Data sovereignty and cloud security requirements for AI in public administration

Why data sovereignty matters in public AI projects

When a public entity deploys AI models or managed services in the cloud, decisions about where data is stored, how it’s processed, and who can access it determine legal compliance (GDPR, EU AI Act), security obligations (ENS - Royal Decree 311/2022) and citizen trust. It’s not just about choosing a provider: it’s about designing a technical and contractual ecosystem that protects personal data, guarantees traceability and preserves institutional control.

Common risks when sovereignty and security are not considered

• International transfers without adequate safeguards (GDPR risk).
• Loss of control over cryptographic keys and unauthorized access by subcontractors.
• Non-compliance with the ENS due to use of services that don’t guarantee minimum controls.
• Lack of records and traceability that the EU AI Act may require for high-risk systems.

Key legal and regulatory requirements (brief)

• GDPR: obligations on processing, international transfers and data protection impact assessments (DPIA).
• ENS (Royal Decree 311/2022): minimum security measures and required controls for systems that handle public information.
• EU AI Act: additional obligations for documentation, record-keeping and traceability for high-risk AI systems (applicable by category).

Recommended architecture pattern for public entities

1. Data classification and zoning

   • Sensitive personal data and case files: remain in controlled environments within the EEA.
   • Pseudonymized/anonymous data: assess whether it meets anonymization criteria to allow more flexible placement.
   • Metadata and logs: keep records in a zone controlled by the entity for auditing.

2. Hybrid model with key control

   • Intensive processing in the cloud (model training/inference) with a provider certified and located within the EEA.
   • Encryption keys managed by the administration (BYOK/HYOK) using HSMs controlled by the entity or via a service that guarantees separation.
   • Retain critical data and backups on-premises or with a provider headquartered in the EU.

3. Minimize data transfers

   • Send to the cloud only the attributes strictly necessary for inference; keep master data in local systems.

4. Environment and network isolation

   • Virtual private networks, peering control and egress rules to prevent exfiltration.

Contractual and provider checklist (what to require)

• Headquarters and data center locations within the EEA to avoid unjustified international transfers.
• Full list of subcontractors and an obligation to notify and obtain consent before adding new subprocessors.
• Technical audit rights: access to logs, penetration test reports and applicable ENS/ISO audits.
• Incident notification SLA: maximum 24 hours to report breaches affecting personal data or models.
• Key control: ability to manage encryption keys (BYOK) or use FIPS/ENS-certified HSMs.
• Deletion and portability: clear processes for secure deletion and return of data at contract termination.
• Clauses on model governance: intellectual property, retraining with third-party data and usage limitations.

Essential technical controls

• Encryption in transit and at rest; key management separated from the provider whenever possible.
• Operational logging (audit logging) with retention sufficient to meet traceability obligations.
• Monitoring of privileged access and identity control (IAM) with MFA and least-privilege roles.
• Periodic integrity testing of models and drift control to avoid bias or unintended use.
• Use of isolated testing environments before deploying to production.

Practical implementation process (90 days)

1. Week 1–2: Classify data and map flows (which data goes to AI, who has access).
2. Week 3–4: Project-specific DPIA and determination of risk level.
3. Week 5–8: Select a provider meeting ENS/GDPR requirements and include minimum clauses in a draft contract.
4. Week 9–12: Initial technical implementation (BYOK encryption, VPC, logs) and basic security testing.
5. Week 12+: Incident simulation and validation of deletion/retention; formalize supplier governance.

Operational best practices

• Maintain a living inventory of models and data (model, version, data used, owners).
• Update the DPIA after significant changes (new data, retraining).
• Train procurement teams on essential technical clauses for AI projects.
• Periodically review the supply chain and require relevant certifications (ENS/ISO 27001).

Short case study (conceptual example)

A municipality wants to use AI to classify citizen requests. It keeps full case files in its own on-premises data center (CPD); it sends to the cloud only the anonymized fields needed for inference and manages keys in its local HSM. The provider offers data centers in the EU, a list of subcontractors and ENS audits. Result: ENS and GDPR compliance with reduced exposure of personal data.

Takeaway and immediate action

Action in 30 days: perform a quick data classification and a preliminary DPIA for any AI project; use that assessment to require in the tender that personal data and keys remain under control within the EEA, and that the provider allows audits and incident notification within 24 hours.

OptimTech supports local entities in implementing these controls and in drafting technical and contractual requirements aligned with ENS and GDPR.