Defining Sovereignty
Parliament says the government can't define sovereign capability. Definitions are useful but better ask these 3 questions.
Eighteen days in June
For eighteen days in June, our closest ally switched off British access to some of the most capable AI models in the world.
The United States placed export controls on Anthropic’s latest models, banning non-US citizens from access, and then restricted OpenAI’s newest models to a small group of American organisations approved by the administration. The controls were withdrawn at the end of the month. The point stands: access to frontier AI is granted by a foreign government and can be withdrawn.
On 7 July the Commons Science, Innovation and Technology Committee (DITC) published Science diplomacy: Sovereignty, strategy, and the global race, and drew the right lesson. The UK may not be able to count on its allies for access to critical tech. Leverage alone may not be enough to guarantee sovereignty. The UK must not find itself cut off from key technologies ‘at the whim of a foreign government’.
While the controls were in force, the Minister for AI said publicly that the main lesson was the importance of access to AI capabilities. Access was the thing that had just been switched off. If sovereignty means access to somebody else’s technology, June laid the argument bare. The Committee cites the minister’s response as an illustration of the problem.
The gap
The Committee’s most useful finding sits underneath the warning. The government has declared sovereign capability a critical priority across AI, quantum, semiconductors, engineering biology, cyber security and advanced connectivity. It has never said what the term means, how it would be measured, or what success would look like.
The government does not deny this. Pressed by two other parliamentary committees to define sovereign capability, it declined on national security grounds. The Prime Minister’s explanation, in writing, was that a published list risks going out of date and telegraphing vulnerabilities to hostile actors. The Committee’s response is blunt: secrecy of this kind hides nothing from Moscow or Beijing, whose analysts can read a procurement notice as well as anyone. It leaves British technology companies in the dark about what their own government wants built.
So the position, as of this week, is this. The UK is in a global race for sovereign capability, whether it acknowledges it or not. Its ministers, pressed for a definition, reach for access and leverage. Its closest ally has just demonstrated that access can be revoked in an afternoon. And its government will not say what the word means.
The Committee’s remedy is an invitation. It recommends the government work with industry and academia to set a clear and consistent definition of sovereign capability for each of the critical technologies, grounded in analysis of supply chains, dependencies and points of comparative strength. As someone who works in this industry - here’s a contribution.
What the Committee gets right
Since the 2021 Integrated Review, UK strategy has nominally rested on the ‘own–collaborate–access’ framework: decide which capabilities the UK must own, which it should build with partners, and which it can buy or access. The framework is sound. A mid-sized power with finite resources can’t own the whole stack and shouldn’t try.
The Committee’s criticism is that it is applied at the wrong altitude. Ministers talk about putting whole technologies in the ‘own’ category, as the Science Minister does with quantum. But quantum is not a thing you can own, any more than AI is. Each is a stack of dozens of capabilities, components and dependencies, and the Committee doubts that owning an entire technology is feasible at all. Its recommendation is to apply the framework at the level of specific capabilities within technology stacks, not technologies as a whole.
That instinct generalises. Sovereignty is not a property of whole technologies. It is a property of specific control points, and control points can be named, tested and secured without pretending Britain will rebuild the global technology stack.
A working definition
Sovereignty is control over the things you cannot afford to lose.
It does not mean owning everything, and it does not mean autarky. It means control over the points where dependence would let someone else read your data, constrain your decisions or switch off your capability.
For a state, the Committee has set out what this requires: supply-chain analysis, honest prioritisation, and a published account of what must be owned, co-developed or accessed. For an organisation handling sensitive data – a government department, a defence supplier, a hospital trust – three tests make it concrete. Fail any of them and you are not sovereign, whatever your contracts say.
Things that matter:
1. Model independence. You can choose the model and you can change it. Open weight or closed weight, foreign or domestic, frontier or fine-tuned: the choice is yours, your data is never used to train someone else’s system, and you can swap models without re-architecting everything built on top of them. June proved the last point. An organisation wired directly into a single closed model was, for eighteen days, wired into nothing. An organisation whose systems treat the model as a replaceable component could have moved to an open-weight or domestic alternative that afternoon. Independence is not refusing to use the best foreign models. It is being structurally indifferent to losing any one of them.
2. Context control. Every model, agent and person gets access to exactly the systems and data their task requires, and nothing more. This is least privilege, an old discipline made urgent again by agentic AI, because an agent with broad access is a breach that has not happened yet. It comes with a second, harder right: the encryption keys are yours. Not held by the platform on your behalf, not escrowed with the vendor, but yours, so that not even the provider can read your content. Access defines who may reach what, custody defines who can see it - I think sovereignty requires both.
3. Infrastructure agnostic. Your control layer – the layer that enforces the first two tests – is the trust boundary, and it is identical wherever it runs. AWS, Azure, GCP, a sovereign cloud, your own racks, a forward-deployed edge device: the infrastructure underneath can change but the guarantees above it do not. This turns hyperscalers from gatekeepers back into commodity suppliers. If your security model only holds on one provider’s cloud, you have a landlord, with tenant rights.
Apply the tests and the argument gets easier. A department using a foreign platform that holds the keys, controls the access model and cannot be exited without losing capability is not sovereign, no matter the UK data centres or supplier promises. A department that holds its own keys, enforces its own access rules and can redeploy its control layer across providers is sovereign in every way that matters, even though the chips are Taiwanese, the cloud is American and the model was trained in San Francisco.
The objection
The obvious rebuff is that this is ‘sovereignty theatre’ - the control layer runs on foreign silicon, in foreign data centres, calling foreign models. Pull any of those threads and the three tests unravel with them.
The dependencies are real, and no organisational architecture makes the UK immune to a semiconductor embargo. But the alternative implied by the objection – that sovereignty requires replicating the whole stack – is the fantasy the Committee warns against. Britain will not out-build TSMC or out-spend the hyperscalers, and a definition of sovereignty that requires it to do so is a definition of failure.
The serious question, at the national and organisational level, is not whether we depend on others. It is which dependencies can hurt us, and at which control points we can make ourselves indifferent to them. Chips are a dependency you mitigate through stockpiles, alliances and diversified supply. Models are a dependency you mitigate through the ability to swap them. Clouds are a dependency you mitigate through a portable control layer. Data, keys and access rules you do not mitigate. You own them, because they are the things you cannot afford to lose.
That is the Committee’s own framework, applied where it says it should be applied. Own the control points. Collaborate on what you cannot build alone. Access the rest, from as many suppliers as possible, on terms you can walk away from.
What follows
For government, the task is the one the Committee has set: define sovereign capability with industry and academia, map the supply chains beneath the critical technologies, and let investment and procurement follow the control points rather than the slogans. One caution. The Committee would settle for the definition being shared privately with the Intelligence and Security Committee rather than published. But Moscow and Beijing do not need Whitehall’s definition - British companies do.
For organisations, the task is more immediate, because the next eighteen-day episode will not announce itself in advance. Sovereignty is an unwieldy and opaque term, and it will stay that way while Whitehall declines to define it. But it remains a useful vehicle for three foundational questions, asked of every system that touches data you can’t afford to lose:
Can others access your data without your consent?
Can they take your intellectual property and your secrets?
Can they switch off your capability?
Context control makes the first two ‘no’. Model independence and deployment optionality make the third a no.
If you can confidently answer no to all three, then you are likely in control. If any answer depends on a supplier’s goodwill, you have your answer on sovereignty too.



