As Asia-Pacific enterprises accelerate their adoption of enterprise AI, a quiet but critical tension has taken hold in boardrooms across the region. Companies are eager for the productivity gains, deeper insights and competitive edge that internal AI systems can deliver. Yet they are equally determined to keep control over the sensitive data that powers these models.
Recent research from Accenture captures this balance well. Six out of 10 business and government leaders globally are now more likely to seek sovereign technology solutions, while 55 percent are considering a mix of both global and local providers.
For enterprises, this shift turns email infrastructure into a strategic priority rather than a background utility. After all, enterprise email systems act as the foundational data pipeline for AI since they hold a rich historical context, from contract negotiations to customer interactions and operational decisions. These are data that private AI models need to deliver meaningful value.
As organisations look to feed this knowledge into systems for smarter search, automation and decision support, the underlying platform becomes vital to maintaining full control over the entire AI lifecycle and avoiding unintended risks to compliance and sovereignty.
The growing demand for data control across the region
Governments across the region, particularly in Southeast Asia, are placing greater emphasis on data sovereignty and control. Indonesia maintains a relatively strict approach, enforcing data localisation for public sector entities and sensitive financial data. For example, state-owned entities like PT Kereta Api Indonesia (PT KAI), upgraded its infrastructure to ensure critical communications for its employees remain secure, encrypted, and compliant within national borders.
The Philippines adopts a more flexible stance, focusing primarily on ensuring that personal data receives adequate protection regardless of where it is processed. In Thailand, authorities are strengthening expectations around data governance, particularly for financial institutions and operators of critical infrastructure.
These national priorities are being met through a growing focus on operational readiness; for instance, a secure email infrastructure has already been deployed for over 17,000 accounts across essential Thai agencies, including the Ministry of Foreign Affairs and the State Audit Office, ensuring that high-value government data remains under national control
These developments reflect a broader Asia-Pacific momentum. As digital economies expand rapidly, policymakers are increasingly determined to ensure that sensitive communications remain subject to national oversight and jurisdiction.
Enterprise AI initiatives must eventually show compliance
Many widely used cloud platforms for email and collaboration are proprietary. While they deliver strong functionality and convenience, enterprises often have limited visibility into how their sensitive information, such as emails, calendars, shared documents and internal messages, are processed or where it is stored.
This can make it more challenging to demonstrate compliance when regulators eventually request evidence for enterprise AI initiatives.
Open-core foundations provide a compelling alternative, with a report from the Linux Foundation, LF AI & Data and Futurewei Technologies revealing that 90 per cent of organisations cite open source as essential to achieving AI sovereignty.
Across the region, leaders are discovering that open-source foundations are the most effective way to ensure AI remains relevant and secure; for instance, the ASEAN-wide SEA-LION project demonstrates how open-source models can be fine-tuned using regional datasets to accurately reflect local languages and dialects. This approach allows organisations to move away from the biases of global, one-size-fits-all models and build AI that truly understands the Southeast Asian context.
Open-core platforms combine the transparency of auditable code with the reliability and support of commercial software. Organisations can review how their email data is managed, customise the platform to meet local requirements, and reduce reliance on any single vendor.
What can be a complex compliance requirement becomes a clear demonstration of responsible governance, particularly for sectors building enterprise AI from regulated communications and personal information.
Email sovereignty as a competitive necessity
Today, roughly one-third of enterprise workloads require strict data sovereignty, where sensitive data must remain within national borders, under local jurisdiction and fully auditable. Email systems sit at the heart of this shift, because it serves as a key data source for training private AI models that can understand a business’ specific context.
However, this data source is also a prime target. Regional security benchmarks have officially pushed the risk level for Asian digital communications into the ‘critical’ category, due to the influx and complexity of email-borne threats.
This creates a high-stakes dilemma for companies training their own AI.
For enterprises relying on proprietary cloud email services, data can flow through infrastructure outside national borders or fall under foreign legal oversight, which can limit visibility and control over how that data is processed.
- Anthony Chadd is Chief Revenue Officer at Zimbra.
That is why open, auditable platforms are moving from a technical preference to a strategic advantage. By choosing an open-core architecture, enterprises ensure their intelligence stays under their own stewardship. In today’s regulatory environment, having that level of transparency is both a security feature and a competitive necessity.
Charting a sovereign path for enterprise AI
The coming years will reveal which organisations truly own their digital future. Those that treat email infrastructure as strategic for enterprise AI, choosing open and auditable foundations over opaque systems, will be far better placed to harness artificial intelligence responsibly. They will meet regulatory expectations with confidence, protect sensitive information without compromise and build AI models rooted in their own context and values.
Asia-Pacific’s enterprise AI ambitions are already impressive. But to realise them fully, leaders must look beyond raw computing power. They must select technology that keeps control where it belongs, with the organisation.
Open foundations are the quiet infrastructure that makes genuine sovereignty possible, not as a luxury, but as the essential foundation for sustainable innovation in a region determined to lead on its own terms.
Anthony Chadd is Chief Revenue Officer at Zimbra.
