Allied AI Access: Europe Needs Bargaining Power, Not Permission

US restrictions exposed the fragility of allied AI access
Europe needs leverage through capital, chips and compute
A formal access compact could balance security with continuity

One order from Washington on 12 June 2026 cut all foreign nationals off from Anthropic's two most powerful models. The rule spread well beyond the overseas customers. It also took in non-American employees working within the firm. So Anthropic then turned off Fable 5 and Mythos 5 for everyone because it could not carry out the order cleanly in real time. The lesson revealed the critical weakness in allied AI access. The weakness is not that the US government will clamp down on a model designed for heavy cyber-work. Some restrictions are acceptable. The weakness is that close partners can lose advanced ability by choosing a decision in which they have no major voice. The broader policy issue, then, is not just whether Mythos 5 should be released. It is whether allied AI access will always be based on promises only or on pacts that impose actions on both sides. The Europeans cannot simply claim access as a right when offering little that Washington or frontier firms require. They have to convert hardware, chip equipment, energy, cloud locations and market influence into a sustainable access pact.

Allied AI Access Is a Security Bargain, Not an Open Door

Mythos 5 should be limited rather than made available to any company, government agency, or researcher that requests it. It is described by Anthropic as the same base model as Fable 5 – but with a few cyber protections disabled. This difference makes a difference. A model trained to detect serious software flaws can be used by defenders to patch hospitals, substations and other critical infrastructures. The same set of skills can also be exploited by an attacker searching for vulnerabilities at a speed and scale beyond any human team. Anthropic reports that its previous Mythos version found hundreds of critical bugs in the leading software. It is also alone in applying up to $100m worth of model credits to defensive work. This is evidence for careful use rather than for a general launch. There are also reasons why only an exclusive lock on country membership is too coarse. A trusted cyber unit in the Netherlands, Japan, or South Korea might be more reliable than a loosely controlled contractor in the United States. Access to powered AI should depend on the quality of the administrator, the security of the installation and the use case.

The June reversal clarified the point. The 26 June approval of Mythos 5's re-entry to a limited group of U.S. government institutions that defend critical infrastructure using the model made sense as an emergency measure. It did not address the fundamental issue: the decision was driven by a closed U.S. process and allied institutions still had no firm pathway to approval. A proposed reform called a joint trusted-access advisory committee would: screen users, establish common security requirements and conduct regular access reviews; require high-risk operations to take place through controlled interfaces rather than downloadable model weights; implement log recording, information sharing and automatic suspension in high-risk situations; and prevent individual users from treating all foreign nationals as having identical risks.

This solution will receive a sincere challenge. Critics would contend that even a trusted partner can leak capabilities to hostile actors, undergo an insider attack, or shift political policies. While that is true, it is the same danger within American companies and agencies. The answer is layered controls. Anthropic will share Fable 5 controls with the public, saying it has demonstrated thousands of hours of testing with the United States Government, the United Kingdom AI Safety Institute and other partners. It further claims that it found no universal jailbreak when the restriction was placed. But allied AI access must be limited, monitored and fault-tolerant. The obligations must also be mutual. Recipients of AI must contribute to shared testing, safeguard outputs, report misue and help repair software defects that the model detects. Access without obligations is dangerous and closed exclusion is likely shortsighted.

Strategic Investment Has the Potential to Give Allied AI Clout

Capital is Europe's first source of bargaining power. US private AI investment hit $109.1bn in 2024. The UK attracted $4.5bn while the rest of Europe produced three main AI models. The United States produced 40. This does not mean that Europe has no talent, but that the most powerful models now rely on the financial system and a level of private risk appetite which Europe cannot match. This provides an uneven partnership. While European enterprises procure access to US systems, they seldom determine the terms under which those systems are financially supported, directed, or abandoned. This could change. Public banks, pension funds and sovereign investment authorities in Europe could acquire minority holdings in the leading AI firms, in chipmakers and in cloud computing enterprises. Such an approach need not result in government ownership but rather in a foothold in the governance structure around frontier AI.

A mere shareholding would not prevent a US export order. Security laws will always take precedence over a standard investor agreement. However, strategic investment can still raise the cost of exclusion. Such investment can be pinned down over time to research locations, to several European cloud enclaves, to joint safety teams and access contingents for vetted public bodies. Board observer positions could enable early warning and establish contact ahead of sudden policy changes, to maintain purchase orders, in return for a guarantee of continuity. Europe’s InvestAI initiative points in this direction. Its goal is to mobilize €200 billion, including €20 billion for AI gigafactories. However, most of the effort is presented in terms of enabling competition to Europe, in only a few areas. Part should also be used to leverage the capacity of the wider allied system. Total strategic independence would be slow and costly.

