Sovereign AI on the shopfloor: the maintenance assistant that never leaves your walls

>80%

European dependence on non-European digital technology & providers — Draghi report²

€15m

or 3% of global turnover — the EU AI Act fine for a high-risk-obligation breach⁴

90%

of organizations believe local storage of data is inherently safer — Cisco⁷

In September 2025, Roland Berger and Aleph Alpha published "AI sovereignty — A strategic imperative for European industry."¹ Its argument is not the usual abstraction about European champions. It is concrete and uncomfortable: European industry runs on digital technology it does not control, the regulatory bar for using AI in high-risk industrial settings is rising fast, and the only durable answer is sovereign AI — systems that are auditable, explainable, domain-tuned, company-owned, and deployed on infrastructure the enterprise controls.

The report grounds the urgency in the Draghi competitiveness analysis: the EU "relies on foreign countries for over 80% of digital products, services, infrastructure and intellectual property."² The capability gap is just as stark — by Roland Berger's count, Europe produced three major AI models in 2024, against forty in the United States and fifteen in China.¹ Layer the EU AI Act on top — high-risk obligations binding, fines reaching the tens of millions — and "where does the AI run, and can we prove what it did" stops being an architecture preference. It becomes the precondition for being allowed to use AI on the industrial core at all.

"When you rely on foreign platforms for core AI, you're not just outsourcing tech — you're giving up your data, your value and your edge."— Daniel Rohrhirsch, Roland Berger, "AI sovereignty," Sept 2025

The report names four requirements for sovereign AI, and a build pattern that satisfies them.¹ We'll take them at face value — and then show what it actually takes to honor them in a working system, using the report's own flagship example: the maintenance assistant on the shopfloor.

The four requirementsWhat "sovereign" has to mean in practice

Stripped to essentials, the report's four requirements (its Exhibit C) are a checklist any serious industrial deployment can be measured against:

Trust by design — auditability, explainability, and EU AI Act compliance built in, not bolted on. Every output must be traceable to its evidence.
Modular control — company-owned data and on-premise deployment, with no lock-in to a single provider's model or cloud.
Domain fit — tuned to the enterprise's own machines, manuals and history, not a generic model answering from the open web.
Infrastructure fit — works with the legacy IT and OT estate already on the floor, rather than demanding a rip-and-replace.

Notice what these have in common. Not one of them is a statement about model quality. They are all statements about the system around the model — where the data lives, who can audit the output, whether a citation backs every claim, who holds the controls. That is the recurring lesson of enterprise AI, and it is exactly where most deployments come up short.

The use caseThe maintenance assistant, examined honestly

The report's headline industrial example is a GenAI maintenance assistant that "generates repair guides tailored to machine type, failure history and technician language," "fuses historical tickets, sensor data and documentation into situational answers," and — the line that matters most — "includes source links for every step."¹ A technician describes a fault; the assistant returns a step-by-step, cited repair procedure, a likely root cause, and a draft service ticket with suggested spare parts.

It is a genuinely valuable pattern — unplanned downtime and slow first-time fixes are among the most expensive problems on any line. But it is also where the gap between a demo and a sovereign system is widest. A maintenance assistant is reading attacker-reachable text (a "manual" or a ticket can carry hidden instructions), it influences a safety-relevant action, and under the AI Act it may sit in a high-risk category. Three properties decide whether it is an asset or a liability:

1Grounding

Every step must cite a specific source — a manual page or a resolved prior ticket. A step the model cannot ground in the corpus is flagged, not asserted as fact. "Source links for every step" is the report's phrase; in a sovereign build it is a hard gate, not a nicety.¹

LLM01OWASP, 2025

Prompt injection is OWASP's #1 risk for LLM applications — input that "alter[s] the LLM's behavior," and that "need not be human-visible." A poisoned manual or ticket is precisely that. Untrusted text must be treated as data, never instructions.³

Art. 14EU AI Act

High-risk systems must be designed for human oversight — a person who can "disregard, override or reverse the output." No repair instruction reaches a customer, and no service ticket is submitted, without a human in the loop.⁵

The lawFor high-risk industrial AI, audit is an obligation

The report is right to put compliance at the centre. Breaching the EU AI Act's high-risk obligations carries a fine of up to €15 million or 3% of global annual turnover (the €35 million / 7% ceiling is reserved for the gravest prohibited-use breaches), with high-risk obligations applying from August 2026.⁴ Two of those obligations land directly on a maintenance assistant:

Human oversight (Article 14). High-risk systems must be built so a person can effectively oversee them — and "disregard, override or reverse the output," guarding against automation bias.⁵
Record-keeping (Article 12). High-risk systems "shall technically allow for the automatic recording of events (logs) over the lifetime of the system," so any decision is traceable after the fact.⁵

The U.S. NIST AI Risk Management Framework arrives at the same place from a different direction — its four functions are Govern, Map, Measure, Manage, with Govern "infused throughout."⁶ And the sovereignty instinct is widely shared: Cisco's 2025 Data Privacy Benchmark Study found 90% of organizations believe local storage of data is inherently safer, with 64% worried about inadvertently sharing sensitive information with AI.⁷ For machine manuals, fault histories and OT data, "on-premise" is not a comfort blanket — it is the answer to a compliance question.

