Across 2025 and into 2026, sovereign AI moved from conference panels into procurement documents. UK and European government and defence buyers began writing data-residency, model-integrity and supply-chain conditions directly into their requirements, and they started asking a harder question than where the data sits. They began asking whether the supplier can show, rather than state, that a given workload ran in isolation. That shift matters because the dominant pattern, AI delivered from someone else's cloud, cannot answer it. A customer renting inference from a hyperscaler is given a contractual assurance and a compliance certificate. The customer cannot inspect the isolation boundary, cannot watch the network counters, and cannot replay what the machine did while it held their classified or regulated data. For a defence ministry, a nuclear engineering programme, or an operator of critical national infrastructure, an assurance is not the same thing as evidence.…