4 levels of AI sovereignty — which one fits your European company

In March 2026, Austria’s data protection authority (DSB) fined a Vienna fintech €450,000 for using a US AI API for credit scoring. The company was given 90 days to stop processing. Not because anything leaked. Not because anyone was hacked. Purely because customer personal data was being sent to a model outside the EU — and there was no lawful basis for that transfer.

This isn’t an isolated case. It’s the first in a wave that’s only just starting.

If your company uses any AI tooling at all — Copilot, ChatGPT Enterprise, a third-party chatbot, a sales assistant built on the OpenAI API — it’s worth understanding which of the four sovereignty tiers you’re operating in. Not because every company needs the top tier. Because every company needs a conscious decision — rather than a provider’s default.

This post is longer than usual. If you’re the owner or a director of a European mid-market company and you’re using (or planning to roll out) AI — read it to the end. It’ll take you 10 minutes. It might save you €450,000.

Why this isn’t an academic discussion any more

Until recently, “AI data sovereignty” sounded like a topic for a law firm or an industry conference. Something to worry about “later, once the company grows”. In 2026 that changed — and changed sharply.

The fall of the EU–US Data Privacy Framework. In late 2025 the Court of Justice of the EU struck down the EU–US data transfer framework for the third time in a row. The press calls it “Schrems III” — after the Austrian lawyer who has been dismantling these mechanisms one after another for fifteen years. Net effect: as of today, there is no stable legal basis to systematically send European customer personal data to US AI APIs.

34 countries with localisation requirements. According to industry analyses, at least 34 states currently have regulations requiring specific categories of data to be processed locally. China, Russia, Saudi Arabia, Indonesia, India, Brazil — every region has its own rules. If you sell to international customers, your AI strategy has to account for this.

EU AI Act + GDPR = up to 11% of turnover. From August 2026 the provisions for high-risk AI systems apply in full. Fines stack: GDPR allows up to 4% of global turnover, the AI Act adds another 7%. On €10m of turnover, maximum exposure is €1.1m. On €100m, it’s €11m. These aren’t numbers you can shrug off.

Corporate supply chains. This is the most often-missed vector. If your European mid-market company supplies a multinational (automotive, pharma, finance), that multinational pushes the compliance burden down onto you. You receive a DPA with a clause like: “all customer data must be processed exclusively within the EU, including by AI systems”. And you have to prove it at audit.

Put together, this means one thing: the question “where is AI processing happening in my company?” has stopped being theoretical. It’s now operational, legal and financial.

If this mechanism still feels theoretical, read our analysis of the Copilot flex-routing incident. Microsoft changed defaults in April 2026 without explicit customer consent — and that’s exactly the class of incident this post is about.

The four levels of AI sovereignty

Rather than splitting “cloud” vs “on-premise” — which is a simplification — the industry now uses a four-tier scale. Each tier has its trade-offs. None is absolutely “best”. A decision-maker’s job is to match the tier to the data type, the required model quality and the budget.

Tier 1 — On-device

AI runs locally, on the user’s device. Apple Intelligence on iPhone. Gemini Nano on Pixel. Intel AI PC. Qualcomm NPU.

What you gain. Zero data exposure. Nothing leaves the device. The highest possible compliance with any regulation in the world. Even the most restrictive jurisdictions (China, Russia) have nothing to say about this.

What you lose. On-device model quality is limited. In 2026 that’s no longer a disaster — small models handle summarisation, simple classification and transcription reasonably. But for complex document analysis, strategy drafting or production code, they aren’t enough.

Who it’s for. The highest-sensitivity scenarios (medical data, classified documents, top-grade IP). Or as a complement: lightweight tasks on-device, heavier tasks at other tiers.

Tier 2 — On-premise / private cloud

AI models run on your infrastructure. Your server, your Kubernetes, your data centre, your private cloud.

What you gain. Full control over where data is, who has access, which models are used. No dependence on a third-party vendor’s policies. The option to use open-source models (Llama 3.1, Mistral, Bielik, Qwen) without per-token fees. At scale, a cost advantage over cloud.

What you lose. You need (or have to build) a DevOps team. Hardware infrastructure is an investment — for a serious deployment with Llama 405B-class models you’re looking at GPU servers in the $80–500k range. For smaller models (Llama 70B, Mistral Small) — €7–35k per year in a managed-service model.

