Sovereignty in the Age of AI: What Banks Can Actually Decide
Two banks, one topic, two completely different responses: UBS is using Microsoft Azure to build an AI assistant that gives 30,000 employees in Switzerland, Hong Kong and Singapore instant access to 60,000 investment documents.[1][2] The Sparkassen are developing S-KIPilot — on their own infrastructure, using open-source language models, 100 per cent on-premises, with the aim of reaching around 200,000 employees by the end of 2025.[3][4] Both approaches are legitimate. But they lead to very different dependency profiles.
The question underlying this has been the subject of intense discussion at the Competence Centre Future Financial Services for months: How much creative freedom do banks in the DACH region actually still have when it comes to the use of artificial intelligence? And where is the scope for manoeuvre — and where are the structural constraints?
Our AI Banking Radar, now in its third edition and based on publicly available information as well as partner interviews with 15 banks and providers from the DACH region, paints a sobering yet motivating picture.
What the AI Radar shows: Use across banking processes
Since the first version of the Radar, we have identified 61 specific AI use cases and structured them according to the banking model of the Business Engineering Institute St. Gallen — from management processes through front and middle office to back and support processes. The pattern that emerges is revealing.
In the front office, chatbots and LLM-powered assistants dominate. No wonder: customer-facing applications are publicised, they are visible, they attract attention. In the back office, by contrast, where many banks already use AI to query internal guidelines or for credit checks, there are few publicly documented cases. Much of this happens quietly.
Three use cases from the latest update illustrate the range particularly well: ING aims to assess construction loans with AI support in around 30 minutes — from automated property data collection to credit checks.[5] UBS gives advisers access to its entire knowledge database via AI assistants.[1][2] And the savings banks are systematically building a sovereign AI infrastructure — with their own data centre, without a US cloud, and without a proprietary language model.[3][4]
Seven layers — and very different degrees of freedom
A model comprising seven AI layers helps to systematically assess banks’ sourcing scope: energy, chips, infrastructure, models, data, orchestration and applications.[6] At each of these levels, the question arises: where can a bank make its own decisions — and where is it de facto dependent?
The result is soberingly clear: the deeper down the layer structure, the less freedom there is. When it comes to energy and chips, there is effectively no European alternative – NVIDIA holds around 80 per cent of the AI GPU market. AWS, Microsoft Azure and Google Cloud also dominate at the infrastructure level – supplemented by the first European alternatives such as Telekom T Cloud or Swisscom Swiss AI Platform, which, however, rely on NVIDIA hardware and, in some cases, US cloud technology.
Today, genuine freedom of choice exists primarily at two levels: with regard to one’s own data and with regard to applications. Banks that consistently prioritise their data strategy – knowledge graphs, metadata, structured internal knowledge databases – create a competitive advantage that cannot be replicated. And at the application level, there remains scope for in-house development, for SAP integration, and for specific use cases.
‘Dual sourcing protects against failure — not against dependency’
In December 2025, the Linux Foundation established the Agentic AI Foundation (AAIF) — the new centre for standardisation of AI agents. Founding contributions were made by Anthropic with the Model Context Protocol (MCP)[9] , OpenAI with AGENTS.md and Block with Goose. The hope, as expressed at the time of its founding: “We hope that the AAIF can become what the W3C is for the Web.”[10]
But the comparison falls short in one crucial respect: the W3C develops its standards in collaboration with more than 400 member organisations from around the world — companies, universities and public authorities. The AAIF’s Technical Committee, by contrast, consists exclusively of representatives of the Platinum Members.[8] And who are these Platinum Members? Amazon Web Services, Google, Microsoft, OpenAI — precisely the providers on which European banks run their ‘diversified’ cloud portfolio.
This means that anyone dual-sourcing on Azure and Google Cloud may have two contracts — but they are sitting at the same table where the rules of the game for Agentic AI are being written. The MCP and A2A protocols, which are currently positioned as open standards, were in fact developed under the governance of American corporations and remain so.
⚠ Dual sourcing — i.e. using two hyperscalers simultaneously — protects against outages, but not against strategic dependency. Azure and Google Cloud sit at the same standardisation table.[7][8]
Added to this is another structural risk: the so-called ‘circular money machine’. Hyperscalers and AI model providers are investing billions in one another. Amazon is investing up to $13 billion in Anthropic — and in return, Anthropic has committed to purchasing Azure services to a similar value.[17] NVIDIA is investing $30 billion in OpenAI and a further $10 billion in Anthropic, which in turn purchase NVIDIA infrastructure.[18] This circular financing is driving up valuations that are as yet scarcely backed by genuine external revenue. The risk of an AI bubble is real.
What Europe can do — and is already doing
The good news: things are already happening. Initiatives are emerging at various levels that are neither naive nor resigned.
European AI models
Mistral AI from France is the leading European large language model — open, efficient, and deployable on one’s own infrastructure.[11] Aleph Alpha from Germany develops models with a focus on explainability and is the preferred partner of German authorities. The EU project EuroLLM covers all 24 official EU languages. And in Switzerland, Apertus — a project by ETH Zurich — is developing a multilingual model that Swisscom has already integrated into its Swiss AI Platform.[12]
European cloud infrastructure
Swisscom operates a complete AI infrastructure in Switzerland: infrastructure, models, application layer — with 100 per cent Swiss data storage, FINMA and revDSG compliant, without dependence on US cloud services.[12][13] Deutsche Telekom is deploying 10,000 NVIDIA Blackwell GPUs with its Industrial AI Cloud in Munich, with anchor clients such as Mercedes-Benz and Siemens; productive workloads are planned from Q4 2026.[14] Both approaches have dependencies at the hardware level — but they significantly reduce exposure at the infrastructure and model levels.
