Sovereign AI and Cloud in Swiss Banking - Balancing Innovation, Competitiveness, and Responsible Governance

Abstract

The rapid adoption of artificial intelligence (AI), particularly generative AI and foundation models, is transforming the banking industry by enabling new forms of automation, decision support, customer engagement, and operational efficiency. At the same time, the growing reliance on hyperscale cloud providers, external AI platforms, and increasingly complex digital ecosystems has introduced new challenges related to governance, operational resilience, regulatory compliance, concentration risk, and strategic dependency. These developments have intensified concerns regarding how financial institutions can leverage AI-driven innovation while maintaining control over critical data assets, decision-making processes, and risk management frameworks.

This paper examines the emerging concept of Sovereign AI within the context of Swiss banking. Drawing upon contemporary literature on artificial intelligence, digital sovereignty, cloud computing, data governance, and financial regulation, as well as insights from the Swiss Risk Association's flagship event Sovereign AI and Cloud in Swiss Banking, the paper develops a conceptual framework for responsible and competitive AI adoption in highly regulated financial institutions.

The analysis argues that Sovereign AI should be understood not as technological self-sufficiency, but as an organizational capability that enables institutions to retain meaningful control over critical data, governance mechanisms, decision processes, and risk boundaries while leveraging external cloud and AI ecosystems. Building on this perspective, the paper proposes a four-pillar Sovereign AI framework consisting of: (1) AI-ready data, (2) cloud-enabled scalability, (3) responsible AI governance, and (4) organizational transformation. These mutually reinforcing capabilities form an integrated operating model that allows banks to balance innovation, resilience, accountability, and strategic autonomy.

The paper contributes to the emerging literature on AI in financial services by extending the concept of digital sovereignty to the domain of enterprise AI and by demonstrating how governance, rather than technological ownership, constitutes the foundation of sustainable AI adoption in banking. The findings suggest that future competitive advantage will depend less on access to AI models and computational resources and more on the ability to govern AI effectively, manage technological dependencies, and maintain institutional trust in increasingly automated financial systems. The proposed framework offers practical guidance for financial institutions, regulators, and policymakers seeking to navigate the opportunities and risks of AI-enabled banking.

Keywords: Sovereign AI; Artificial Intelligence; Banking; Digital Sovereignty; Cloud Computing; AI Governance; Data Governance; Financial Regulation; Switzerland.

1. Introduction

Artificial intelligence (AI) has emerged as one of the most significant technological and strategic developments in contemporary banking. Recent advances in machine learning, foundation models, large language models (LLMs), and generative AI have accelerated digital transformation initiatives across the financial services industry, reshaping activities such as customer service, investment research, portfolio management, fraud detection, anti-money laundering monitoring, compliance processes, and operational automation (Bommasani et al., 2021; Brynjolfsson et al., 2023; Noy and Zhang, 2023; Fuster et al., 2022). Increasingly, AI is viewed not simply as a technological capability but as a general-purpose technology with the potential to fundamentally alter how financial institutions create value, manage risk, allocate capital, and compete in global markets (Brynjolfsson and McAfee, 2017; Agrawal, Gans and Goldfarb, 2018).

Despite its transformative potential, AI adoption in banking differs substantially from deployment in many other sectors. Financial institutions operate within a highly regulated environment characterized by fiduciary responsibilities, prudential supervision, data protection requirements, banking secrecy obligations, conduct risk considerations, and concerns regarding systemic financial stability (Arner, Barberis and Buckley, 2017; Broeders and Prenio, 2018). Consequently, banks face a more complex challenge than simply adopting emerging technologies. They must ensure that AI systems remain explainable, auditable, secure, robust, and compliant with evolving regulatory expectations while simultaneously delivering commercial value (Schuetz and Venkatesh, 2020; Financial Stability Board, 2025). Failures in AI systems may generate consequences that extend beyond individual institutions, potentially affecting customers, market integrity, consumer trust, and broader financial stability (Broeders and Prenio, 2018; Financial Stability Board, 2025).

The emergence of generative AI has intensified these challenges by increasing dependence on a relatively small number of global technology providers that dominate cloud infrastructure, foundation models, and AI development ecosystems (Bommasani et al., 2021; Weill and Woerner, 2024). While hyperscale cloud providers offer unprecedented computational capabilities, scalability, and access to state-of-the-art AI technologies, their growing importance has also generated concerns regarding vendor lock-in, operational concentration risk, data governance, cybersecurity, regulatory compliance, and strategic autonomy (Marston et al., 2011; Pohle and Thiel, 2020; Financial Stability Board, 2025). Such concerns are particularly pronounced in banking, where trust, confidentiality, operational resilience, and the secure stewardship of client data constitute core elements of institutional legitimacy and competitive advantage (Swiss Bankers Association, 2025).

Against this backdrop, the concept of Sovereign AI has gained increasing attention among policymakers, regulators, financial institutions, and technology leaders. Emerging from broader debates surrounding digital sovereignty and strategic autonomy, Sovereign AI reflects the need for organizations to retain meaningful control over critical digital assets and decision-making capabilities while participating in increasingly interconnected technological ecosystems (Pohle and Thiel, 2020; Couture and Toupin, 2019). Sovereign AI should therefore not be understood as technological self-sufficiency or the complete internalization of infrastructure and AI capabilities. Rather, it refers to an institution's ability to maintain effective control over critical data assets, governance mechanisms, decision processes, risk boundaries, and accountability structures while leveraging external cloud services, AI platforms, and technology partnerships (Financial Stability Board, 2025; Swiss Bankers Association, 2025). In this interpretation, sovereignty is less a question of ownership than one of control, oversight, resilience, and accountability.

