As nations including Indonesia, Vietnam, and Malaysia enforce increasingly strict data localisation laws, the concept of Sovereign AI has transformed from a mere compliance checkbox into a critical CEO priority. According to recent findings, 64 per cent of regional organisations are now aggressively scaling their sovereign investments to regain control over their digital intelligence and operational resilience. However, a significant governance gap remains: while data residency is becoming standard, only 22 per cent of firms currently extend oversight to the AI models themselves, leaving the majority of enterprise intelligence exposed to the risks of external proprietary ownership.
Leading the charge against this strategic fragmentation is Zimbra, a vanguard in secure communication that is transitioning the industry toward a sovereign-by-design architecture. By anchoring AI initiatives in the foundational layer of enterprise email and collaboration, the company is enabling businesses to move beyond the hollow victory of simple data storage to achieve genuine ownership of their digital assets. Zimbra has doubled down on open-core platforms that allow even mid-market players to bypass the 40 per cent cost barrier, ensuring that the intelligence driving their growth remains locally governed and culturally aligned with the unique nuances of the ASEAN market.
Here’s why agentic AI is the new enterprise standard in Southeast Asia
We speak to Anthony Chadd, the new Chief Revenue Officer at Zimbra, about the strategic pivot toward hybrid sovereignty, where 57 per cent of leaders are now seeking to balance public cloud utility with private, owner-led security. The discussion touches on why an open-source foundation is the only viable path to achieving the linguistic precision required for regional success, as demonstrated by pioneering initiatives like Indonesiaโs Sahabat-AI. We explore the model-ownership paradox, the long-term ROI of building compliant data pipelines from the beginning, and why owning the intelligence is the ultimate competitive advantage in the region’s digital future.
Why has Sovereign AI moved from a “compliance checkbox” to a core CEO priority in Southeast Asia this year?
Sovereign AI has moved from a compliance checkbox to a core CEO priority because enterprise leaders recognise its direct impact on competitiveness, operational resilience and long-term data governance. Southeast Asia is witnessing aggressive adoption of data sovereignty laws, with key nations including Indonesia, Vietnam, Malaysia and the Philippines introducing stricter localisation requirements for critical enterprise data.
Accentureโs February 2026 research shows that 64 per cent of Southeast Asian organisations plan to increase investment in sovereign AI and cloud technologies, driven by governance and security imperatives. At Zimbra, we believe thereโs an important insight that underpins this trend: these projects cannot succeed without reliable data pipelines that respect local control. This is why attention is turning to core systems that already manage the bulk of sensitive enterprise communications. Without strong governance at this foundational level, even ambitious AI initiatives remain exposed at the data layer.
Withย 57 per cent of leadersย opting for hybrid models, how can they avoid having their data locallyย storedย but their “intelligence” still owned by a proprietary cloud?ย
Many leaders now store data locally while their AI models and intelligence remain managed by external providers. This creates an incomplete form of control. To address it, enterprises should extend oversight to both data storage and AI processing through open architectures that support local or private-cloud execution.
Applying consistent governance to everyday business systems is especially helpful in this context. When the systems that handle the majority of sensitive communications stay under full organisational authority, they provide a stable base for AI initiatives. This delivers the advantages of hybrid deployment while preserving genuine ownership of both data and intelligence.
Onlyย 22 per cent of firms extend oversight to their AI models.ย Why is “Data Sovereignty” a hollow victory if youย don’tย also own the model?ย
Data sovereignty means an organisation retains full control over where its data is stored, processed and governed, in line with local regulations and internal policies. This is particularly important for email and collaboration platforms, which hold the majority of an enterpriseโs sensitive communications, customer records, and business information. These tools often serve as the primary data source that feeds into AI systems for analysis and insight generation.
Even when dataย remainsย onshore, the absence of model control means companies cannot fully audit how their information is processed, address potentialย biasesย or adapt to evolving requirements. Strong governance in core systems is important as it supplies the trusted data layer that powers AI initiatives.ย Addressing data storage without model oversight leaves the governance framework fundamentally incomplete.ย ย
Withย 40 per cent of firmsย citingย high costsย as a barrier, how can mid-market players realistically afford a sovereign-grade stack?ย
Mid-market organisations often view sovereign-grade AI infrastructure as costly because it can involve new hardware, specialised models and strict compliance measures. However, the practical way forward is to adopt open-core platforms, implement phased hybrid deployments, and partner with regional providers who share infrastructure and expertise. This approach spreads the expense over time and avoids expensive full-scale replacements. When treated as a long-term investment in resilience and lower compliance costs, sovereign capability becomes realistic and achievable for mid-sized enterprises.
Why is an open-source foundation better suited for the linguistic and cultural nuances of the ASEAN market than a “one-size-fits-all” global LLM?ย
Open-source models are better suited to the ASEAN market because they can be fine-tuned using regional datasets that accurately reflect local languages,ย dialectsย and cultural contexts. This givesย organisationsย the flexibility to create AI thatย truly understandsย local nuances rather than applying generic global patterns.ย ย
ย
For example,ย Indonesiaโs Sahabat-AI platformย demonstratesย this advantage as a sovereign AI solution designed to be โthe Most Indonesian at Heartโ.ย Itย serves as an inclusive digital companion thatย alignsย with Indonesiaโs diverse languages, cultural values, and everyday experiences,ย making AIย accessibleย and meaningful for students, businesses, and citizens while also supporting national priorities and empowering the public.ย ย
Open foundations also enable transparent auditing, faster adaptation and integration to evolving regulatory requirements. This same flexibility strengthens data governance in core business systems, which serve as the trusted data layer that powers sovereign AI initiatives across the region. As a result, enterprises gain AI capabilities that are more accurate and aligned with local business realities.
Does a “sovereign-by-design” approachย actually slowย down scaling, or is it the only way to navigate the regionโs tightening data laws?ย
A sovereign-by-design approach means embedding data control and compliance from the beginning, not as an afterthought. While some leaders see this as adding upfront complexity, the trade-off becomes clear over time: organisations that build this way avoid the costly retrofits and compliance rework that come with scaling a system not designed for it.
In Southeast Asiaโs increasingly complex regulatory environment, platforms designed this way progress more smoothly within legal boundaries. Applying this early to core systems helps organisations shorten overall time-to-value by avoiding future compliance problems in AI data pipelines. This method provides a practical and reliable route to confident scaling of sovereign AI initiatives while reducing the risk of unexpected regulatory disruptions.