Why Australia’s Operating Logic Must Remain in Australian Hands
For more than a decade, Australia’s digital sovereignty debate has focused primarily on data
residency: where information is stored, which servers it sits on, and whether those servers are
physically located on Australian soil. That framing is no longer sufficient to preserve operational
sovereignty. A deeper and more consequential risk has emerged; one that goes to the heart of how
Australian institutions function, comply and exercise authority in an age of AI-assisted
decision-making.
Data residency tells us where information is kept. It says nothing about who controls the logic that
governs how that information is used; how decisions are made, how tasks are executed, and how
authority is exercised.
The problem is not simply that AI tools are foreign-built, or even that they run on foreign infrastructure. It
is that the system of work itself; the structured logic encoding how an organisation functions, complies
and exercises judgement; increasingly resides in platforms beyond Australian legal control. When that
logic is hosted, governed or legally accessible by foreign jurisdictions, sovereignty erodes regardless of
where the underlying data happens to live.
In the age of AI-assisted decision-making, operational autonomy and sovereignty are the same thing.
Australia now faces a choice: treat AI as a set of siloed tools layered onto existing systems, or recognise
that AI fundamentally reshapes how intent becomes action, and that in that transition, the structured
operational knowledge governing how organisations function becomes a sovereign asset in its own
right.
Purpose
This paper argues that the layer hosting Australia’s operational ontologies; the structured models that
translate intent, legislation, policy and governance into executable work; must remain under Australian
ownership and jurisdiction. Not because foreign software is inherently untrustworthy, and not because
Australia must build every tool from scratch. Rather, because the operational logic encoded in those
platforms constitutes the sovereign expression of how Australian institutions function. Outsourcing its
governance is, in effect, outsourcing decision-making autonomy.
This argument does not require every sovereign entity to maintain a separate software stack. The
distinction that matters is not between platforms, but between layers within a platform: the execution
infrastructure, which can be globally shared, and the operational ontology, which must be locally owned
and legally protected. A well-architected sovereign capability runs on shared, interoperable
infrastructure while retaining full jurisdictional control over the logic layer that governs how that
infrastructure is applied.
This requirement extends beyond the Commonwealth alone. It applies equally to state governments,
regulated industries, critical infrastructure operators and large enterprises whose operations underpin
Australia’s national capability. Sovereignty in the AI era is not about rejecting global technology. It is
about retaining control over the meaning layer that governs how technology is applied.
From Intent to Execution: The Translation Stack
To understand the risk, we need to reframe how modern institutions actually function. Whether in
government or enterprise, governance is a cascade of intent moving from abstraction to execution:
The Act: Parliament (or the Board) defines intent
The Regulation: Rules and constraints are established
The Policy: Logic for execution is articulated
The Operational Ontology: Tasks, roles, workflows, permissions and controls are digitally
instantiated
In a modern Australian institution, the operational ontology is the semantic articulation of how intent is
enacted. It describes how an asset is procured, when an audit is triggered, who approves a payment; all
while embedding and enforcing governance, accountability and traceability.
An ontology does not merely describe operations. It encodes operational differentiation; the unique way
an organisation functions, complies and exercises judgement. In the private sector, this constitutes
competitive advantage. In the public sector, it codifies the uniquely Australian execution of democratic
authority. That makes the ontology itself a sovereign asset.
Why Structure, Not Models, Is the Strategic IP
Much of the global AI conversation remains fixated on models: which is largest, fastest, or most
capable. Recent geopolitical developments suggest a more durable truth.
Despite extensive export controls restricting access to advanced AI hardware, competitive frontier
models have continued to emerge across multiple jurisdictions. Industry leaders have openly
acknowledged that hardware restrictions alone cannot contain AI capability development. Architectures
adapt. Techniques evolve. Capability diffuses.
Model supremacy is transient. Structure is not.
Operational ontologies; the machine-readable representations of how organisations function; persist
independently of any specific model. They allow intelligence to be applied safely, auditably and
interchangeably across execution layers. Where institutional logic is instead drip-fed in individual
prompts to different chat sessions, locked inside proprietary workflows, or embedded in vendor-specific
abstractions, sovereignty quietly migrates with those platforms as they move and change. Australia
cannot afford to bind its operational logic to any single foreign execution layer, regardless of how
capable that layer appears today.
The Illusion of Residency: Why “Onshore” Isn’t Enough
Multinational vendors frequently promote “sovereign cloud” offerings on the basis that infrastructure is
physically located within Australia. While this addresses certain latency and physical security risks, it
does not resolve jurisdictional exposure. Foreign-owned companies remain subject to foreign law.
The United States CLOUD Act compels US technology companies to provide access to data under their
control, regardless of where that data is stored. Comparable extraterritorial authorities exist across
multiple jurisdictions. Physical location does not guarantee legal immunity.
When Australia’s operational ontologies are built on foreign-owned platforms; whether hyperscalers,
analytics environments, or AI orchestration layers; the logic of Australian decision-making becomes
potentially subject to foreign subpoena, sanction or intervention.
This risk has real precedent. In 2025, Switzerland formally rejected the use of Palantir software for
sensitive military applications following an internal risk assessment. The Swiss Army concluded that,
due to the company’s exposure to United States jurisdiction, Switzerland could not guarantee the
long-term safety and control of its confidential defence data. The decision was not a judgement on
technical capability. It was a judgement on jurisdictional exposure; a determination that sovereign
control over operational logic outweighed the advantages of any individual platform.
