An IBM Institute for Business Value survey of 1,000 senior executives found 91% don't fully understand their own AI dependencies, framing the issue as enterprise lock in rather than national policy.
When 71% of surveyed senior executives say switching their primary AI vendor or model would be difficult, and 91% say they do not fully understand their own AI dependencies, the problem is not a single vendor's failure. It is an industry-wide architecture of invisible lock-in that most companies have already built without naming it. IBM's Institute for Business Value calls this "AI sovereignty," and the term is worth keeping, but only if it is read as an operational fact about who can leave whom, not as a chapter in the national-cloud debate.
In the IBV study, "The Calculus of AI Sovereignty", based on a survey of 1,000 senior executives globally, the lock-in numbers do the work. Sixty-eight percent say meeting data residency and sovereignty requirements across geographies is challenging. Organizations whose internal AI control capabilities are most advanced report protecting more than half of their operating profit from AI-driven disruptions, evidence that visibility, not vendor choice, is the variable that actually moves outcomes.
The source carries weight, and the limits of that weight are visible in the press release. IBV is IBM's in-house research arm, IBM is itself a major AI infrastructure vendor with skin in the sovereignty conversation, and the release does not disclose the survey's sample frame, geography weights, or the exact wording used to define "AI sovereignty." The headline percentages are IBM-claimed, not independently audited. A reader should treat them as a vendor's structured case for a problem the vendor sells solutions to, useful for sizing the issue and not for settling it.
The interesting paradox is the gap between dependence and visibility. Companies report being more dependent on AI in core operations every quarter, and at the same time report being less able to map what they depend on. Ana Paula Assis, IBM Senior Vice President and Chair, EMEA and APac, frames this in the release as a question of business continuity, and the framing is IBM's, not a neutral finding. Even so, the underlying tension survives the framing: a stack that is invisible to its owners cannot be rehearsed, audited, or replaced, and the cost of that invisibility shows up the first time a model is deprecated, a price changes, or a region is carved out of a service.
The reader agenda that falls out of the data is unglamorous and concrete. First, build a current inventory of every model, vendor, and infrastructure dependency in use, including shadow uses that procurement has not approved. Second, rehearse a multi-vendor or in-house fallback before a real outage forces one, and price the rehearsal against the cost of a seven-day disruption. Third, define "sovereignty" against the company's own stack and obligations: which data must stay where, which workloads can move, and which vendor relationships are negotiable. The point is not to pick a side in the national-cloud debate. The point is to know enough about your own architecture to leave it, change it, or absorb a shock to it on terms you set.
What to watch next is whether buyers, regulators, and audit standards start demanding the same visibility from AI vendors that they have begun demanding from cloud and data providers. The IBV survey is a signal, not a measurement. The question worth tracking is which enterprises move from accepting the dependency to mapping it.