The relevance of this concept is particularly evident in Switzerland. The Swiss financial centre has historically differentiated itself through trust, stability, confidentiality, legal certainty, and sophisticated risk management practices, attributes that remain highly valuable in an increasingly digital and data-driven economy (Swiss Bankers Association, 2025). As AI becomes embedded in core banking processes, these traditional strengths must be reconciled with demands for rapid innovation, scalable cloud infrastructure, and increasingly complex digital ecosystems. Swiss banks therefore face a dual strategic challenge: remaining globally competitive in an AI-driven financial landscape while preserving the governance standards, regulatory compliance, operational resilience, and institutional trust that underpin Switzerland's position as a leading international financial centre. The debate surrounding Sovereign AI reflects a broader question confronting the banking industry worldwide: how can financial institutions harness the transformative potential of AI without relinquishing control over the critical assets, processes, and governance structures that define their business models?

This question formed the central theme of the Swiss Risk Association's 2026 flagship event, Sovereign AI and Cloud in Swiss Banking: Staying Competitive in an AI-Driven Global Banking Landscape. Contributions from representatives of major financial institutions, regulators, industry associations, and technology providers highlighted a growing consensus that successful AI adoption depends on significantly more than access to advanced models or computational resources. Rather, sustainable AI implementation requires the integration of AI-ready data, cloud-enabled infrastructure, effective governance frameworks, organizational adaptability, and risk management capabilities that enable innovation while preserving accountability and resilience (Swiss Risk Association, 2026). Industry practitioners emphasized the importance of data quality, traceability, governance, explainability, and responsible AI practices as prerequisites for achieving AI at scale within regulated financial environments (Swiss Risk Association, 2026).

Building on these insights, this paper examines the emerging role of Sovereign AI in banking through the lens of Swiss financial institutions. By synthesizing practitioner perspectives with recent academic research on AI governance, cloud computing, digital sovereignty, organizational transformation, and financial regulation, the paper develops a conceptual framework for responsible and competitive AI adoption in banking. The central argument advanced is that sustainable AI advantage is not primarily determined by access to algorithms, models, or computational resources. Rather, competitive differentiation increasingly depends on an institution's ability to combine four mutually reinforcing capabilities: high-quality and governable data, sovereign control over critical assets and decisions, scalable cloud-enabled technology platforms, and enterprise-wide governance structures capable of managing AI-related risks. Together, these capabilities constitute the foundation of a Sovereign AI operating model and may emerge as a defining source of competitive advantage for banks in the age of artificial intelligence.

2. Literature Review

2.1 AI Transformation in Banking

The banking industry has long been among the most technologically intensive sectors of the economy and has historically acted as an early adopter of advanced analytics, quantitative modelling, and machine learning technologies (Arner, Barberis and Buckley, 2017; Schuetz and Venkatesh, 2020). Over the past two decades, financial institutions have increasingly leveraged artificial intelligence to improve decision-making, automate routine processes, enhance customer experiences, and strengthen risk management capabilities. Applications of AI in banking include credit scoring, fraud detection, anti-money laundering (AML) monitoring, algorithmic trading, customer segmentation, portfolio management, investment research, cybersecurity, and regulatory compliance (Fuster et al., 2022; Broeders and Prenio, 2018; Aldasoro et al., 2024). These applications have traditionally relied on predictive machine learning models designed to identify patterns in structured datasets and support human decision-making.

The emergence of generative AI and foundation models represents a significant shift in the evolution of enterprise AI. Unlike conventional machine learning systems that primarily focus on prediction and classification tasks, generative AI systems are capable of creating new content, including text, software code, images, analytical summaries, recommendations, and natural language interactions (Bommasani et al., 2021). Large language models (LLMs) have demonstrated unprecedented capabilities in reasoning, knowledge retrieval, content generation, and human-computer interaction, creating opportunities for banks to redesign both customer-facing and internal business processes (OpenAI, 2023; Brynjolfsson et al., 2023).

Recent empirical studies suggest that generative AI can substantially enhance knowledge-worker productivity, particularly in tasks involving information synthesis, document preparation, research, and communication (Noy and Zhang, 2023; Brynjolfsson et al., 2023). Within banking, these capabilities are increasingly being applied to client advisory services, financial research, regulatory reporting, compliance support, software engineering, operational automation, and employee productivity tools (Accenture, 2024; McKinsey, 2024). However, the introduction of generative AI also creates new categories of risk that differ from those associated with traditional machine learning systems. These include hallucinations, model opacity, explainability challenges, intellectual property concerns, prompt injection attacks, data leakage risks, model drift, and increased dependence on third-party AI providers (Weidinger et al., 2022; Financial Stability Board, 2025).

Consequently, the strategic focus of AI adoption in banking has shifted from isolated use cases toward enterprise-wide AI transformation. Increasingly, leading financial institutions view AI as a foundational organizational capability that must be embedded across business functions, technology platforms, and operating models rather than implemented as a collection of standalone applications (Brynjolfsson and McAfee, 2017; Davenport and Ronanki, 2018). This perspective is reflected in the experience of UBS, which describes a multi-year transformation journey from early data science initiatives and cloud adoption toward becoming a "fully AI-enabled institution" supported by cloud-first infrastructure, enterprise-wide AI deployment, centralized governance mechanisms, and a dedicated Chief AI Office (Swiss Risk Association, 2026). Such developments suggest that competitive advantage in banking increasingly depends not only on AI technologies themselves but also on the organizational capabilities required to deploy and govern them effectively at scale.

