By Gunjan Ramteke, Partner Development Manager, Amazon Web Services | PhD Researcher, Agentic AI & Precision Oncology
I will be honest – a year ago, I was sitting in conversations where everyone was still debating whether generative AI was real or hype. Today, those same conversations have a completely different energy. At AI Summit 2026, nobody was asking “should we use AI?” The questions were harder and more uncomfortable: How do we deploy this responsibly? Who owns the data? What happens when the system gets it wrong in a hospital?
That shift matters. And I do not think most organizations are ready for it.
I work at the intersection of cloud infrastructure, enterprise data ecosystems, and AI partnerships and I am simultaneously doing PhD research. My research work gives me a fairly unusual vantage point. I see what enterprises think they need from AI, and I also see what the science actually demands. The gap between those two things is where most deployments quietly fail.
Let us talk about the real bottleneck
People keep assuming the hard part is the model. It is not. The hard part is everything underneath the model the data pipelines, the governance frameworks, the access controls, the audit trails. I have seen organizations with genuinely impressive AI proofs-of-concept that completely fall apart the moment someone asks a simple question: “Can you show me where this output came from?”
In healthcare, that question is not academic. If an AI system is flagging genomic variants or cross-referencing drug interactions, someone — a clinician, a regulator, a patient’s family — will eventually ask why it made the recommendation it made. If you cannot answer that cleanly, you do not have a deployment. You have a liability.
The infrastructure gap in regulated sectors is real, and it is not getting enough attention relative to all the excitement around foundation models and agents. A system that performs perfectly in a controlled test environment and then degrades in production because of data drift or inconsistent schema definitions is not just a technical failure. In healthcare, it is a patient safety issue. Full stop.
Sovereignty is an architecture problem, not just a policy problem
The sovereignty debate has gotten loud — and it should be. GDPR, HIPAA, India’s DPDPA, and the EU AI Act. Every regulated industry is operating under overlapping and sometimes contradictory jurisdictional requirements. I have been in partnership conversations where a single enterprise is trying to reconcile four different compliance frameworks simultaneously. It is genuinely hard.
What I have come to believe, though, is that organizations that treat this purely as a legal or policy problem are going to keep struggling. Sovereignty has to be designed into the architecture from the start, dedicated cloud regions, confidential computing environments, customer-managed encryption keys, fine-grained identity and access management. These are not advanced features you add when you scale. They are table stakes for any serious AI deployment in a regulated domain.
The governance stack has to be built before the model stack. I know that sounds counterintuitive when there is pressure to show AI results quickly, but retrofitting governance onto an already-running AI system is one of the most expensive mistakes you can make — technically, legally, and in terms of the trust you have already eroded with stakeholders.
Agentic AI changes everything about this conversation
My research sits squarely in agentic AI — systems that do not just predict, but plan, retrieve information, and take multi-step actions. In the context of precision oncology, we are talking about systems that can integrate genomic data, clinical history, and real-time research literature to surface treatment hypotheses. That is powerful. It is also genuinely risky if you have not thought carefully about where the system’s autonomy ends and human judgment begins.
I think about this a lot. The term I have landed on is bounded autonomy — not because it sounds good in a paper, but because it describes the actual design constraint you have to work within. A well-designed agentic system in a clinical context should be able to do sophisticated reasoning, but it also needs to know when to stop, flag uncertainty, escalate to a human, and document exactly why it did what it did. These are not product features you bolt on later. They have to be baked into the architecture at the foundation level.
The organizations I have seen navigate this well are the ones that treated “human in the loop” as an architectural requirement, not a philosophical preference.
What actually separates the organizations getting this right
It is not the most sophisticated model. It is the boring stuff — clean, well-documented data pipelines, properly governed data catalogs, interoperable cloud architectures, and governance committees that have actual authority rather than just advisory roles. The enterprises making confident AI deployment decisions right now are the ones that invested in that foundation two or three years ago when it was not exciting.
The AI Deployment Era has arrived, whether organizations are ready or not. Regulatory frameworks will keep evolving — count on it. But the organizations that build responsible, sovereign AI infrastructure now will not just be ahead on compliance. They will be the ones that earn the kind of institutional trust that lets you actually deploy AI where it matters: in hospitals, in research labs, in public services.
That trust does not come from the model. It never did. It comes from the infrastructure behind it.
