09:00 New York · 14:00 London · 21:00 Beijing

Claude Fable 5 arrived with great fanfare: it was called the most advanced AI model of the moment. The next day, Anthropic announced that a US government export-control directive required it to cut off access for every foreign national, inside or outside the United States; with no way to screen users by nationality, it took the legally safest route and disabled the new model for all customers worldwide. Fable 5 vanished overnight from API endpoints across the world, exposing a geopolitical fault line. Fortune’s technology reporter Beatrice Nolan called it the spark for a global scramble for sovereign AI.

The UK and EU debate over AI sovereignty had been running hot; this event pushed it to its peak. One camp reads the situation as a race that must be entered: loosen compliance, free up the capital now spent on rules rather than models, and redirect it to innovation and development, in order to reduce dependence on the United States. Professor Anu Bradford, a legal scholar at Columbia Law School, counters that blaming the technological lag on “over-regulation” is a false premise: Europe’s lag has little to do with regulation, and loosening it will not conjure venture capital or a frontier model into being. The other camp holds that AI must be built on a foundation of human rights. Sandra Wachter, Professor of Technology and Regulation at the Oxford Internet Institute, puts it clearly: AI’s development should not come at the cost of regulatory rigour. She warns that this race is precisely the situation the technology vendors most want to see, and questions whether, if the capability gap amounts to only a few percentage points, closing it is worth the enormous cost of the race. On the question of how, Wachter suggests “smaller, more efficient AI models, which can be run using smaller data centers and consume less electricity, rather than trying to match the scale of American frontier systems.” Others, among them Alex Petropoulos, a co-author of Europe 2031, hold that home-grown small models still depend on distillation from larger models for their training, and so argue that Europe must possess its own large compute base, or remain a technological vassal rather than a true sovereign.

The main debate centres on two questions: whether Europe should lower its compliance bar for the sake of the race, and how to build its own sovereign AI. But whatever the views on regulation and scale, the scholars and experts of the UK and EU are converging on one consensus: the necessity of sovereign AI. And that consensus is already turning into policy, along two tracks at once. One is loosening: this June, the European Parliament adopted the AI Omnibus by 423 votes, deferring the compliance deadlines for high-risk AI systems to 2027 and 2028 — a move the Commission frames as “simplification” rather than deregulation. The other is sovereignty: in early June the Commission proposed a technological-sovereignty package, the Cloud and AI Development Act, and in mid-June it selected a consortium to build an open-source frontier model covering all twenty-four EU languages.

This dossier looks, alongside UK and EU institutions, at where the broader environment stands today, where it is heading, and at the micro level: what can be done now to protect one’s position in dealings with foreign AI vendors.

The “Impossible” Triangle

Strip away the politics, and UK and EU AI deployment is trapped within an impossible triangle, its three corners being frontier capability, sovereign control, and affordable cost. At present it can hold only two at once; all three have never been within reach together.

Frontier capability with low cost is buying the most advanced model outright, at the expense of sovereignty: an API, for instance, that the vendor can revoke at any time.

Sovereign control with low cost is the self-hosted local open-source model, and the home-grown model. The former is capped by the level of open-source models, since the most advanced are usually closed; the latter by the scale of venture capital and infrastructure. Both are obstructed in their reach to the world frontier.

Frontier capability with sovereign control is the case where a frontier vendor cedes control of the model, or where one builds a leading model oneself. This is the corner that currently stands empty, because the companies holding the frontier will not sell the weights that constitute their entire business, and a leading model under UK or EU sovereign control does not yet exist. As Fortune puts it: “Aside from France’s Mistral, whose models currently lag their American counterparts, Europe does not have a frontier AI company, and the continent’s data center build-out has also been plagued by high energy costs, capital constraints, and regulation.” The UK’s position is equally awkward. For all that it has raced ahead at the governmental level, with a national AI Research Resource (AIRR) and the world’s first AI Safety Institute (AISI), Britain has no frontier model company of its own under sovereign control. Its proudest star lab, DeepMind, may be headquartered in London, but as a wholly owned subsidiary of America’s Alphabet, its core technology remains locked inside the jurisdiction of US law and export controls.

Breaking this triangle requires exactly what the experts call for: a sovereign frontier AI of their own. But the obstacles to reaching it are structural, as Mario Draghi’s 2024 report The Future of European Competitiveness set out: a fragmented single market, compute, and depleted venture capital.

