Here’s What Brussels Needs to Do to End its Dependency on Big Tech
An export-control order in June exposed the real problem—and why Europe's regulatory toolkit can't fix it.
//Image: Gefühl der Abhängigkeit, by Sascha Schneider, 1984
The most important AI-governance development of 2026 so far wasn’t a model release. It was an export-control order. On June 12, the US Commerce Department’s Bureau of Industry and Security directed Anthropic to cut off its two newest frontier models for all foreign nationals. Unable to segment US citizens from everyone else, the company blocked public access worldwide. Days later, reports emerged of a similar squeeze on OpenAI’s GPT-5.6.
The ban didn’t last: on June 30, after Anthropic negotiated new cybersecurity safeguards and testing protocols with federal agencies, Commerce rescinded it. While that might be good for the world, it signaled an important change. For the first time, Washington had aimed its export-control authority at model access rather than at chips or hardware, and this led to global impacts. It was a wakeup call for Europe that the frontier AI market is concentrated enough that the United States alone decides who gets to use these tools—and who doesn’t.
Europe’s response was telling. At the G7 in Evian-les-Bains, days after the order, EU leaders declined to confront Washington and reframed the episode as a chance to “recreate a circle of trust.” At the same summit, the world’s seven most powerful governments solicited advice on sovereignty and AI risk from the CEOs of twelve of the largest tech companies on the planet. The UK’s AI minister later conceded the “main lesson” was that “access to AI capabilities is crucial” for sovereignty—a sovereignty Europe does not currently have.
A dependency, not an incident
For years, Europe’s tech dependency, while known and oft discussed, has largely been treated by policymakers as a distant threat, not an immediate going concern. Policymakers acknowledge the need for sovereignty, while still conceding that 80% of EU enterprise-software spend goes to US firms, with four companies—Microsoft, Oracle, Salesforce, and IBM dominating. These conversations have only grown louder now that powerful frontier AI models are in the mix.
Despite what some argue, the defining problem with AI for Europe is not the capability of the frontier models in the abstract; it’s the structural dependency Europe has on the United States, and importantly, on the handful of firms that dominate AI development, compute, chips, and cloud. America’s hyperscalers know exactly how dependent Europeans have become, and have used our dependencies to define the very laws ostensibly designed to keep that power in check. They also know that in a Trump 2.0 world, laws are for the weak, and the only policy that actually matters is what’s signed at the Resolute desk.
I call this condition tech extensity: the point at which a firm becomes so large and embedded across infrastructure, sectors, and decision systems that it becomes functionally impossible to remove or discipline—not through market share, but through systemic dependency. The mechanism that gets us there is the erosion of friction: the physical, legal, financial, and normative barriers that have historically restrained concentrations of power. Friction often looks like bureaucracy or inefficiency; but in practice it does an enormous amount of structural work, restraining the worst influences of the most powerful. When friction disappears, the norms, values, and institutions that make up democratic societies often go with it.
Europe owns almost none of the stack
Washington at least maintains some amount of leverage over these firms—the export-control ban, the administration’s semi-successful attempts to limit NVIDIA chip sales to China, show as much. But Brussels has none. The chokepoints sit outside its control, and Europe is almost entirely dependent on Big Tech.
For example, advanced chips run through a three-firm chain—Nvidia (design), TSMC (fabrication), and ASML (lithography)—of which only ASML is European. But even ASML is bound by US diktat: its export licensing is coordinated with Washington, since ASML itself relies heavily on American components, software, and patents, making it subject to laws and regulations like the Foreign Direct Product Rule.
It is no better higher up the stack. In cloud, the three US hyperscalers hold roughly 70% of the European market, with European providers stuck in the low teens and steadily losing share. European startups depend on subsidized inference from US labs; the EU spends an estimated €264bn a year on US tech; and Europe’s lone frontier lab, Mistral, operates at a fraction of its US counterparts. While EU laws like the Digital Markets Act (DMA) and Digital Services Act (DSA) attempt to rein in these gatekeepers, it’s hard for the dependents to enforce rules against the very landlords they’re so dependent on.
