As 2025 ends, I reflected on the major topics that I see evolving in my practice. They are digital sovereignty and AI security, in particular the security of AI agent systems. These are systems where AI is not just used as an advanced data processor, but is undertaking autonomous actions.

I focus specifically on so-called wicked problems: problems that do not have simple solution because they are intertwined with many other issues and conflicting interests.

My personal reason for diving deeper into this is that I have chosen to take a sabbatical. Cloud computing and cloud security have kept me busy for many years, but I felt the need for a transition, and this was an additional reason to reflect on the field of digital infrastructures.

Data sovereignty emerged with the rise of pervasive cloud computing. In a changing geopolitical landscape, cloud infrastructure has dramatically increased the powers of foreign governments and multinational companies over individual nations.

Data sovereignty is about the power to control which data flows where, and it is exerted through control over digital infrastructures such as cloud and social media.

Large governments have denied individuals and corporations access to cloud services, have siphoned off confidential data, and have actively obstructed attempts to find alternative technological solutions to reduce their control.

Big tech is influencing the public at large and even complete nations, for example by helping to rig elections and circumventing attempts to regulate them.

This is important stuff.

The second wicked problem is AI security. AI is harder to secure than a lot of other information technology. This is especially true for the upcoming wave of AI agents: AI that acts without direct oversight or human in the loop.

These two problems are related: for example, the power to run AI at scale is not uniformly distributed across the world’s nations.

Although these problems remain partially unsolvable, understanding and appropriate actions can diminish their risks.

The lens of digital infrastructures that I have developed over de past decades can help to analyze these risks and how to reduce them. Its main perspectives are about data and where control boundaries are, promises that are made by various components and actors, and how power is exercised through that.

The first edition of my book on digital infrastructures is now published. The online version is more up to date, and in 2026 I hope to expand that significantly.

Some relevant sections of the book:

International actors https://digitalinfrastructures.nl/book/power/international-actors/

AI infrastructures https://digitalinfrastructures.nl/book/diginfra/digital-inf-ai/