2.2 Data as the Foundation of AI

Despite significant advances in algorithms and computational infrastructure, the academic literature consistently identifies data quality, governance, and accessibility as the primary determinants of successful AI implementation (Janssen et al., 2020; Sambasivan et al., 2021). The longstanding principle of "garbage in, garbage out" remains highly relevant in the era of foundation models. While advances in model architectures have dramatically improved AI capabilities, model outputs remain fundamentally dependent on the quality, completeness, context, and governance of the underlying data used during training, retrieval, and inference processes (Gebru et al., 2021).

Research on enterprise AI deployments demonstrates that organizational challenges surrounding data quality frequently represent a greater obstacle to successful implementation than algorithmic limitations (Sambasivan et al., 2021). Data fragmentation, inconsistent taxonomies, incomplete metadata, poor lineage tracking, and weak governance frameworks can significantly reduce the reliability and explainability of AI systems, particularly within highly regulated industries such as financial services (Janssen et al., 2020; Khatri and Brown, 2010). Consequently, data governance has increasingly become a strategic rather than purely technical concern.

These findings align closely with insights presented by Morningstar during the Swiss Risk Association event, where the central message was that "AI is only as smart as the data behind it" (Swiss Risk Association, 2026). Morningstar's framework emphasizes the importance of developing "AI-ready data" that is not only accurate and complete but also structured, governed, contextualized, and readily consumable by AI systems. The framework identifies three critical dimensions of AI readiness: data quality and structure, contextual metadata, and governance mechanisms. Key elements include semantic descriptions, metadata enrichment, vectorization of content, traceability, ownership structures, and accountability mechanisms throughout the data lifecycle (Swiss Risk Association, 2026).

The importance of data quality has become even more pronounced with the rise of Retrieval-Augmented Generation (RAG) architectures, which increasingly serve as the preferred approach for enterprise AI deployments (Lewis et al., 2020; Gao et al., 2024). Rather than relying exclusively on information embedded within model parameters, RAG systems dynamically retrieve information from organizational knowledge repositories, databases, and document collections. This architecture enables institutions to improve factual accuracy, reduce hallucinations, enhance explainability, and maintain greater control over proprietary information (Lewis et al., 2020; Gao et al., 2024). However, the effectiveness of these systems depends heavily on the quality of underlying metadata, semantic structures, document governance, and knowledge management practices. As a result, the transition from traditional data management toward AI-ready data architectures has become a critical prerequisite for successful enterprise AI adoption.

Beyond technical considerations, data readiness also has important organizational and cultural dimensions. Morningstar argues that AI readiness requires a culture in which data quality becomes a shared organizational responsibility rather than the sole concern of technology teams (Swiss Risk Association, 2026). This perspective is supported by research showing that effective data governance requires cross-functional accountability, executive sponsorship, standardized processes, and alignment between business and technology functions (Khatri and Brown, 2010; Janssen et al., 2020). Accordingly, AI-ready data should be understood not merely as a technological asset but as an organizational capability that underpins trustworthy and scalable AI deployment.

2.3 Sovereign AI and Digital Sovereignty

The concept of digital sovereignty has gained increasing prominence in academic, regulatory, and policy discussions as governments and organizations seek to reduce strategic dependencies within critical digital infrastructures (Pohle and Thiel, 2020; Couture and Toupin, 2019). The rapid concentration of cloud computing, AI development, and digital platform ecosystems among a small number of multinational technology firms has intensified concerns regarding control, resilience, accountability, and strategic autonomy (Burwell and Propp, 2020). These concerns have become particularly significant in sectors such as finance, healthcare, energy, and public administration, where digital infrastructure plays a critical role in economic and societal stability.

Digital sovereignty is commonly defined as the ability of individuals, organizations, or states to exercise meaningful control over their digital resources, technological infrastructures, data assets, and decision-making processes (Pohle and Thiel, 2020). Importantly, contemporary interpretations of sovereignty increasingly emphasize governance and control rather than complete ownership or technological self-sufficiency (Couture and Toupin, 2019). In highly interconnected digital ecosystems, organizations may rely on external providers while still retaining sovereignty through effective governance, contractual controls, operational resilience mechanisms, and risk management frameworks.

Within the banking sector, these concerns have evolved into the emerging concept of Sovereign AI. Financial institutions are increasingly dependent on external cloud providers, foundation model vendors, and specialized AI technology partners for access to computational resources and advanced AI capabilities (Marston et al., 2011; Financial Stability Board, 2025). While such partnerships accelerate innovation, they simultaneously introduce risks related to concentration, vendor lock-in, jurisdictional uncertainty, data governance, cybersecurity, and operational resilience (Broeders and Prenio, 2018; Financial Stability Board, 2025).

Consequently, sovereignty in banking extends beyond traditional concerns regarding data localization and includes broader governance considerations such as control over critical datasets, oversight of AI-assisted decision-making, operational resilience, vendor concentration risk management, explainability, and regulatory accountability (Financial Stability Board, 2025; Swiss Bankers Association, 2025). The objective is not to eliminate dependence on external technology providers but to ensure that financial institutions retain ultimate responsibility for decisions, risks, and outcomes generated by AI-enabled systems.

The Swiss banking perspective articulated during the Swiss Risk Association event closely aligns with this interpretation. Across industry, regulatory, and banking presentations, Sovereign AI was consistently framed not as the construction of entirely domestic AI infrastructure but as maintaining control over critical decisions, data flows, governance mechanisms, and risk boundaries while leveraging cloud-based and externally provided technologies (Swiss Risk Association, 2026). This perspective reflects a broader shift in both scholarship and practice away from technological isolationism and toward a model of governed interdependence, in which organizations seek to balance innovation, efficiency, and strategic autonomy.

