Sovereign Cortex with T Security Brings AI SecOps to Telcos

Europe’s regulatory landscape is pushing cybersecurity and telco networks into closer alignment.

As attacks grow faster and compliance rules tighten, two major players are combining strengths to answer a single problem.

How can telcos run AI-powered security at cloud scale while keeping control firmly inside European regulatory boundaries?

Palo Alto Networks and Deutsche Telekom are addressing that question with Sovereign Cortex with T Security, a joint model that places AI-driven security operations within a governance framework designed for Europe’s most tightly regulated industries.

It brings together security analytics, telco infrastructure and sovereign oversight in a single operating environment.

At the core of the solution sits Cortex, Palo Alto Networks’ AI-driven SecOps platform.

SecOps refers to security operations, where monitoring and detection are coordinated in real time using automated and human-led systems.

Cortex is now being adapted for European requirements that go beyond traditional cloud security setups.

The regulatory pressure reshaping cyber security

The General Data Protection Regulation (GDPR) sets strict standards for personal data protection across the European Union.

NIS2, the Network and Information Security Directive, extends cybersecurity obligations to essential and important sectors.

DORA, the Digital Operational Resilience Act, focuses on financial institutions and their ability to withstand ICT-related disruption.

KRITIS, Germany’s critical infrastructure framework, defines security requirements for essential national services such as energy, transport and healthcare.

These frameworks demand control over not just where data is stored but how it is accessed and encrypted.

Data residency refers to the physical location where data is stored, but sovereignty requirements have now extended into operational control, including who can access systems, how encryption keys are managed and how support processes are governed.

Sovereign Cortex with T Security is designed to meet those expectations by embedding independent oversight into the platform itself.

Deutsche Telekom acts as the European trust and governance layer, providing verification of access controls, auditability of system activity and assurance that operational processes keep within European legal structures.

The aim is to allow organisations in sectors such as healthcare, financial services, public administration and critical infrastructure to use cloud-based AI security tools without stepping outside compliance boundaries.

How Sovereign Cortex is structured

The platform combines Palo Alto Networks’ Cortex capabilities with a sovereignty framework operated in partnership with Deutsche Telekom.

Cortex aggregates security data across enterprise environments to identify anomalies and support rapid response to threats using machine learning and behavioural analysis.

Within this model, several technical components are placed under sovereign control.

Customer data and system telemetry are included, alongside encryption keys. Telemetry refers to automatically generated data from systems that tracks performance and behaviour patterns, often used to detect unusual activity.

All audit logs are independently verified and support personnel are based exclusively in Europe. Contractual arrangements are governed by European law, ensuring legal alignment with regional regulatory frameworks.

Helmut Reisinger, CEO of EMEA at Palo Alto Networks, sets out the intent behind the design: "European organisations – from public authorities to critical infrastructure operators – have been clear with us.

"They need real time AI-driven security and they need verifiable data sovereignty controls, and they should not have to choose between them.

"This is our direct response to what customers and regulators across Europe have been asking for: a service that honours Europe's sovereignty, maintains the security effectiveness and modular platformisation our customers depend on, and reflects the trust they place in us."

The emphasis sits on combining AI-driven detection with governance structures that can be independently verified rather than assumed.

Telco infrastructure as a trust layer

Telco operators have moved beyond connectivity into security and cloud services, but Sovereign Cortex formalises that role by making Deutsche Telekom an active governance participant.

Thomas Tschersich, CEO Deutsche Telekom Security GmbH and CSO Deutsche Telekom AG, explains this: "Our joint offering is currently unique in Europe at this level of quality.

"We meet the compliance requirements of NIS2, DORA, and KRITIS with respect to data sovereignty – without asking our customers to compromise on the effectiveness of their cyber defence."

The model places telco infrastructure, security operations and regulatory compliance within a single service structure.

That reduces reliance on fragmented third-party systems and introduces a clearer chain of accountability across data handling and incident response.

Healthcare, financial services, public sector organisations and critical national infrastructure will be the first of many sectors to have access to the solution.

These sectors often operate hybrid IT environments where cloud systems must integrate with legacy infrastructure while maintaining strict oversight of sensitive data flows.

Sovereign Cortex with T Security is scheduled for inital release in Q3 2026, starting with these regulated sectors before expanding more widely across Europe’s enterprise landscape.