The Gulf states offer a lesson. Microsoft agreed in 2024 to invest $1.5 billion into the UAE company G42, taking a seat on its board. In 2025, OpenAI announced a one-gigawatt Stargate cluster in Abu Dhabi, with a 200-megawatt first stage scheduled for 2026. Its plan also linked the UAE capital to US infrastructure. This is in no way evidence that investment alone guarantees automatic access to models. Washington still controls export regulations and the investments come with security restrictions and requirements. The lesson is narrower and more potent: a partner who both provides capital and hosts sites and demand has become too compelling to dismiss. Europe can do that, too, with more legal weight and across a vastly expanded market. Strategic investments should, therefore, support dependable access to allied AI, alongside the domestic market: not vague promises of goodwill, but joint projects, clear governance and foreseeable review pathways.

Supply-Chain Power Need Not Be a Threat to Cooperative AI Access

Europe's greatest source of leverage is not a front-line industry. It is a series of irreplaceable positions on the lower levels of the AI stack. ASML, a Dutch-based company reporting €28.3 billion in sales in 2024, is one of the key providers of lithography systems for high-tech chips. Arm, a British-based company, claims its design is present in more than 99 percent of smartphones and is still moving into new sales on cloud and data-centre systems. Neither is a substitute for Nvidia's accelerators or TSMC's foundries. Neither is entirely owned by Europeans. Arm, although it has a British base, is majority-owned by the Japanese investment firm, SoftBank. ASML relies on a network of American, European and Asian suppliers. Yet they sit at such a critical intersection of the supply chain that disruption at either firm affects the entire chip industry. They have their advantage not because they could bring the whole system to a halt from one moment to the next. Instead, they are threatening not to be replaced.

The same pattern is more transparent among other US allies. TSMC controlled roughly 67 percent of the global foundry market in Q4 2024. SK hynix had over 90 percent of the core HBM3 memory market at the start of 2024, while Samsung remained a key provider of new memory and advanced foundry capacity. Nobody owns all or even most of the AI stack. The US dominates in models, accelerators and cloud firms but depends on allies' foundries, tools and memory. That reliance should be formalized in a bilateral or multilateral deal. Countries maintaining vital AI supplies should be assured of a timetable for advanced model access. In return, they should be subject to rigorous security screenings, abide by openly agreed export controls and expand capacity during crises. That would formalize what now amounts to an informal favor into a measurable exchange.

The cohesion so assembled should not become a deadweight to halt ASML machines or memory loads if an access fight occurs that would penalize Europe prematurely. Over time this would erode the alliance. Bargaining power is most effective when it is built into the system rules before a showdown. The EU, UK, Japan, South Korea and Taiwan should define the assets already on offer by each party. They should advance continuity obligations in chips, chip equipment, power supply, tools, energy and models. A deficiency in one element should trigger negotiations and reassessment, not an immediate cutoff in related areas. Allied access to AI then sits, within a framework of mutual dependence. This is inherently more stable than reliance on the United States alone or the monolithic, more expensive domestic replication.

Data-Centre Deals Can Anchor Allied AI Access

Compute sites and power supply form the third track. The International Energy Agency forecasts that global data center electricity use will reach around 945 TWh by 2030, almost double the 2024 figure. It also expects data centers to account for almost half of US electricity demand growth to 2030. Availability of power, grid links, land, cooling and permitting is becoming as important as the chips themselves. This represents a new opportunity for partners with energy and space. However, the assertion that data centers in the Middle East could halt the US AI race almost immediately is an overreach. Most frontier training still occurs in the US and Gulf capacity is still being developed. The leverage exists but is future-facing. It derives from the ability to house the next round of computation rather than to control the entire system today.

Europe also has potential assets: large power markets, effective research networks, under-utilized industrial sites and a rising number of public compute plans. It is also highly dependent on overseas cloud providers. European entities had only around 15 percent of Europe’s cloud market in 2024, whereas Amazon, Microsoft and Google captured most of the growth. That disadvantage can be a bargaining strength only if Europe demands infrastructure upgrades on fair terms. Public backing for data centers must include guaranteed allied access, on-site incident teams, fair switching provisions and dedicated capacity for approved public-interest uses. Grid authorization and fiscal incentives should be provided in exchange for clear commitments. Sovereignty does not follow from physical location alone. Control of chips, software, identity systems and remote shutdown rights also matters.