Viewed through this lens, Sovereign AI represents an extension of existing risk management and governance principles into the age of generative AI. It seeks to reconcile the benefits of globally distributed digital ecosystems with the need for institutional accountability, operational resilience, and regulatory compliance. For banks operating in highly regulated environments, Sovereign AI may therefore emerge as a critical organizational capability that enables innovation without compromising trust, control, or strategic independence.

3. A Conceptual Framework for Sovereign AI in Banking

3.1 From AI Adoption to Sovereign AI Capability

The literature on digital transformation has traditionally focused on technology adoption, organizational change, and innovation outcomes (Vial, 2019; Bharadwaj et al., 2013). Traditionally, research on enterprise AI has emphasized the importance of governance, data quality, and organizational readiness as prerequisites for successful implementation (Janssen et al., 2020; Davenport and Ronanki, 2018). However, the emergence of generative AI introduces additional strategic concerns related to cloud dependency, concentration risk, explainability, and institutional control that are not fully addressed by existing digital transformation frameworks (Bommasani et al., 2021; Financial Stability Board, 2025).

This paper argues that the concept of Sovereign AI provides a useful lens for understanding how financial institutions can simultaneously pursue AI-driven innovation and maintain regulatory accountability, operational resilience, and strategic autonomy. Sovereign AI is defined here as the organizational capability to deploy, govern, and scale AI systems while retaining meaningful control over critical data assets, decision-making processes, governance mechanisms, and risk boundaries.

Drawing on insights from the Swiss Risk Association's 2026 flagship event and the broader literature on AI governance, digital sovereignty, and financial regulation, a four-pillar framework for Sovereign AI in banking is proposed. The framework suggests that successful AI adoption depends on the interaction of four mutually reinforcing capabilities:

1. AI-ready data

2. Cloud-enabled scalability

3. Responsible AI governance

4. Organizational transformation

Rather than operating independently, these capabilities form an integrated socio-technical system that enables banks to innovate while preserving control, trust, and resilience.

3.2 Pillar I: AI-Ready Data

Data constitutes the foundational resource of all AI systems and represents the first pillar of the Sovereign AI framework. Existing research consistently demonstrates that data quality, governance, lineage, and accessibility have a greater influence on AI performance than model selection alone (Sambasivan et al., 2021; Janssen et al., 2020). In financial institutions, where decisions often have regulatory, legal, and fiduciary implications, poor data quality can undermine model performance, increase operational risk, and erode trust in AI-enabled processes.

The Morningstar presentation highlighted the distinction between merely possessing data and possessing "AI-ready" data (Swiss Risk Association, 2026). According to this perspective, AI-ready data must exhibit three characteristics: structure, context, and governance. Structured data provides consistency and interoperability across systems; contextual metadata enables machine interpretation and retrieval; and governance mechanisms ensure traceability, accountability, and compliance throughout the data lifecycle.

These requirements become increasingly important in the era of retrieval-augmented generation (RAG), vector databases, and agentic AI systems, where enterprise knowledge assets are directly incorporated into model outputs (Lewis et al., 2020; Gao et al., 2024). The quality of AI outputs therefore becomes directly dependent upon the quality of organizational data assets.

Consequently, AI-ready data should be viewed not merely as a technical prerequisite but as a strategic capability that enables explainability, trustworthiness, and regulatory compliance.

Proposition 1

Banks with higher levels of AI-ready data maturity will achieve greater AI effectiveness, explainability, and regulatory compliance than banks with lower levels of data maturity.

3.3 Pillar II: Cloud-Enabled Scalability

The second pillar concerns cloud infrastructure as the primary platform through which modern AI capabilities are delivered. Cloud computing has evolved from an efficiency-focused outsourcing model into a strategic enabler of digital innovation and AI deployment (Marston et al., 2011; Weill and Woerner, 2024).

Generative AI workloads require significant computational resources, scalable infrastructure, and access to continuously evolving model ecosystems. These requirements make cloud platforms increasingly indispensable for financial institutions seeking to deploy AI at scale. The UBS case illustrates this dynamic. The firm's AI transformation was preceded by a decade-long cloud migration journey, suggesting that cloud readiness may be a necessary precursor to enterprise-scale AI adoption (Swiss Risk Association, 2026).

However, cloud adoption simultaneously introduces new dependencies. Reliance on a small number of hyperscale providers raises concerns regarding operational resilience, concentration risk, vendor lock-in, and regulatory oversight (Financial Stability Board, 2025). As a result, Sovereign AI requires banks to balance the innovation benefits of cloud computing with mechanisms that preserve institutional control over critical assets and services.

The challenge is therefore not whether to use the cloud but how to govern cloud dependencies effectively.

Proposition 2

Cloud-enabled scalability positively influences AI innovation capacity, but its effectiveness depends on governance mechanisms that mitigate concentration and dependency risks.

3.4 Pillar III: Responsible AI Governance

Governance constitutes the central coordinating mechanism of the Sovereign AI framework. While data and infrastructure provide the technological foundation for AI, governance determines how AI systems are developed, deployed, monitored, and controlled.

Academic research increasingly identifies governance as one of the primary determinants of successful AI implementation (Raji et al., 2020; Janssen et al., 2020). This perspective is reinforced by regulatory initiatives such as the NIST AI Risk Management Framework, the EU AI Act, FINMA guidance on AI risk, and the Financial Stability Board's sound practices for AI adoption in finance (FINMA, 2024; Financial Stability Board, 2025).

