AI Risk Governance for Advancing Digital Sovereignty in Data-Driven Systems: An Integrated Multi-Layer Framework

The integration of algorithmic systems into critical digital infrastructure is no longer peripheral to governance, it is governance. As AI-mediated decisions influence credit access, clinical diagnoses, criminal risk scores, and infrastructure routing, the question of who controls these algorithms and whether that control is meaningful has become a central concern for states and institutions at every level of development. Existing frameworks, including the NIST AI Risk Management Framework, ISO/IEC 42001, and the EU AI Act, have made real progress toward structured AI governance. However, none treats digital sovereignty as a first-order goal, nor do they provide integrated cross-layer guidance applicable across the diverse institutional landscape found worldwide. From this synthesis, we develop the Integrated AI Risk Governance Framework (IARGF): a four-layer structure covering policy and regulations, institutional oversight, technical controls, and operational execution, organized around five risk categories—technical, ethical, security, systemic, and sovereignty-related. A comparative analysis with major existing frameworks highlights the IARGF’s unique contributions, especially its explicit focus on sovereignty, adaptability across different institutional capacities, and recursive feedback mechanisms that connect all four governance layers. The framework is analyzed across three domains—healthcare AI, financial services, and critical infrastructure—to demonstrate its practical utility. Results confirm that governance effectiveness is a system property, not just a feature of individual layers; that digital sovereignty is both a governance goal and a distinct risk dimension with specific technical and institutional needs; and that context-aware, capacity-scaled governance is a design requirement, not a political compromise. The IARGF is presented as a conceptual governance model based on a systematic literature review rather than an empirically validated tool, and it remains to be tested in actual organizational settings. Its main contribution is the comprehensive theoretical integration of sovereignty, institutional capacity, and inter-layer governance dynamics, rather than proven performance advantages over existing models. Future research should aim to validate this framework through longitudinal case studies, expert panels, and retrospective failure analyses.