The Inevitable Shift: Europe’s Adoption of Private-Sovereign AI Cloud

AI Technology is Primarily U.S. Centric & AI Legislation is Primarily EU Centric

Let’s face it: current AI development and production services are U.S. centric. Public AI services such as ChatGPT and many others propose an interactive reality shaped by someone else’s worldview, politics, and data.

Extrapolating the end-result of AI services for language models means accepting a filtered view of the world, first determined by the company training the AI models and ultimately, local governments influencing AI inference outputs to present a particular and prescribed viewpoint. AI has a strong, narrow opinion and can be trained to respond in an exacting manner.

The internet itself, being decentralized sources of data, maintains the availability of different viewpoints. When you do a Google search, you are presented with thousands of links representing various perspectives and data, factual or not.

While the search result algorithms determine the order in which the results are displayed, and what is presented, the data is still there and available, especially if you bypass the search and know where to go. Iit’s difficult to scrub data from the internet unless deemed illegal by the local government (for whatever reason) or if you can convince the search providers. Even then, there are many ways to find data that’s out there.

The Streisand effect ensures that the trying to remove information makes it even more popular and available, due to simple human curiosity. Ultimately, a search engine provider can scrub links to any articles or data, but this doesn’t mean it’s not available or gone, just harder to find.

The Future of Internet Search and Data with AI

Once generative AI matures, the quality of results will significantly improve compared to today. Many AI ‘expert agents’ will collaborate for highest-quality output. It’s likely that AI agents will eventually (and some do now) front-end standard internet search results, providing direct answers to questions, rather than what seems like endless variety of unverified information and opinions, as we have today with standard internet search. In most cases, both with AI and Internet searches, it’s difficult to easily verify facts and distinguish truth, and how truth is measured.

In the long term, AI could become the single source of verified information and search, enabling corporations and local governments to control information, for good or bad. Over time, it may become increasingly difficult to access information that doesn’t fit the approved (national) narrative and oversight programs.

The Need for Sovereign AI

Each sovereign government will inevitably realize that influencing the information people have access to shapes the reality they want to present and maintain. AI will eventually restrict our freedoms to openly access information, by developing strong, shaped opinions and output.

Once AI is more mature, it will have the ability to interact as a true industry expert on any topic. For example, AI (today) can already outperform medical doctors on exams and diagnosing patients, and identifying various diseases from images due to advanced machine learning algorithms.

This maturity will eventually lead to government entities wanting to influence and limit AI presented to the public in order to represent and achieve their own language, history, viewpoints and perspectives. It’s going to become an issue of national interest.

“Every country needs to own the production of their own (artificial) intelligence. It codifies your culture, your society’s intelligence, your common sense, your history – you own your own data” – Jensen Huang, NVIDIA CEO

Today, we (the public) don’t really understand the algorithms Google might use to promote certain information, this steering will become more and more obscure with AI used as an interface to the world. Meaning we’ll have less and less insight with AI where the information originally came from and who decided what the correct information actually is.

Controlling the Narrative | Public AI

Perhaps a late-stage phase in Public AI’s evolution, beyond producing ‘better’ and ‘smarter’ outputs than humans, is the complete central control of information and its ability to influence users, aligning opinions, where perception morphs into reality.

It’s likely this centralization will eventually happen at a national level in most countries. Do European countries want their populations to have an exclusively US-centric interface for AI? Probably not, and once this is fully realized, national sovereign AI systems will be funded, and enabled for local populations to keep sovereign oversight for their populations.

Rather than objecting to this future, which seems inevitable, let’s instead explore what alternative avenues will be available and why these alternatives matter not only to the public, but to each individual EU organization, which has it’s own data, culture and objectives.

Generative AI Wants All Your Data

As corporations and individuals share their questions and data while using modern Public AI platforms (like ChatGPT), these aggregated AI engines will inevitably ‘digest’ processed data and learn from this data, in addition to them training on more and more general and specific data, using more and more computing power.

We’ll soon witness the ‘trillion dollar’ training run, we’re not so far. This all requires more and more data to enhance the quality of the training and outputs of the AI models.

Great care must be taken to prevent private data, including organizational and corporate data, from being trained on and becoming part of centralized knowledge. While consolidating public knowledge for common good seems noble, there’s the counterbalance of protecting people’s (and organizations) confidential data, also often supported by privacy laws.

Already there are a myriad of lawsuits against AI companies where content creators of all types understand their data has been trained on, this is just an example. Imagine companies that already have data, like Apple, Docusign, YouTube, Microsoft, Google, training their AI on all the world’s data. Just read the fine print of your user agreements. Some companies are training on data without user permission, and legally don’t need permission. It’s tricky.

Each country typically has laws that protect individual’s data from 3rd parties being exposed, but not from model training (yet), and of course corporations and governments have public and private data which needs to be managed appropriately and according to various local regulations.

