AI sovereignty: why DeepSeek V4 changes the strategic calculus for large enterprises
A sequel to Free AI does not exist. The previous article argued that the current window is the cheapest we will see for a long time, and that the path that actually pays runs through a premium model and a serious agentic system. This article opens the third path raised in its closing lines: for large organizations, the possibility of deploying a SOTA-class model on proprietary infrastructure — and everything that opens up, and everything that demands.
January 2026, IT steering committee of a large French industrial group. Twenty-two participants around an oval table, two wall screens still displaying the slides from the last quarterly review. The CIO projects a map of data flows — the business corpora that leave daily for the APIs of Anthropic in Dublin, OpenAI in Frankfurt, Google in Eemshaven. Three years that the question has been raised and deferred: "who holds our data when our AI runs on servers we do not control?". Three years of reassuring commercial answers — the SLAs, the certifications, the contractual commitments. None of them holds up against a serious GDPR audit or a slightly precise parliamentary question.
Three months later, on 24 April 2026, the DeepSeek team publishes DeepSeek V4. MIT source code, downloadable weights, a one-million-token context as standard, performance that trails Claude Opus 4.7 and GPT-5.5 without yet matching them — but at a seventh of the price on proprietary use, and deployable on internal infrastructure. For the first time since the eruption of generative AI in 2022, a model close to the frontier is open and deployable outside the servers of the three American proprietary vendors. The strategic calculus of large enterprises, which appeared locked onto that dependency, opens onto a third path.
This path remains narrow, demanding, and foreign to any logic of immediate cost saving. It changes the nature of the debate over AI sovereignty in the enterprise — and, for the organizations that can cross its threshold, it reshuffles the cards of data control, operational resilience, and competitive advantage.
Proprietary model, open source model: the concrete difference
A significant share of IT decision-makers still conflates two distinctions that have nothing to do with each other: proprietary / open source on one side, free / paid on the other. Clarifying the first is the precondition for any serious discussion of sovereignty.
A proprietary model — Claude Opus 4.7 at Anthropic, GPT-5.5 at OpenAI, Gemini Pro at Google — is a system whose code and weights remain locked inside the vendor's servers. The user never accesses them directly. They query the model through an API: they send their text, the model processes the request on the vendor's infrastructure, and the answer comes back. The data transits through the vendor's servers. The vendor can, at any moment, modify the model, throttle the session's capacity, withdraw a feature, raise the price, or terminate the service. The episodes of March–April 2026 — throttling of Claude Max sessions, the brief removal of Claude Code from the Pro plan, the doubling of the GPT-5 API price in the move to GPT-5.5 — were a brutal reminder.
An open source model — DeepSeek V4 at DeepSeek, Llama at Meta, Mistral Large at Mistral — is a system whose code and weights are published, downloadable, and deployable on any GPU cluster with the necessary power. The user has two options: query the model through the vendor's API (in which case their data transits as it would for a proprietary model), or download the weights and run the model on their own infrastructure. This second option changes everything. The data no longer leaves the organization. The model can no longer be modified, throttled, or withdrawn by a third party. The price is no longer controlled by a vendor exposed to the funding conditions of venture capital; it equals the physical inference cost of the internal infrastructure.
The distinction is operational before it is ideological. It opens, for the first time in 2026, a strategic option that proprietary models excluded by construction.
DeepSeek is Chinese — and what that actually implies
A nuance that superficial analyses dismiss too quickly: DeepSeek is a Chinese company based in Hangzhou, and its V4 model was trained in China. This has two consequences that must be held simultaneously.
If a European organization uses DeepSeek V4 through DeepSeek's official API — api.deepseek.com — then its business data transits through servers in China, is processed on the infrastructure of a company subject to Chinese law, and leaves the perimeter of GDPR protection. For sensitive data — industrial intellectual property, personal data, strategic files, public contracts, defense data — this is prohibitive. The DeepSeek API option is strictly equivalent, in terms of sovereignty, to a transfer of data to a third country without an adequate framework. No serious company should place its business corpora there.
If the same organization downloads the weights of DeepSeek V4 and deploys them on its own GPU cluster, in France, in Germany, or in a European sovereign cloud — the situation becomes radically different. The model is an inert object that executes locally. No data leaves the organization's infrastructure, neither toward the United States nor even toward the originating operator. This configuration is, in practice, safer from a data sovereignty standpoint than an API use of Anthropic, OpenAI, or Google, because it eliminates the very condition of the transfer.
The Chinese origin of the model nonetheless persists, in the form of a residual risk to be assessed: training biases tied to the Chinese corpus, coverage limits on certain European cultural or legal contexts, the theoretical — and to date undemonstrated — possibility of unexpected behaviors injected into the weights. These risks are serious, they require a thorough technical review before any deployment, and they forbid blind use. They are, however, of a different nature, and significantly more measurable, than a daily transfer of data to a foreign entity through an API.
The lesson is precise: using DeepSeek through the Chinese API = transfer of data to China = unacceptable for the majority of enterprise use cases. Deploying DeepSeek internally = no transfer of data = the most protective configuration. These are two opposite decisions on the sovereignty axis, made on the same model.
