“Sovereign AI” has become one of those phrases that gets used so widely it almost stops meaning anything. Deloitte made this point bluntly in February, warning that the term is invoked across wildly different contexts, from data residency to compute infrastructure to procurement, without any disciplined scoping.

That ambiguity is a problem, but it hasn’t slowed the momentum. Over the past six months, Canadian AI sovereignty has moved from a think-tank conversation into federal budget lines, enterprise procurement decisions, and board-level risk discussions. Enterprise is not immune to this risk, and companies are now asking what kind of sovereignty their organization actually needs.

The Residency vs. Sovereignty Distinction

The most important shift has been the quiet acknowledgement that residency and sovereignty are not the same thing.

Storing your data in a Toronto or Montreal data centre feels sovereign. It is not. BLG laid this out clearly in a recent insight on the CLOUD Act: sovereignty is a question of control, shaped by legal jurisdiction and corporate structure, not just physical location . A Canadian subsidiary operating under the direct control of a U.S. parent can still be compelled to hand over data under U.S. lawful access laws, regardless of which data centre the bits happen to sit in.

For regulated industries (finance, healthcare, legal, public sector), this distinction is now a compliance issue, not a theoretical one. Quebec’s Law 25, PIPEDA, PHIPA, and provincial Law Society rules all point in the same direction: the organization using the AI system is accountable for where the data goes and who can compel access to it.

What the Government Has Actually Done

The federal government’s Canadian Sovereign AI Compute Strategy committed $2 billion over five years, starting in 2024-25 , to domestic AI compute infrastructure. Earlier this month, ISED launched a national initiative to build large-scale AI supercomputing capacity, following a January call for proposals that evaluated projects on criteria including ownership, control, data residency and use of Canadian vendors .

Osler’s privacy outlook for the year anticipated exactly this kind of acceleration, noting that geopolitical concerns and ongoing trade tensions with the United States would push data sovereignty measures into a broader range of Canadian regulations and policies.

Digital sovereignty

Where Canadian AI Companies Fit In

Last month we covered Cohere and NVIDIA’s partnership to deploy Cohere’s North platform on desktop-scale hardware for on-premise enterprise use. Since then, Cohere has expanded its SAP partnership, integrating North’s agentic capabilities into SAP’s ERP Sovereign Cloud environment in Canada to give regulated industries an agentic AI layer that stays inside the sovereign perimeter.

Cohere is the most visible name, but it is not alone. Bell and Hypertec are building hydro-powered sovereign AI infrastructure in British Columbia, with a $500M investment in hydro-powered AI data centres. TELUS and OpenText launched a Canadian Sovereign Cloud in 2025 operating entirely within Canadian borders. Smaller specialized platforms are carving out regulated niches in legal, healthcare, and government work.

What connects these efforts is less of a shared technology stack and more of a shared market read: there is now a durable class of Canadian enterprise buyer who needs an AI solution that can pass security sniff tests from the government and minimize blowback from the public.

The Implementation Gap

Infrastructure and models are necessary but not sufficient. A sovereign compute environment does not implement itself, and a sovereign model still needs to be integrated into real business workflows, with proper evaluation, monitoring, and human oversight.

This is the gap that implementation firms like Semantic Technology Services are working to close in Canada: taking sovereign AI capability off the shelf and turning it into production systems that regulated enterprises can actually operate. The sovereign AI market depends on this layer. Without it, Canadian organizations either default to U.S. hyperscaler stacks for convenience, or they stall on pilots that never reach production.

For Canadian CIOs and CTOs, the practical question has shifted. It is no longer “should we care about sovereignty.” It is: which of our workloads actually require it, what level of sovereignty do they require (residency, jurisdiction, ownership), and who is going to do the integration work?

That is a much more useful conversation than the one we were having a year ago.