Your agents inherit your data residency

July 11, 2026 · raw .md

A pattern I keep meeting in Canadian banking: the architecture review does not fail on model quality. It fails on a map. Where does the prompt go, where does the context go, and which border does it cross on the way?

Most multi-agent reference architectures quietly assume every agent can call a frontier API in another jurisdiction. In regulated industries that assumption dies in the first meeting. Client data cannot leave. Sometimes it cannot even leave the network segment.

The pattern that survives is a privacy boundary between agents. Sensitive-data agents run locally, against locally hosted models. Public-data agents (market research, document lookup, anything already outside the wall) can run wherever the best model lives. The protocol seam between them carries task descriptions and conclusions, not raw records. I wrote up the mechanics in the A2A field guide.

Two practical notes from building this. First, model choice becomes a sovereignty decision, not just a quality decision, which is why I built a Cohere connector for process orchestration: a strong model with deployment options that fit inside the wall. Second, the boundary has to be enforced by the orchestration layer, not by the agent’s prompt. An instruction that says “do not send client data externally” is a wish. A topology where the external agent never receives the record is a control.

Sovereignty is not a niche Canadian concern. It is coming for every architecture that treats “call the best API” as a free action.

Follow the work

A newsletter is coming. Until then, new guides and episodes land on LinkedIn first and in the RSS feed.

> esc