For much of the past year, the conversation around generative AI was driven by speed and scale. Bigger models, higher benchmark scores, and rapid deployment dominated headlines and boardroom discussions. That focus is now shifting as global organisations confront a harder question: how to balance AI cost efficiency with data sovereignty and risk.
Low-cost, high-performing AI models promise faster innovation and lower barriers to entry. For enterprises grappling with the expense of large-scale AI pilots, that appeal is real. But recent developments show that efficiency alone is no longer enough to justify adoption.
When efficiency meets geopolitical reality
The debate sharpened following scrutiny of China-based AI lab DeepSeek. According to Bill Conner, former adviser to Interpol and GCHQ and now CEO of Jitterbit, DeepSeek initially drew attention for proving that strong language models could be built without Silicon Valley–level budgets. That message resonated across an industry under pressure to rein in AI spending.
However, enthusiasm cooled after disclosures suggesting DeepSeek stores data in China and shares it with state intelligence services. For Western enterprises, this raised concerns far beyond standard compliance with regulations such as GDPR or CCPA. The issue moved into national security territory.
In practice, generative AI systems are rarely isolated tools. They are connected to customer records, internal documents, proprietary data lakes, and intellectual property. If the underlying model operates in a jurisdiction where state access to data is permitted or opaque, the organisation’s security perimeter is effectively bypassed.
Data sovereignty as a business risk
Conner warns that alleged links between DeepSeek and military procurement networks, as well as claims of export control evasion, should act as a warning for senior leaders. Using such technology could expose companies to sanctions risk, regulatory penalties, or supply chain disruption.
This matters most in sectors such as finance, healthcare, and defence, where tolerance for uncertainty around data lineage is virtually zero. In these environments, AI success is no longer measured by code generation speed or document summarisation quality. It is measured by trust, transparency, and legal accountability.
Technical teams may naturally focus on performance metrics and ease of integration during pilot phases. Risk officers and CIOs, however, are increasingly expected to ask deeper questions: who owns the model, where does inference take place, and which legal frameworks apply to the data being processed?
Governance over short-term savings
From a leadership perspective, AI adoption has become a governance issue rather than a purely technical one. Shareholders, customers, and regulators expect clear assurances that data is handled responsibly and used only for its intended purpose.
Even a model that delivers most of a competitor’s performance at a fraction of the cost can quickly become a liability if its data practices are unclear. Regulatory fines, reputational damage, and potential loss of intellectual property can erase any short-term savings overnight.
Ryan Daws
The DeepSeek case has prompted many enterprises to review their AI supply chains more closely. Visibility into data residency, access controls, and vendor obligations is becoming a baseline requirement, not a nice-to-have.
A more mature AI market
As generative AI moves from experimentation to long-term deployment, the priorities are changing. Cost efficiency still matters, but it no longer stands alone. Trust, transparency, and data sovereignty are emerging as decisive factors in vendor selection.
For global organisations, the lesson is clear. Sustainable AI adoption depends not just on what a model can do, but on the legal, ethical, and geopolitical context in which it operates. Balancing innovation with responsibility is now central to managing AI risk in an increasingly complex world.
