“Nostalgia is not a strategy”, said Mark Carney in his widely lauded speech in Davos. As states force AI into walled gardens of geopolitical control, the IT neutrality of yesteryear has become equally untenable.

The evidence of diverging regulation is mounting. The US Defence Department is reportedly threatening to label Anthropic a “supply chain risk”. China continues to refine its domestic regulatory framework, prioritising national interests. Meanwhile, Europe is enforcing strict safety rules through the EU AI Act, and India champions a non-aligned “Global AI Commons“.

For European business leaders, the era of the borderless software stack is ending. Tech has a passport, and procurement is becoming an exercise in geopolitical risk management.

Read on to learn

1. The US, China, and the EU are developing incompatible AI rules

2. Companies should understand risk in their AI supply chain

3. Decentralised architectures preserve market access

4. Alternatives are emerging via partnerships and initiatives

5. CIOs should be ready to understand and operate as diplomats

I. The AI supply chain

Like other raw materials, business leaders must understand the provenance of their AI models. This requires a comprehensive audit of every model running within the business: who owns the intellectual property, where the data is hosted, and which legal jurisdiction governs its use.

Software buying is no longer just about performance but a declaration of alignment, designed to mitigate risk. Reliance on a US provider that falls foul of new EU rules could result in diminished access or fines. Deploying Chinese AI models may disqualify a firm from Western government contracts.

II. Decentralised architectures

The pursuit of a globalised AI infrastructure for a firm operating in multiple regions is increasingly hazardous. A more resilient approach involves a modular, region-specific architecture.

A firm might employ US-hosted models for North American operations to benefit from local speed and a different regulatory appetite. However, it may require distinct, localised models for Chinese operations to comply with strict domestic data and censorship laws.

This approach sacrifices some economies of scale, but preserves market access. The cost of maintaining separate systems is high, but the cost of being locked out of a major economy for non-compliance may be terminal.

III. European AI solutions

For operations within the EU, legal certainty is becoming a competitive advantage. With the EU AI Act’s full enforcement set to begin in 2026, the “Sovereign AI” alliance between SAP and Mistral AI illustrates a pragmatic solution.

In the current climate, sovereign AI is less an IT preference and more an insurance policy. By hosting European-engineered models on European infrastructure, firms can ensure data remains physically and legally within the bloc. This reduces exposure to the US CLOUD Act, which permits American law enforcement to access data held by US providers regardless of where it is stored.

IV. The Indian alternative

While superpowers fortify their digital borders, India is positioning itself as a neutral intermediary. At the recent summit in New Delhi, the government unveiled the “Global AI Commons,” a project intended to democratise access to computing power and datasets.

For non-sensitive, high-volume data processing, Indian partnerships offer a cost-effective route that avoids some of the legal entanglements of the US-China rivalry. India is positioning itself as a “back office” for the AI era: more affordable than the US and lower-risk than China.

V. Chief diplomacy officers

As the private sector becomes strategically important, the role of Chief Information Officers is evolving into that of a diplomat. Choosing an AI model is a strategic choice, as much as a technical one.

As digital borders harden, the most resilient companies will be those able to navigate multiple jurisdictions simultaneously. Sadly, IT neutrality is a relic of the past; deliberate, informed alignment is the way forward.