Where is your AI Assistant's data physically located? A practical guide to AI sovereignty in the EU
← Blog
Data Sovereignty

Where is your AI Assistant's data physically located? A practical guide to AI sovereignty in the EU

If your AI Assistant runs on the "European region" of a US cloud provider, it does not meet the EU definition of data sovereignty — regardless of what the contract says. The AI Act starts applying to high-risk systems in August 2026.

Patryk Omiotek Ragen AI, Web Amigos
7 min read

Short answer: if your AI Assistant runs on the “European region” of a US cloud provider, it does not meet the EU’s definition of data sovereignty — regardless of what the contract says. The AI Act starts applying to high-risk systems from August 2026, so the auditor’s question has stopped being theoretical. The rest of this post shows what actually has to be in place, and how we at Ragen.ai solved it.

The question that is starting to come up in audits

A year ago “where is the data physically located during inference” lived mostly in conference slides about AI. Today it shows up in audit minutes, in due diligence on contracts with banks, in compliance committee questions at law firms and consultancies.

The reason is mundane — the regulatory calendar. The AI Act came into force in stages, but from August 2026 the full requirements for high-risk systems apply. On 17 April 2026 the European Commission announced the results of the Cloud III tender for €180 million — it picked four European providers to serve its own institutions. The market signal is clear: public institutions buy according to specific sovereignty criteria, not declarations on paper. The private sector is starting to ask the same questions.

For a company deploying an AI Assistant on its own documents — policies, contracts, customer data — the answer “it runs in the cloud, don’t worry” no longer holds.

The pseudo-sovereignty trap

The most common misunderstanding goes like this: a company picks a “European region” of Microsoft Azure, AWS or Google Cloud, gets a GDPR compliance certificate, and considers the matter closed. That is a mistake that will cost.

The problem is named US CLOUD Act — a 2018 law that empowers US law enforcement to compel US companies to disclose data stored abroad. Key word: compel. Regardless of where the server physically sits, if the operator is subject to US jurisdiction, the data may be handed over to US authorities without the owner’s consent and without notifying any European regulator.

The CJEU’s framework rulings (Schrems II) make it clear that the extraterritorial reach of US law is a real risk for EU citizens’ data. The European Commission, in its Cloud Sovereignty Framework, says it explicitly: a European-region certificate at a US hyperscaler is not enough to achieve full sovereignty.

This is not a rhetorical argument — it is a legal one, and any auditor or client lawyer can pull it out at any time.

What actually has to be in place

The European Commission produced the Cloud Sovereignty Framework precisely to replace abstract declarations with concrete criteria. The framework introduces SEAL levels (Sovereignty Effectiveness Assurance Level) from 0 to 4. SEAL-2 is the minimum for data sovereignty. SEAL-3 means the provider is resilient to supply-chain disruption from outside the EU. SEAL-4 demands a fully European supply chain — from chips to software.

In practice, a provider that wants to deliver sovereignty for your AI Assistant must satisfy four conditions at the same time.

First — owner jurisdiction. The parent and operating entity is subject to EU law, with no extraterritorial obligations to third countries. A European subsidiary of a US company does not meet this, no matter what the contract is called.

Second — infrastructure location. Data centres physically in the EU, owned or fully contracted on EU terms. Hardware running in a European DC but managed remotely by a team outside the EU is half-sovereignty.

Third — operations team location. Administrators with system access reside in and are subject to EU law. Often overlooked — and crucial, because they are the ones with real access to the data.

Fourth — a no-logging policy. Prompts sent to the AI model are not stored, logged or used for training. This applies to both the model layer and the infrastructure layer.

These four conditions together are not marketing. They are the minimum checklist for an audit checkpoint.

