In Monaco, data is not merely a technical asset: it is sensitive material, bound up with professional secrecy and a standard of discretion on which the Place has built its reputation. Deploying Artificial Intelligence without asking where your data is processed is a risk few Monegasque executives can afford.
The promise of generative AI is real: up to 60 to 70% of administrative tasks can now be automated. But that promise comes with a question that is rarely asked: where does your data go when you use a consumer AI tool? In most cases, to servers outside Europe, subject to foreign jurisdictions. For a family office, a private bank or a law firm in the Principality, that is unacceptable.
Data sovereignty: what are we talking about?
Sovereignty does not boil down to “hosting in Europe”. It rests on three cumulative principles:
- Location: your data is stored and processed on infrastructure you control, ideally in the Principality or on European territory.
- Jurisdiction: no extraterritorial law can compel your hosting provider to hand your data over to a third-party state.
- Control: you retain command over access, logging and retention periods, at every step.
The Monegasque framework: law n°1.565 and the APDP
Since law n°1.565 of 3 December 2024, the Principality has had a modernised personal data protection regime, aligned with the GDPR and Convention 108+. Processing operations are now governed and supervised by the Autorité de Protection des Données Personnelles (APDP), the successor to the CCIN. Any AI project handling personal data falls within this scope.
Sovereign AI is not a regulatory constraint: it is a commercial argument with a clientele that chooses Monaco precisely for its discretion.
Where to host? The sovereign options
Deploying sovereign AI does not mean giving up the best models. Several routes coexist, to be chosen according to your level of sensitivity:
- Monegasque sovereign providers (Monaco Cloud, Monaco Telecom, Telis): hosting as close as it gets, on the territory itself.
- Private European cloud: for heavier workloads, a dedicated instance beyond the reach of any extraterritorial jurisdiction.
- On-premise: for the most critical data, the models run on your own servers.
In every case, the principle remains the same: the data never leaves your perimeter of trust.
Sovereign does not mean second-rate
Open-weight models have caught up with closed proprietary solutions across many business uses. Document summarisation, assisted drafting, data extraction, classification: these tasks now run locally at production quality. Sovereignty becomes an architectural choice, not a compromise on performance.
Where to start
The right way in is not the technology, but the audit: map your processes, identify the highest-impact use cases, then commit to deployment only once the expected return has been quantified and the appropriate sovereign architecture defined.