SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
NTT Data flags privacy & sovereignty barriers to AI
Data Protection Hybrid Cloud Digital Transformation

NTT Data flags privacy & sovereignty barriers to AI

Fri, 15th May 2026 (Today)
Mark Tarre
MARK TARRE News Chief

NTT DATA has published research on barriers to enterprise AI adoption, identifying privacy and sovereignty requirements as the main constraint.

Many organisations are struggling to adapt AI systems to stricter rules on where data is stored, processed and governed, even as interest in private and sovereign AI grows.

More than 95% of respondents said private and sovereign AI were important, but only 29% were giving sovereign AI concrete near-term priority. Around 35% of Chief AI Officers said their top barrier to adoption was building, integrating and managing complex AI models in private or sovereign environments, while nearly 60% of AI leaders cited cross-border data restrictions as a major challenge.

Cloud security also emerged as a weak point. Only 38% of respondents said they had high confidence in their cloud security posture, which the report identified as a basic requirement for private and sovereign AI deployments.

In Asia Pacific, the picture was similar: strong stated intent but limited operational progress. NTT DATA found that 94% of respondents in the region viewed private and sovereign AI as important to their strategy, but only 30% were giving sovereign AI concrete near-term priority. Nearly 66% cited cross-border data restrictions as a major challenge, while 40% reported high confidence in their cloud security posture.

What the report found

The research argues that enterprise technology estates were built around centralised, cross-border data flows, and that AI is exposing the limits of that approach. As regulatory and jurisdictional demands tighten, organisations are being forced to design systems that keep sensitive data within defined boundaries and operate under tighter controls.

That shift is driving interest in two related but distinct approaches. Private AI focuses on protecting sensitive enterprise data, limiting exposure and controlling access. Sovereign AI centres on ensuring AI systems, data and operating environments meet jurisdictional, regulatory, national or regional control requirements.

This is creating a divide between organisations redesigning their architecture early and those still trying to add AI tools to environments not built for such controls. The research also argues that data jurisdiction is becoming a core design factor in AI systems, rather than a compliance issue addressed later.

NTT DATA based the report on two studies covering nearly 5,000 senior decision-makers across more than 30 markets, five regions and more than a dozen industries.

Abhijit Dubey, Chief Executive Officer and Chief AI Officer at NTT DATA, said the issue now extends beyond model quality. "As AI evolves, private and sovereign approaches are testing enterprise readiness," he said. "The organizations that are succeeding are going beyond regulatory compliance and risk mitigation. They are building the operating foundation for AI that can perform across markets, jurisdictions and business environments. Our research shows AI leaders are pulling ahead by treating architecture, infrastructure and governance as strategic requirements."

Regional pressure

The Asia Pacific figures suggest organisations in the region face particular pressure from cross-border data rules. The report described these restrictions as the biggest operational friction point for local respondents, ahead of budget limits, skills shortages and regulatory uncertainty.

It also found that 30% of Asia Pacific Chief Information Officers and Chief Technology Officers ranked the building, integration and management of complex AI models in private or sovereign settings as their single biggest obstacle to AI adoption. That suggests technical execution, rather than demand for AI itself, is emerging as the main hurdle.

The findings come as companies face growing pressure to keep data within national or regional borders while still rolling out AI tools across large organisations. That tension is particularly acute for multinationals that have built systems around globally integrated cloud and data architectures.

Competitive divide

The report identified five broad shifts shaping the next phase of enterprise AI. The main constraint is no longer model performance alone, but control over compute, data access, security and locality. While organisations broadly recognise the change, far fewer are acting on it in practical, near-term ways.

Another finding was that efforts to gain greater control over AI do not reduce dependence on outside partners. Instead, private and sovereign AI often rely on tightly managed provider ecosystems, with integration complexity becoming a leading challenge.

For NTT DATA, the commercial implication is that businesses that address infrastructure, governance and jurisdictional design early are moving faster from pilot projects to wider deployment. Those that continue to layer AI onto older architectures may find it harder to scale systems in regulated and data-sensitive settings.

The research points to a widening divide between AI leaders and laggards as enterprises confront the practical limits of borderless data models.

Related stories
AI bots overwhelm identity controls in Australia & NZ
F5 & Forcepoint come together to secure enterprise AI
Survey finds organisations struggle to secure unstructured data
ExtraHop launches AI network visibility & governance tool
Cohesity unveils Enterprise AI Resilience for safe scale
Top stories
YASH named Major Contender in Everest digital workplace
Suprema launches BioStation 3 Max biometric terminal
Why business ambition is running ahead of AI readiness
Keeper Security adds approval controls to KeeperPAM
Boomi & Guru launch AI data partnership for agents