National Sovereignty vs Organizational Sovereignty for AI

EU National AI Sovereignty

In the context of utilizing AI for the public implies that there should be AI available to the public that answers questions in a manner which fits the national narrative, history, culture and language.

As an example, OpenAI’s ChatGPT has an American perspective, and (at this point) outputs are designed (via training and fine-tuning) by the company itself. Recently, OpenAI has started to form a relationship with the U.S. government agencies to maintain, what they call a ‘responsible’ approach to AI output. This relationship goes as far as stoking fear in open source models which can be freely trained by anyone. They might say this is ‘risky’ for the public.

Essentially, shouldn’t every country want an AI that their general population can use that promotes their own values, culture, language and perspective?

The answer seems to be yes, although most countries haven’t formalized or completed this type of initiative, it’s certainly coming as the use of AI becomes more generalized over time.

EU Organizational AI Data Sovereignty

A corporation or NGO wants to have an AI capability that interacts with internal staff in an appropriate manner, utilizing all possible internal data to generate the best results. Much like you’d want an employee to be a cultural fit, and have access to as much data as possible for making the best decisions.

The same applies to how a corporation’s AI interacts with external customers. It probably should be polite, expert on it’s subject matter and convey correct answers based on specific company data that’s exactly relevant in the specific context of the business. This means attaching company data to the AI systems.

Sovereignty in this context means that the Corporation builds AI that is ultimately connected to the appropriate data, but also doesn’t share data which isn’t appropriate.

More importantly, that data needs to co-exist within national regulations and corporate compliance policies, as well as not being available to hackers, foreign governments and jurisdictions.

There’s a certain relationship a corporation would have with it’s national governing body in terms of fulfilling it’s national and corporate legal compliance, as well as notstoring unnecessary 3rd party data, and delivering exactly the right data for each interaction.

The Private-Sovereign AI Approach for EU Organizations

European organizations are staring into the precipice of large-scale AI rollouts, and are now forced into a decision chain. For AI to be effective, it needs to be connected to data to give the best answers, yet must also respect national regulations around utilizing various forms of data, and must still respect basic privacy and internal data protection guidelines.

If, as a European business leader, you trust U.S. hyperscalers and Public AI providers with your data, you might be taking significant, and unnecessary risks with your core IP, client, patient data and the risk that your sensitive data might be ingested into Public AI systems.

Data types therefore must be classified in terms of how they interact with what type of AI systems, and for data that must be secured in various manners, there’s a real question as to whether European entities should be interacting with Public AI systems at all, as they by definition lose all control of this data once it’s connected, not to mention it’s often utilized in a foreign jurisdiction, most typically in the U.S.

European Executives Need to Understand the US CLOUD Act

The U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act, enacted in 2018, grants U.S. law enforcement agencies the authority to compel U.S. based (and owned) technology companies to provide data stored on their servers, regardless of whether the data is stored within the United States or on foreign soil.

The U.S. CLOUD Act has two key components

1. Data Access:

Allows U.S. law enforcement to access data held by U.S. companies for investigations, even if the data is stored outside the U.S.

2. International Agreements:

Enables the U.S. to enter into bilateral agreements with other countries, allowing mutual access to data for law enforcement purposes while attempting (but not necessarily required) to respect local privacy laws.

Why EU Organizations Should Avoiding U.S. Based AI Systems, Cloud Services, and Data Processing Entities

1. EU Data Sovereignty

Control and Compliance: Using U.S. owned and U.S. based cloud services can complicate compliance with European data protection regulations, like the GDPR. Data sovereignty is crucial for ensuring that European data remains under European jurisdiction.

Local Laws: European companies need to comply with local and regional laws, which may conflict with the requirements of the U.S. CLOUD Act.

2. EU Privacy Concerns

GDPR Compliance: The General Data Protection Regulation (GDPR) imposes strict rules on data protection, personally identifiable information (PII), and privacy. The extraterritorial reach of the CLOUD Act could lead to situations where U.S. requirements conflict with GDPR mandates, creating legal and operational challenges for European organizations.

Data Exposure: There is a potential risk of sensitive data being accessed by U.S. authorities, which might not align with the privacy expectations of European customers and regulators.

3. EU Security Risks

Unauthorized Access: There is a concern that U.S. government access to data under the CLOUD Act could lead to unauthorized access or surveillance, which might be perceived as a security threat.

Trade Secrets: European companies might be wary of the risk of exposing proprietary information, trade secrets, and intellectual property to U.S. entities.

4. EU Economic and Strategic Considerations

Supporting Local Ecosystems: By using European-sovereign cloud providers, companies can support local technology ecosystems, fostering innovation and economic growth within Europe, while also staying within the boundaries of EU sovereignty and regulations.

Strategic Autonomy: Relying on U.S. based hyperscalers can lead to a dependency that might be strategically disadvantageous for European organizations. Promoting European solutions enhances technological sovereignty and reduces risks of exposure to future EU regulations, which are inevitable.