The Swiss Risk Association event highlighted several governance dimensions that are particularly relevant in banking, including strategic oversight, accountability structures, human oversight, explainability, performance monitoring, lifecycle management, and risk assessment (Swiss Risk Association, 2026). Importantly, governance was presented not as a compliance exercise but as an organizational capability that must evolve alongside technological development.

Responsible AI governance enables institutions to transform AI from isolated experimentation into scalable production systems capable of meeting regulatory and operational requirements.

Proposition 3

Responsible AI governance positively moderates the relationship between AI adoption and organizational trust, operational resilience, and regulatory compliance.

3.5 Pillar IV: Organizational Transformation

The final pillar concerns organizational transformation. Digital transformation research consistently demonstrates that technology investments alone rarely generate sustained competitive advantage (Bharadwaj et al., 2013; Vial, 2019). Rather, value emerges when organizations redesign processes, develop new capabilities, and adapt their operating models to exploit technological opportunities.

The UBS presentation emphasized that successful AI adoption depends on organizational factors such as leadership commitment, AI literacy, agile delivery models, cross-functional collaboration, and innovation-oriented culture (Swiss Risk Association, 2026). Similar conclusions have emerged from broader research on enterprise AI, which highlights the importance of talent development, governance structures, and organizational learning capabilities (Davenport and Ronanki, 2018).

Generative AI further increases the importance of organizational adaptability because technological capabilities continue to evolve at an unprecedented pace. Institutions must therefore develop mechanisms for continuous learning, experimentation, and capability building.

In this sense, Sovereign AI is not solely a technology strategy but also an organizational transformation strategy.

Proposition 4

Organizational adaptability and AI-related capabilities positively influence the successful scaling of AI across banking institutions.

3.6 An Integrated Sovereign AI Operating Model

The four pillars should not be viewed as independent constructs. Instead, they form an integrated operating model for AI-enabled banking.

AI-ready data provides the informational foundation for AI systems. Cloud infrastructure provides scalable computational capabilities. Governance ensures accountability and control. Organizational transformation enables sustained adoption and value creation. Weakness in any one dimension can undermine the effectiveness of the entire system.

The framework therefore suggests that Sovereign AI emerges not from technological ownership but from the interaction of governance, data, infrastructure, and organizational capabilities. Financial institutions that successfully integrate these capabilities are likely to be better positioned to balance innovation, resilience, regulatory compliance, and strategic autonomy.

This integrated capability perspective represents the central theoretical contribution of the paper and provides a foundation for future empirical research on AI adoption within highly regulated industries.

4. Discussion

4.1 Reframing Sovereignty in the Age of AI

A central finding emerging from this study is that sovereignty in the context of AI should not be understood as technological self-sufficiency. Traditional interpretations of sovereignty often emphasize ownership and direct control over infrastructure, data, and technological resources (Pohle and Thiel, 2020). However, such interpretations are increasingly difficult to sustain in a digital economy characterized by globally interconnected cloud platforms, foundation models, and technology ecosystems (Couture and Toupin, 2019).

The evidence gathered from the Swiss banking sector suggests a more nuanced interpretation. Sovereignty is not achieved through complete independence from external technology providers but through the ability to maintain effective control over critical data assets, governance processes, decision-making authority, and risk boundaries. This perspective aligns with emerging research on digital sovereignty, which increasingly emphasizes governance capabilities rather than ownership of technological infrastructure (Burwell and Propp, 2020).

For financial institutions, this distinction is particularly important. Modern AI systems are increasingly dependent on cloud-based infrastructure, foundation models, and external technology ecosystems that no individual institution can realistically replicate internally. Consequently, the strategic challenge facing banks is not whether to participate in these ecosystems, but how to do so without compromising accountability, resilience, or regulatory compliance. Sovereign AI therefore represents a governance problem rather than a technology procurement problem.

This finding extends existing discussions on digital sovereignty by shifting the focus from technological independence toward institutional control. In the banking context, sovereignty emerges as an organizational capability that enables institutions to benefit from external innovation while retaining responsibility for decisions, risks, and outcomes.

4.2 The Shift from AI Adoption to AI Industrialization

A second important finding concerns the evolution of AI implementation within banking institutions. Much of the early literature on AI adoption focused on individual use cases such as fraud detection, credit scoring, algorithmic trading, and customer analytics (Fuster et al., 2022; Broeders and Prenio, 2018). The findings of this study suggest that the strategic challenge has fundamentally changed.

Generative AI and foundation models have dramatically reduced the barriers to experimentation. Building prototypes, conducting proof-of-concepts, and deploying pilot applications has become increasingly accessible due to cloud computing and commercially available AI models (Bommasani et al., 2021). As a result, competitive differentiation is unlikely to emerge from experimentation alone.

Instead, the challenge has shifted toward what may be described as AI industrialization: the ability to deploy AI systems reliably, securely, and repeatedly across the enterprise. This requires standardized governance mechanisms, scalable infrastructure, robust monitoring processes, organizational capabilities, and AI-ready data architectures. In other words, the source of competitive advantage is moving from algorithmic innovation toward organizational execution.

This observation supports broader findings in digital transformation research that sustained value creation is rarely generated by technology itself but rather by complementary organizational capabilities (Bharadwaj et al., 2013; Vial, 2019). Banks that can operationalize AI at scale are likely to derive greater value than institutions that merely possess access to advanced technologies.