Regulation as a strategic tool
Europe has something other regions do not: a coherent regulatory framework. GDPR, AI Act, Data Act, DORA, NIS2 — this is not a mountain of red tape, but a competitive advantage. Since September 2025, the Data Act has mandated data portability and is directly aimed at countering lock-in by US hyperscalers. Since January 2025, DORA has required financial institutions to actively manage and document cloud dependencies.[16] Anyone who views these requirements as a compliance burden is missing the strategic dimension.
Standardisation as co-creation
StackIT — the Schwarz Group’s cloud platform — is a founding member of the NeoNephos Foundation, an initiative of the Linux Foundation Europe for interoperable, sovereign cloud infrastructure in Europe.[15] This is not an alternative to the AAIF, but it is active participation — and that is precisely what European players need more of. Outside Europe, too, South Korea demonstrates that more ambitious approaches are possible: Shinhan Securities operates AI PB, a fully on-premises, auditable AI investment advisor.[20]
Conclusion: Making dependencies transparent — exploiting opportunities
The picture painted by the AI Radar is not black and white. There are structural dependencies that cannot be resolved in the foreseeable future — at the chip level, at the protocol level, and in the governance of the major standardisation bodies. Those who ignore this are not making sovereign decisions, but decisions based on a false sense of security.
At the same time, there is more scope than many banks are currently utilising. Proprietary data is the strongest lever. Open-source models enable operation on one’s own infrastructure. European providers at the cloud and model level are more mature than the market picture suggests. And regulation can — if thought through consistently — be a genuine differentiator.
Many banks are starting with the back office and support processes – where AI errors do not affect customers. That is wise. But it must not stop at caution. The savings banks demonstrate that even ambitious sovereignty goals can be achieved through systematic work.
The crucial distinction is no longer ‘make or buy’, but rather: a redundancy strategy against failure — or a sovereignty strategy against loss of control. Both are needed. But only the latter asks the truly right questions.
We in Europe can do something. The question is whether we want to.
Dr Stefanie Auge-Dickhut | Head of CC Future Financial Services, Business Engineering Institute St. Gallen
Sources
[1] UBS & Microsoft – AI partnership: https://news.microsoft.com/de-ch/2025/02/10/ubs-and-microsoft-partner-to-advance-ai-in-banking/
[2] UBS Red – Microsoft Customer Story: https://www.microsoft.com/en/customers/story/19796-ubs-azure
[3] S-KIPilot – Finanz Informatik: https://www.f-i.de/loesungen/das-machen-wir/produkte/der-s-kipilot-ihr-digitaler-assistent-fuer-den-sparkassen-alltag
[4] S-KIPilot – Rollout to 190,000 employees: https://www.focus.de/finanzen/boerse/geldbranche-im-umbruch-sparkassen-setzen-auf-ki-190-000-mitarbeiter-bekommen-digitalen-helfer_id_260620231.html
[5] ING Instant Baufi – Spiegel: https://www.spiegel.de/wirtschaft/service/ing-will-baukredite-mit-kuenstlicher-intelligenz-innerhalb-von-halber-stunde-pruefen-a-c5fdf1ac-8c25-47b4-a2a6-7cdf89af0956
[6] 7-layer AI model: AI Spaces, C. Dietzmann (Source: AI Radar lecture, BEI St. Gallen, May 2026)
[7] Agentic AI Foundation (AAIF) – Founded in December 2025: https://aaif.io/press/linux-foundation-announces-the-formation-of-the-agentic-ai-foundation-aaif-anchored-by-new-project-contributions-including-model-context-protocol-mcp-goose-and-agents-md/
[8] AAIF – Members & Platinum Rights: https://aaif.io/members/
[9] MCP (Model Context Protocol) – Anthropic, Nov. 2024: https://www.anthropic.com/news/model-context-protocol
[10] MCP joins AAIF: https://blog.modelcontextprotocol.io/posts/2025-12-09-mcp-joins-agentic-ai-foundation/
[11] HSBC chooses Mistral AI: https://www.hsbc.com/news-and-views/news/media-releases/2025/hsbc-and-mistral-ai-join-forces-to-accelerate-ai-adoption-across-global-bank
[12] Swisscom Swiss AI Platform (launched Nov. 2024): https://www.swisscom.ch
[13] Swisscom Swiss AI Assistant (Feb. 2026): https://www.swisscom.ch
[14] Deutsche Telekom T Cloud & Industrial AI Cloud Munich: https://www.telekom.com
[15] StackIT / NeoNephos Foundation – Linux Foundation Europe: https://www.cloudcomputing-insider.de/stackit-gmbh-co-kg-c-67337201d3374/nachrichten/67ed292cc83c7/
[16] EU Data Act in force since September 2025; DORA since January 2025: https://digital-strategy.ec.europa.eu/en/policies/data-act
[17] Anthropic – Investments & Azure procurement; Amazon investment: https://www.anthropic.com
[18] NVIDIA investment in OpenAI (Jan. 2026, $30 billion): https://www.nvidia.com
[19] European AI Funding 2025 (+75%), Crunchbase 2026 (cited from BEI presentation):
[20] Shinhan Securities AI PB: Daewoo Park et al. (2025). AI PB: A Grounded Generative Agent for Personalised Investment Insights.: https://arxiv.org/pdf/2510.20099