Building operational ontologies on foreign platforms is, in that sense, akin to building Australia’s
operating system inside jurisdictions we do not control.
Geopolitical Divergence and Operational Risk
This concern is not unique to any one country or alliance. The United States, China and the European
Union all assert extraterritorial authority over companies domiciled within their jurisdictions. Each brings
distinct legal, strategic and intelligence obligations that may, at times, diverge from Australian interests.
The question for Australia, therefore, is not which foreign system we should trust. It is whether we
should embed our operational logic in any system we do not ultimately control. Australia’s strategic
priorities will not always align with those of its partners. Climate policy, regional security, trade settings
and disaster resilience are all areas where divergence can emerge over time.
Where operational models for climate response, defence logistics, border management or critical
infrastructure are embedded in foreign platforms, Australia inherits not just technology, but the
assumptions, constraints and dependencies that were shaped elsewhere. Three structural risks follow:
algorithmic bias, where decision-support workflows reflect external policy assumptions rather than
Australian ones; operational fragility, where sanctions or diplomatic disputes disrupt execution at the
platform level; and loss of control, where updates, tooling constraints and model behaviour can be
imposed externally without reference to Australian interests.
As AI systems become increasingly agentic; planning, recommending and executing actions; the
operational ontology becomes the mandatory control layer. Ceding it is not a technical concession. It is
a strategic one.
The Three Pillars of Vulnerability
1. The ‘Kill Switch’ Risk
Foreign technology companies are legally bound to comply with the sanctions and regulatory regimes of
the jurisdictions in which they are headquartered or operate at scale.
When the United States sanctioned the International Criminal Court prosecutor, the resulting operational
disruption extended far beyond the immediate targets. Globally ubiquitous platforms; including
Microsoft, Google and Apple; suspended or constrained access to email, cloud storage, identity
management, productivity software and device ecosystems. Companies headquartered outside the
United States, but commercially dependent on access to the US market or US infrastructure, also
complied to avoid secondary exposure.
The effect was a functional suspension of operational capability, achieved not through direct state
action, but through compliance quietly embedded in global software ecosystems.
The implication for Australia is direct: if government or critical industry operations rely on
foreign-controlled platforms, parts of national capability can be rendered inoperable by legal or
geopolitical decisions taken elsewhere; decisions in which Australia has no standing and no vote.
2. The Corporate Veil Risk
The PwC Australia tax advice scandal illustrated the limits of global trust. When the Australian Senate
and Taxation Office sought critical information, PwC International refused disclosure on the basis that
the material belonged to the global entity.
Multinational vendors answer ultimately to global headquarters and foreign regulators. Under pressure,
fiduciary duty flows upward and outward. A domestically owned vendor has no such conflict. Its
accountability is anchored here.
3. The Dependency Shadow
Over time, organisations reshape their processes, capabilities and assumptions around dominant
platforms. Internal understanding of underlying operational logic erodes. Viable alternatives wither from
disuse.
When substitution becomes necessary; due to sanctions, policy divergence or strategic realignment; the
obstacle is rarely finding a comparable tool. It is time. Systems that cannot be disentangled quickly
enough impose de facto lock-in even when the risks are well understood. Sovereignty cannot be
restored on demand. It must be designed in from the start.
The Case for Sovereign Ontology
Australia must draw a clear line between commodity IT and sovereign logic. Using global tools for email
or document creation is entirely sensible. Hosting the operational logic of government, critical
infrastructure, financial systems or national resilience on platforms beyond Australian control is a
different matter entirely; treating them as equivalent is a category error with strategic consequences.
The answer is not a closed, nationally siloed technology stack. That path leads to fragmentation,
redundancy and the forfeiture of genuine innovation. The answer is architectural: separating the layers
that can be globally shared from the single layer that must remain sovereign.
A sovereign operational platform must:
• Be Australian-owned and Australian-governed
• Be subject only to Australian law and Australian courts
• Retain operational ontologies locally, under full domestic control
• Enable purpose-based, minimum-context access for AI systems
• Allow execution layers and models to be substituted without any loss of institutional logic
This architecture allows Australia to participate fully in global AI innovation without surrendering
sovereignty over how it functions. The execution layer remains open to the world. The operational logic
remains ours.
International Momentum
Australia is not alone in confronting this. Germany mandates domestic jurisdiction over government IT
systems. France enforces SecNumCloud for operational platforms. The European Union is investing in
federated sovereign infrastructure through initiatives such as Gaia-X.
Not moving in a comparable direction risks positioning Australia as an outlier; not for lack of capability,
but for misidentifying where sovereignty now actually resides.
Conclusion: Sovereignty Is an Active Capability
Sovereignty is not a passive state or a standing condition. It is something that has to be actively
maintained; and it can be lost through accumulated deference as surely as through any single decision.
In the AI era, the operational ontology; the translation of intent into executable action; is a core national
asset. To outsource it is to outsource the autonomy to decide. Australia still has the opportunity to get
this right.
By retaining ownership of its operational logic while remaining open to global innovation at the execution
layer, Australia can be both competitive and sovereign. Those goals are not in tension. But the
architecture that reconciles them has to be chosen deliberately, and the window for doing so is
narrowing.