The empirical aim should be an Allied AI Access Compact. It should encompass the US, the EU, the UK, Japan, South Korea, Canada, Australia and other trusted partners that have passed the same tests. The membership would not guarantee every model to every user. It would ensure a fair process, advance notice, joint risk assessments and a pathway for secure access for approved institutions and labs. Each partner would contribute in terms of capital, chip capacity, energy, research, cyber defenses and trusted cloud sites. Frontier companies would thus have access to a larger pool of secure customers and shared safety work. Governments would retain more control than under open release. Allies would attain more certainty than under unilateral permission.

The order in June demonstrated exactly how quickly allied AI access can be removed. The solution is not to demonstrate what happens when the United States is forced to release a borderless cyberweapon to the world. It is to embed trusted access in the alliance more broadly. Europe has enough resilience to protect its interests, but only if it combines those tools. Capital without contractual rights is passive. A supply-chain empire without guardrails is a menace. Data centers without humans in the loop are a default dependency. When combined, these assets can underpin a deal that advances both security and resilience. Washington should retain the authority to block the most dangerous applications of Mythos 5. Allies should have a formal role in determining who can be trusted, using what controls and for how long. The next shutdown should not be met with disbelief and indignation. It should be handled through an agreement prepared in advance.

The views expressed in this article are those of the author(s) and do not necessarily reflect the official position of The Economy or its affiliates.

References

Arm Holdings plc (2025) Annual Report and Accounts 2025. Cambridge: Arm Holdings plc.
ASML Holding N.V. (2025) Annual Report 2024. Veldhoven: ASML Holding N.V.
Csernatoni, R. (2025) ‘The EU’s AI power play: Between deregulation and innovation’. Carnegie Endowment for International Peace, 20 May.
Dey, M., Dastin, J. and Thomas, C. (2026) ‘Anthropic disables top-tier AI models after US order limiting foreign access’. Reuters, 13 June. The byline and publication date are confirmed on the Reuters page.
European Commission (2025) ‘EU launches InvestAI initiative to mobilise €200 billion of investment in artificial intelligence’. Brussels: European Commission.
García-Herrero, A. and Dutta, S. (2026) ‘Europe and its allies must plan to offset the AI dependency risk’. Bruegel First Glance.
International Energy Agency (2025) Energy and AI. Paris: International Energy Agency.
Maslej, N., Fattorini, L., Perrault, R., Gil, Y., Parli, V., Kariuki, N., Capstick, E., Reuel, A., Brynjolfsson, E., Etchemendy, J., Ligett, K., Lyons, T., Manyika, J., Niebles, J.C., Shoham, Y., Wald, R., Walsh, T., Hamrah, A., Santarlasci, L., Lotufo, J.B., Rome, A., Shi, A. and Oak, S. (2025) Artificial Intelligence Index Report 2025. Stanford, CA: Stanford Institute for Human-Centered Artificial Intelligence.
Microsoft (2024) ‘Microsoft invests $1.5 billion in Abu Dhabi’s G42 to accelerate AI development and global expansion’. Redmond, WA: Microsoft.
OpenAI (2025) ‘Introducing Stargate UAE’. San Francisco: OpenAI.
Seetharaman, D. and Kachwala, Z. (2026) ‘Anthropic rolls out public version of Mythos without cybersecurity capability’. Reuters, 9 June.
Shepardson, D. and Thomas, C. (2026) ‘US allows Anthropic to release Mythos AI to “trusted” US organizations’. Reuters, 26 June. Reuters confirms the partial restoration for trusted US organisations and that Fable 5 and Mythos 5 use the same underlying model with different safeguards.
Synergy Research Group (2025) ‘European cloud providers’ local market share now holds steady at 15%’. Reno, NV: Synergy Research Group.
TrendForce (2025) ‘4Q24 global top ten foundries set new revenue record; TSMC expands market share to 67%’. Taipei: TrendForce.
Yang, H. and Park, J. (2024) ‘Samsung picks veteran executive to tackle “chip crisis” amid AI boom’. Reuters, 21 May.