Fertility Data Sovereignty: The Most Sensitive Data in Medicine Meets the Least Sovereign Infrastructure
This essay was originally published in Fertility Intelligence, Fertiligent™'s newsletter on the demographics, science, and economics shaping how we build families — and how families, in turn, shape everything else. It is reproduced here in full.
Non, je ne peux pas le garantir
In June 2025, Anton Carniaux, director of public and legal affairs at Microsoft France, sat before a French Senate commission of inquiry and was asked, under oath, a question with only two possible answers. Could Microsoft guarantee that the data of French citizens, stored in Microsoft's French data centers, under French contracts, would never be handed to American authorities without French consent?
His answer: "No, I cannot guarantee it."¹
Carniaux was not confessing to negligence. He was describing the law. The US CLOUD Act, passed in 2018, compels American companies to produce data under US legal process regardless of where in the world that data physically sits.² A server in Paris, Frankfurt, or Toronto operated by a US-headquartered provider is, jurisdictionally, an American server. Data residency — the question of where the bytes live — turns out to be almost unrelated to data sovereignty — the question of whose law reaches them.
The testimony landed in Europe like a dropped glass. Within months, EU member states had adopted a Declaration for European Digital Sovereignty, and the phrase "sovereign AI" migrated from think-tank panels into procurement documents.³ A European Parliament report put numbers on the dependency: US firms hold roughly 69% of Europe's cloud infrastructure market; EU suppliers hold about 13%.⁴
It would be easy to file this away as a European problem — a story about Brussels and Washington. It is not. Sovereignty is not about which flag flies over the data center. It is about whether anyone outside the clinical relationship — a foreign court, another state's attorney general, a vendor's acquirer, a bankruptcy judge — can reach the record. The French Senate hearing simply happens to be the one time the limits were stated under oath. American clinics, as we will see, arguably face the sharpest version of the problem, and no foreign government is required to create it.
Almost nobody in that conversation was thinking about fertility clinics.
They should have been. Because the argument I want to make in this issue is simple and, I think, unavoidable: reproductive medicine generates the single most sensitive data class in all of healthcare, and it is currently adopting AI on the least sovereign infrastructure in computing. Those two facts are on a collision course, and the clinics that understand this first will hold a structural advantage — clinical, legal, and commercial — over the ones that discover it in a breach notification.
Why fertility data is different in kind, not degree
Every medical record is sensitive. A fertility record is sensitive in a way that has no parallel elsewhere in medicine, for four compounding reasons.
First, it is genetic. A modern IVF file routinely contains carrier screening for both partners, preimplantation genetic testing results on embryos, and increasingly whole-panel data on donors. Genetic data is the only category of personal information that cannot be revoked, rotated, or reissued. As John Edwards, the UK Information Commissioner, put it after investigating the 23andMe breach: once this information is out, it cannot be changed like a password.⁵ A leaked credit card costs a bank a few dollars. A leaked genome is permanent — for the patient, and partially for every one of their relatives.
Second, it is relational. A fertility record is never about one person. It binds a patient, a partner, often a donor, sometimes a surrogate, and — this is the part that should stop you — a future child who never consented to anything. When a clinic's data leaks, it leaks the genetic and reproductive information of people who were never patients and people who do not yet exist. No other specialty has this property.
Third, it is politically exposed. In the United States after Dobbs, reproductive health data has become evidence. State attorneys general have sought health records across state lines; period-tracking apps and telehealth providers have faced subpoenas; several states have passed shield laws specifically to wall off reproductive data from out-of-state legal process. Whatever one's politics, the descriptive fact is that a fertility record is now a document that governments, litigants, and estranged partners have active legal incentives to obtain. This is the sovereignty problem in its American form: the border the data must not cross may be a state line, not a national one. The jurisdiction question — whose law reaches this data — is not abstract for an IVF patient. It may determine whether her treatment history is discoverable.
