UK firms cite risk reduction as the top driver for data sovereignty, yet across EMEA – led by Germany – AI speed is outpacing data controls, with visibility gaps persisting even in MEA, which leads in sovereignty strategy implementation
New research from Veeam® Software, the Data and AI Trust Company, shows a growing data disconnect across EMEA organizations. While 99% of enterprise decision-makers agree that data sovereignty is critical, at the organizational level, the majority (72.5%) are actively deprioritizing it in favor of accelerating AI. The result: AI workflows have become the region’s biggest data visibility gap, with 40% of leaders calling “data used for AI or analytics” their top operational blind spot.
“Organizations across EMEA are accelerating AI adoption, recognising its potential to drive innovation and growth,” said Tim Pfaelzer, General Manager and Senior Vice President, EMEA at Veeam. “But many now face a critical trade off: move quickly with AI without fully understanding, protecting and managing their data, or slow progress to meet sovereignty requirements. Our research highlights the need for greater visibility and control. By ensuring data is understood, governed and trusted, organizations can confidently accelerate AI adoption while reducing risk and meeting sovereignty expectations.”
Regional snapshot: different strategies, same visibility problem
highlighted a growing disconnect between AI adoption and governance, with 88% of enterprises already running AI agents, yet just 7% fully prepared to manage them. Against this backdrop, this new research reveals how the gap is materializing across EMEA.
While approaches vary, the research shows a consistent challenge across EMEA: visibility isn’t keeping pace with innovation.
-
United Kingdom: Risk avoidance is the leading sovereignty driver. 58% of UK respondents cite preventing data breaches as the primary reason for sovereignty efforts. Yet 45% of UK organizations – the highest in Europe – admit their biggest blind spot is the data used for AI and analytics, highlighting a widening gap between intent and execution.
-
Germany: German organizations are attempting a difficult balancing act, to reconcile defensive priorities, including data sovereignty and breach prevention, with strategic priorities such as AI innovation. However, when forced to prioritize, speed is winning out over Data and AI Trust. A staggering 82% of German leaders admit that accelerating AI development takes priority over establishing data controls.
-
France: French leaders are less likely to label sovereignty “critical,” and are more motivated by protecting intellectual property and sensitive information (46%), a key concern for innovation-led sectors.
-
Middle East and Africa (MEA): Organizations in MEA are the most mature in their data sovereignty execution (60% fully operationalized) and the least likely to sacrifice data control for AI speed. However, they report the highest reliance on third-party ecosystems and vendors (38%), creating significant supply-chain blind spots and increasing sovereignty complexity.
Top motivators: reducing risk and data control
While data sovereignty remains a strategic priority, immediate action is still largely driven by compliance pressures rather than proactive governance. The top motivators include reducing the risk of data breaches (44%) and gaining greater control over data (43%).
However, execution remains largely reactive over strategic. Internal audits and compliance reviews (33%) and market expansion (32%) are the main triggers for action. Organizations are also struggling to understand where data sovereignty sits within evolving regulation, reporting high confidence in established frameworks such as GDPR (90%), but significantly lower clarity around newer regulations, including the EU AI Act, widening the potential governance gap.
AI push is eroding enterprise visibility
While 68% of organizations are prioritizing broader digital transformation initiatives over establishing strong data controls, this is causing major infrastructural blind spots. Beyond AI workflows, organizations identified massive visibility gaps across:
-
Public cloud environments (38%)
-
Cross-border data flows (34%)
-
Third-party vendors (33%)
Alarmingly, 32% report major challenges with Shadow IT, where systems are deployed outside of IT governance entirely.
“AI doesn’t have to slow the business down, but it does demand operational clarity,” said Andre Troskie, EMEA Field CISO at Veeam. “If you can’t see where data is going, who can access it, and what AI systems are doing with it, you don’t have control. And without control, AI quickly becomes a board-level liability.”