4.3 Data Governance as the Core of Sovereign AI

The proposed framework positions data as the foundational layer of Sovereign AI. While significant attention has been devoted to advances in foundation models and generative AI, the findings suggest that organizational data assets remain the primary determinant of successful AI implementation.

This conclusion is consistent with growing evidence that enterprise AI performance depends heavily on data quality, metadata management, governance structures, and knowledge architecture (Janssen et al., 2020; Sambasivan et al., 2021). The increasing adoption of Retrieval-Augmented Generation (RAG) architectures further reinforces this dependency by making organizational knowledge directly accessible to AI systems (Lewis et al., 2020; Gao et al., 2024).

The Swiss banking experience highlights an important distinction between possessing large volumes of data and possessing AI-ready data. Institutions that fail to establish governance mechanisms for metadata, lineage, traceability, ownership, and quality management may struggle to scale AI effectively regardless of model sophistication. Consequently, investments in data governance should be viewed not as compliance expenditures but as strategic investments in AI capability.

This finding has important implications for both researchers and practitioners. While public discourse frequently focuses on advances in models and computing power, the results suggest that future competitive advantage may increasingly depend on data governance capabilities that are difficult to imitate and deeply embedded within organizational processes.

4.4 Cloud Dependency and Strategic Autonomy

The relationship between cloud computing and sovereignty represents one of the central tensions in contemporary banking technology strategy. Cloud platforms have become indispensable for enterprise AI because they provide access to computational resources, scalable infrastructure, advanced analytics services, and rapidly evolving AI ecosystems (Marston et al., 2011; Weill and Woerner, 2024).

However, the concentration of these capabilities among a limited number of hyperscale providers introduces new forms of strategic dependency. Financial regulators have increasingly expressed concerns regarding operational concentration risk, third-party dependency, and systemic vulnerabilities arising from cloud adoption (Financial Stability Board, 2025).

The findings suggest that cloud adoption and sovereignty should not be viewed as opposing objectives. Rather, they represent complementary dimensions that must be balanced through governance mechanisms. Sovereign AI does not require banks to avoid cloud services; instead, it requires institutions to establish sufficient oversight, resilience measures, contractual safeguards, and operational controls to ensure that reliance on external providers does not undermine institutional autonomy.

This perspective contributes to ongoing debates regarding cloud regulation and digital sovereignty by demonstrating that strategic autonomy can coexist with deep technological interdependence. The challenge lies not in eliminating dependencies but in governing them effectively.

4.5 Governance as a Source of Competitive Advantage

An important contribution of this study is the identification of governance as a strategic capability rather than a regulatory burden. Much of the existing discourse surrounding AI governance focuses on compliance, risk mitigation, and regulatory oversight (Raji et al., 2020; Financial Stability Board, 2025). While these functions remain important, the findings suggest that governance may also serve as a source of competitive advantage.

Effective governance enables institutions to scale AI initiatives more rapidly, deploy systems more confidently, and maintain stakeholder trust in increasingly complex technological environments. Governance structures provide mechanisms for accountability, transparency, explainability, and risk management, thereby reducing uncertainty associated with AI deployment.

In highly regulated sectors such as banking, trust remains a critical organizational asset. Institutions that can demonstrate robust governance of AI systems may be better positioned to gain regulatory approval, attract clients, and accelerate innovation than organizations that rely solely on technological superiority.

This argument resonates with the resource-based view of the firm, which suggests that sustainable competitive advantage emerges from organizational capabilities that are valuable, difficult to imitate, and deeply embedded within institutional processes (Barney, 1991). From this perspective, governance itself becomes a strategic resource.

4.6 Implications for Swiss Banking

The Swiss banking sector provides a particularly relevant context for examining Sovereign AI because its competitive position has historically been built upon trust, confidentiality, stability, and sophisticated risk management. These characteristics align closely with the governance-oriented conception of sovereignty developed in this paper.

As AI becomes increasingly embedded within banking operations, Swiss institutions face the challenge of preserving these traditional strengths while remaining competitive in a rapidly evolving technological environment. The findings suggest that Sovereign AI may offer a pathway for achieving this balance. Rather than competing solely on access to technology, Swiss banks may differentiate themselves through their ability to combine advanced AI capabilities with strong governance, high-quality data, operational resilience, and regulatory accountability.

In this sense, Sovereign AI should not be viewed merely as a defensive response to technological dependency. It may also represent a strategic opportunity for the Swiss financial sector to reinforce its traditional reputation for trust and stability in the age of artificial intelligence.

4.7 Future Research Directions

The conceptual framework developed in this paper creates several opportunities for future research. First, empirical studies could examine the relationship between the four proposed Sovereign AI capabilities and organizational performance outcomes. Second, comparative studies could investigate how Sovereign AI strategies differ across jurisdictions with varying regulatory environments. Third, future research could explore how emerging regulations, including the EU AI Act and evolving supervisory guidance, influence the development of Sovereign AI capabilities within financial institutions.

Finally, longitudinal studies may provide insights into how banks balance innovation and sovereignty over time as AI technologies, cloud ecosystems, and regulatory expectations continue to evolve. Such research would contribute to a deeper understanding of how organizations can sustain strategic autonomy in increasingly interconnected digital environments.

5. Conclusion

The rapid emergence of generative artificial intelligence represents one of the most significant technological shifts confronting the banking industry since the advent of digital banking and cloud computing. While AI offers unprecedented opportunities to enhance productivity, improve customer experiences, strengthen risk management, and create new sources of value, it also introduces novel challenges related to governance, explainability, operational resilience, concentration risk, and strategic dependency. These challenges are particularly pronounced in banking, where institutions operate within highly regulated environments characterized by fiduciary responsibilities, systemic importance, and strong requirements for trust, accountability, and data protection.