Fourth, it is emotionally unrepeatable. The record contains the miscarriages, the failed transfers, the donor conception a couple has told no one about, the diagnosis one partner has not fully shared with the other. Fertility patients disclose to their clinic things they conceal from their families. That disclosure is the clinical relationship. Breach it once and it does not come back.
Now hold those four properties in mind and look at what happened when the largest private trove of genetic data in the world hit financial distress.
The 23andMe lesson: your data is an asset on someone else's balance sheet
In March 2025, 23andMe filed for Chapter 11 bankruptcy, and the genetic profiles of more than 13 million people became, in the language of the US Bankruptcy Code, an asset available for sale.⁶ This followed a 2023 credential-stuffing breach that exposed data on nearly 7 million customers — a breach for which regulators in the UK and Canada later found the company had lacked basic protections like mandatory multi-factor authentication.⁷ The 2024 litigation record included the allegation that data on customers of Ashkenazi Jewish and Chinese ancestry had been compiled into curated lists and offered for sale online.⁸
The bankruptcy auction is the part every clinic operator should study. Regeneron, a pharmaceutical company, initially won the genetic database with a $256 million bid. Only after a reopened auction did TTAM Research Institute — a nonprofit led by 23andMe co-founder Anne Wojcicki — take the assets for $305 million, and even then, attorneys general from dozens of states fought the sale, with five remaining actively opposed at approval.⁹ Judge Brian Walsh, approving the deal, conceded the transaction raised challenging issues around sensitive information. Bankruptcy scholar Laura Coordes of Arizona State drew the wider conclusion: US law simply has no adequate framework for what happens to genetic data when the company holding it becomes insolvent.¹⁰
Here is the transposition to our industry. When a fertility clinic sends patient conversations, intake histories, and clinical summaries into a third-party AI service, that data now lives — as prompts, logs, embeddings, fine-tuning corpora, or "service improvement" telemetry — inside a company the clinic does not control, under a privacy policy that company can amend, subject to a bankruptcy process that treats the data as an asset. The clinic has not outsourced a task. It has created a second, uncontrolled home for the most sensitive records it holds, governed by someone else's terms of service and someone else's balance sheet.
23andMe was not a villain in this story. It was a company that ran out of money while holding data that outlives companies. Every AI vendor a clinic contracts with is, actuarially, a candidate for the same story.
What "AI sovereignty" actually means for a clinic
The phrase gets used loosely, so let me define it in operational terms. There are three ascending levels, and most healthcare organizations have only cleared the first.
Level one: data residency. The data is physically stored in your country or region. This is what cloud providers sell as "sovereignty," and Carniaux's testimony is the definitive statement of its limits. Residency without jurisdictional control is geography, not sovereignty. The point was underlined again in November 2025, when Dutch government agencies that had deliberately chosen Solvinity — a Dutch cloud provider — to escape CLOUD Act exposure learned that Solvinity was being acquired by US-based Kyndryl. The municipality of Amsterdam was informed one day before the public announcement. Their sovereign choice became US-jurisdiction infrastructure overnight, through a transaction they had no part in.¹¹
Level two: data sovereignty. The data is subject only to the legal jurisdiction the clinic and its patients actually live under. For a Canadian or European clinic, this largely means the entities with technical access to plaintext data cannot be US hyperscalers or their subsidiaries, whatever the data-center address says. For a US clinic, the same level means knowing which states' legal process can reach the vendor's copies of your patients' records — and whether your state's shield law survives your vendor's logging practices.
