Sovereignty: A Safeguard for AI Transformation

The National University of Singapore (NUS) has developed a framework to identify the four major waves of transformation and gain a clear understanding of technological evolution in businesses. It follows a logical progression: from tools to processes, then to raw data, and finally to autonomous intelligence.

Here is an explanation of these waves and an analysis of why certain critical concepts, such as sovereignty or cybersecurity, are not classified as “waves” of transformation.

The 4 Waves of Transformation

1. Digitization: This is the transition from analog to digital. It involves replacing paper with digital files (PDF, Excel), converting an audio cassette into an MP3 file, or scanning archives. The goal is storage and searchability.

2. Transformation: The reengineering of business processes using digital technology. We leverage digital data and tools to optimize, automate, or streamline business processes without fundamentally changing the business model. The company does the same things as before, but better, faster, and with less friction. This is the era of ERP, CRM, automated workflows, and paperless forms.

3. Digital Transformation: Digital transformation challenges the way a company creates and captures value. Business models are reevaluated, accompanied by cultural and organizational changes and often the emergence of new economic models. Digital technology becomes the core of the value proposition.

This is the era of platforms, data as a strategic asset, the reinvented customer experience, and open ecosystems. Companies that ride this wave successfully become fundamentally different.

An example: a bank that creates its own online neobank, changes its distribution model, opens its APIs to partners, and monetizes its data - rather than “simply” digitizing its branches.

4. Intelligent Transformation: The fourth wave, the one we are now entering, goes beyond one-off transformations. Artificial intelligence (more specifically, machine learning systems, autonomous agents, and large language models) enables companies to adapt, make decisions, and take action in near real time, at a scale impossible for humans alone. It is a state of constant evolution toward which companies must consciously strive.

Processes are self-optimizing, decisions are supported or automated, and hyper-personalization is becoming the norm. AI doesn’t just analyze the past; it anticipates the future and creates content or solutions. Organizations are rethinking not only their business models but also their relationship to human labor.

To take another example from the banking sector, it is the advisor, aided by AI, who analyzes customer scores in real time, suggests highly personalized products, and reorganizes their workflow on the fly.

In these four phases, the progression is clear: each wave builds on the previous one, and you must continuously manage the transformations of an organization whose levels of maturity vary. Did you say Chief Transformation Officer (CTrO)?

And so, what about autonomy in all of this?

Digital sovereignty: a framework, not a driving force

It is tempting to want to add sovereignty to the list of transformations. However, within the academic framework at NUS, it is viewed as a framework, a cross-cutting dimension, or an infrastructure constraint - not as a driver of transformation in and of itself.

Why? Because the need for sovereignty often arises from a need for protection against waves of data and AI dominated by foreign actors, and addresses dependence on suppliers (Cloud Act, GDPR).

1. Dependence on infrastructure: Large Language Models (LLMs) require phenomenal computing power (GPUs). Today, this power is concentrated in the hands of a few hyperscalers (Microsoft Azure, AWS, Google Cloud). However, if a company or government relies exclusively on these infrastructures, it becomes subject to extraterritorial laws (such as the U.S. Cloud Act). In the event of a commercial or political conflict, access to the organization’s “intelligence” could be cut off or monitored. In the current geopolitical context, what was once considered somewhat incongruous suddenly becomes plausible.

2. Data sovereignty vs. training: to train or fine-tune an AI on business processes, sensitive data must often be sent to proprietary models. The risk is the leakage of know-how and the erosion of intellectual property. This is why “on-premise” AI solutions or Sovereign Cloud solutions (such as Mistral AI in France or high-performance open-source models) are emerging.

3. “Cognitive” sovereignty: This is the most subtle dimension. AI reflects the values, norms, and language of those who trained it. Relying solely on AI developed in Silicon Valley or China to draft legal, administrative, or educational reports risks standardizing thought and losing cultural and normative specificity (for example, civil law vs. common law).

Sovereignty is becoming the safeguard against AI. While previous waves were about efficiency, AI is about power. Without sovereignty, an organization is no longer “augmented” by AI; it is “on life support” from someone else’s AI. And companies are feeling this acutely.

This fourth wave, Intelligent Transformation, acts as an accelerator of dependency, and it would be illusory to limit the regulatory counterweight to this wave solely to the issue of AI governance.

However, by limiting risks and offering a genuine space for innovation, it enables the organization to maximize the value not only of investments directly dedicated to it, but also of those that will subsequently rely on the sovereign assets created (a private cloud or open-source middleware, for example).

This is a crucial point we will revisit in a future article, as it lies at the heart of assessing the profitability of sovereign investments. For this reason, while sovereignty projects do not constitute a wave of transformation, they are nonetheless an integral part of the transformation strategies and project portfolios generated by the wave of artificial intelligence.

As for cybersecurity, if we want to delve deeper into the analysis, it is the immune system of transformation. With each wave (Digitization → AI), the attack surface increases, and cybersecurity must evolve accordingly, without, however, becoming an end in itself. We implement cybersecurity to transform without perishing.

Are there any other waves?

They are taking shape on the horizon.

• The “Twin Transition” Wave (digital & sustainable): the idea that the next major transformation is not purely technological, but involves leveraging the four previous waves to address the imperative of decarbonization and the finite nature of resources. It marks the shift from pure performance to sustainable resilience.

  
  

• The Internet of Senses / Spatial Computing: some see the blurring of interfaces (mixed reality, neurotechnologies) as a wave that will transform our physical relationship with work, after AI has transformed our intellectual relationship.

The first of these two waves already warrants our attention, as investments in it can clearly be leveraged and, much like sovereign investments, ensure improved risk models. However, we will likely need to fully absorb the bulk of the AI wave before the Twin Transition takes hold in transformation portfolios.