The sovereignty question runs underneath everything else.
The Nigeria Computer Society objected to the FIRS-France MoU in December 2025 on data sovereignty grounds. The KRA Intelligence Analysis Tool clarification in March 2026 was issued because the same question, in different language, had become public. Every other African revenue authority will face this question. The architecture matters.
There is a question that has not yet been asked, in plain terms, of the African revenue authorities deploying AI on citizen data. The question is: when an AI model reasons about a Kenyan, a Nigerian, a Rwandan, a South African taxpayer, where does the taxpayer's data physically sit during the reasoning? What jurisdictions does it touch? Whose laws apply to what the model does with it? Who, in the foreign hosting jurisdiction, can compel access to the model's logs or to the data passed through it?
The question is not theoretical. The cloud-hosted frontier AI models that most authorities have access to — Claude, GPT, Gemini, Copilot — run primarily on infrastructure in the United States and the European Union. When a taxpayer's bank record, eTIMS invoice trail, or NIBSS BVN data is sent into one of these models for reasoning, the data crosses jurisdictions. The Cloud Act in the US gives the US government legal authority to compel disclosure of data held by US-headquartered service providers, regardless of where the data physically sits. The EU's Schrems II ruling and the wider GDPR framework constrain what European providers can do with data originating outside the EU. Neither framework was written with African revenue authority compliance in mind.
The Nigeria Computer Society's December 2025 statement on the FIRS-DGFiP MoU named the problem in clear terms. The Society argued that such arrangements 'may undermine Nigeria's economic sovereignty, risk foreign access to critical data, and position Nigeria in a vulnerable digital dependence posture.' The Society called for 'a comprehensive national data sovereignty framework that clarifies conditions for cross-border data sharing, regulates foreign entities' access to public sector data, and sets protocols for data audit trails, encryption standards, and sovereignty preservers.' The MoU itself may be perfectly defensible. The objection is a political signal that every Commissioner General will face at some point — from a national assembly committee, from a journalist, from a civil society organisation, from the data protection commissioner.
Kenya saw a softer version of the same in the March 2026 reaction to reporting about the Intelligence Analysis Tool. The public did not object to KRA having an AI system. The public objected to KRA having an AI system that would 'analyse data from social media platforms' without it being clear what that meant, where the analysis would happen, and what protections would apply. KRA's clarification — that the tool had not been deployed and that any rollout would be phased and announced through official channels — defused the moment. The underlying question did not go away.
The day a Commissioner is asked in Parliament 'where does our taxpayers' data sit when your AI is reasoning about it' is the day the answer needs to already be on the file.
The standard responses do not work. 'We use a respected vendor' is not a sovereignty answer. 'The data is encrypted' is not a sovereignty answer; encryption protects against unauthorised access but not against compelled disclosure under the Cloud Act. 'We have a data processing agreement' is closer but still leaves the question of jurisdiction unanswered. 'We use a local data centre' works only if the model itself runs locally — which, for frontier models, currently means the authority is choosing between the model performance available in the cloud and the sovereignty available locally.
The technical solution to this — anonymising identifying fields before they leave the authority's environment, reasoning over the anonymised data in the external model, and re-identifying inside the authority's perimeter on the response — has been described as 'data minimisation' in the privacy framework and as 'confidential computing' in the engineering framework. It is the architecture the African revenue authorities need to deploy if they want both the frontier capability and the sovereignty answer.
The same problem extends to inter-agency data sharing. The data the authority obtains from NTSA, IPRS, the lands registry, NIBSS, the CAC, and the bank reporting feeds is held under the source agency's authorising statute. When AI is used to reason across the combined picture, the authority is in effect creating a new dataset whose handling requirements are the union of the source frameworks. The Data Protection Act in Kenya, the NDPA in Nigeria, the Rwandan and South African frameworks all require purpose limitation, data minimisation, and storage limitation. An AI deployment that aggregates inter-agency data without these controls is exposed.
Where each sits.
Akki is the substrate the data lives in. Every data source the authority brings in — the core tax administration system, the third-party feeds, the inter-agency exchanges, the cargo scanner data, the mobile money integration — sits in the authority's environment. Akki's deployment model is tenanted: the authority's environment is the authority's, the substrate is the substrate, and the boundary between them is auditable.
Solva does the reasoning that the authority needs done. When that reasoning requires capability the authority's local models cannot match — long-context reasoning, complex pattern recognition, multilingual document handling — Solva orchestrates the work through external models. The orchestration includes the boundary discipline that makes the sovereignty answer possible.
SyniSense is the architectural piece that answers the sovereignty question specifically. Every external model call passes through SyniSense at the boundary. Identifying fields — KRA PIN, BVN, ID number, name, address, phone number, account number, KRA file reference — are tokenised or removed before the data leaves the authority's environment. The model sees the structural and financial picture it needs to reason about; it does not see who the taxpayer is. The response returns through SyniSense, where the identifying fields are restored inside the authority's environment for the case to be acted on. Every external call generates an audit receipt: which model, which data fields, which purpose, which authority officer authorised it, which case it was applied to. The receipts are the evidence the data protection commissioner, the Auditor-General, and the National Assembly can request. The same logic applies to the inter-agency aggregation. When data from NTSA, IPRS, or NIBSS is brought into a reasoning task, SyniSense applies the source agency's handling rules to the data. The data is used for the purpose it was shared for, retained for the period the sharing agreement specifies, and the cross-reference is logged. The authority's CIO can produce, on request, the record of every inter-agency data point the AI has touched.
The answer to the parliamentary question changes. The Commissioner General is not relying on assertions about respected vendors and encryption. The Commissioner General can describe, in concrete terms, where the citizen's data sat at every stage of an AI-assisted assessment, what was anonymised, what was logged, and what the data protection authority can verify on demand.
The data protection commissioner's relationship changes. The ODPC, the NDPC, the Rwanda data protection authority, and the South African Information Regulator are not adversaries to be managed. They are partners with whom the authority can demonstrate compliance through evidence the authority's own systems generate.
The civil society conversation changes. The objection — from the Nigeria Computer Society, from KICTANet in Kenya, from the South African civil society organisations engaged on data rights — is met by an architecture that addresses the substance of the concern rather than reframing it. The authority is not arguing the concern is misplaced. The authority is showing that the concern has been engineered for.
And the political ceiling on what the authority can do with AI rises. The Commissioner who can answer the sovereignty question has more room to deploy. The Commissioner who cannot is operating one parliamentary committee appearance away from the constraints that follow a poorly-handled public moment.