All posts
AI SovereigntyAI StrategyOpen Source

AI Sovereignty: Who Decides Which Models Companies Are Allowed to Use?

9 min readThomas Stermole
Concept graphic: many AI models (right, mostly locked) pass through a single controlled access point; only some reach the broad field of companies and society (left).

Artificial intelligence is evolving from a useful tool into fundamental infrastructure. Today it already supports software development, research, analysis, customer communication, knowledge management, and decision-making. In many companies it's still an experiment. In others it has long been part of day-to-day operations.

As this develops, a question that the public debate often neglects becomes more important: Who actually decides which AI models companies, researchers, public authorities, and people are allowed to use?

It's not just about which model currently tops the benchmarks. It's about access, control, and dependency: Who determines which capabilities get released, which are open only to selected organizations, and which remain available exclusively behind a proprietary API?

This is not a purely technical question. It's a question of AI sovereignty.

Safety Is Necessary. Private Interpretive Authority Is Not.

Powerful AI can be misused. It can facilitate fraud, disinformation, automated manipulation, or cyberattacks. It would be naïve to claim that every technical capability must be immediately and fully available to the public without review. Safety is necessary.

But it does not automatically follow that individual private providers should decide on their own which capabilities are too dangerous for the rest of society.

Because AI companies don't make such decisions in a neutral space. They act under economic pressure, with investors, strategic partners, regulatory risks, competitive interests, and geopolitical expectations. This isn't reprehensible. It's the reality of private companies.

It becomes problematic where the same actors are simultaneously the developers, operators, reviewers, and judges of their own systems. When a single provider alone determines what is risky, who gets access, and which models are held back, a crucial precondition is missing: independent oversight.

"Safety" Must Not Be a Black Box

When a provider says a model or capability is too dangerous for a broad release, a counter-question is legitimate: By what criteria was this decision made – and who can review it independently?

This is precisely the transparency that is often missing. Outsiders usually don't know

  • which specific risks were assessed,
  • which capabilities are considered especially critical,
  • which tests were carried out,
  • whether external bodies were involved,
  • whether restrictions are technically necessary or strategically motivated,
  • whether the same capabilities remain available internally or to selected partners.

This doesn't mean every safety decision is a pretext. But it does mean that safety must not rest solely on trust in the provider. A robust AI safety architecture needs comprehensible criteria, independent evaluations, and clear limits on private decision-making power.

The Debate Is Already Concrete

The question of access and control is not an abstract future concern. It already shows up in recent model releases.

Anthropic: Access Can Disappear Abruptly

On June 9, 2026, Anthropic released Claude Fable 5 and Claude Mythos 5. According to the company, Mythos 5 is "the same underlying model" as Fable 5, just with the safeguards lifted in some areas. The difference therefore lies solely in the safeguards: Fable 5 was made broadly available with deliberately conservative safety measures, while Mythos 5 was initially available only to a small group of cyberdefenders and infrastructure providers through the "Project Glasswing" program, in collaboration with the US government.

The principle is reasonable: for especially sensitive capabilities, tiered access can make sense.

A few days later, however, the downside of proprietary dependency became apparent. On June 12, 2026, Anthropic stated that the US government – citing national security interests – had issued an export-control directive prohibiting access to Fable 5 and Mythos 5 for foreign nationals. To comply with the requirement, the company deactivated both models for all customers, while all other Anthropic models remained available.

In fairness: Anthropic publicly disagreed with the directive, called it a likely misunderstanding, and stated that the underlying vulnerability was narrow and also reproducible via other available models; it said it was working to restore access quickly. The shutdown here did not originate with the provider itself but with a government order – and the provider considered it disproportionate on the merits.

That is precisely what makes the case instructive: regardless of who makes the decision, it reveals a structural risk. A company can have a model technically integrated, economically budgeted, and strategically positioned – and still lose access from one day to the next. Not because of its own mistake, not because of a violation of any terms of use, but because a decision was made beyond its sphere of influence.

This is not an argument against safety measures. It's an argument against uncontrolled dependency.

OpenAI: Capability Becomes Selectively Available

OpenAI also shows how dramatically access to powerful models can change.

The GPT-5.6 model family – Sol, Terra, and Luna is currently in a limited preview. Access is granted only to selected trusted partners and organizations via the API and Codex. For individuals, there is no public sign-up or waitlist. During the preview phase, GPT-5.6 is also not available in ChatGPT.

OpenAI justifies the tiered access with ongoing coordination with the US government and with additional time for testing and safety review – while also announcing that it plans to make the models more broadly available "in the coming weeks." That can be reasonable in a specific case. Especially for models with strong capabilities in cybersecurity or biology, a cautious, phased rollout is understandable.

