Digital Sovereignty Is Not Regulation. It Is Architecture.

Prague, March 2, 2026
Author: Patrik Horný, Strategic Advisor & Venture Architect (Stratox / CodeNOW), former PwC Partner and ex-CFO/CIO.

In recent years, Czech companies have been heavily investing in cloud infrastructure, process digitalization, and artificial intelligence. At first glance, this appears to be the right move — gaining flexibility, scalability, and innovation. However, from a risk management perspective, many organizations may be heading into a trap. If tomorrow there were a major geopolitical shift or a significant change in the commercial terms of dominant technology providers, would Czech companies be able to migrate their critical systems elsewhere without substantial operational disruption?

“If an organization cannot change its technology partner without a fundamental impact on operations, it is not digital transformation. It is structural dependency,” says Patrik Horný, CEO of Stratox.

Architecture as a Tool for Negotiation and Survival

“Throughout my career — whether as a partner at Big Four advisory firms or as a CFO and CIO of national infrastructure organizations — I have seen many IT projects. Today, however, we are witnessing a new phenomenon. Companies confuse purchasing cloud services with owning technology. The real risk does not arise from using global technology platforms, but from how deeply they are embedded into the company’s architecture,” comments Patrik Horný on the current situation.

Most IT vendors discuss “vendor lock-in” primarily as a future pricing issue. When a provider knows you cannot leave, your renewal costs skyrocket. But the true risk is the loss of control over your own business model. Dependency is not primarily a contractual issue — it is an architectural one. If you tightly wire your application to the specific tools of a single cloud giant, you transfer your pricing, regulatory, and geopolitical risks to that provider.

Digital sovereignty does not mean isolation. There is no need to abandon global technologies or public cloud and build private data centers. It does, however, require building systems intelligently — based on cloud-native principles, open standards, and a strict separation of business logic from specific infrastructure. Sovereignty in the digital world does not mean “doing everything yourself”; it means having a real ability to choose.

Artificial Intelligence as a New Layer of Dependency

Artificial intelligence deserves particular attention. AI is no longer an experimental tool but a core component of new business models. Yet this is precisely where an even deeper form of dependency can emerge — beyond infrastructure itself.

If a company merely connects its processes to a proprietary model of a single global vendor through an external API, it relinquishes control over its key innovation layer.

The foundation of sovereignty lies in what can be called an “Embedded AI” approach. As defined by modern technological standards (for example, recognized Cloud Native Foundation white papers), artificial intelligence must not exist outside your organization.

AI components must become an organic part of your own application portfolio. More precisely, they must be designed and deployed as enterprise capabilities and standalone microservices.

This means intelligence is firmly embedded within your own processes, and you retain full control over which model — whether open-source or commercial — is used within each microservice at any given time. Only an architecture built this way ensures that your new AI-driven business models are truly yours.

Regulation as a Wake-Up Call for Boards

Regulation does not require abandoning global vendors. However, it does require demonstrable dependency management and a functional exit strategy.

If the argument about losing negotiating power and control over innovation is not compelling enough, regulation will be. Digital sovereignty is no longer just a good idea or an academic IT concept. In the context of new European directives such as DORA (Digital Operational Resilience Act) and NIS2, it is becoming a regulatory obligation. Financial institutions and organizations operating critical infrastructure will be required to prove that they have a tangible “exit strategy” from their ICT service providers.

Digital sovereignty is therefore shifting from a purely technical issue to a matter of strategic governance.

Boards and CEOs of Czech companies now face a decision: Will they build their digital strategies on innovation without structural control, or on architecture that provides negotiating power and freedom of choice?

European and Czech competitiveness over the next decade will not depend solely on how quickly we adopt global technologies. It will depend on whether we can maintain technological and architectural control over them. Because anyone who cannot freely change suppliers does not truly own their own business.