So far, over 100 countries globally have enacted data protection and sovereignty laws, pushing data sovereignty to the top as the main issue for 50% of European CXOs when selecting cloud vendors. This is almost certainly due to the impact on data handling complexity and management being flagged as ‘moderate’ to ‘large’ for a majority (84%) of organizations because of the number of EU regulations to which they must abide.1
Another area where data handling has become part of every conversation comes in the form of generative AI. Look across your organization, and you’re bound to find large language models (LLMs) like GPT-4 being used in almost every corner in some fashion — even if only informally out of curiosity or in an exploratory manner to see what’s possible. As reported by The Times, its prevalence has forced some organizations to disallow the internal use of ChatGPT.2 Conversely, others, such as Accenture, have called for staff to use the technology “responsibly.”
Those that embrace generative AI are doing so with an eye on productivity. It’s estimated that 40% of working hours across industries can be impacted by Large Language Models (LLMs), where language tasks account for 62% of the total time employees work, and 65% of that time can be transformed into more productive activity through augmentation and automation.3
As the sovereign cloud and generative AI worlds collide, we must ask if they are in a position to compete, complement, or operate with each other as “frenemies”— pretending to be friends but, in some ways, also an enemy. As generative AI requires massive computing power and lightning-fast handling of large datasets, it makes sense that the Public Cloud is an ideal platform for many Generative AI applications. Access, speed, and scale provided by Public Cloud are only part of the equation, as security, privacy, and sovereignty are vital requirements and must be kept in the conversation. This translates to the message that the target cloud destination for generative AI is not in public cloud, but preferably in a private cloud.
Finding the connection between the cloud and AI concerns, former UK Prime Minister Tony Blair was reported by the Telegraph as suggesting that Britain should build a “sovereign” artificial intelligence (AI) bot to fix problems that occur in public services, such as those found in the NHS.4
It can be a complex decision. The relationship between the sovereign cloud and generative AI depends on several important factors, as finding a balance between data sovereignty, privacy, compliance, and the benefit of generative AI requires careful consideration and could involve a trade-off between out-of-the-box public cloud generative AI capabilities and limitations concerning the usage of sovereign data.
Data residency and compliance
Generative AI applications may need to comply with one set of regulations, such as the data protection rules outlined in the General Data Protection Regulation (GDPR), which provides a comprehensive framework for organizations’ responsible collection, processing, and storage of personal data.5 However, that is just the tip of the iceberg, as rights-based approaches to personal data continue to expand across regions, nations, states, and even industries. In the U.S.—a host of new data privacy laws going into effect in 2023 across various states may transform how personal data is handled.1 Given the widespread use of AI-based analysis of personal information and even biometrics—organizations like the Federal Trade Commission are wary of how biases in AI may economically and legally impact private citizens. The courts in every region are already working through exactly how companies, government agencies, and industries can use personal data. On the other hand, sovereign clouds may need to fit into a different set of regulatory frameworks and included data classifications, such as the rules outlined in the Schrems II judgment, where Chief Data Privacy Officers need to understand and assess what data is stored in the cloud and whether any of that data is being transferred outside of the EU.6 Ensuring compliance for generative AI in cloud will introduce complexities, competing requirements, and additional compliance overhead for AI.
However, if a well-formed sovereign cloud strategy is adopted, it could help overcome these challenges and complexities by:
- Ensuring compliance with local regulations where the sovereign cloud reside
- Reducing legal uncertainties surrounding applications and data sets
- Eliminating conflicts arising from different laws from competing jurisdictions
Data sovereignty and privacy
Generative AI applications likely need access to personal or proprietary data for training (although synthetic data can be used, it would be less effective), introducing risks associated with data sovereignty and privacy. While sovereign clouds provide greater control over the data to reduce the risk of unauthorized access, these controls would help limit cross-border transfers and monetization of Sovereign data used by these generative AI applications, potentially diminishing or, in extreme cases, eliminating the benefits of the applications.
Although these and other privacy-related conflicts could develop when generative AI is connected to or within the sovereign cloud, there is an opportunity for sovereign cloud providers to build (or license) AI-related services and tools, facilitating the secure and compliant use of the generative AI applications within their infrastructure.
