Taking back control? IBM launches Sovereign Core for AI workloads and cloud-native data

IBM has unveiled Sovereign Core, a software platform designed to give governments, enterprises and service providers full operational control over cloud-native and AI workloads.

Digital sovereignty is becoming an ever more urgent priority among governments, as security and geopolitics advance to the fore. Organizations must prove not only where data resides but also who controls the infrastructure, identity systems and encryption keys that underpin sensitive operations.

The announcement comes as regulators worldwide tighten requirements around data governance and AI accountability. Analysts predict that by 2030, most enterprises will have a digital sovereignty strategy, often centered on sovereign cloud deployments.

IBM’s offering seeks to address this by embedding sovereignty into the software architecture itself, rather than layering controls on top of existing systems. National digital ID systems, which rely on massive amounts of data, face a common dilemma over access and control.

“With IBM Sovereign Core, we can focus on configuring the software to each client’s specific use cases rather than spending months piecing together disparate components and validating sovereignty controls,” says Christian Schreiner, Unit Director Cloud, Computacenter.

A key feature is in-boundary identity and key management. Authentication, authorization and encryption keys remain entirely within national or jurisdictional boundaries, under customer control.

This mirrors the principles of national ID programs, where identity credentials and cryptographic keys must be issued, stored and verified locally to ensure trust and compliance. There is an alignment here between enterprise IT sovereignty and that of national identity systems. There is potential for Sovereign Core to be a bridge between digital infrastructure governance and citizen identity assurance.

“As organizations navigate increasingly complex compliance and regulatory requirements, we’re seeing strong demand for digital platforms and software that allows sensitive data to remain within controlled, compliant boundaries,” comments Gaetan Willems, VP of Cloud and Digital Platforms at Cegeka.

Other capabilities include customer-operated control planes, continuous compliance reporting with auditable evidence, and locally governed AI inference. This is supposed to ensure model execution and GPU clusters remain under domestic oversight.

These measures are intended to provide regulators with verifiable proof of operational independence, a requirement increasingly seen in both identity systems and AI governance frameworks.

Deployment options include on-premises data centers, in-region cloud infrastructure or through IT service providers. Initial rollouts are planned in Europe with Cegeka in Belgium and the Netherlands, and Computacenter in Germany.

IBM Sovereign Core will enter tech preview in February, with general availability scheduled for mid-2026 when additional capabilities will be introduced. More on the technology can be found on IBM’s blog here. IBM is hosting its Tech Summit on January 27, with registrations here.

Article Topics

digital identity  |  IBM  |  identity access management (IAM)  |  identity management  |  tech sovereignty