Sovereign cloud in the Age of Artificial Intelligence

In the Age of Artificial Intelligence (AI), data sovereignty has become a central theme for nations seeking technological autonomy and the protection of their citizens’ information. In Brazil, this issue gains relevance amidst increasing digitalization and the intensive use of AI across various sectors.

Data sovereignty refers to the control that a country or company exerts over data generated within its territory. It involves the ability to regulate, store, and protect this information under local jurisdiction. In the AI context, where large volumes of data are essential for training algorithms, data sovereignty ensures that technological development aligns with local policies.

The use of public cloud services provided by foreign companies raises concerns about data jurisdiction. Data stored on servers or within companies outside the country may be subject to the laws of the host nation, such as the Patriot Act or Cloud Act in the United States. These laws allow governmental access to information stored by U.S.-based providers, even outside U.S. territory, potentially conflicting with the Brazilian legislation. This situation can compromise the privacy and security of information.

The General Data Protection Law (LGPD) establishes clear guidelines for the processing of personal data in Brazil. It applies to any data processing operation conducted in the country or aimed at offering goods or services to individuals located in the Brazilian territory. However, it does not prevent foreign authorities from potentially violating local laws.

Beyond the LGPD, Brazil is developing policies to strengthen its digital sovereignty. The Brazilian Artificial Intelligence Plan (PBIA) proposes creating a robust ecosystem of public data within a sovereign cloud, aiming to reduce dependency on foreign technologies and promote the development of local solutions.

Concerns about data sovereignty and regulatory compliance have led companies to reconsider the use of foreign public clouds. Consequently, there is a growing trend of migrating workloads to private or hybrid clouds, which offer greater control over data and facilitate compliance with local regulations. This shift aims to balance the flexibility and scalability of the cloud with the need for data security and sovereignty. Moreover, sovereign clouds can provide immediate notifications in case of personal data incidents, a requirement under the LGPD. This capability helps organizations respond quickly to security incidents and minimize damage.

The pursuit of data sovereignty has driven the demand for data centers located in Brazil. Companies and government agencies are investing in local infrastructure to ensure that data remains under national jurisdiction, facilitating regulatory compliance and increasing user trust. This trend also stimulates economic and technological development in the country.

Private AI emerges in a context where AI use poses risks of corporate data exposure. Private AI refers to developing and using AI solutions that prioritize data privacy and security. After all, there is no better guarantee than having your data stored on a machine (server) under your control, which you can even access physically if needed.

Data sovereignty in the AI era is a complex challenge requiring collaboration between government and the private sector, as well as business awareness. In Brazil, initiatives like the LGPD and PBIA represent significant steps toward digital autonomy. However, continued investment in local infrastructure, such as the Brazilian data centers, and technologies ensuring data privacy and security are essential.

Key features of sovereign cloud

Local storage: data is physically stored in data centers located within the country’s territory, protected by local laws and regulations.

Legal control: prevents data from being subjected to foreign jurisdictions, such as the Patriot Act or Cloud Act in the United States, which allow government access to information stored by US providers, even outside their territory.

National security: protects critical and sensitive data, such as governmental, financial, and strategic information, preventing unauthorized access.

Regulatory compliance: facilitates adherence to data protection laws and other regulations, such as Brazil’s LGPD or the European Union’s GDPR.

Independent operation: sovereign clouds are often managed by national companies, ensuring that operations align with the country’s interests.

Practical example in Brazil

When a Brazilian company contracts a sovereign cloud, its data is hosted in data centers located in Brazil, managed by providers that fully comply with local regulations. Unlike an international public cloud, this data cannot be accessed or transferred without specific permission, offering greater security and control.

This model is particularly appealing to sectors such as:

• Government and Defense: sensitive data on public policies and national security.
• Health and Education: personal information protected by law.
• Banking and Finance: compliance with Central Bank regulations and protection against breaches.

The Importance of sovereign cloud

• Technological independence: reduces reliance on major foreign players like AWS, Google Cloud, and Azure.
• Strategic protection: nsures critical data is not subject to external interference.
• Local development: encourages investment in infrastructure, technological innovation, and job creation in the country.

The sovereign cloud ensures that strategic and sensitive data remains protected, reinforcing digital sovereignty and trust in the use of technology on a national scale.

*Rodrigo Rangel Lobo is COO of Edge UOL