This paper has argued that the concept of Sovereign AI provides a useful framework for understanding how financial institutions can reconcile the competing demands of innovation and control. Rather than viewing sovereignty as technological self-sufficiency or the complete ownership of digital infrastructure, the analysis advances a governance-oriented conception of sovereignty based on the ability of institutions to maintain meaningful control over critical data assets, decision-making processes, governance structures, and risk boundaries while participating in increasingly interconnected cloud and AI ecosystems.

Drawing on insights from the Swiss Risk Association's 2026 flagship event and the broader literature on AI governance, cloud computing, digital sovereignty, and financial regulation, the paper developed a conceptual framework consisting of four mutually reinforcing capabilities: AI-ready data, cloud-enabled scalability, responsible AI governance, and organizational transformation. The framework suggests that successful AI adoption is not determined solely by access to advanced models or computational resources. Instead, sustainable competitive advantage increasingly depends on an institution's ability to integrate data, technology, governance, and organizational capabilities into a coherent operating model capable of supporting trustworthy AI at scale.

The analysis contributes to the emerging literature on AI in financial services in several ways. First, it extends existing research on digital sovereignty by applying the concept to the governance challenges associated with enterprise AI adoption in highly regulated industries. While prior studies have largely focused on states, infrastructure, and digital platforms (Pohle and Thiel, 2020; Couture and Toupin, 2019), this paper demonstrates how sovereignty can be conceptualized as an organizational capability within financial institutions. Second, the paper contributes to the growing literature on AI governance by highlighting the interdependence between data governance, cloud strategy, organizational transformation, and risk management. Third, it introduces the concept of Sovereign AI as an integrative framework that connects previously fragmented discussions surrounding AI readiness, digital sovereignty, cloud dependency, and responsible AI.

From a managerial perspective, the findings suggest that many banks may be focusing on the wrong problem. Competitive advantage in the age of generative AI is unlikely to stem solely from access to models, algorithms, or computational infrastructure, as these resources are increasingly commoditized and accessible through cloud-based platforms. Instead, differentiation is likely to arise from organizational capabilities that are more difficult to replicate, including high-quality data assets, effective governance mechanisms, resilient operating models, and institutional trust. Investments in data governance, explainability, accountability frameworks, and organizational AI capabilities should therefore be viewed not as compliance costs but as strategic investments that enable scalable and sustainable innovation.

The findings also carry important implications for regulators and policymakers. As financial institutions become increasingly dependent on external cloud providers and AI vendors, regulatory attention is likely to shift toward concentration risk, third-party dependency management, model governance, and operational resilience. The governance-oriented interpretation of Sovereign AI proposed in this paper offers a potential framework for balancing technological innovation with prudential oversight. Rather than seeking complete technological independence, regulators may focus on ensuring that institutions retain sufficient visibility, control, accountability, and resilience over AI-enabled processes and decisions.

For Switzerland, these issues are particularly significant. The Swiss financial sector has historically differentiated itself through trust, stability, confidentiality, and sophisticated risk management. The transition toward AI-enabled banking creates both opportunities and challenges for maintaining this position. The findings suggest that Sovereign AI may provide a pathway through which Swiss banks can preserve their traditional strengths while embracing technological innovation. In this sense, Sovereign AI should be viewed not merely as a defensive response to technological dependency but as a potential source of strategic differentiation within an increasingly competitive global banking landscape.

The paper is subject to several limitations. As a conceptual study, it does not empirically test the proposed framework or evaluate causal relationships among the identified capabilities. The analysis is also grounded primarily in the Swiss banking context, which may limit the generalizability of some findings to jurisdictions with different regulatory structures, market dynamics, or technological ecosystems. Furthermore, the rapid pace of AI development means that governance practices, regulatory expectations, and technological architectures will continue to evolve, potentially altering the relative importance of different dimensions of Sovereign AI over time.

These limitations create several opportunities for future research. Empirical studies could investigate the relationship between Sovereign AI capabilities and organizational outcomes such as innovation performance, operational resilience, regulatory compliance, and financial performance. Comparative analyses across jurisdictions could explore how different regulatory environments influence Sovereign AI strategies and governance models. Future research may also examine the implications of emerging technologies such as agentic AI systems, autonomous decision-making architectures, and industry-specific foundation models for the evolution of Sovereign AI. Finally, longitudinal studies could provide valuable insights into how financial institutions balance innovation, dependency, and control as AI technologies mature and become increasingly embedded within core banking operations.

In conclusion, the central argument of this paper is that the future of AI in banking is not fundamentally a question of technology. It is a question of governance. As AI capabilities become increasingly accessible through global cloud ecosystems, the institutions most likely to succeed will not necessarily be those with the most advanced models, but those capable of governing AI responsibly, managing dependencies effectively, and maintaining trust in an increasingly automated financial system. Sovereign AI therefore represents not only a framework for risk management and regulatory compliance, but a strategic capability that may define competitiveness in the next generation of banking.

7. References

Accenture (2024) Reinventing Financial Services Operations. Dublin: Accenture.

Agrawal, A., Gans, J. and Goldfarb, A. (2018) Prediction Machines: The Simple Economics of Artificial Intelligence. Boston, MA: Harvard Business Review Press.

Aldasoro, I. et al. (2024) ‘Intelligent financial system: how AI is transforming finance’, BIS Working Papers, No. 1194. Basel: Bank for International Settlements.

