Enterprise AI hits infrastructure limits, says NTT Data

NTT DATA has published research suggesting enterprise AI is hitting infrastructure limits as privacy and sovereignty demands rise. The study points to a widening gap between companies redesigning their systems and those still relying on older architectures.

The findings indicate that many organisations now treat data jurisdiction, security and control as core design issues in AI deployments, rather than compliance matters to address later. More than 95% of respondents said private and sovereign AI are important, yet only 29% are making sovereign AI a concrete near-term priority.

The report draws on two studies covering nearly 5,000 senior decision-makers across more than 30 markets, five regions and more than a dozen industries. It examines how companies are responding as AI systems require tighter control over where data is stored, where models run and how access is managed.

The research suggests the barriers are no longer limited to model performance. Legacy technology environments built for centralised, borderless data flows are struggling to meet requirements around privacy, sovereignty and security.

That tension appears across several survey results. About 35% of Chief AI Officers said their main barrier to adoption was building, integrating and managing complex AI models in private or sovereign environments. Nearly 60% of AI leaders identified cross-border data restrictions as a major challenge, while only 38% said they had high confidence in their cloud security posture.

Architecture pressure

The report distinguishes between private AI and sovereign AI, which are often grouped together in corporate technology plans. Private AI focuses on protecting sensitive enterprise data, controlling access and limiting exposure. Sovereign AI centres on ensuring that AI systems, data and operating environments meet jurisdictional, regulatory, or national and regional control requirements.

Those distinctions are becoming more important as companies try to move AI from pilot projects to wider use. Systems that depend on the constant movement of data across cloud services, business applications and national borders can run into friction when local rules require information or workloads to stay within a specific jurisdiction.

That is forcing a rethink of long-standing assumptions in enterprise architecture. Data can still move, but not always in the way AI models and applications expect, making locality a practical constraint on system design.

The shift is also changing how businesses assess readiness. Organisations moving first are redesigning infrastructure, governance and operating models together, while others are trying to layer new AI tools onto systems not built for regional control or restricted data movement.

"As AI evolves, private and sovereign approaches are testing enterprise readiness," said Abhijit Dubey, Chief Executive Officer and Chief AI Officer at NTT DATA.

"The organizations that are succeeding are going beyond regulatory compliance and risk mitigation. They are building the operating foundation for AI that can perform across markets, jurisdictions and business environments. Our research shows AI leaders are pulling ahead by treating architecture, infrastructure and governance as strategic requirements," Dubey said.

Control and complexity

One of the report's central conclusions is that efforts to gain more control over AI systems can increase technical complexity. More than half of organisations cited integration complexity as their top challenge, highlighting the difficulty of coordinating data, models, cloud environments, security measures and partners across a broader technology stack.

That finding suggests private and sovereign AI may depend less on complete independence than on careful orchestration across multiple suppliers and internal teams. Businesses seeking tighter control over data and model operations may still need a network of cloud, infrastructure and software providers to make those systems work in practice.

The research also points to a gap between awareness and execution. While most respondents acknowledge the importance of private and sovereign AI, far fewer appear ready to commit resources and redesign systems in the near term.

For large companies, the issue has commercial as well as technical implications. Enterprises operating across many countries often need to balance global scale with local regulation, and AI workloads can intensify that conflict because they rely on large, often continuous flows of data.

NTT DATA, which describes itself as a USD $30 billion business and technology services group, said organisations that respond early are better placed to operate in regulated, distributed and data-sensitive environments. The survey findings suggest companies that delay architectural changes may find it harder to turn AI investment into broader deployment.

Among the clearest figures in the study was the low level of confidence in cloud security. Only 38% of respondents said they felt highly confident in their current posture, underlining the operational concerns businesses face as they rethink where AI runs and who controls the underlying data.