Who it’s for. Banks, insurers, healthcare companies, law firms, consultancies serving rival clients, large manufacturers with technology trade secrets. Anywhere the answer to “can we send this data outside?” is “no”.

Tier 3 — Regional EU cloud

A SaaS platform whose infrastructure physically sits exclusively in the EU, without mechanisms that “bleed” traffic out of the region at peak load (exactly what Microsoft Copilot does not offer after the flex-routing incident).

What you gain. Compliance with GDPR, NIS2, DORA and most European sector-specific regulations. Fast start — no infrastructure to build. The option to use European open-source models (Bielik on Scaleway, Mistral, Llama on OVH) or US frontier models via European regions of major providers (Claude via AWS Bedrock eu-central-1, GPT via Azure OpenAI EU).

What you lose. You don’t have physical control over the servers. You rely on the provider for security policies. At very large scale (100k+ queries a day) it may work out more expensive than your own on-premise deployment.

Who it’s for. Most European mid-market companies that don’t handle the most sensitive data in the world, but want conscious GDPR compliance and need flexibility. Companies that are growing and may change scale in a year. Companies that don’t want to maintain their own DevOps team to run AI infrastructure.

Tier 4 — Global cloud

Standard direct OpenAI usage, ChatGPT Enterprise in mixed regions, Claude via US APIs, Gemini via global endpoints.

What you gain. The best model quality currently available. The fastest access to new releases (a model appears at the provider — you have it immediately). The most developed integration ecosystem. The lowest barrier to entry.

What you lose. Sovereignty. Data may be processed in the US, Canada, Australia — depending on load and provider policy. For European companies serving EU customers and multinational supply chains, this is increasingly not acceptable.

Who it’s for. Non-sensitive data, non-confidential market analysis, marketing content built on public material, code generation, translation of non-confidential documents. Anywhere “personal data” and “regulated data” are not in play.

The decision matrix — how to choose your tier

Instead of guessing, ask yourself three questions in order.

Question 1: what types of data will AI process in your company?

Put your data into four buckets:

Restricted data — medical, biometric, detailed financial data, full-scope employee data, top-grade trade secrets. Acceptable tiers: 1 or 2 (on-device or on-premise). Nothing else provides sufficient control.

Confidential data — customer data, contracts, internal strategies, project documentation, commercial correspondence. Acceptable tiers: 2 or 3. On-premise or regional EU cloud with a properly drafted DPA.

Internal data — meeting notes, project plans, internal communication, process documentation. Acceptable tiers: 2, 3 or 4. You can use global cloud, but it’s worth thinking about reputational exposure.

Public data — marketing materials, published content, public datasets, press releases. Any tier. No constraints here.

Question 2: what model quality do you need?

Simple tasks (classification, tagging, summarisation, FAQ, product chatbots) — open-source models hosted at tier 2 or 3 are fully sufficient. Bielik, Mistral Small, Llama 70B — in 2026 these cover 85–90% of typical business workloads.

Complex tasks (contract analysis, strategy drafting, production code, VIP customer support) — here you want access to frontier models (Claude Opus, GPT-5, Gemini Ultra). But you can still consume them via regional zones (Claude via AWS Bedrock eu-central-1 rather than the direct Anthropic API).

Question 3: what’s your budget and team?

Small company with no DevOps — tier 3 (regional EU cloud). Tier 2 requires skills you don’t have or costs you don’t want.

Mid-sized company with an existing IT team — tier 2 or a 2+3 hybrid. If the team already runs Kubernetes, PostgreSQL and monitoring, adding Ragen or a similar on-premise platform is a marginal cost.

Large company with sector-specific regulation — tier 2 mandatory for regulated data, tier 3 for everything else. Often a hybrid — different departments at different tiers.

A full comparison of the two deployment paths is in our post Ragen Cloud or on-premise? How to choose a deployment model you won’t regret.

Hidden costs few people talk about

Before you decide, here are three traps that only surface after a month of running the system.

Egress fees. If you host AI models in one cloud (AWS) but keep your knowledge base in another (Azure), or shift large volumes of data between regions, the clouds charge for outbound traffic. For a RAG pipeline that continuously pumps context between systems, those fees can exceed the cost of inference itself. Check this before you calculate ROI.

