For over a decade, enterprise technology strategy has focused on scale, efficiency and cost optimisation. That model is now under strain.
Across the Middle East, CIOs are confronting a new reality as geopolitical uncertainty, regulatory tightening, and deep digital dependencies expose structural risks in technology design and operation. The question is no longer how efficiently systems run, but whether they can continue to run amid disruption.
Recent cloud outages and stricter regulations around data and artificial intelligence (AI) across the United Arab Emirates (UAE) and Gulf Cooperation Council (GCC) have brought this into sharp focus. For organisations managing critical infrastructure, resilience is no longer theoretical; it is operational.
This is driving a clear shift – from cloud-first to sovereign-first. Digital sovereignty is not just about data residency. It is about control over systems, operations and decision-making.
“Digital sovereignty is ultimately about operational continuity,” says Nischal Kapoor, chief revenue officer at e& enterprise. “If critical functions like security, identity and incident response are dependent on external jurisdictions, resilience is compromised.” This broader view of sovereignty now spans four layers: data, infrastructure, operations and, increasingly, artificial intelligence.
AI is accelerating the urgency
While investment is growing rapidly, most organisations are still struggling to scale AI beyond pilots. The issue is not technology; it is integration. “AI cannot deliver outcomes if it sits outside core business processes,” Nischal explains. “Enterprises don’t need more tools. They need intelligence embedded into how they operate.”
To achieve this, AI must be local, trained on relevant data, governed by regulatory frameworks, and aligned with the regional context. Without this, scale remains elusive.
This is driving a move away from massive, general-purpose AI models towards more efficient small language models (SLMs) deployed directly at the operational edge. For example, an SLM in a factory can be expertly trained on a single task, such as listening to machinery to predict a failure. This approach provides immediate, secure insights without the cost, data privacy risks and resource-heavy footprint of larger models.
“The conversation has changed. It is no longer about cloud adoption; it is about ensuring your business can operate, no matter what happens externally”
Nischal Kapoor, e& enterprise
At the same time, the CIO mandate is expanding. Technology leaders are now accountable not just for uptime or cost, but also for resilience, compliance and business outcomes. Managing fragmented ecosystems of hyperscalers, software-as-a-service (SaaS) platforms and AI suppliers is becoming increasingly unsustainable.
“CIOs want fewer partners who can deliver outcomes end-to-end,” Nischal notes. This is driving the rise of integrated sovereign platforms – architectures that combine cloud, AI and cyber security – under a unified, locally governed model. Rather than replacing global providers, they orchestrate them while retaining control and accountability.
There are trade-offs. Localisation can increase cost and complexity. But the economics have shifted. “The cost of disruption is now far greater than the cost of sovereignty,” says Nischal. “Resilience, control and compliance are becoming non-negotiable.”
As regulation intensifies, the most effective approach may not be to regulate every individual AI application – an impossible task that would slow innovation. Instead, the focus should be on certifying the sovereign platforms on which these AI systems operate. By creating a “trust mark” for the foundational infrastructure, regulators can establish a secure “sandbox” where enterprises and developers can deploy AI solutions with confidence. This turns regulation into an accelerator for safe, trusted innovation.
The future will not be purely global or local – it will be hybrid. Global platforms will drive innovation and scale, while local platforms ensure control and resilience.
“The conversation has changed,” Nischal concludes. “This is no longer about cloud adoption; it is about ensuring your business can operate, no matter what happens externally.” For CIOs in the Middle East, sovereign-first is fast becoming the new baseline.
