Open source transparency defines the future of sovereign AI in Europe

In early 2025, I wrote that uncertain times call for greater operational control and IT resiliency. Today, those uncertainties have materialized into a permanent shift in how European organizations view their digital future. By moving AI from the sandbox to the center of the enterprise, the industry has placed a massive new burden on IT infrastructure, making rigorous operational oversight the new baseline for success. Enterprises need greater control over how and where AI runs and a consistent way to govern fast moving technologies like agentic AI.

To understand how IT leaders are navigating this landscape, Red Hat recently surveyed 500 IT decision-makers across France, Germany, Italy, Netherlands and the UK. The results highlight that for the modern enterprise, control is now a strategic requirement. This includes control over data, infrastructure, and provider relationships. Organizations see AI as a capability where openness, transparency and flexibility are the foundation for a resilient, sovereign capability. Achieving this level of resilience requires the practical ability to move workloads and maintain operations if a vendor relationship changes.

Exit plans and the need for greater autonomy

Many organizations have written exit strategies to prepare for technical or geopolitical challenges. Our research shows 63 percent of European businesses have a defined plan to switch AI providers if their primary provider suddenly restricted access to its services. However, actually executing a switch without disruption remains difficult. Nearly 40 percent of those with a plan admit that switching would cause moderate to significant disruption to business continuity. Another 30 percent of organizations lack a defined exit strategy entirely.

This gap shows that a strategy on paper is not enough. Closing it requires control over the underlying platform. Customers can benefit from consistent architecture that allows them to move workloads across different environments. Technical independence involves the ability to maintain systems regardless of a provider's status or geographic shifts. To help organizations understand where they stand, we offer the Red Hat Digital Sovereignty Readiness Assessment tool. This self-service tool allows teams to establish a baseline and develop a roadmap toward a more resilient digital future.

Trust as a technical requirement

Trust in AI relies on the ability to verify what a system is doing, at any time, wherever it runs. In our study, 79 percent of IT leaders identified transparency and auditability as the most valuable open source benefits for building trust in their AI strategy over the next three years. This is followed closely by the need for customization to meet business and regulatory needs at 77 percent and greater control over how AI is built and where it runs at 75 percent.

These findings suggest that trust is becoming a technical requirement. Organizations don't want to rely on a proprietary system where they cannot see how components were trained or configured. They are looking for stronger community-driven trust (71 percent) and reduced vendor lock-in (69 percent) to anchor their long-term innovation. This desire for openness is so significant that 77 percent of European IT leaders agree that public policy should actively mandate open source principles, such as transparency, auditability, and open source licensing, to help organizations achieve AI sovereignty.

Governing fast moving technologies

The rapid adoption of agentic AI adds to the complexity of maintaining control. These systems trigger workflows and take actions autonomously rather than just answering questions. Our data shows 88 percent of organizations already use these tools, yet only 31 percent feel they have strong governance in place. This lack of guardrails poses a risk to operational security and sovereignty.

In order for AI to reach its full potential businesses need a way to govern these fast moving technologies. We recently collaborated with Telenor AI Factory to address data residency demands while powering production-scale AI model training and inference. By standardizing on Red Hat's cloud-native and AI platforms, Telenor AI Factory provides customers with a vendor-neutral foundation that eases portability and maintains national control over data and processes. This approach provides built-in guardrails needed for production AI into the infrastructure from the start.

Building the Sovereign Foundation

Enterprise open source acts as a common foundation for digital autonomy. It provides the technical independence and control needed to avoid over-reliance on a single vendor while keeping access to global innovation. We recently saw this in practice with Orange Business: our Red Hat partner has integrated Red Hat OpenShift into Cloud Avenue, its sovereign cloud platform, enabling enterprise customers to modernize their applications while maintaining full control over their data and infrastructure.

Red Hat helps build this foundation across Europe. Our open hybrid cloud approach allows organizations to stay aligned with local rules and their own long term infrastructure strategy. We recently announced the availability of Red Hat Confirmed Sovereign Support in the European Union to provide localized technical support. Delivered by EU residents within the member states, this offering delivers a layer of operational control for organizations managing sensitive data.

Sovereignty laws will continue to evolve, but the need for resilience is permanent. Organizations that prioritize technological autonomy today will be better equipped to shape their own digital destiny. They can weather market forces by remaining in control of their own technology stack. Achieving digital sovereignty means having the choice to innovate on your own terms. Learn more about Red Hat Sovereign Cloud and take your first steps in assessing your digital sovereignty readiness. 

Methodology

The research was conducted by Censuswide, among a sample of 500 IT Decision Makers across the following markets: 100 x UK 100 X Netherlands 100 x France 100 x Germany 100 x Italy (Aged 25+). The data was collected between 20.03.2026 - 25.03.2026. Censuswide is a member of the Market Research Society (MRS) and the British Polling Council (BPC), and a signatory of the Global Data Quality Pledge. We adhere to the MRS Code of Conduct and ESOMAR principles