Why the existing Brussels toolkit keeps failing
Here’s the part European policymakers keep missing: their instinct is to reach for procedural tools—fines, audits, transparency mandates, ‘risk-based approaches’ and compliance theater—all of which assume that an external lever still exists to discipline non-compliant players. But against extensive firms coupled with the erosion of friction points like legal norms, meaningful consequences, and strong diplomatic relationships, that lever breaks.
The evidence of procedural failure is already in. Eight years into the General Data Protection Regulation, the Irish Data Protection Commission has yet to collect over €2.8 billion in fines against Meta, and nearly €900 million against TikTok, as both firms tie the regulator’s hands in court. Apple has threatened to leave or substantially delay product releases in the EU market over the DMA, while Microsoft successfully lobbied the European Commission to block public access to critical information on the environmental impacts of data centers. Meanwhile, the Trump administration has repeatedly threatened the European Commission with tariffs and export restrictions against EU tech firms, if regulators continue to pursue investigations against gatekeeper firms like Google, X, Meta, and Amazon under the DSA.
Two tracks, in sequence
To escape this dependency, the EU must act decisively—not through more procedural regulation, but via a dual-track approach run in sequence.
The first track is to build. The bloc must treat the new EU Cloud and AI Development Act as the spine of an industrial strategy, not a procurement footnote: use the Chips Act’s crisis powers and member-state co-investment to onshore capacity; preference compliant European firms through procurement rather than prohibition; and pursue a “brain gain”, leveraging US immigration and academic hostility to draw talent to Europe.
And it must fund the stack like the priority it is: the Draghi report put the gap at €750–800bn a year, but even redirecting a fraction of the €264bn already flowing to US vendors represents a good starting point.
The second track is to constrain—structurally, not just procedurally. A core weakness in the EU is the application of broad, procedural rules to all-comers. That makes sense for fundamental rights or the environment, but it’s easy for incumbents to game, and acts as a perverse barrier to new EU entrants.
Brussels has begun to acknowledge that extensive firms should be treated differently: for example, the Digital Online Resilience Act, the DMA, and the DSA each single out a class of systemic actors—”critical ICT third-party providers”, “gatekeepers”, and “very large online platforms”. The DMA, for example, represents a mix of structural and procedural mechanisms. Since 2022, it has forced Apple (threats notwithstanding) to abandon some anti-competitive practices—onerous developer fees and preferential App Store steering—by compelling immediate engineering changes through escalating daily fines, not a one-off penalty that can be litigated for years. It also hands the Commission “behavioural or structural remedies”, up to divestiture, for “systemic infringements” (though Europe has yet to avail of this nuclear option).
Another mechanism Europe should consider is the power of setting global standards through its market leverage. For example, the EU’s common charger rule shifted the global market for consumer electronics by requiring manufacturers of portable electronic devices like phones and laptops to incorporate USB-C as the default charging port as a condition for selling in the market. While the USB-C standard applies broadly, the effects have had a direct impact on incumbents like Apple and Google.
The EU needs to shift—away from fines, incumbent-friendly burdensome paper-pushing, and squabbles between member-state regulators, toward market-shaping standards and defaults that hit Big Tech at the design and engineering stages. These are the interventions that work, because by the time a product reaches the legal and compliance teams, it’s already too late.
The hard part is political
Importantly, Brussels needs to come to grips with the fact that the US is now an unpredictable actor, and that policy built on a presumption of relationship regularity is built on a false premise. The window is open now, but it’s closing fast. As former European Central Bank President Mario Draghi noted, “For the first time in living memory, we are truly alone together.” Brussels needs to take decisive action now, rather than hoping that the storm will pass in 2029. Regardless of who wins in the White House, neither the pace of AI development, nor the power concentration will wait on Brussels to decide.
The two-track approach I’ve laid out is hard—it will take perseverance, capital, and unpopular choices—but Europe has done this before, and structural reforms compel behavior with far less friction than fines alone. What’s required now is cunning over brute strength, and decisiveness over endless deliberation.
The first step will be the hardest: getting Brussels to recognize that right now, Europe is dependent on a small concentration of tech companies operating in a regime where norms continue to erode, and that this dependency is a threat to all of Europe. The alternative is to discover, one export-control order, disregarded legal implementation, or ignored penalty at a time, that a democratic, institutions-based, free-market EU has quietly become a digital vassal to the United States and Big Tech.