5. Competitive Edge for EU Organizations

Market Positioning: European companies will likely gain a competitive edge by emphasizing their commitment to local data protection standards and sovereignty, appealing to privacy-conscious customers and partners.

Trust Building: Maintaining control over data within Europe can help build trust with stakeholders who are concerned about foreign surveillance and data misuse, especially with private data.

Options for European Organizations | Private AI

Private AI fully respects the combination of organizational data security standards, while also complying with local EU and national regulations.

This Leaves Us Two Essential Options:

1.  Privately hosted, local AI & Data (On-Premises)

2.  Privately hosted, local AI & Data (Sovereign Cloud)

Both of these options will deploy self-hosted, non-shared open-source LLMs, which connect private data with RAG (Retrieval Augmented Generation). This means that all the AI and data are leveraged as a private instance of software, never shared or exposed to any public network.

Private AI therefore means you are bringing the isolated generative AI software into your protected data domain, and thus training, and fine-tuning your AI with your own data. Where no other organization has any access to your private data and there’s no exposure to external centralized AI systems.

On-premises deployments for AI workloads are a big challenge for most EU organizations due to the energy and cooling requirements, as most existing data center racks will be challenged to support these new requirements.

Data center and cloud providers operate at scale and centralizing these systems in specially designed data centers makes the most sense for assuring carbon neutral and efficient operations.

Private Sovereign-Hybrid AI Cloud

 

Private Sovereign-Hybrid AI Cloud is an option where AI leverages data in your own secure data-center(s), and potentially in a secure Private AI Cloud, but where only the organization itself has access to the actual data, and there’s no aggregated AI system which either has access, or will train, or ingest this data. This architecture prevents the risks associated instead with connecting private data to shared systems.

Ultimately, it’s likely that each sovereign nation will eventually pass AI regulations and take control of what output and data AI is allowed to be shared with the public, and what’s NOT to be shared. This would imply that EU organizations really should not engage with Public AI systems at all when it comes to any form of sensitive data.

EU organization have the option to host their own AI engines, which are completely disconnected from shared (and mostly foreign) Public AI systems. While this approach takes some planning and forethought, so does protecting your data, which is a worthy pursuit.

NEBUL’s Mission to Secure EU Private AI & Data

With a clear vision on supporting EU organizations core values and data, NEBUL deploys private AI systems for EU organizations, either on-prem, our private data centers or both. All EU sovereignty, appropriate data protection & related security standards which ensure data stays private, and never shared.

You could consider Nebul’s Private AI capabilities to be an architecture for protecting organizational data and sovereignty. This architecture ensures that any deployment of AI is always built within the exacting EU and organizational data protection & privacy requirements that have been already established for that particular data set.

Nebul works with governmental, commercial and non-profits where data privacy and data protection are the key architectural considerations for protecting internal secrets, IP, as well as the associated user (individual) data being processed.

Together, we first determine where the organization’s sensitive data exists, what physical locations, which legislation and policies are applicable, and then build private networks and data connectors to ensure the appropriate data can be leveraged in modern AI development and production systems, but within the applicable standards and policies set forth.

Once all the data is properly categorized and secured, we can start to deploy the AI where the data is, utilizing appropriate data protection and security levels, and ensure no external AI systems will be utilized in the process. There’s no compromise on innovation, only a greatly reduced level of risk, and a strategy of execution that fits internal and national standards.

Data Is The Fuel for Your AI

Ultimately, AI will be connected to most all of your organizational data sources, aggregated into higher-level systems which can generate results across departments and leverage AI to have almost instant awareness of all part of the organization, giving workers and executives the best decision input and the most innovative, streamlined business results.

In other words, the result is a more efficient and accurate version of what organizations are trying to accomplish for their own particular mission or objectives.

Nebul works directly with NVIDIA as a Certified Solution Provider and Cloud Provider to facilitate government and private organizations with cutting-edge AI solutions, providing all AI infrastructure and needed software to achieve large-scale production grade AI solutions.

Before you commit your EU organization to an AI architecture, or if you’re already in progress, be sure you are able to guarantee your organizations data protection, and don’t compromise on your data privacy.

There are enterprise-grade alternatives to Public AI systems and US hyperscalers, that offer not only better price, performance and results, but also protect sensitive data, reduce data leakage and exposure, and eliminate the basic risks we’ve covered in this article.

Ensures Successful Outcomes on Your AI Journey

Nebul provides EU Private AI infrastructure solutions and guidance through the entire AI development and production pipeline stages.

By ensuring data compliance and safety guardrails, Nebul supports organizations in building cutting-edge, yet compliant EU AI solutions, all while providing the most advanced ongoing innovations and state-of-the-art NVIDIA hardware and integrated software stack.

Are You Ready to Deploy AI in Europe?

Let’s talk: hello@nebul.com