Performance: do not confuse availability with parity
Acknowledging that DeepSeek V4 is open and deployable leaves intact the question of its quality. That question deserves a precise answer, because it determines the correct use of the model.
The benchmarks published the day after the release of V4-Pro and V4-Flash, in mid-April 2026, paint a coherent picture. On competitive programming (Codeforces), V4-Pro takes the lead. On inference cost, V4 literally crushes the competition — V4-Pro at 1.74 dollars per million input tokens and 3.48 dollars on output, against 5 and 25 for Opus 4.7, against 5 and 30 for GPT-5.5. On the cost-to-quality ratio, it is the best offer on the market in April 2026.
On frontier reasoning, by contrast, Claude Opus 4.7 stays ahead. On GPQA Diamond, which tests doctoral-level scientific reasoning, Opus 4.7 scores 94.2% against 90.1% for V4-Pro-Max. On Humanity's Last Exam without tools, Opus 4.7 reaches 46.9% against 37.7% for V4. On SWE-bench Pro, which measures a model's ability to fix real bugs in large codebases, Opus 4.7 leads at 64.3% against 55.4% for V4-Pro. GPT-5.5, for its part, leads on long-running agentic tasks and certain knowledge benchmarks.
The gap is counted in a few percentage points — four to nine depending on the test — without yielding anything of its structure. On the most demanding acts of deep reasoning, of coherence across long chains of inference, of the ability to resist the traps of twisted questions, Opus 4.7 retains an advantage. A real margin, never a chasm.
This margin has a decisive operational consequence. DeepSeek V4 is meant for something other than doing things "cheaper" on critical acts. Choosing a less capable model to handle a strategic tender analysis on the pretext that it costs a seventh of the price amounts to hiring a junior CEO because they cost less than an experienced one. The trade-off is false by construction. On the critical act, you take the best tool available, because the difference in final quality buys back the difference in inference cost many times over.
Why, then, include DeepSeek in the architecture
If V4 is not the right choice for critical acts, what is it for? Five strategic reasons justify its integration into a serious architecture.
Optimize certain tasks. On the intermediate acts of an agentic chain — extracting the requirements of a CCTP, summarizing a paragraph, spell-checking, a first chapter skeleton, producing a test grid from a specification — the quality margin of Opus 4.7 ceases to translate into operational value. The result holds. On these acts, switching to V4-Pro or V4-Flash divides the inference cost by five to twenty for equivalent quality. This is optimization of spending inside the chain, to be distinguished from a logic of saving on total spending.
Bring resilience against providers. April 2026 accumulated the signals of instability: Max throttling at Anthropic, the brief removal of Claude Code from the Pro plan, the doubling of the GPT-5 → GPT-5.5 price, saturated GPU capacity at every hyperscaler, queues for chips. When a production chain depends on a single proprietary API, its continuity depends on the health of a third-party vendor — and can break without notice. Having an open source fallback deployed internally, even of slightly lower quality, guarantees continuity.
Take an option on future generations. The performance gap between open source and proprietary SOTA has narrowed steadily since 2023 — Llama 2, Llama 3, Mixtral, DeepSeek V2, V3, V3.2, V4. The trajectory continues in the same direction, with no signal of reversal. An organization that invests in 2026 in the infrastructure and the skills to operate a SOTA-class open source model puts in place the conditions to reap, in 2027 and 2028, the benefit of models likely at genuine parity, and still significantly cheaper to use. The real strategic question therefore shifts from "is V4 as good as Opus today?" toward "will the next open source generation be good enough, at a far lower cost, to become the standard?". The rational bet answers yes.
Keep a margin of sovereignty. For the most sensitive business corpora — industrial intellectual property, M&A files, defense data, public contracts, upstream pharmaceutical research — deploying AI processing on internal infrastructure with an open source model is the only option that guarantees no data leaves the organization. The sensitivity of the data, not the inference cost, is the right arbiter.
Preserve regulatory confidentiality. Beyond business sensitivity, some data is subject to regulatory constraints (GDPR for personal data, medical confidentiality, banking secrecy, defense secrecy, strategic identification data within the meaning of the European AI Act 2024) that make a transfer to a third-party API, even secured by contract, legally fragile. The option of an open source model running internally places the processing within the organization's compliance perimeter and simplifies the audit file.
None of these five reasons is "costing less" taken in isolation. The fourth and the fifth are the most structuring; the first three are serious optimizations that are measured at the scale of usage.
Three strategic positionings in 2026
The arrival of DeepSeek V4 leaves proprietary models in their place and opens, alongside them, a grid of three positionings, calibrated to the size of the organization, the sensitivity of the data processed, and the maturity of internal MLOps skills.
Tier 1 — Consumer. An enterprise subscription with a proprietary SOTA vendor (Claude Enterprise, ChatGPT Enterprise, Gemini for Workspace), with no internal infrastructure. This is the right trade-off for SMEs, mid-market companies, and large enterprises whose AI-processed data is neither of critical business sensitivity nor under a strong regulatory constraint. It is option C from the previous article — the path that pays for organizations that have neither the compute, nor the skills, nor the sovereignty pressure to go further.
