Back to projects

Digital Sovereignty in IoT and AI/ML Software Engineering

Research analysis on third-party-library and cloud-service risk in IoT and AI/ML systems, and the design principles that mitigate it.

  • Research
  • Analysis
  • IoT
  • AI/ML
  • Software Engineering

/ Outcomes

  • Surveyed third-party / cloud dependencies across IoT and AI/ML system designs
  • Analyzed data-security and privacy implications of typical dependency stacks
  • Proposed modular, open-source design principles for transparency and resilience

Overview

A research piece — not a build. The starting question was straightforward: as IoT and AI/ML systems get more capable, how much of that capability is being borrowed from third-party libraries and cloud services that the system owner does not control? And what does that borrowing cost in terms of data security, privacy, and long-term resilience?

Approach

The work proceeded in three movements:

  • Survey. Cataloged the typical dependency stacks of contemporary IoT and AI/ML systems — pretrained model weights, hosted inference APIs, opaque ML platforms, vendor SDKs, telemetry pipelines.
  • Analysis. Walked through the data-security and privacy implications of each class of dependency, with attention to where data crosses an ownership boundary the user may not have authorized.
  • Proposal. Synthesized a set of design principles — emphasizing modular and open-source components — for systems that need transparency, accountability, and resilience over time.

What the analysis covered

  • Where third-party libraries silently introduce data flows the system owner does not see
  • How cloud-based services (hosted ML, vendor APIs) shift trust boundaries away from the user
  • The compounding effect of dependency depth — how a “simple” IoT product can carry a five-deep chain of vendor trust
  • Mitigations: open-source baselines, on-device or self-hosted inference paths, audit-friendly architectures

Outcome

A written analysis arguing for digital-sovereignty-aware system design as a first-class concern in IoT and AI/ML engineering, not a compliance afterthought. The proposed design principles centered on swapping opaque, single-vendor components for modular open-source alternatives wherever the system’s resilience or auditability demanded it.

Why it matters

Most IoT and ML systems get shipped with their dependency footprint as an implementation detail. This piece argues that the dependency footprint is the security posture — and that taking it seriously at design time is significantly cheaper than discovering it after a breach or a vendor change.