Concentration Risk: The Case for European Software Independence
A single government letter switched off two AI models for every customer overnight. A measured look at why concentration — not any one country — is the real risk, and which barriers Europe should remove to compete.
Concentration Risk: The Case for European Software Independence
Start with a thought experiment that has nothing to do with politics and everything to do with engineering. Imagine a factory whose entire output depends on a single supplier of a single critical input — and that supplier sits in a jurisdiction whose rules the factory does not write. The factory might run flawlessly for years. Its vulnerability is not a forecast of failure; it is a property of its design.
That is roughly the question posed by The 2028 Global Intelligence Crisis, a piece published in February 2026 by the analysts at CitriniResearch together with Alap Shah. A clarification belongs up front, because the authors insist on it themselves: the text is a scenario, not a prediction — a thought exercise written as financial history narrated from a hypothetical 2028. It is explicitly not bear porn and not a forecast, and it should not be cited as one here. As a lens, though, it is sharp. Its core premise is uncomfortable: what if the bullish case for AI is right — and that is precisely what makes it dangerous? If intelligence becomes a production input as fundamental as electricity, then whoever controls access to that input controls something close to the economy itself.
For most of 2025 and early 2026 this stayed abstract. Then it briefly stopped being abstract.
The event that made the abstract concrete
On 12 June 2026, the AI company Anthropic published a short statement. Citing national-security authority, the US government had issued an export-control directive requiring the company to suspend access to two of its models — Fable 5 and Mythos 5 — for every customer. The directive applied to any foreign national, inside or outside the United States, including the company's own foreign-national employees. Anthropic complied, publicly disagreed with the decision, and said it was working to restore access.
Read it without drama. No data centre caught fire. No company went bankrupt. No price changed. A critical service became unavailable because of a decision taken in a jurisdiction its non-US customers do not participate in, and it happened within hours. Every standard vendor risk assessment screens for outages, insolvency and price hikes. Very few screen for this.
Why this is not an anti-American argument
It is worth being explicit, because the topic invites caricature. This is not a case against US technology, and it is certainly not a claim that European software is somehow morally superior. American platforms lead in many of the layers discussed below, and they have delivered two decades of genuine productivity gains to European firms. Pretending otherwise would be both wrong and useless.
The argument is narrower and more durable: concentration is a structural risk regardless of who holds the concentrated position. If the dominant providers were European and the dependent customers American, the engineering critique would be identical. The goal is not to swap one monoculture for another. It is to ensure there is ever a second door.
Where the chokepoints actually are
The modern software stack is a chain of layers. Resilience is a property of the whole chain — it is only as strong as its most concentrated link. Across most layers, the concentrated link currently sits in a single jurisdiction.
The most consequential link is cloud, because almost everything else runs on top of it — which is exactly why a directive like June's propagates so widely.
Estimates differ between studies, but the direction is consistent: roughly two-thirds of the European cloud market sits with a few non-European platforms, and the European share is shrinking inside a growing market. For the most capable AI chips and frontier models, the concentration is sharper still.
The resilience case, stated plainly
Concentration risk has a familiar economic shape. When one supplier holds a critical input, three things tend to follow: pricing power accrues to that supplier, the dependent buyer's bargaining position erodes, and the buyer's continuity becomes hostage to events — commercial, technical or political — that the buyer cannot influence.
None of this requires bad intent on anyone's part. It is the ordinary physics of a market with a single chokepoint. The June directive is simply a vivid instance of the political variant of that physics.
Note where the useful target sits: not at autarky, which is neither achievable nor desirable, but at optionality — the ability to switch without stopping the business. That distinction matters, because optionality is reachable. It is a question of architecture and market conditions, not of building a national champion for every layer.
Europe's assets are real — and under-used
Europe is not starting from nothing. It has world-class research talent, a global enterprise-software leader, deep industrial-software expertise, a strong open-source community, and a regulatory apparatus that — used well — is leverage rather than burden. The gap is rarely capability. It is the conditions under which that capability can scale.
The pattern is striking: the inputs Europe controls (talent, software depth, open source) score high; the conditions that turn inputs into scale (capital, a unified market) score low. Independence is therefore less a technology problem than a market-design problem.
The ask: lower the barriers for European firms
If Europe wants its own infrastructure, it has to make building it worthwhile. Today the climb is steeper for a European challenger than for an incumbent platform — not by nature, but because of specific, changeable conditions. Four of them, argued from competition and resilience rather than sentiment:
1. Make the single market actually single. A European software firm effectively sells into 27 differently regulated markets. Unified, digitally usable rules — incorporation, tax, contracts — lower the fixed cost of scaling. Those fixed costs are precisely what kill challengers before they grow large enough to compete. A genuine home market is the cheapest industrial policy available.
2. Deepen capital for the growth phase. Europe produces start-ups and loses them at the scale-up stage for want of large, patient growth capital. Deeper, more integrated capital markets are the unglamorous precondition for European challengers becoming European champions instead of acquisition targets.
3. Use public procurement as a lever. The public sector is one of the continent's largest software buyers. Procurement rules that reward interoperability, open standards and exit capability — not merely the lowest sticker price — would give European providers a dependable home market. That is a quality requirement, not a subsidy.
4. Regulate for interoperability, not just for obligations. Europe regulates competently on privacy, platforms and data access. The higher-leverage move is to design rules that force interoperability and thereby cut switching costs. Where switching is cheap, competition appears. Where switching is expensive, lock-in does.
None of these is aimed against anyone. They do not seek to shut anything out. They seek to make sure a second door exists.
What firms can do now — without waiting for policy
Policy moves slowly; your own architecture does not. Whatever Brussels decides, any organisation can reduce its own concentration risk today. The levers are unglamorous, which is exactly why they work.
- Make exit a requirement, not a hope. For every new system, the question is not only "what can it do?" but "how do I get out?" Data export, open formats and documented interfaces belong in the contract.
- Decouple critical functions behind a thin abstraction. A small layer between your application and a swappable service — an AI model, say — turns a forced migration into a configuration change. June hurt hardest those who had wired a single model directly into their product.
- Prefer open standards. Where a portable option does 90% of what a proprietary one does, the premium for the last 10% is often a premium for lock-in.
- Treat your data as something you own. Keep it in a portable model, not only in a vendor's schema, and you keep the option to leave.
This is not an argument against American or other international providers. It is an argument for providers — plural.
Our position
At balane we build software for mid-sized companies — advising, developing, automating, and looking at every project through three lenses: business, psychology and technology. From that practice, our stance on the sovereignty question is unexcited: good architecture is sovereign architecture. Design for portability, open standards and swappable building blocks from the start, and you become more independent not for political reasons but for craftsmanship reasons — and resilience comes free with it.
European infrastructure will not be built by a single grand project. It will be built by thousands of concrete decisions inside individual companies, each one a little less lock-in than the last. That is where we work.