Vendor lock-in. Pick tier 4 with a single provider (e.g. OpenAI directly) and you tie your processes to their API, their formats, their pricing. Moving to another provider a year later means rewriting integrations. Tier 3 and tier 2 platforms that abstract away the specific model (LiteLLM, OpenRouter, bespoke gateways) remove this problem — you swap providers with a config change, not a code change.

Model obsolescence. The AI model you buy today will be two generations behind in eight months. At tier 4 you get updates automatically — but you lose control over whether the update suits you (behavioural changes, new limits). At tier 2 you decide when to upgrade — but you have to do it yourself. Tier 3 is the middle ground — regular updates, with the option to pick your migration window.

Inference and infrastructure costs for your specific scenario can be sized in our calculator — it shows the difference between tiers in numbers rather than marketing copy.

Where Ragen sits in all this

Ragen supports tier 2 and tier 3, often in a hybrid setup.

Ragen Cloud (tier 3). Full infrastructure in the EU, with no “elastic” routing of traffic outside the region. Models on offer: Bielik and other European open-source (Mistral, Llama) via Scaleway or OVH for workloads with limited sensitivity; US frontier models (Claude Sonnet 4.6, GPT-5.4, Gemini 3) via European regions on AWS Bedrock / Azure OpenAI / Google Vertex for workloads that need top-tier quality. The model choice is configured per organisation, with a full audit log of where each call went.

Ragen on-premise (tier 2). The full platform installed on your infrastructure. Your Kubernetes or dedicated server. Your security policy. Your encryption keys. Models — the same set as in Cloud, plus the option to plug in your own local instances (Ollama, vLLM on your own GPUs).

Why this configuration fits European mid-market companies. Most European mid-market companies sit in the “I don’t have the world’s most sensitive data, but I do have real GDPR exposure, real supply-chain obligations, real requirements inherited from enterprise clients” bracket. For them, pure tier 4 is too risky, pure tier 1 too limited, and tier 2 for the whole company is over-engineering.

What’s left is tier 3 with an optional migration to tier 2 as the company scales. Which is exactly what we offer. It’s the profile we aim Ragen at.

A typical scenario — how the decision looks in practice

We map AI exposure with European mid-market companies every month. A typical conversation goes like this:

Meeting with the board of a manufacturing company, 80 staff. The IT director: “We want to roll out AI for handling quotation enquiries. We’re thinking about Copilot.”

First question: “What customer data is in those enquiries?” Answer: contacts, component specifications, order volumes, references to end customers. Commercially confidential, in other words.

Second question: “Who’s your largest customer?” Answer: a German carmaker. Third question: “What does your DPA with them say?” Answer: a clause requiring processing exclusively within the EU, including by AI systems.

Thirty minutes in, it becomes clear that standard Copilot won’t pass the German client’s audit. They need tier 3 with an EU-only guarantee, an audit log and the ability to name the specific models processing the data. Cost: comparable to Copilot Enterprise, but without the risk of losing the client.

That’s a typical situation. Not the worst-case company, not the most sensitive industry. Just real commercial constraints that only surface when someone asks about them.

What to do this week

If you’ve read this far, you have enough information to do five things that will head off most of the problems.

Take inventory of AI in the company. Which tools with AI components are being used? ChatGPT Plus subscriptions on corporate cards? Copilot in Microsoft 365? CRM plug-ins? Assistants in design tools? All of them.
For each tool, answer: where is data actually processed? Not where the files are stored. Where the model that processes them runs. If you don’t know, check the vendor’s documentation or ask.
Classify the data going in. Restricted? Confidential? Internal? Public? For each tool.
Compare with the tiers. Are your tools operating at a tier that matches the data they handle?
Where there’s a gap, change the tool. Not every company has to move to tier 2 immediately. But if confidential customer data is flowing into tier 4, you have a concrete operational priority for this quarter.

Free AI sovereignty audit

If you like, we’ll run this inventory with you. In 30 minutes we map the AI tools in your company, identify compliance gaps and deliver a decision matrix tailored to your context. No product pitch. No sales push. Concrete analysis.

You also get the matrix as a downloadable PDF — use it in conversations with your board and your IT team.

Book a free audit — 30 min

If you already know you need tier 2 or tier 3 and want to size the deployment cost — try our calculator.