Level three: AI sovereignty. The clinic controls not just where its data sits, but where inference happens — where the model that reads the patient's history, drafts the nurse's reply, and transcribes the physician's consult actually runs. This is the level almost everyone misses, and it is the one that matters most, because AI is precisely the layer where data leaves the perimeter. You can hold your EMR on a server in the basement — many fertility clinics still do, and their instincts were right — and undo all of it the day a staff member pastes a patient thread into a consumer chatbot, or the day the clinic bolts a cloud transcription service onto its consult rooms. Every prompt is a data export. An organization can be fully compliant on data residency and have zero AI sovereignty; the audit passes and the substance fails.¹²
The healthcare sector at large is arriving at this conclusion under duress. The June 2024 ransomware attack on Synnovis, a pathology provider to London hospitals, cancelled thousands of operations and was linked to at least one patient death — a demonstration that healthcare data infrastructure is now attacked as critical infrastructure, because it is critical infrastructure.¹³ Health systems in several countries are responding by moving clinical AI workloads on-premises or into dedicated single-tenant environments where protected health information never leaves the perimeter; in parts of Europe, digital sovereignty has shifted from policy aspiration to procurement requirement for clinical workloads.¹⁴
Fertility clinics, which hold the most radioactive data in the building, should be at the front of this migration. Most are not — because the counter-argument is genuinely strong, and it deserves to be stated at full strength.
The best case for the cloud, stated honestly
If I were arguing the other side, here is what I would say.
First, the frontier models are simply better, and in medicine, capability is safety. A cloud model that catches a drug interaction or drafts a more accurate patient explanation delivers clinical value that a weaker local model forfeits. Choosing a worse model for jurisdictional purity is its own patient-safety trade-off.
Second, the hyperscalers are better at security than you are. Microsoft and Google employ thousands of security engineers; a fertility clinic employs an IT contractor named Dave. The realistic threat to clinic data is not a CLOUD Act warrant — Carniaux noted no such request had ever targeted the data in question — it is ransomware exploiting the unpatched on-premise server that "sovereignty" put in the basement. Most healthcare breaches are failures of basic hygiene, not of jurisdiction.
Third, the economics historically didn't work. On-premise AI meant six-figure hardware, scarce MLOps talent, and infrastructure that depreciated while cloud models improved monthly. For a clinic running on IVF-cycle margins, that was a real barrier, not an excuse.
Fourth, everyone is subject to someone. The CLOUD Act reaches any provider doing business in the US — including European ones, as OVHcloud itself acknowledges.¹⁵ Perfect jurisdictional isolation is a mirage; pursuing it can become an expensive form of theater.
These are serious arguments. Three developments have broken them.
The capability gap closed for the tasks clinics actually need. Fertility clinic AI is not protein folding. It is patient communication, intake triage, documentation, referral processing, and multilingual explanation of protocols — language tasks in a bounded domain. And in a bounded domain, the recipe that wins is not the biggest general model; it is a strong open-weight base model, trained further on a curated fertility corpus — clinical protocols, patient-communication patterns, the vocabulary of stimulation cycles and beta results and transfer-day anxiety — and grounded at runtime in the clinic's own documents. The general-purpose frontier model knows a little about everything. The domain-trained open model knows reproductive medicine, speaks the clinic's protocols, and runs on hardware the clinic controls. On the clinical-communication dimensions that matter in this specialty, the specialized model does not merely match the generalist — it beats it, because depth in a narrow domain is a training-data problem, not a parameter-count problem. The argument "the cloud model is smarter" was decisive in 2023. For the workloads that touch PHI in a fertility clinic in 2026, it is mostly obsolete.
This matters for sovereignty for a structural reason: the open-weight model is the only kind a clinic can actually own. A proprietary API model can never be sovereign — not because of where it runs, but because of what it is: a service, revocable, repriceable, retrainable by someone else. An open-weight model, domain-trained and deployed on-premises, is an asset. The weights sit on the clinic's hardware, under the clinic's jurisdiction, immune to the vendor's next terms-of-service update and the vendor's next acquirer. Sovereignty over inference presupposes sovereignty over the model itself, and only the open-weight path provides it.
The hardware economics inverted. Successive GPU generations have collapsed the cost of running capable models locally; enterprise-grade inference now fits in a footprint and budget a mid-sized clinic network can absorb, and the industry-wide shift is measurable — the majority of enterprise AI inference has moved on-premises or to the edge, from a low-teens share just three years ago.¹⁶ "On-prem is unaffordable" was true. It is not true anymore.
