Trump Can Read Your Email — and Your AI Agent Logs: The Case for Digital Sovereignty

Mar 5, 2026

I was on a video call with Dubai while missiles were being intercepted overhead. The next day I watched Trump threaten the UK prime minister on live television. It connected some dots about AI infrastructure.

On Monday morning I had a video call with two people in Dubai. Iranian missiles were being intercepted overhead while we talked. They mentioned it the way you'd mention rain — briefly, then back to business. What they actually wanted to discuss was AI infrastructure.

"The news is just — yeah. From what I've seen and what people have told me they've seen, it's not the reality on the ground at all," one of them said. Missiles overhead, and they wanted to talk about who owns the servers.

The following day, I watched Trump call the UK prime minister "extremely unhelpful" on live television. He said Starmer was "no Winston Churchill." The glare he gave the camera looked like he was about to rain bombs down on us, too.

The row was over Diego Garcia — Starmer had refused to let the US use the British military base for the initial strikes on Iran. Trump was furious. Lord Darroch, who was our ambassador to Washington during Trump's first term, called the language "pretty brutal" and warned of "a serious rift."

So: on Monday, bombs over Dubai. On Tuesday, the US president publicly threatening Britain over a military base. And somewhere between those two things, I started thinking about a question that sounds mundane by comparison but might actually matter more to most of the people reading this.

Who controls the infrastructure your AI runs on?

Trump can, in fact, read your email

If you're using any AI service from an American company — OpenAI, Anthropic, Google, Microsoft — the US government can compel that company to hand over your data. Not your data that's stored in the US. All your data. Everywhere.

The CLOUD Act gives US law enforcement the power to demand data from US-headquartered companies regardless of where the data is physically stored. Your Azure OpenAI instance runs in Frankfurt? Doesn't matter. Your Anthropic contract says "EU data residency"? Doesn't matter. The legal jurisdiction follows the company, not the server.

The Schrems II ruling invalidated the EU-US Privacy Shield in 2020 precisely because US surveillance law is incompatible with European fundamental rights. The replacement framework can be revoked. It nearly has been. And every time a new administration takes office, the risk calculation changes.

I saw a post on LinkedIn recently — someone had compiled every legal mechanism by which the current US administration can access data held by US tech companies. It's a long list. The PATRIOT Act. The CLOUD Act. FISA Section 702. Executive Order 12333. National Security Letters. They all point the same way: if a US company has your data, the US government can get it.

Ben Ford, who I was on that Monday call with, put it like this: "The Patriot Act is extending itself from not just your data centre, but if you operate in these markets you can also extend to there as well."

I keep coming back to this after watching Trump and Starmer. If the "special relationship" — the closest military alliance in the Western world — can crack this badly over a single base on a single island, what does that tell you about the durability of any legal framework that's supposed to protect your data from US access? These agreements exist at the pleasure of whoever's in the White House. And right now, the person in the White House is publicly calling our prime minister "not helpful" and comparing him unfavourably to a wartime leader who's been dead for sixty years.

Someone I know who works with compliance teams in fintech framed it the way I've been thinking about it ever since: "If Trump is an ally, this is a non-issue. If Trump isn't an ally — and reasonable people can disagree about that — then you need to ask yourself: would we accept this level of access from Russia? From China?"

I think that question answers itself.

Agents make this worse. Much worse.

This isn't just about someone pasting a document into ChatGPT. That's bad enough, but it's a human doing it once, maybe a few times a day.

AI agents are different. They run 24/7. They process your company's data autonomously — internal documents, codebases, customer records. They make API calls to your internal systems. They access your repositories, write code, push commits. They browse the web on your behalf, log into tools with your credentials, and take actions you might not review until hours later.

If your agent fleet runs on US-controlled infrastructure, the PATRIOT Act applies to every single one of those actions. Every document indexed. Every API call made. Every prompt sent and every response received. That's not a human occasionally using a chatbot. That's a continuous, autonomous stream of your most sensitive business operations flowing through infrastructure that a foreign government has legal authority to inspect.

The attack surface is categorically different. And most companies haven't caught up to that yet.

Ben's point about ownership

Ben Ford has been thinking about this longer than most. He runs infrastructure for a company that processes data you really don't want leaking, and his take is blunt.

