Cross-border & Sovereignty
When a citizen uses an AI agent to reach government, the model behind it is trained, hosted, and run somewhere. The data it handles moves between those places, under whatever laws hold in each. Where that is matters to both sides, for different reasons. A government has to weigh it for national security and for the control it keeps over its own systems: a service that leans on a model another state can reach into is a dependency with strings it does not hold. A citizen mostly wants the task done, and the legal exposure behind the agent is neither shown to them nor easy to understand.
Neither side can read it off the interaction, because nothing in the exchange declares where the model sits, supply chains run through layers of subprocessors, and even an onshore host can be required to hand data to a foreign government. The opacity deepens as agents invoke tools across borders, surfacing none of where a model runs or where data lands. The exposure weighs most where the interaction is sensitive, and it is hard to undo: once a citizen’s benefits or health data has moved under another jurisdiction, the protection it had no longer applies.
When a citizen interacts with a government service through an AI agent, the model behind that agent may sit beyond the citizen's legal protection in several distinct ways: hosted in another country, operated by a foreign company, or, even when hosted onshore, subject to foreign legal compulsion. The citizen usually cannot see this, and the agency often cannot tell which legal regime actually governs the data and the interaction.
As agent-mediated contact becomes routine, that uncertainty determines whose data-protection law applies, who can compel access to a citizen's information, and how much sovereign control the government keeps over the dependency.
Make plain, to both the agency and the citizen's agent, where the model behind a service runs, where its data is processed, and what its supply chain depends on.
Provide these as machine-readable signals.
Match the level of sovereignty required to the sensitivity of the interaction, and check it before a citizen's data moves, not after.
Tell the citizen when these facts change their legal protections, in terms they can act on rather than click past.
Let them switch to another model where one exists.
Keep a path open for the citizen who can't weigh the legal detail, or for whom no compliant alternative exists, so sovereignty doesn't shut them out of the service.