And the security argument, examined closely, actually favors sovereignty — because it confuses two different risks. The hyperscaler protects you better against hackers. It cannot protect you at all against lawful process in a foreign jurisdiction, against its own bankruptcy or acquisition, or against its own change of terms — that is the entire content of Carniaux's testimony and the entire lesson of 23andMe and Solvinity. For most data, hacker risk dominates and the cloud wins. For genetic and reproductive data — unrevocable, relational, politically exposed — the jurisdictional and corporate-lifecycle risks are the catastrophic ones, precisely because no incident response can un-disclose a genome. Sovereignty is not a claim that your basement server is safer than Azure. It is a claim about which failure modes are survivable. A ransomware attack on an encrypted, well-backed-up local system is a terrible month. A subpoena, sale, or policy change reaching ten years of patient conversations is a permanent institutional betrayal.
The honest synthesis is not cloud-never. It is: plaintext PHI and inference over PHI stay under the clinic's jurisdiction and control; everything else can be pragmatic.
Which brings us to what that looks like in practice.
The sovereign clinic, in practice
Having spent the last year building and deploying exactly this architecture — and writing the compliance documentation that regulators and clinic privacy officers actually read — I can report that clinic-level AI sovereignty reduces to four disciplines. None of them is exotic. All of them are rare.
Inference happens inside the perimeter. The models that read and generate patient-identifiable text run on infrastructure the clinic or its directly-contracted processor controls — on-premises or in a dedicated single-tenant environment in the clinic's own jurisdiction. This is the load-bearing wall. Everything else is trim.
The sub-processor table is honest, and honesty means naming the gaps. Every AI product is a chain of vendors, and the chain is where sovereignty quietly dies. A voice AI pipeline may involve a telephony carrier, a speech-to-text engine, and a synthesis provider — and some of the best-in-class vendors in that stack simply do not offer processing regions in every country where clinics operate. The sovereign posture is not to pretend otherwise; it is to document precisely which data crosses which border in which form, minimize it to transient audio or metadata where it cannot be eliminated, and put that in writing for the clinic before they sign. In my experience, clinic executives do not walk away when you show them an honest data-flow map. They walk away — later, expensively — when they discover the dishonest one.
Data has an exit, and the contract survives the vendor. The 23andMe test, applied at procurement: if this AI vendor is acquired or insolvent in five years, where does our patients' data go? A sovereign deployment answers structurally — the data never left the clinic, so there is nothing in the estate to sell. Anything less than that needs contractual answers: deletion on termination, no training on patient data, no assignment of data rights in a change of control. If a vendor will not put those in writing, they have told you what the data is to them: an asset.
Sovereignty extends to the model's behavior, not just its location. A clinic that runs its own models controls what those models are allowed to say — the escalation rules, the clinical guardrails, the moment the AI hands off to a nurse. A clinic renting a general-purpose API controls a prompt, which the provider's next model update can silently reinterpret. In medicine, that difference is governance versus hope.
The through-line of all four: sovereignty is an architecture decision, not a contract clause.¹⁷ It cannot be negotiated after the fact, because — as the French Senate established under oath — the vendor on the other side of the table cannot lawfully promise it to you.
Where this is heading
Zoom out to the frame this newsletter always returns to. A companion essay in this series argues that the wealth of nations in this century depends on fertility infrastructure — that for the tens of millions of people in the OECD who want children and are struggling, the binding constraint is the reproductive stack, not the birth-rate subsidy. AI is the biggest capacity upgrade that stack has ever been offered: it is the only technology that can absorb the communication and coordination load that currently caps clinic throughput and burns out clinical teams.
But that upgrade will only be adopted at population scale if patients trust it — and reproductive medicine is the specialty where trust has the least margin for error. A single 23andMe-style event involving IVF records — embryo genetics, donor identities, the conversations patients had at 3 a.m. with a clinic's AI companion — would not set back one company. It would set back the adoption of AI in reproductive medicine by a decade, in exactly the window when demographic arithmetic can least afford it. The civilizational case for fertility AI and the case for fertility AI sovereignty are the same case. You do not get the first without the second.
