Data Sovereignty
The principle that data remains subject to the laws and governance structures of the jurisdiction in which it resides — operationally, that the data does not leave the regulated perimeter.
Data sovereignty is the legal and operational principle that data is governed by the laws of the country in which it is stored and processed. For Australian financial services, that means client information, fund holdings, and regulated records should remain within Australian jurisdiction, accessible only to Australian-bound legal process.
Operationally, data sovereignty translates to a concrete checklist: where the data is stored, where it is processed, who can access it, and what cross-border transfer occurs. AI services that send data to a US-hosted vendor for processing are a sovereignty exposure even if the data is encrypted in transit.
Data sovereignty is the structural requirement that determines whether an AI vendor can even be shortlisted by a fund manager bound by institutional client policy, an AFSL holder with sensitive client records, or a superannuation fund under CPS 234. It is not a marketing preference; it is a procurement gate.