"Every man and his dog is going to sell you some kind of sandbox thing that runs on their servers," he told me. "But I think for most people who are building their own infrastructure, they should own more of it."

His argument isn't just about data protection. It's about skills. If you outsource your AI infrastructure to a US cloud provider, you're not building internal capability. You're renting it. And when the terms change — when the pricing doubles, when the model gets deprecated, when the legal framework shifts — you've got nothing. No skills, no infrastructure, no fallback.

Nessie, our CTO, made a related point from Dubai: "As long as you are okay in a few languages, LLMs can really help you to do much more." His experience is that small teams with the right infrastructure can now compete with companies ten or twenty times their size. But only if they own that infrastructure. If you're dependent on someone else's API, you're dependent on someone else's roadmap, someone else's pricing, and someone else's government.

€75 million says this isn't just talk

In March 2026, the European Commission and a consortium of over 70 entities launched EURO-3C — a €75 million Horizon Europe-funded project to build pan-European sovereign infrastructure integrating telco, edge, cloud, and AI.

The consortium is led by Telefónica and includes Vodafone, BT, Deutsche Telekom, Ericsson, Nokia, Orange, Swisscom, TIM, and dozens of smaller companies and research institutions. They're deploying 70+ edge and cloud nodes across 13+ European countries. This isn't a whitepaper. It's funded infrastructure with production nodes going in now.

Worth noting that UK-based Vodafone is a core member. This isn't just an EU thing. It's a concern for anyone whose AI infrastructure currently has a kill switch in another country.

And every organisation that sends prompts to a US AI provider — even if the model runs locally under licence — is building a dependency that gets harder to unwind the longer you leave it.

The fintech conversation

One of the other conversations I had this week was with someone in fintech. He told me about a founder in his network whose Claude AI costs had reached $3,000 per developer per month. Three thousand dollars. Per developer. Per month.

But the cost isn't what keeps him up at night. It's what happens when you feed sensitive data into these systems.

"Banks will never put their data into a public cloud because they don't want that data visible to anybody but themselves," he said. "They know what they're doing."

He's right. KYB checks, sanctions screening, UBO mapping — these are workloads where the data is the most sensitive thing the company has. You can't send that to a US AI provider and maintain attorney-client privilege. You can't send it and comply with the spirit of GDPR. You can technically comply with the letter of some regulations, but you're betting on the current legal framework surviving contact with the next Schrems ruling. I wouldn't take that bet.

So what does sovereignty actually mean?

"Data residency" is the answer most cloud providers give, and it's the wrong one. Data residency means your data sits on a server in your country that's owned by a company in another country. The CLOUD Act doesn't care where the server is. It cares where the company is incorporated.

Real sovereignty means your infrastructure is in your jurisdiction, on hardware you control. It means no API calls leave your network — every prompt and response stays inside your walls. You run open-weight models that you can swap, audit, and verify. No proprietary black boxes.

It also means the whole thing works offline. We built Helix to run fully disconnected — no mandatory telemetry, no licence heartbeat. Disconnect the network cable and it keeps running. And nobody can revoke your access, force a model update, or change the terms on you while you sleep.

I'm not going to pretend there's a halfway version of this. Either you control the stack or someone else does.

What we're doing about it

We've spent two years building Helix to run entirely on your infrastructure. Inference, RAG, agents, agent desktops, fleet orchestration — the full private AI stack, on hardware you control.

We're now shipping this as a Sovereign Server: a 4U rack server with 8× NVIDIA RTX 6000 Pro GPUs, Helix pre-installed, delivered to your data centre. You plug it in, power it on, and your team has a private AI agent fleet. No cloud dependency. No API calls leaving your building.

The economics make sense too — teams spending $3,000/developer/month on cloud AI tools are burning through the cost of the server in months, not years. I wrote up the full numbers and what the server actually runs separately, because this post is already long enough.

But honestly, the economics aren't why I wrote this. I wrote this because I had a call on Monday where missiles were flying overhead and nobody flinched, and then on Tuesday I watched the president of the United States publicly threaten my country's prime minister on television. And it made me think: the infrastructure your business depends on probably shouldn't have a kill switch in that guy's jurisdiction.

The people I was talking to in Dubai already get this. I think more people will, quite soon.