What the Pioneers Have Learned

Even under such severe capital constraints, the pioneers have made their moves towards sovereign AI.

In Bristol, Isambard-AI came online in 2025: Britain’s most powerful supercomputer, and the most powerful university-based compute system in the world, built into the United Kingdom’s national AI Research Resource. This is a genuine claim to sovereignty at the compute layer. No directive from abroad can switch off a machine that sits in a science park in Bristol, owned by the University of Bristol and the British state. Isambard-AI is the most prescient practice of establishing sovereign AI at the physical level in the UK and EU.

And yet it too has a weak point: it runs on Nvidia’s chips. The UK has secured one important layer of sovereignty in this project, but not all of it; it has pushed the dependence down a layer. The University of Bristol holds the sovereignty of operation; the chips, and the supply chain that produces them, remain a chokepoint held elsewhere.

The same structure appears in the other approaches to AI sovereignty. Building small models improves feasibility and avoids the strategic mismatch of competing on comparative disadvantage, while preserving sovereignty, but through the need for distillation it inherits a dependence on frontier models. Mistral is Europe’s most heavily backed bet on frontier AI, sustained by Dutch capital from ASML and building its own cloud, yet still running on Nvidia chips. Local compute centres keep data on home soil and within home regulation, but inherit a dependence at the level of chip technology. Every route out of dependence solves one layer, however let the dependence pass to the next.

Can this cycle of dependence be solved? The bottleneck here is not technical. Many of the deepest AI labs of the past decade were founded by people from the UK and EU; there is no shortage of advanced AI talent here, nor of investment funds. It is only that the money went elsewhere, and the talent went elsewhere. These are political problems, which is to say solvable in principle, yet left hanging for ten years. The project meant to unify Europe’s capital markets, the Capital Markets Union, has been promised for nearly a decade, yet because member states will not cede sovereignty it remains a promise still.

The case that has not fallen into the cycle of dependence is Germany’s Aleph Alpha: backed by capital from Europe’s own traditional industrial groups, it provides fully private deployments to highly sensitive government and corporate clients, but at the cost of withdrawing from the contest for frontier capability. At the level of capital, the attempt to solve the venture dependence is the European Tech Champions Initiative (ETCI), a fund of funds capitalised at several billion euros by multiple member states, whose purpose is to provide venture capital able to rival Silicon Valley and keep talent at home; yet against the tens of billions that US technology giants invest at a stroke, it still looks like a drop in the bucket.

The UK and EU’s sovereign AI seems caught in a headwind: every step is taken with care, yet every step is harder than it is for their Chinese and American peers. This is not the problem of any one company, institution, or country; it is a systemic outcome.

What the Audit Never Asked

Set the macro problem aside, since it cannot be solved in the short term — not until a genuine sovereign frontier AI exists. Turn instead to the micro: the problem an institution faces on a Monday morning. More than eighty per cent of Europe’s technology, and seventy per cent of its cloud, rests on vendors outside the union. Under a dependence that cannot be avoided, how does one keep from being left in too passive a position?

Europe spent five years building the world’s most rigorous vendor review, asking every foreign vendor: can your government reach in and see our data? Where does it flow, where is it processed, where do the administrators sit, is the parent company subject to the CLOUD Act, can the surveillance laws of the US or China reach it? The Transfer Impact Assessment is a serious instrument; with real precision, it measures confidentiality.

But the Fable 5 case reveals a new gap: there is no column for continuity, for the revocability of access. The compliance audit was built to protect our data from a vendor’s misuse; it was never built to protect our consistent access to the model, because in the past that simply was not a problem that arose. Governments do not interfere in ordinary transactions and partnerships. This case reveals that the special, strategic nature of AI products has made government interference in a transaction a real possibility, while the force majeure clause in a contract makes it hard for the buyer to seek redress as it would in an ordinary breach. The mainstream vendor-audit frameworks in use today — Schrems II and the TIA, ISO, SOC, EUCS — do not yet cover this dimension, and it is something an institution can add to its vendor-audit programme today.

What Trust Costs

When a partnership blows up and trust wavers, treating it as the partner’s problem leads to one alternative: find a more trustworthy partner. If Washington is mercurial, the reasoning runs, Europe should turn to other reliable countries. This approach has value from the standpoint of partnership, but the frame conceals a trap: