Beyond Semantics: Governing AI Requires Shared Norms
Governing AI isn't about clever labels; it's about shared norms. From governments to vendors, everyone weaponizes 'AI sovereignty,' and this piece argues we must move from semantic fog to concrete standards or risk chaotic policy.
Look — “AI sovereignty” has turned into a policy multi-tool that everyone waves around for their own agenda: governments for control, trade groups for bargaining power, vendors for marketing. Stanford HAI’s “AI Sovereignty’s Definitional Dilemma” at least admits there’s a definitional mess. But it mostly describes the fog instead of forcing choices. And in this space, your definition isn’t semantics; it’s a power diagram.
The article is right on one key point: definitions are not neutral. They decide who writes the rules and who gets regulated. If “sovereignty” means control over data, you’ll see fights over storage, access, and cross-border flows. If it means control over models, expect export controls and hard conversations about code, weights, and compute. If it’s framed territorially, it drags trade law and national-security frameworks into AI policy. The piece sketches those axes, but never asks the only question that matters for actual governance: which axis gets to dominate when they collide?
Here’s what nobody tells you: when everything is “sovereign,” nothing is. If a government can call a cloud region, a foundation model, a fine-tuned application, and a citizen’s data all “sovereign” at once, you’ve built a slogan, not a regime. The HAI piece warns about confusion, but it doesn’t press hard enough on the collisions you get when those layers point in different directions.
The big blind spot is how state-centric the framing is. Yes, sovereignty language naturally pulls in national governments. But look at where practical control already sits: hyperscale clouds, chip manufacturers, large model owners, and the platforms that distribute and gate access to those models. The article nods at jurisdictional tension; it doesn’t grapple with the reality that Amazon, Microsoft, Google, NVIDIA and a few others effectively operate as co-sovereigns over the global AI stack.
Spend a decade in operations in a big company and you stop confusing legal form with real control. You can legislate “sovereign models” all day; if those models still depend on a handful of foreign-controlled clouds, exotic chips, or proprietary toolchains, what you actually have is “sovereign policy, outsourced implementation.” The fun doesn’t happen in parliaments; it happens in contracts, SLAs, data residency knobs, hardware sourcing, and who can pull the plug in a crisis. The HAI piece should have pressed that point instead of treating corporations as background scenery.
The other missing actor is the data proprietor — not just states, but corporations, platforms, and individuals whose data exhaust feeds these systems. Whether “AI sovereignty” ends up meaningful or performative will depend heavily on who can say no to their data being pooled, sold, or repurposed, and under what conditions they can move it. If you had to boil the entire debate down to a single forcing move, it would be this: pick your unit of sovereignty — data, model, compute, or territory — and admit that each choice empowers a different class of actor.
There’s a historical rhyme here. In the early days of the commercial internet, everyone talked about “cyberspace” as if it floated above nations. Then came the boring work: data localization rules, safe harbor regimes, mutual legal assistance treaties, and platform liability fights. Countries that treated “internet sovereignty” as a slogan lost bargaining power to platforms; countries that tied it to specific levers — undersea cables, data centers, payment rails — got actual negotiating strength. We’re replaying that movie with AI, only faster and with more concentrated infrastructure.
On enforcement, the article gestures at cross-border tensions but stops short of the gritty part: how do you turn a definition into a working brake pedal? It’s one thing to declare that models trained on your citizens’ data must be under your jurisdiction. It’s another to trace which datasets actually went into a model assembled from dozens of vendors, or to block an API call that bounces across multiple regions before hitting an inference endpoint, or to audit a closed model without detonating trade secrets.
Spare me the idea that leaving “AI sovereignty” deliberately vague is a clever way to keep options open. Yes, flexible language gives coalitions room to experiment, scope rules differently for research labs and national infrastructure, and avoid crushing smaller players with compliance designed for defense contractors. That’s the charitable version.
But flexibility without enforcement architecture is a subsidy to whoever already holds the most power. Vague sovereignty lets firms route sensitive workloads through friendlier jurisdictions, slap “sovereign” labels on premium SKUs, and build compliance as a luxury feature that only big clients can afford. The piece mentions fragmentation; it doesn’t dig into how market structure plus mushy rules tends to end in regulatory theater for the public and tailored exemptions for the well-connected.
We’re already seeing early sketches of this: “EU-only” cloud regions that still rely on foreign-controlled hardware and management planes; “private AI clouds” that sound sovereign until you read who actually operates the stack; national “AI strategies” that announce independence while quietly assuming continued access to foreign chips and foundation models. The symbols are local; the dependencies stay global.
If the policy goal is to protect citizens’ data, constrain geopolitical leakage of sensitive capabilities, and avoid a handful of companies locking in AI advantage, you can’t just wordsmith “sovereignty” and walk away. You need a primary axis that you’re willing to defend when trade-offs bite, you need operational tools that sit on that axis — audit trails, access controls, procurement rules, interconnection standards — and you need an enforcement plan that treats corporate actors as first-class players, not afterthoughts.
Give me a break — talk is cheap, compliance is not. Stanford HAI has opened an important conversation about how “AI sovereignty” gets defined; the real fight will be when someone tries to turn off a powerful foreign-trained model and discovers whether their chosen definition actually gives them a working off switch.