereignty literature. Data residency — keeping data physically within UK borders — is a necessary but not sufficient condition for sovereignty. A UK-hosted SaaS system operated by a US-controlled entity, governed by its vendor's terms, and subject to US extraterritorial law (the CLOUD Act / FISA) is not sovereign regardless of where the data sits. The defining question is not where data sits but who has ultimate legal and operational control, and whether a foreign power can compel or withdraw access.
The Sovereign Capable standard and the Gate
Absolute sovereignty is the rare end-state, not the entry price. The achievable and auditable standard is Sovereign Capable: governed, auditable AI in which a control layer (the Gate) routes work by sensitivity — frontier models permitted below the Gate for non-sovereign work, while sensitive work and data stay on sovereign substrate, with the ability to cut to UK/EU-jurisdiction or air-gapped capability on demand. Using a frontier model is not a failure. Using it above the Gate or to hold sensitive data is. The paper defines this standard and the evidence required to substantiate it.
Our own standard, applied to ourselves first
The paper is not research conducted on others. The framework it establishes is the same one MissionOpsAI holds itself to — EU-hosted infrastructure, local AI inference, documented governance, UK-controlled entity. The own-scorecard principle is structural: MissionOpsAI is scored against the rubric before any other organisation. The §4.7 Tier A infrastructure standard — EU-hosted, free of CLOUD Act reach, operator-controlled — is calibrated so that the own-scorecard is an honest pass, not a special case.
What this paper does not do.
It does not name or score any organisation other than MissionOpsAI itself. Aggregate findings from the State of Sovereign AI audit — once the first assessment cycle is complete — will be published in a separate report.
It is not an accusation of dishonesty about any organisation. Ratings describe the state of public evidence, not intent. No provider is described as compromised.
It is not legal advice, investment advice, or a regulatory determination. Organisations should take their own legal advice on compliance obligations.
It is not a finished standard. The sovereign-AI landscape and the regulatory guidance around it are developing. This paper and the methodology it accompanies will be updated as formal guidance emerges.