IBM Corp. today introduced a new cloud sovereignty tool aimed at helping enterprises demonstrate compliance, operational control and governance as artificial intelligence deployments expand across hybrid and multicloud environments.

IBM Cloud Sovereignty Risk Profile is designed to give organizations greater visibility into where workloads run, how data is protected and whether operational controls meet regulatory requirements.

The launch reflects growing enterprise concern about digital sovereignty as organizations increasingly deploy AI systems that span multiple jurisdictions, cloud providers and data sources. IBM cited a new study by its Institute for Business Value and the Dubai Future Foundation that reported 93% of executives say sovereignty must now be incorporated into business strategy. However, fewer than one-third know where AI workloads are running, and only 18% maintain a current inventory of AI systems.

IBM said the new tool is intended to help organizations address that visibility gap by continuously monitoring cloud workloads and providing evidence that operational controls are functioning as intended. The Sovereignty Risk Profile is integrated into IBM’s Security and Compliance Center Workload Protection platform, which organizations can use to manage compliance and security across hybrid cloud environments.

The offering is part of a broader digital sovereignty strategy built around four principles: provability, prevention, privacy and portability. IBM described provability as the ability for enterprises to demonstrate compliance with regulatory requirements. The new tool is designed to help organizations assess risks involving data residency, encryption, resilience and operational independence while generating audit-ready evidence for regulators and stakeholders.

The prevention component focuses on encryption and customer control of cryptographic keys. IBM said sovereignty requires that cloud providers be unable to access enterprise data, even in response to a government request. To address that concern, the company highlighted its Keep Your Own Key technology, which enables customers to maintain exclusive control over encryption keys using hardware certified to the Federal Information Processing Standards 140-3 Level 4 standard.

Privacy centers on deployment flexibility. The company said enterprises increasingly require options that allow workloads to remain within specific jurisdictions or under local operational control. IBM Cloud supports multiple deployment approaches, including dedicated multizone regions, single-tenant environments and partnerships with local operators in some countries.

The fourth pillar, portability, emphasizes open-source technologies and interoperability. IBM Cloud relies heavily on technologies such as Red Hat OpenShift, Kubernetes and open interfaces to allow customers to move workloads between public cloud, private cloud and on-premises environments without becoming locked into a single provider.

The company positioned sovereignty as an increasingly urgent issue as enterprises scale AI deployments and face stricter oversight of data management practices.

“Leaders are under pressure to show where data lives, how systems behave, and who ultimately has authority over critical workloads,” IBM Cloud General Manager Alan Peacock wrote in a blog post. “Yet the visibility required to answer these questions remains elusive.”

The announcement also follows IBM’s recent introduction of Sovereign Core, a software platform intended to help organizations build AI-ready sovereign cloud environments while maintaining operational control.

As governments and regulated industries place greater scrutiny on AI governance, cloud providers are increasingly introducing sovereignty features. IBM argues that organizations adopting AI at scale must have direct control over data location, encryption, access policies and operational independence if they are to meet emerging regulatory and security requirements.

Image: Pixabay