Sovereignty

Digital sovereignty: what the Palantir debate is really about

What the debate is really about – ownership, jurisdiction, and why Europe needs its own model layer.

Published 6 July 2026

Digital sovereignty is about who owns and controls critical AI infrastructure – not just where the data physically sits

The short answer to "what is the Palantir debate really about?" is this: digital sovereignty is a question of control, not location. It asks who owns the model, who owns the training data, and whose legal jurisdiction can ultimately compel access. A data centre inside the European Economic Area answers where your data lives. It does not, on its own, answer who controls the software, the model layer, and the legal chain around it. That distinction is the heart of the debate – and it is a debate about compliance burden and ownership, not about legality.

This is not about whether Palantir is lawful – it is entirely so. Palantir Technologies operates legally, serves democratic governments, and is a publicly traded company. The question digital sovereignty raises is narrower and more structural: when critical public functions run on infrastructure owned by a foreign company, who bears the compliance burden, and who owns the model layer underneath?

The two layers everyone conflates: orchestration and the model itself

Modern AI systems have distinct layers. There is the orchestration layer – the platform that integrates data, workflows, and models – and there is the model layer – the actual weights and the training data they were built from.

Palantir Technologies is a US company founded in 2003, with early funding from In-Q-Tel in 2003. Its platforms include Gotham, Foundry, and AIP. According to Palantir's own description (palantir.com), it positions AIP as model-agnostic: the platform integrates third-party models rather than supplying its own foundation model. In other words, Palantir's strength is orchestrating a model layer that it draws in from elsewhere.

Od1n is the model layer itself. Od1n is a sovereign Norwegian language model with its own weights and known training grounds, run in the EEA and on-premise, with the whole chain under European jurisdiction. It is not a platform that integrates someone else's foundation model – it is the foundation model. That is the structural difference the sovereignty conversation keeps circling back to.

Why an EEA data centre does not settle the jurisdiction question

The US CLOUD Act (2018) can give US authorities access to data held by US providers regardless of where that data is physically stored. This creates a well-documented tension with GDPR and European data sovereignty. The practical consequence is important: hosting inside Europe does not, by itself, remove US jurisdictional reach when the provider is a US entity. Location is necessary but not sufficient. Ownership and jurisdiction of the whole chain are what determine control.

For decision-makers, this reframes the procurement question. It is not only "where is my data?" but "whose courts, whose subpoenas, and whose corporate obligations sit behind the software running my most sensitive functions?" To understand how this interacts with European rules on high-risk systems, see what the EU AI Act means.

What Switzerland's process illustrates

According to Swiss investigative journalism based on freedom-of-information requests, reported by swissinfo.ch (2026), at least nine Swiss federal agencies rejected or held off on Palantir. As reported, the stated concern was US jurisdiction rather than product quality, with Switzerland pointing toward what was described as "absolute autonomy." We attribute these characterisations to swissinfo.ch (2026); we do not draw legal conclusions from them. The point for this article is narrow: the reported hesitation was about jurisdictional control, which is precisely the sovereignty question – not a judgment about whether the product works or whether the vendor acts lawfully.

Norway is exposed to the same question

Norway is not outside this conversation. Norwegian Customs has been reported as a Palantir customer since 2017. Separately, Norway's oil fund – Norges Bank Investment Management (NBIM) – has held shares in Palantir, according to NBIM portfolio data. We state these as reported facts and attribute them accordingly; we make no claim about the merits, terms, or scale of either relationship. They simply illustrate that the ownership-and-jurisdiction question is already live in Norwegian public institutions, not a hypothetical for some other country.

What sovereignty looks like when you own the model layer

If digital sovereignty is about control of critical AI infrastructure, then the most direct form of control is owning the layer that everything else depends on. That means:

This is the design principle behind Od1n, which is a product of EZ-Fix AS rather than a company in its own right. The argument is not that orchestration platforms are bad or unlawful – they are neither. It is that if you care about who ultimately controls the model, you have to own the model. For a fuller picture of how this is built, see the technology behind Od1n.

The bottom line

The Palantir debate is a proxy for a bigger structural choice facing investors, public-sector buyers, and foreign companies operating in Europe and Norway. Everyone agrees the software can be excellent and the vendors lawful. The open question is who owns the model layer and who bears the jurisdictional compliance burden when the software sits at the centre of critical operations. Sovereignty, properly understood, is answered at that layer – and that is the layer Od1n is built to be.

This article is marketing from Od1n (EZ-Fix AS) and a position piece – general information, not legal advice. Od1n is our own product.

Sources: palantir.com; US CLOUD Act (2018); swissinfo.ch (2026); Norwegian Customs; Norges Bank Investment Management (NBIM).

Interested in Od1n?

Talk to us about how a sovereign Norwegian language model can be adapted to your organisation.

Contact usSee Od1n V5