The synthesisSovereignty is a platform property, not a model choice

Put the four requirements together and the conclusion is the same one the security and governance worlds keep reaching: the hard part is not the model. It is the system around it — keeping the corpus inside your walls, grounding every claim in a citation, treating every input as hostile until scanned, keeping a human on every consequential action, and logging all of it immutably. Solve those once, as platform capabilities, and the next use case inherits them. Solve them per-pilot, and each one re-litigates sovereignty from scratch.

That is the design stance behind flow8. The same non-negotiables apply to every process it runs, whether reconciling an invoice or diagnosing a pump fault:

🏠 Company-owned, on-premise corpus The manuals and ticket history are embedded into your own vector store and database — point it at on-premise Qdrant or pgvector. No chunk of text leaves except to the model you yourself configure. Modular control, by construction.

🔗 A citation on every step Each repair step carries a citation to a specific source chunk. A step the model can't ground is flagged ungrounded, not emitted as fact — the "source links for every step" requirement, enforced as a gate.

🧪 Untrusted input is data, not instructions Every manual and ticket is injection-scanned before it can influence a model. A flagged source is quarantined, not embedded — a direct answer to OWASP LLM01.

📋 Audit first, human-gated dispatch A full audit record — model, prompt version, retrieved chunks and scores, per-step citation, confidence — is written before any draft. Nothing reaches a customer or a ticketing system without a person. EU AI Act Articles 12 and 14, operationalized.

And it runs self-hosted — on-premise, private cloud or air-gapped — so the data on your shopfloor never crosses a boundary you don't own. That is the infrastructure-fit and modular-control half of the report's checklist, satisfied by where the platform runs rather than by a promise.

flow8 in practiceThe maintenance assistant, as two governed flows

We built the report's shopfloor case as two flow8 flows. The first owns the corpus; the second retrieves over it and drafts. Both write to one audited maint.diagnoses ledger, and nothing they produce is dispatched without a human. The architecture, not the prose:

Two self-hosted flows over your own maint_kb vector store. Each prepares and cites; nothing reaches a customer or a ticketing system without a human.

📚 Corpus builder manuals + resolved tickets → company-owned KB OCR · chunk · embed

🔧 Ticket assistant per ticket → cited root-cause + repair guide + parts RAG · grounding gate

Audit ledger · maint.diagnoses model + prompt version · retrieved chunks & scores · citation per step · injection pre-scan

👤 Human-gated Drafted guide + service ticket recommend → a technician decides → dispatch

Self-hosted · corpus never egresses 185+ audited modules Never auto-dispatches to a customer Ungrounded → flagged, not asserted

Two design choices make this sovereign rather than merely clever. First, the corpus is the system of record: the vector store is a derived index, rebuildable from a provenance mirror in your own database, so a citation always resolves to a human-readable source without trusting the index. Second, the gate that suppresses a draft is deterministic, not the model's self-assessment — low confidence, a weak retrieval, an ungrounded citation, or a detected injection all force the output into a review queue. The model proposes; the platform decides whether a human must look first.

The sovereign question is not "can the model write a repair guide?" It is "can we prove every step came from our own manuals — and stop it before it reaches a customer?" That is a platform answer, not a model answer.

The takeawayBuild the sovereign core once

Roland Berger and Aleph Alpha are right that sovereign AI is a strategic imperative for European industry, and the maintenance assistant is a sharp example of why. But the value is not captured by the model that drafts the guide. It is captured by the system that keeps the corpus inside your walls, grounds every step in a citation, scans every input for injection, keeps a technician on every dispatch, and logs all of it on infrastructure you own. Get that sovereign core right, and the next shopfloor use case is a fast, safe addition. Get it wrong, and you have shipped a confident, ungovernable assistant onto a line where mistakes cost real money — and, increasingly, real fines.

On the framing: the sovereign-AI thesis, the four requirements (trust by design, modular control, domain fit, infrastructure fit), and the maintenance-assistant capabilities ("source links for every step," fused tickets and documentation, draft service tickets and spare parts) are drawn from the Roland Berger & Aleph Alpha report.¹ The >80% dependency figure is from the Draghi report.² The OWASP, EU AI Act, NIST and Cisco points are from those primary sources. flow8's account of how to operationalize a sovereign maintenance assistant — corpus as system-of-record, citation-as-gate, deterministic review verdict, human-gated dispatch — is our own.

Bring sovereign AI to your shopfloor.

flow8 is the platform for running industrial AI use cases on infrastructure you own — company-owned corpus, a citation on every step, and a human on every dispatch.

Talk to our team →

Sources

Roland Berger & Aleph Alpha, "AI sovereignty — A strategic imperative for European industry," September 9, 2025. rolandberger.com
Mario Draghi, "The future of European competitiveness — Part B: In-depth analysis and recommendations," European Commission, September 9, 2024 ("The EU relies on foreign countries for over 80% of digital products, services, infrastructure and intellectual property"). commission.europa.eu
OWASP, "LLM01:2025 Prompt Injection," OWASP Top 10 for LLM Applications 2025. genai.owasp.org
EU AI Act — penalties (Article 99: up to €35m / 7% of global annual turnover) and application timeline (high-risk obligations from August 2026). artificialintelligenceact.eu/article/99
EU AI Act — Article 14 (Human Oversight) and Article 12 (Record-keeping). article/14 · article/12
NIST, "Artificial Intelligence Risk Management Framework (AI RMF 1.0)," NIST AI 100-1, Jan 2023. nist.gov
Cisco, "2025 Data Privacy Benchmark Study," Apr 2025. newsroom.cisco.com

← All insights