This is why Fertiligent was architected sovereign from the first commit: an open-weight base model trained on a specialized fertility corpus rather than a rented general-purpose API, deployed on-premises or single-tenant inside the clinic's jurisdiction, patient-facing AI whose inference never exports plaintext PHI, and compliance documentation that maps every data flow — including the imperfect ones — before a clinic signs. Not because sovereignty is a feature we added for European buyers, but because we looked at what a fertility record actually contains — the genome, the partner, the donor, the child who does not yet exist — and concluded that any other architecture is a liability with a delay on it.
The clinics adopting AI over the next three years are making a choice most of them do not know they are making. The vendors know. Ask yours the two questions this essay reduces to: Where does inference happen? And: If you are sold or insolvent, where does our patients' data go?
If the answer to the first is "our cloud" and the answer to the second is a pause — you have your answer to a third question no one asked out loud: whose asset is your patients' data?
Notes
- Testimony of Anton Carniaux, Director of Public and Legal Affairs, Microsoft France, before the French Senate Commission of Inquiry on public procurement and digital sovereignty, June 2025 (senat.fr); reported by The Register, Forbes, and SDxCentral, July 2025.
- Clarifying Lawful Overseas Use of Data (CLOUD) Act, enacted March 23, 2018; US Department of Justice white paper on the Act's extraterritorial scope.
- EU Member States, Declaration for European Digital Sovereignty, November 2025.
- European Parliament report on cloud infrastructure market shares, cited in Forbes, July 2025.
- John Edwards, UK Information Commissioner, statement accompanying the ICO / Office of the Privacy Commissioner of Canada joint investigation findings on the 2023 23andMe breach, 2025.
- In re 23andMe Holding Co., US Bankruptcy Court, Eastern District of Missouri, Chapter 11 petition filed March 23, 2025; sale opinion of Judge Brian C. Walsh, June 27, 2025.
- ICO / OPC joint investigation findings: absence of mandatory multi-factor authentication, inadequate access controls for raw genetic data, delayed incident response; HIPAA Journal, 2025.
- Class action litigation following the 2023 breach, alleging curated lists of customers of Ashkenazi Jewish and Chinese ancestry offered for sale; NPR, June 2025.
- Bloomberg Law and NPR reporting on the TTAM Research Institute acquisition, $305M, June 2025; objections of state attorneys general, with California, Kentucky, Tennessee, Texas, and Utah opposed at approval.
- Laura Coordes, Arizona State University Sandra Day O'Connor College of Law, commentary on genetic data in bankruptcy, NPR, June 2025.
- Kyndryl–Solvinity acquisition and Dutch government response, November 2025; subsequent Dutch parliamentary motion on European cloud alternatives.
- On the residency/sovereignty gap in AI deployments: sovereign AI regulatory analyses for regulated industries, 2026.
- Synnovis ransomware attack, June 2024: multi-hospital service disruption in London, thousands of postponed procedures, at least one associated patient death and 120+ documented cases of patient harm.
- Sovereign AI in clinical deployment: national procurement shifts toward on-premises and single-tenant clinical AI, 2025–2027 transition timelines; healthcare.digital analysis, 2026.
- OVHcloud CLOUD Act FAQ, acknowledging obligation to comply with lawful US requests including for data stored outside the United States.
- Industry deployment analyses, 2026: majority of enterprise AI inference now on-premises or edge, up from roughly 12% in 2023; contemporaneous GPU generation cost declines (NVIDIA Blackwell architecture).
- The formulation "sovereignty is designed, not negotiated" follows Open Systems' March 2026 analysis of post-testimony European architecture decisions.
See it in action: Try Eva, the patient companion, or talk to our team about deployment options for your clinic — including on-premise and private-cloud configurations where inference never leaves your perimeter.
Related:
- The Wealth of Nations Was Always a Fertility Story
- The Waiting Economy of Fertility Treatment
- AI in Fertility Clinics: Why Every Practice Needs an AI Platform
Sergei Gorlovetsky, CEO, Fertiligent

