On May 12th, 2025, Business Finland announced that it would award €15 million in Leading Company (Veturi) funding to AMD Silo AI, with a projected ecosystem impact of €100 million in AI research and development over five years. The stated goal? To cement Finland’s position as a global leader in AI by investing in infrastructure, research partnerships, and commercialisation capacity.
At first glance, this appears to be a positive step. Finland is finally mobilising national resources to compete in the global AI race. The initiative promises collaboration across universities, enterprises and high-performance computing platforms like LUMI. The framing is bold: sovereignty, innovation, and competitiveness.
But when examined closely, the reality behind this initiative is not just disappointing – it’s strategically dangerous.
The Sovereignty Illusion
The company leading the initiative, Silo AI, was acquired by AMD (Advanced Micro Devices) in 2024. AMD is a publicly traded U.S. corporation headquartered in California. As such, AMD Silo AI is not a Finnish company. It is a U.S.-owned subsidiary operating within Finnish borders.
This ownership structure places all data, IP, telemetry, and models developed under this programme within the legal jurisdiction of the United States. Thanks to legislation like the U.S. CLOUD Act and FISA Section 702, the U.S. government has legal means to demand access to any data held or processed by U.S.-owned companies, regardless of where that data physically resides.
In plain terms: any data processed through AMD infrastructure, even if hosted in a Finnish company’s own server room, is not protected from U.S. surveillance. This reality directly undermines the project’s stated ambition of building “sovereign AI infrastructure” and ensuring Finland’s control over its digital future.
This conflict is not theoretical. According to a joint legal assessment by the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS):
“A foreign court order does not, as such, make a transfer lawful under GDPR.”
“In the absence of [an international agreement], service providers subject to EU law cannot legally base the disclosure and transfer of personal data to the U.S. on such requests.”
This means that any direct compliance with a CLOUD Act warrant by a U.S.-owned service provider handling EU data is, by default, unlawful under GDPR.
The Unspoken Risks
The press release from Business Finland made no mention of Silo AI’s acquisition by AMD. It made no mention of the data sovereignty implications. Instead, it painted the picture of a purely Finnish-led, European-aligned initiative. This omission is not just misleading – it is a failure of transparency.
While the goal of boosting AI capability is laudable, entrusting infrastructure and strategic AI development to a U.S.-owned entity introduces massive long-term risk:
Data exposure risk: Sensitive research and industrial data may become accessible to foreign governments.
Vendor lock-in: Once foundational infrastructure is built around a single vendor’s tools and architecture, switching becomes prohibitively expensive.
Talent leakage: Finnish researchers may develop innovations that are legally captured under U.S. IP regimes.
Loss of trust: Europe cannot claim GDPR leadership while funding projects that are structurally incompatible with it.
The Opportunity Cost
Beyond the sovereignty contradiction lies a deeper issue: who gets funded, and why?
As with many state-backed innovation programmes in Finland, funding continues to flow toward the largest, best-known names – those who already have access to capital, visibility and global networks. This is not unique to AI. It is a systemic pattern in Finland.
Meanwhile, truly sovereign, GDPR-native, European-owned AI startups struggle to access meaningful support. Companies building decentralised architectures, hosting their own infrastructure and using no external APIs are dismissed as “too small”, despite solving the very problems these initiatives claim to address.
What Should Be Done
This is not a call to defund AI. Quite the opposite: it’s a call to fund the right kind of AI.
Fund European-owned AI infrastructure companies that can legally guarantee GDPR compliance.
Prioritise open-source models, not just closed stacks dependent on non-EU hardware and toolchains.
Back sovereign AI startups with modern RAG systems, secure deployment, and proven track records.
Incentivise innovation that keeps both data and ownership inside European legal jurisdiction.
Finland’s AI future must be built on more than good intentions and strong headlines. If we want true digital sovereignty, we must fund those building it from the ground up – not those selling it to the highest foreign bidder.
About the author:
Victor A. Lausas is the CEO of North Atlantic Ltd, a Finland-based company building GDPR-compliant AI infrastructure, including NORAI RAG Bot, the first localised enterprise-ready RAG system designed for Europe.
Further reading:
Victor A. Lausas
Chief Executive Officer
