Dependency anxiety
The argument is sound. The dominant frontier models in enterprise deployment today are US-headquartered — with the partial exceptions of Mistral in France and DeepSeek in China, neither of which has achieved the same breadth of enterprise adoption. The concentration isn’t a conspiracy; it’s the result of where capital, infrastructure investment and talent happened to converge first.
But the practical implication is that organizations running critical workflows on those systems are exposed to conditions they don’t set. Pricing decisions, usage policies, export controls, infrastructure availability and political risk moves with US foreign policy rather than specific regulatory environments. The June Claude outage may have been a relatively minor incident, but it did highlight to many organizations their dependency on Anthropic already runs deep. They’ve transmitted dependency to these systems faster than they’d developed the architectural resilience to treat them as infrastructure requires being treated.
The Fable block
The week of June 13 produced a harder version of the same lesson. The Trump administration issued an export control directive requiring Anthropic to block access to Fable 5 and Mythos 5 for all non-US nationals — Anthropic's only compliance path was to shut both models globally. The dependency didn't degrade; it disappeared overnight. Dan Shipper, whose team had been near-entirely reliant on Fable for coding work, described switching to Codex within hours. Resilience architecture that hadn't been built couldn't be improvised at that moment.
Building a domestically trained, domestically hosted frontier model does address the geopolitical dependency. An institution operating on Lumen Sovereign in an air-gapped UK data center isn’t exposed to Anthropic's policy decisions or US export controls. That’s a real and valuable guarantee — particularly for defence, financial services and public sector institutions where data residency and governance assurance are essential. The Cosine coalition reads like a who's-who of exactly those institutions for exactly that reason.
The Cosine coalition is explicit about what it’s solving: vendor lock-in, data residency, air-gapped deployment, alignment with UK regulatory requirements. Those are real operational guarantees. The European Commission's Cloud and AI Development Act, proposed on June 3, is attempting something similar at legislative scale — a four-tier sovereignty framework for public-sector cloud procurement, ranging from baseline cybersecurity requirements to full EU ownership, EU-cleared personnel and zero data transfer outside the EU.
The ambition is unambiguous. However, what neither the coalition framing nor the CADA proposal addresses directly is the problem the June outage named from a different angle: a domestically trained, domestically hosted model can still go down. Sovereignty and resilience look identical from the outside — both are responses to dependency — but they require structurally different architectures. CADA's four tiers define who owns and controls the infrastructure. None of them specify what happens when that infrastructure fails. You can satisfy every assurance level and still have a single point of failure.
0 Comments
Log in to join the conversation.No comments yet. Be the first to share your thoughts.