The European provider landscape

After the Commission’s April 2026 decision we have an official short list of providers that meet the highest SEAL-3 criteria:

  • OVHcloud (France) — the largest European hyperscaler, part of a consortium with Post Telecom and CleverCloud. Strong on classic IT workloads, offers dedicated GPUs for AI. Global scale, but European operations.
  • STACKIT (Germany) — an initiative by Schwarz Group (the owner of Lidl and Kaufland), positioned as enterprise-first. Growing presence, strong in finance and the public sector.
  • Scaleway (France) — part of the Iliad group, with data centres in Paris, Amsterdam and Warsaw. Stands out for a broad catalogue of open source models available via Generative APIs and Managed Inference, including Mistral, GPT-oss and Qwen3.
  • Post Telecom (Luxembourg) — with partners CleverCloud and OVHcloud, focused on the public sector.
  • Hetzner (Germany) — did not bid in Cloud III, but has a strong position in classic hosting and very aggressive pricing. Limited AI-specific offering.
  • Proximus with S3NS (Belgium, partnered with Mistral) — reached SEAL-2, uses Google Cloud technology operated exclusively by EU entities. A technological hybrid with operational guarantees.

Each of these providers makes sense in a different context. OVHcloud for a broad IT stack with AI elements. STACKIT for enterprises with a strong German ecosystem. Hetzner where price is the priority and the workload is light. Scaleway when AI with open source models is the heart of the product.

Why we at Ragen.ai chose Scaleway

To be explicit — I am writing about our choice, not a universal recommendation. For your use case, a different decision may make more sense.

We picked Scaleway for four concrete reasons.

First — a model catalogue that fits the product. Ragen.ai is built on open source models running on European infrastructure. Scaleway hosts Mistral Small 3.2, GPT-oss-120B and Qwen3-235B via Generative APIs and Managed Inference. These are exactly the models we recommend to clients in regulated sectors. Other sovereign clouds would force us into either our own deployment or accepting a narrower model lineup.

Second — a no-logging policy on prompts. Scaleway guarantees that prompts are not stored, logged or reused. For a client in legal services who asks the AI Assistant about details of a customer contract, that is not a “nice to have” — it is the condition without which we will not even start the conversation.

Third — external validation. Scaleway reached SEAL-3 in the European Commission’s assessment and was selected in Cloud III. This is not our opinion — it is an external, independent assessment we can show to a client’s auditor. “We picked them because the European Commission picked them” works far better than “we thought they were good”.

Fourth — presence in Poland. Scaleway has a data centre in Warsaw. For some clients “in the EU” is enough, for others “in Poland” is an extra argument in favour. You get to choose.

What Scaleway is not — it is not the cheapest option on the market. Hetzner wins on price, but it does not have a comparable AI model catalogue. It is also not the largest. AWS and Azure have more regions, more ancillary services, longer SLA histories. But that did not interest us — what interested us was sovereignty defensible to an auditor.

What this means for the Ragen.ai end client

In practice it boils down to three sentences we can say to a client.

Your company’s data does not leave the EU — not during inference, not during indexing, not at any other stage of the AI Assistant’s operation.

The infrastructure operator is a European entity, not subject to the extraterritorial reach of US law.

The sovereignty of the stack is externally confirmed by the European Commission under the Cloud Sovereignty Framework, so the auditor does not have to take our word for it.

That is not the whole case for Ragen.ai — but it is the argument that removes the conversation about legal blockers and lets us focus on what the AI Assistant can actually do for the business.

Three questions to ask your current provider

Whether you are considering Ragen.ai or another solution, you should ask every AI provider these three questions.

  1. Under which jurisdiction is the operator of the inference infrastructure? Not the region, not the data centre, but the operator.
  2. Are prompts sent to the model logged or stored, even transiently, and who has technical access to them?
  3. What is the documented compliance with the Cloud Sovereignty Framework, at which SEAL level, and is there external evidence?

If the answers are murky — you already know what to write into the due diligence report.

This post is part of a series on building AI Assistants independent from foreign providers. In the previous post we compared open source models with commercial flagships: Open source models in your company — when Mistral, GPT-oss and Qwen are enough instead of GPT, Gemini and Claude.