Samir Akel, Regional VP, Emerging Markets at Nintex, explains how agentic AI is transforming data sovereignty from a compliance obligation into a strategic imperative that enables trusted AI, stronger governance, regulatory compliance, operational resilience, and sustainable digital growth.
For years, data sovereignty has been treated as a compliance issue, something to manage in the background while businesses focused on growth, expansion, and customer experience.
That framing no longer holds.
As organisations move into an era of agentic AI, where intelligent systems are not just analysing data but acting on it, data sovereignty becomes far more than a question of location; it becomes a question of control.
It now determines not only where data resides, but how it moves through workflows, how decisions are made, and whether organisations can trust the outcomes generated by AI. Increasingly, this is driving demand for AI models and orchestration platforms that can operate within an organisation’s own environment, rather than relying on external systems or third-party APIs.
Moving to digital dependence
Across the world, regulatory frameworks are tightening, with more than 100 countries enforcing some form of data sovereignty legislation. In the Gulf, the direction is particularly clear. Both the United Arab Emirates and Saudi Arabia are advancing data localisation requirements as part of broader efforts to strengthen digital independence and national resilience.
At the same time, geopolitical volatility is exposing the limits of globally distributed systems. Assumptions that data can move freely, that processes can rely on external systems, and that access will always be uninterrupted are being tested in real time.
From data location to decision control
For organisations adopting AI, this shift is significant.
The next phase of enterprise is about agentic orchestration. AI systems are increasingly embedded into workflows, triggering actions, making decisions, and coordinating processes across multiple systems.
In this environment, sovereignty now focuses on whether organisations have full visibility and control over how that data is accessed, processed, and acted upon at every stage of a workflow.
Without that control, businesses face a growing risk. AI agents may rely on data that crosses jurisdictions without oversight, operate across systems with inconsistent governance, or make decisions that cannot be fully audited or explained. In contrast, organisations that can execute AI-driven workflows within their own infrastructure, without reliance on external services, are better positioned to maintain consistency, auditability, and compliance.
But for regulated industries in particular, that is not sustainable.
Sovereignty as an orchestration challenge
Across the Gulf countries, data localisation is becoming a baseline requirement in sectors such as financial services, healthcare, and government. But compliance alone does not solve the challenge.
The real complexity lies in how data flows across processes. Approvals, customer interactions, financial transactions, and operational workflows all depend on data moving between people and systems. As AI becomes embedded into these processes,ensuring that every step remains compliant and controlled becomes significantly more complex.
This is where organisations need to rethink their approach. Sovereignty must be built into the design of workflows and automation, not applied after the fact.
By orchestrating workflows in a way that enforces data boundaries, governs how AI agents interact with systems, and maintains clear audit trails, businesses can ensure that sovereignty is maintained by default. This includes designing environments where AI capabilities are embedded directly into workflows and operate within defined infrastructure boundaries, rather than being layered on through external integrations.
A competitive advantage in the AI economy
This shift is happening at a time when data and AI are central to national economic strategies. In Saudi Arabia, data and AI are expected to contribute more than $135 billion to GDP under Vision 2030. In the UAE, investments in digital infrastructure and AI are accelerating as part of a broader push to build a secure, data-led economy.
In this environment, organisations that can demonstrate control over their data and workflows will have a clear advantage.
They will be able to deploy AI faster, enter regulated markets with confidence, and build trust with customers and partners who are increasingly focused on governance and transparency. Those that cannot will face growing friction, from regulatory barriers to operational risk.
Designing for control in an agentic world
Ultimately, the question has shifted. It is no longer just about what AI can do, but whether organisations can manage how it operates.
In an agentic world, where AI systems are embedded in the fabric of business operations, data sovereignty becomes a foundation for trust, resilience, and scale. The organisations that succeed will be those that move beyond viewing sovereignty as a constraint and instead design their workflows, automation, and AI strategies around it from the outset. That means building AI into environments they already control, ensuring that intelligence operates within the same boundaries as the data and processes it depends on.
In the next phase of digital transformation, orchestrated control is what will enable growth.