For much of the digital era, data centres and large-scale compute—the computing power needed to train and run advanced software, including AI—were treated as background infrastructure: technical systems that enabled growth but did not meaningfully shape strategy. Today, that view is changing. Governments across advanced economies are recognizing that who controls large-scale computing capacity matters, shaping which technologies emerge, which firms can scale, and how much influence states retain over systems that increasingly affect both the economy and security.

Export Controls and the Legalization of Access

This shift is visible in how Canada’s peers are beginning to frame and regulate digital infrastructure. In the United States, access to advanced computing hardware is now addressed through export control policy linked to national security considerations. A January 2026 update to U.S. licensing rules revised how applications to export certain advanced computing chips are reviewed, signalling that high-performance compute is no longer treated solely as a commercial technology.

A similar reframing is evident elsewhere. In the United Kingdom, compute capacity is treated as a matter of resilience and strategic preparedness. Further, in the European Union, cloud and digital infrastructure are framed as pillars of economic security and technological autonomy. While these approaches differ in form, they reflect a shared recognition that data centres and AI compute have strategic importance beyond their commercial value.

Against this backdrop,Canada has not yet fully adopted a similar view. Despite increasingly urgent rhetoric around digital sovereignty and artificial intelligence, Ottawa continues to treat cloud infrastructure primarily as a service to be procured, rather than as a strategic asset to be governed. The international context makes this gap harder to ignore. Over the past decade, the United States has steadily expanded the extraterritorial reach of its digital authority, underscoring how infrastructure decisions can carry legal and sovereign consequences beyond national borders. This is demonstrated through policies such as the CLOUD Act, which asserts jurisdiction over American technology firms regardless of where data is physically stored.

The CLOUD Act and Extraterritorial Leverage

These developments have been the subject of sustained debate and criticism, particularly in response to the extraterritorial reach of the U.S. CLOUD Act. Opponents argue that the Act weakens other states’ ability to exercise meaningful control over data generated within their own jurisdictions, even where that data is stored locally. European regulators and courts have repeatedly raised concerns that such frameworks undermine domestic privacy regimes and constrain regulatory autonomy, prompting ongoing legal and policy disputes over cross-border data access. Similar questions have been raised in Canada as governments and public institutions become increasingly dependent on foreign-operated cloud infrastructure. Taken together, this debate illustrates how decisions about who owns, operates, and governs digital infrastructure can translate into durable legal and sovereign consequences.

From Data Sovereignty to Compute Sovereignty

More recently, this logic has been extended beyond data and cloud services to computing access itself.  In January 2026, the U.S. Bureau of Industry and Security revised its licence review policy for advanced computing commodities, replacing a default presumption with a case-by-case review under strict conditions. While technical in form, these measures reflect governance choices embedded in law and system design. In practical terms, this shift means that access to powerful computing resources is no longer automatic or determined solely by market forces. Instead, access can be permitted, restricted, or denied based on government rules that shape who is able to use advanced compute and under what conditions.

Europe’s Cloud Sovereignty Framework

Once access is governed in this way, it becomes conditional rather than assumed. The state that sets those conditions gains influence over who can use large-scale compute, on what terms, and with what degree of certainty. Several jurisdictions have responded by explicitly linking digital infrastructure to questions of sovereignty. In October 2025, the European Commission advanced its Cloud Sovereignty agenda, framing cloud and computing infrastructure as a matter of economic security and technological autonomy rather than as a neutral commercial service. This shift was reflected in part through a €180 million tender issued under the Cloud III Dynamic Purchasing System. The framework defines sovereignty objectives, including legal jurisdiction, supply-chain transparency, and compliance with EU law, and introduces Sovereignty Effective Assurance Levels (SEAL) to benchmark providers.What connects these developments is a change in where leverage sits. As compute and cloud capacity become more concentrated and harder to substitute, the ability to set conditions on access increasingly determines who can build, deploy, and scale advanced technologies. Governments that shape those conditions gain influence over both infrastructure and the economic and security outcomes that depend on it. For states that rely primarily on externally operated systems, this shift introduces a new form of dependency — legal and operational rather than physical — that is difficult to unwind once established.In the United Kingdom, the government has gone further at the infrastructural level. It has formally designated data centres as critical national infrastructure, and in November 2025 introduced the Cyber Security and Resilience (Network and Information Systems) Bill. However, Canada’s response has been more cautious. Recent initiatives illustrate this.

Canada’s Partial Sovereignty Mode

Budget 2025 committed $925.6 million over five years to support sovereign public AI infrastructure, including large-scale facilities intended for research and industry use. This funding underpins the Canadian Sovereign AI Compute Strategy, which includes the AI Compute Challenge and other measures aimed at expanding domestic capacity. One example is federal support of up to $240 million, announced in December 2024, for a $725 million data centre project in Cambridge, Ontario, led by the Canadian AI company Cohere. Notably, the facility itself is operated by CoreWeave, a U.S.-based cloud provider.

Physical Presence, External Control

Each of these initiatives has been framed as a pragmatic compromise. Together, they reveal a pattern: Canada asserts sovereignty through physical presence while conceding legal and operational control. Defenders argue that Canada lacks the scale to pursue a different path. They point to limits on capital and market depth, as well as the technical demands of operating large-scale compute.

Why is Compute Is Strategically Different

Artificial intelligence changes the role compute plays in the economy by making sustained access to large-scale infrastructure a precondition for progress. Advanced models depend on computing environments that are costly, slow to build, and difficult to substitute. As a result, compute becomes a constraint that shapes who can develop and scale advanced AI systems. That constraint is what gives compute strategic significance: control over it influences economic competitiveness, technological leadership, and the capacity of states to shape how AI is developed and used. This dynamic is widely documented by the OECD, the Stanford AI Index, and reflected in analyses by the Bank for International Settlements.

Canada’s Strategic Choice

This is the risk Canada now faces. It flows from earlier decisions to treat digital infrastructure as neutral, interchangeable, and best sourced externally.  The context for those decisions has changed. Access to compute and cloud infrastructure is now harder to substitute and more consequential to economic and security outcomes. Other advanced economies are responding by expanding domestic capacity and by placing limits on default reliance on foreign-operated systems. Canada faces the same choice. It can continue to procure large-scale compute primarily from U.S.-based operators, or it can treat compute as infrastructure that must be deliberately built, governed, and anchored at home.

© OpenCanada