But here, too, the fundamental question remains open: By what transparent criteria is it decided which organizations get access to the most powerful models – and who reviews those criteria?

When access to core AI capability is governed by private invitations, account managers, and government coordination, a new form of technological access control can emerge. For companies, this isn't merely a political issue. It's an architectural and business risk.

AI Sovereignty Is a Business Question

Many companies still treat the choice of an AI model as a tooling decision. Which provider gives the best answers? Which model is cheapest? Which API is easiest to connect? These are sensible questions. But they aren't enough.

The more strategic question is: What happens if this provider raises prices, changes terms, removes features, restricts use regionally, or shuts a model down entirely?

Anyone who builds their core processes entirely on a single provider creates a single point of failure. This affects not just availability. It also affects:

  • control over sensitive data and company knowledge,
  • the reproducibility of important results,
  • the long-term maintainability of applications,
  • the ability to switch providers or models,
  • the ability to manage cost and quality yourself,
  • resilience against political or regulatory intervention.

AI sovereignty doesn't mean that every company has to train its own models or run everything locally. For most organizations, that would make no economic sense. AI sovereignty means being able to decide consciously which dependencies you accept – and which you don't.

Open Models Are Not an End in Themselves

Open-source and open-weight models aren't automatically safer, better, or more responsible than proprietary models. Open models can also make mistakes, be misused, or be unsuitable in certain areas.

Nevertheless, they serve an important function. They create alternatives. They enable independent research and safety review. They allow local or European-hosted operating models. They reduce the risk of core technical capabilities being accessible exclusively through individual platforms.

But making model weights available isn't enough. Real openness encompasses more:

  • comprehensible architecture and training methods,
  • clear licenses,
  • documented limits and risks,
  • transparent evaluations,
  • open tools for operation and adaptation,
  • long-term availability,
  • independent safety research.

A model that is only reachable through an API can be very powerful and convenient. But it doesn't create full independence. A company should therefore not avoid proprietary models on principle. It should use them deliberately – where their added value justifies the dependency.

What Defines a Sovereign AI Architecture

A sovereign AI architecture doesn't mean "everything local" and doesn't mean "everything open source." It means freedom of choice and technical agency. Among other things, this includes:

  • making models interchangeable through standardized interfaces,
  • keeping data, prompts, and knowledge bases under your own control,
  • not coupling critical processes to a single provider,
  • complementing external models with local or European alternatives,
  • securing model switches with realistic tests and evaluations,
  • documenting dependencies, data flows, and exit scenarios,
  • preparing your own operating options for especially critical use cases.

The goal is not complete self-sufficiency. The goal is not to be at someone else's mercy.

Safety Needs Transparency, Competition, and Alternatives

The debate should not be reduced to a false dichotomy: either disclose all models fully – or leave a few companies with sole decision-making power. In between lies a more sensible path: responsible openness. That means:

  • clear, publicly comprehensible criteria for high-risk capabilities,
  • independent evaluations instead of pure self-regulation,
  • tiered access models with verifiable rules,
  • open standards for interfaces, data export, and model portability,
  • support for open research and European AI infrastructure,
  • local and European operating options,
  • competition instead of permanent platform dependency.

Not every model has to disclose every capability fully and immediately. But restrictions must be justified, proportionate, and verifiable. And they must not lead to a situation where fundamental technical capabilities can only ever be rented.

The Central Question Is Democratic, Not Technical

The AI debate is often framed as a question of performance. How strong is a model? Which benchmarks does it hit? What risks arise from misuse? These questions are important.

But beneath them lies a bigger one: Are we willing to accept that a few private companies determine which form of intelligence, knowledge, and technological capability may be available to everyone else?

Safety is necessary. But safety without transparency, without independent oversight, and without real alternatives can lead to a permanent concentration of power. Precisely because AI is becoming central infrastructure, its future must not be decided exclusively in the boardrooms of a few platform companies, or in opaque arrangements between corporations and governments.

We need powerful AI. We need safe AI. But we also need AI sovereignty: the ability of companies, institutions, and societies to remain capable of acting on their own.

Want to know how sovereign your AI architecture is today – and where dangerous dependencies are hiding? The Sovereignty Check brings clarity: where core processes are coupled to a single provider today, which models can be made interchangeable, and which exit scenarios are still missing. → Learn more

Next step

Sounds relevant for your company?

In a no-obligation initial call, we clarify within 30 minutes whether and where getting started is worthwhile for you — honestly and without sales pressure.

Request an initial call