Arner, D.W., Barberis, J.N. and Buckley, R.P. (2017) ‘FinTech, RegTech and the reconceptualization of financial regulation’, Northwestern Journal of International Law & Business, 37(3), pp. 371–413.

Barney, J. (1991) ‘Firm resources and sustained competitive advantage’, Journal of Management, 17(1), pp. 99–120.

Bharadwaj, A., El Sawy, O.A., Pavlou, P.A. and Venkatraman, N. (2013) ‘Digital business strategy: Toward a next generation of insights’, MIS Quarterly, 37(2), pp. 471–482.

Bommasani, R., et al. (2021). On the Opportunities and Risks of Foundation Models. Stanford Center for Research on Foundation Models.

Broeders, D. and Prenio, J. (2018) ‘Innovative technology in financial supervision (SupTech): The experience of early users’, FSI Insights on Policy Implementation, No. 9. Basel: Bank for International Settlements.

Brynjolfsson, E., Li, D., & Raymond, L. (2023). Generative AI at Work. NBER Working Paper.

Brynjolfsson, E., & McAfee, A. (2017). The Business of Artificial Intelligence. Harvard Business Review.

Brynjolfsson, E., Li, D. and Raymond, L.R. (2023) ‘Generative AI at work’, NBER Working Paper No. 31161. Cambridge, MA: National Bureau of Economic Research.

Burwell, F.G. and Propp, K. (2020) The European Union and the Search for Digital Sovereignty. Washington, DC: Atlantic Council.

Couture, S. and Toupin, S. (2019) ‘What does the notion of sovereignty mean when referring to the digital?’, New Media & Society, 21(10), pp. 2305–2322.

Davenport, T.H. and Ronanki, R. (2018) ‘Artificial intelligence for the real world’, Harvard Business Review, 96(1), pp. 108–116.

Financial Stability Board (2025). FSB consults on sound practices for the responsible adoption of artificial intelligence (AI)

Fuster, A., Goldsmith-Pinkham, P., Ramadorai, T., & Walther, A. (2022). Predictably Unequal? The Effects of Machine Learning on Credit Markets. Journal of Finance.

Gao, Y., Xiong, Y., Gao, X., et al. (2024). Retrieval-Augmented Generation for Large Language Models: A Survey. ACM Computing Surveys.

Gebru, T., Morgenstern, J., Vecchione, B., Vaughan, J.W., Wallach, H., Daumé III, H. and Crawford, K. (2021) ‘Datasheets for datasets’, Communications of the ACM, 64(12), pp. 86–92.

Janssen, M., Brous, P., Estevez, E., Barbosa, L.S. and Janowski, T. (2020) ‘Data governance: Organizing data for trustworthy artificial intelligence’, Government Information Quarterly, 37(3), Article 101493.

Khatri, V. and Brown, C.V. (2010) ‘Designing data governance’, Communications of the ACM, 53(1), pp. 148–152.

Lewis, P., Perez, E., Piktus, A., et al. (2020). Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks. NeurIPS.

Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud Computing: The Business Perspective. Decision Support Systems, 51(1), 176–189.

McKinsey & Company (2024) The Economic Potential of Generative AI in Banking. New York: McKinsey & Company.

Noy, S., & Zhang, W. (2023). Experimental Evidence on the Productivity Effects of Generative Artificial Intelligence. Science.

OpenAI (2023) GPT-4 Technical Report. arXiv:2303.08774.

Pohle, J., & Thiel, T. (2020). Digital Sovereignty. Internet Policy Review, 9(4).

Raji, I.D., Smart, A., White, R.N., Mitchell, M., Gebru, T., Hutchinson, B., Smith-Loud, J., Theron, D. and Barnes, P. (2020) ‘Closing the AI accountability gap: Defining an end-to-end framework for internal algorithmic auditing’, Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency (FAccT), pp. 33–44.

Sambasivan, N., Kapania, S., Highfill, H., Akrong, D., Paritosh, P. and Aroyo, L. (2021) ‘Everyone wants to do the model work, not the data work: Data cascades in high-stakes AI’, Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pp. 1–15.

Schuetz, S. and Venkatesh, V. (2020) ‘Research perspectives: The rise of human machines: How cognitive computing systems challenge assumptions of user-system interaction’, Journal of the Association for Information Systems, 21(2), pp. 460–482.

Swiss Bankers Association (2025). Cloud Guidelines.

Swiss Risk Association. (2026). Sovereign AI and Cloud in Swiss Banking: Staying Competitive in an AI-Driven Global Banking Landscape.

Vial, G. (2019) ‘Understanding digital transformation: A review and a research agenda’, Journal of Strategic Information Systems, 28(2), pp. 118–144.

Weidinger, L., Mellor, J., Rauh, M., Griffin, C., Uesato, J., Huang, P.-S., Cheng, M., Glaese, A., Balle, B., Kasirzadeh, A., Kenton, Z., Brown, S., Hawkins, W., Stepleton, T., Birhane, A., Haas, J., Rimell, L., Hendricks, L., Isaac, W., Campbell-Gillingham, L., Thorne, J. and Gabriel, I. (2022) ‘Taxonomy of risks posed by language models’, Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency (FAccT), pp. 214–229.

Weill, P. and Woerner, S.L. (2024) Future Ready: The Four Pathways to Capturing Digital Value. Boston, MA: Harvard Business Review Press.

Contact

Reach out via email for inquiries.

Email

Subscribe to newsletter

info@grcadvisory.ch

© 2025. All rights reserved.