Tier 2 — Hybrid. Proprietary models on critical acts handling low-sensitivity data (analysis of public tenders, reading of non-confidential commercial documents, drafting support on public corpora), and open source models running internally on the acts handling sensitive data. This architecture combines SOTA quality where it pays and data control where it is required. It suits serious IT services firms, consulting firms with strong confidentiality commitments, and industrial companies with a share of strategic intellectual property.
Tier 3 — Sovereign. Full deployment of a SOTA-class open source model on proprietary or European sovereign infrastructure, finetuning on internal business corpora, an inference chain mastered end to end. This is the positioning of central banks, defense operators, large pharmaceutical groups on their upstream research, public operators on sovereign data, and a few strategic industrials. It is also the positioning toward which the European AI Act directive will, in time, push certain sectors.
No tier is "better" in absolute terms. They correspond to objective configurations — size, sensitivity, skills, regulation. The great error of the next two years will be to claim to move to tier 3 without having the conditions for it.
The trap of the sovereign illusion
Many IT departments will announce, in 2026 and 2027, that they are deploying "their sovereign AI." Three failure patterns are already observed in the first open source deployments.
Deployment without serious MLOps. Downloading DeepSeek V4 and running it on two H100s falls far short. The performance of a SOTA-class model depends on an optimization chain — quantization, efficient attention, batching, kv-cache management, MoE routing, drift monitoring — that requires a dedicated and experienced MLOps team. Without that team, the organization ends up with an internally deployed model that underperforms even a clumsy use of proprietary SOTA, at full infrastructure cost. The worst of both worlds.
The absence of business finetuning. One of the strongest arguments for open source is the ability to finetune the model on the organization's internal corpus — history of tender responses, product documentation, business case law, lessons learned. Without that effort, the internally deployed model remains generic. You have paid for a costly infrastructure to reproduce, less well, what the API offers. Finetuning, which is demanding — it presupposes clean data, a methodology, a continuous evaluation infrastructure — is precisely the economic justification for tier 3.
Poorly architected RAG on the internal model. The most frequent error, and the most treacherous. The organization deploys its open source model internally, but uses it under a mediocre RAG architecture — poorly chosen embeddings, chunking that is too fine, no cross-encoder, no de-duplication. The result on long corpora reproduces internally all the flaws once held against consumer tools in the Copilot illusion, with the added cost of a dedicated infrastructure. The technical sovereignty of the data is preserved; the cognitive quality of the deliverable, however, collapses.
Sovereignty is built rather than decreed. It demands a team that masters the training-deployment-monitoring cycle over time, not a two-quarter project.
Strategic conclusion
For a CIO, an AI sponsor, an executive sponsor of a large organization, the arrival of DeepSeek V4 commands not so much an immediate decision as a structured question to carry into committee in the coming weeks.
Which business data leaves the organization today toward an AI API, and what is the real sensitivity of that data — in the GDPR sense, in the strategic sense, in the contractual sense?
Which positioning tier (1, 2, 3) matches our scale, our sector, our regulatory pressure, and the current maturity of our MLOps teams?
If we choose to move toward tier 2 or 3, on what perimeter do we start, with what data, and with what team — internal, augmented, or in partnership with a serious integrator?
The 2026–2027 window is the one in which these choices become structuring. DeepSeek V4 has opened the door. The following generations — V5, V6, and the open source competitors that will push in the same wake — will make it ever wider. It remains to decide whether you cross it, at what pace, and with what means.
Reserved for a minority of organizations able to bear its threshold, the option leaves the majority of the market aside. For large organizations that process sensitive data, by contrast, it changes the very nature of the debate over AI in the enterprise. Before DeepSeek V4, AI sovereignty was a matter of principle. From now on, it is a matter of investment.
Primary sources: DeepSeek-AI, "DeepSeek V4 Preview Release," api-docs.deepseek.com, 24 April 2026. Hugging Face, "deepseek-ai/DeepSeek-V4-Pro," huggingface.co, April 2026. VentureBeat, "DeepSeek V4 arrives with near state-of-the-art intelligence at 1/6th the cost of Opus 4.7, GPT-5.5," April 2026. Artificial Analysis, "DeepSeek V4 Pro (Max) — Intelligence, Performance & Price Analysis," artificialanalysis.ai, April 2026. BenchLM.ai, "DeepSeek V4 Pro vs Claude Opus 4.7 vs GPT-5.5: The Frontier in April 2026," April 2026. SemiAnalysis, "The Coding Assistant Breakdown," newsletter.semianalysis.com, 2026. Anthropic, "Claude Mythos Preview / Project Glasswing," red.anthropic.com, 7 April 2026. Regulation (EU) 2024/1689 of 13 June 2024 laying down harmonised rules on artificial intelligence (AI Act). CNIL, "AI and GDPR: recommendations on the development of AI systems," 2025. Patterson et al., "The Carbon Footprint of Machine Learning Training Will Plateau, Then Shrink," IEEE Computer 2022. Stanford HAI, "AI Index Report 2025," ch. 4 (Economy) and ch. 6 (Policy). Lewis et al., "Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks," NeurIPS 2020.