AI & Automation
The World of Geopolitical AI Has Arrived
Opportunities for European and Hungarian Companies to Reduce Their Dependence on U.S. Big Tech
CP
Péter Csillag
CEO, Gloster Digital Group

We have long been aware of the risk that has now materialized: the U.S. government has effectively cut off non-U.S. citizens—including EU users and companies—from access to some of the most advanced, cybersecurity-critical AI technologies.

Anthropic’s latest restriction on non-U.S. access to its Claude Mythos model is a clear signal. Although this is only the first step, the geopolitical AI Cold War has officially begun. After the first few light jabs, the parties will now step outside the bar, size each other up intently for a while, and then decide whether the slapping match will continue. I think it will.

What does this mean for us—companies, individuals, and organizations—here in the European Union and in Hungary? From now on, dependence on American Big Tech will no longer be merely a matter of convenience or ethics, but will pose a direct business and operational risk. If the API were to be shut down tomorrow, would your business processes come to a halt (or at the very least slow down to 20th-century levels)?

The response from the EU and the European market (i.e., companies that develop, provide, and use AI) can hardly be anything other than accelerating the adoption of Sovereign or on-prem AI solutions.

A brief overview of how companies can build their independence and what realistic alternatives are available depending on company size.

1
Immediate Workarounds

Before we completely overhaul everything, we can make our existing systems more flexible by taking the following tactical steps:

  • API abstraction layers (Model Routers): Don’t hard-code a single vendor’s (e.g., Anthropic) API directly into our software or systems. By using intermediary layers such as LiteLLM, LangChain, or Portkey, switching between models will be much less of a headache. If one model goes down, the system will—even automatically and almost imperceptibly—redirect traffic to the other. It’s unlikely that the output of AI-powered systems will remain unchanged when switching to a new model, but in many cases, this may be sufficient to keep business processes running.
  • Multi-model approach: For critical functions, we should keep an alternative European/open model on standby alongside the American one, and test them continuously, intensively, and in parallel. This typically involves opting for slower development and higher costs in exchange for lower risks.
2
Open Alternatives Under the European and Permissive Licenses

The main pillars of decoupling: the geography- and regulation-based European ecosystem, and open-source, self-controlled technologies.

Featured European Service Providers (GDPR- and EU AI Act-compliant clouds)

  • Mistral AI (France): The flagship of European AI. Mistral Large and Codestral—which is specifically optimized for coding—can compete (well, almost…) with proprietary American models in terms of performance. They are available as cloud APIs, but can also be downloaded and, in some cases, used for free.
  • Aleph Alpha (Germany): Models developed specifically for the highly regulated corporate, industrial, and government sectors, where explainability and data security are top priorities.
  • Sovereign Cloud Infrastructure: Providers that offer a dedicated, EU-based GPU-powered environment, ensuring that data remains within the EU and is protected from the effects of U.S. regulations and laws. The best options, of course, are companies owned and controlled from within the EU.

Featured Open-Source (Open-Weight) Models Under a Permissive License

Although these models are often developed by American (or similarly risky Chinese) giants, their permissive licenses (e.g., Apache 2.0 or permissive proprietary commercial licenses) allow us to download them and install them on our own, completely closed servers. This is a key difference: unlike with cloud-based API access, no one can maintain remote, revocable control over model weights once they have been downloaded—the model remains our property.

  • Meta Llama 3 / 3.1 Series: The king of open source. From the smaller (8B) model to the gigantic (70B and 405B) versions, they are ideally suited for specific enterprise tasks and come with an extremely permissive commercial license.
  • Google Gemma 2 & Microsoft Phi-3: High-quality, small-scale (Small Language Model - SLM) models that are astonishingly effective for specific tasks and can run on minimal hardware.
3
Strategic Action Plan by Company Size
SME

Small Businesses and SMEs

The goal: A quick and inexpensive replacement without requiring development resources.

Solution: Switch to European APIs (e.g., Mistral AI API) or use turnkey European platforms that provide ready-to-use, GDPR-compliant assistants.

Time required

Technical migration: 1–2 days. Full deployment (testing, prompt adaptation, internal approval): 2–4 weeks.

Expertise

Basic IT knowledge for replacing API keys, and good prompt engineering.

Hardware / Software

It does not require new hardware; the transition takes place within the existing cloud infrastructure.

Middle

Medium-Sized Companies

The goal: Data security and customizability, with moderate infrastructure exposure.

Solution: Hybrid or Private Cloud. Running open-source models (e.g., Llama) on dedicated cloud GPUs provided by European cloud service providers (OVH, Scaleway).

Time required

1–3 months from planning to the test run.

Expertise

Cloud DevOps Engineer and AI/ML Engineer (with expertise in RAG—database integration—systems and model fine-tuning).

Hardware / Software

Enterprise GPUs rented from the cloud (e.g., NVIDIA A100/H100 instances), open-source runtime frameworks (vLLM, Ollama).

Big

Large Corporations (Banks, Telecommunications, Energy, Public Sector)

The goal: Full digital sovereignty. Eliminating external risks, complete isolation (air-gapped operation).

Solution: On-Premise AI Infrastructure. Purchasing your own hardware, running open-source models in your own data center, and training them with your own data.

Time required

6–12 months due to procurement processes, physical installation, and security audits.

Expertise

Dedicated in-house AI division: data scientists, ML platform engineers, data center infrastructure experts, and AI security (cybersecurity) auditors.

Hardware / Software

Proprietary GPU server architecture (e.g., NVIDIA H100 supercomputer clusters), with robust cooling and power infrastructure in a Tier III+ data center.

The Bottom Line

Managing AI dependency is no longer a decision for the IT department, but rather a matter of risk management at the senior executive level. A company is in (relative) safety if it has a well-thought-out exit strategy—or, at the very least, a strategy to reduce its dependency—regarding U.S. Big Tech providers, and possesses the internal and external resources necessary to implement that strategy.

We still cannot think of a better, more forward-looking method for developing our company and improving the efficiency of our processes than using modern AI tools—so this cannot be replaced. But what kind of AI technology we use, how we use it, and what geopolitical risks we take on as a result—that is our own decision.

Inaction is also a strategic decision—just usually a bad one. Every month an organization spends without a well-developed AI sovereignty plan and the extra resources required for it represents a month’s worth of additional risk. Those who fail to act may easily find themselves caught in the power struggle between Washington and Brussels (and Beijing) as expendable pawns (though being reduced to the status of a peasant would be a bit much…).

Newsletter
Get new articles delivered to your inbox.
A concise monthly brief: the latest articles, audit insights, and event invitations. Unsubscribe with one click—no spam.
Thank you! Your submission has been successfully recorded!
Oops! Something went wrong while submitting the form.