A viable path forward
While the considerations highlighted in this blog must be considered when using Generative AI, the sovereign cloud provides a proven model that allows organizations to overcome challenges connected to:
- Data protection
- Compliance requirements
- Security considerations
A robust sovereign cloud strategy can support the responsible and effective use of generative AI technologies by ensuring data residency, security, and compliance with local governments. Such a strategy needs to include AI compatibility, factors such as the costs of running AI, the resources and skills required to develop AI solutions, and the key concern, data used to drive AI training and resulting data. In short, making AI compliant requires ‘Private AI’ – an architectural approach that unlocks the business gains from AI with an organization’s practical privacy and compliance needs. VMware Cloud Service Providers have been able to deliver NVIDIA vGPU as a Service already for several years, combining Cloud Director for multi-tenant or standalone Cloud Foundation sovereign cloud with NVIDIA AI Enterprise’s portfolio of supported AI software and hardware solutions; the capability already exists to deliver AI services; however, it requires investment to build your solution.
To fuel a new wave of AI-enabled applications, make Private AI a reality for enterprises, and a potential solution for Sovereign Cloud Providers, VMware at Explore Las Vegas announced:
- VMware Private AI Foundation, in partnership with NVIDIA, offers integrated AI tools for enterprises, particularly relevant in sovereign regulated industries. This solution combines VMware’s Private AI architecture, leveraging VMware Cloud Foundation, often used in sovereign Cloud for air-gapped private cloud, with NVIDIA AI Enterprise software and accelerated computing. This turnkey solution will equip customers with the infrastructure and software required for customizing models and running generative AI applications such as chatbots, assistants, search, and summarization. Support for VMware Private AI Foundation with NVIDIA will be provided by Dell Technologies, Hewlett Packard Enterprise (HPE), and Lenovo.
- VMware Private AI Reference Architecture for Open Source incorporates cutting-edge open-source technologies to provide an open framework for developing and deploying open-source models on VMware Cloud Foundation. Using collaborations with key players in the AI industry, including Anyscale, where VMware is bringing the popular open-source Ray unified compute framework to VMware Cloud environments, simplifying scaling of AI and Python workloads within existing computing infrastructure. Additionally, a partnership with Domino Data Lab and NVIDIA offers a unified analytics and data science platform tailored to the financial sector’s AI/ML deployments.
- VMware is introducing the VMware AI Ready program, set to connect ISVs focused on ML, LLM Ops, data engineering, developer tools for AI, and embedded AI applications with resources for validation and certification on the VMware Private AI Reference Architecture, expected to launch by the end of 2023.
Sovereign Cloud is all about the data and control and the innovation that sovereign and regulated industries need. Staying at the forefront of innovation and competition is paramount for businesses in a rapidly evolving digital landscape. VMware Sovereign Clouds emerge as the ideal choice for this journey. Their flexibility, scalability, and agility empower organizations to swiftly adapt to changing market dynamics, enabling them to confidently innovate. VMware’s robust ecosystem of partners and cutting-edge technologies ensures that you have the tools and resources to drive innovation forward. With VMware Sovereign Cloud, businesses can harness the power of the cloud while maintaining control over their data and infrastructure, creating an environment where innovation thrives, competition is fierce, and success is unlimited. Make the smart choice today and propel your business toward a future of endless possibilities with VMware Cloud.
Citations:
1. Accenture, Sovereign Cloud: Take control of data and stay compliant, May 2023
2. The Times, Companies block ChatGPT amid privacy fears, February 2023
3. Accenture, A new era of generative AI for everyone, March 2023
4. Telegraph, ChatGB: Tony Blair backs push for taxpayer-funded ‘sovereign AI’ to rival ChatGPT, February 2023
5. European Commission, Data protection in the EU, Accessed July 2023 6. European Data Protection Supervisor, EDPS Statement following the Court of Justice ruling in Case C-311/18 Data Protection Commissioner v Facebook Ireland Ltd and Maximilian Schrems (“Schrems II”)