TL;DR
Thorsten Meyer AI published a July 16 analysis challenging its earlier support for sovereign AI infrastructure. It argues that most organizations gain more from model capability, rapid deployment and vendor fallbacks, while regulated or security-sensitive users may still need sovereign systems.
Thorsten Meyer AI published an analysis on July 16, 2026, arguing that most organizations should favor the best suitable AI model over costly sovereign infrastructure unless laws, classified workloads or sensitive regulated data leave them no choice. The assessment reverses much of the publication’s recent sovereignty-first argument and reframes the issue as a choice between binding requirements and discretionary risk management.
The publication said its previous five weeks of reporting repeatedly reached the same verdict: organizations should own the model rather than depend on an API. Its latest analysis questions that pattern, saying the evidence may have been filtered through an established thesis. The new case holds that capability gaps, qualification delays and infrastructure costs often create more immediate business harm than the foreign-jurisdiction risk sovereign systems are meant to reduce.
As evidence, the analysis cited vendor benchmark tables showing Inkling at 77.6% and Fable 5 at 95.0% on SWE-bench, alongside scores of 63.8% and 89.5% on Terminal-Bench. It interpreted those differences as a material performance penalty for choosing a weaker model. The publication acknowledged that these results are self-reported and awaiting independent replication, limiting how firmly they can support purchasing decisions.
The analysis also cited earlier reporting that placed SecNumCloud qualification costs far above ISO 27001 compliance, estimated specialized staffing at $75,000 to $100,000 a year, and described large penalties from idle computing capacity. Those figures come from the publication’s earlier sources, including ANSSI, Scalingo and infrastructure-cost providers; they were not independently verified in the supplied material.
Against sovereignty: the strongest case for just using the best model
This publication has spent five weeks arguing one thing — and every piece converged. That should bother you. It bothers me. When eight analyses reach the same verdict, you’re not running an analysis. You’re running a thesis, and the evidence has started arriving pre-sorted.
So here’s the case against — argued properly, with the same evidence, turned around. Not a strawman erected to be knocked down. The version a smart CTO would put to me across a table, and which I have not yet answered in public. The claim: for almost everyone, sovereignty is an expensive hedge against a risk they’ve mispriced — and the rational move is to use the best model and get on with it.
Defence · classified · national health data · DORA-bound finance. The foreign-legal-order risk isn’t theoretical and isn’t insurable by other means — it’s a legal gate. No benchmark opens it. Your alternative isn’t a worse model; it’s no deployment at all.
Statistically, you are. You have a reasonable, politically legible, entirely unbudgeted feeling — and an industry built to monetize it. The capability compounds, the tax is real, the opportunity cost is brutal, and 18 days is survivable.
I’ve spent five weeks arguing you should own your stack. The strongest case against says: for most of you, that’s an expensive way to be worse, sold by people whose real product is a feeling. And that case is mostly right. What survives is smaller and sharper — everything above the router line (the qualification programme, the owned cluster, the custom pre-training run, the €11B data centre) you should buy only if a law requires it, never because a narrative does. A router is the sovereignty most people actually need. 90% of the resilience for ~2% of the cost — and it would have made 12 June a non-event. So run the honest test: are you bound, or are you performing?
Capability Gains Versus Compliance Costs
The argument matters because AI buyers increasingly face pressure to balance model performance, legal control, resilience and cost. A sovereignty-first policy can restrict model choice, extend qualification work and divert money from product development. A capability-first policy can speed deployment, but it may expose an organization to vendor restrictions, foreign legal orders and limited operational control.
The analysis draws a firm boundary around workloads where sovereignty remains necessary. It identifies defense, classified systems, national health data and some DORA-bound financial services as cases where legal or security rules may block the use of foreign-controlled models. For those users, a lower benchmark score is not simply a performance trade-off: the alternative may be no lawful deployment.

Key Performance Indicators: The Complete Guide to KPIs for Business Success
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Five Weeks of Sovereignty Reporting
The July 16 publication follows a series of articles examining European AI ownership, computing capacity and foreign control. Those reports covered Mistral, Cohere, Aleph Alpha, Schwarz Group infrastructure and ownership restrictions, repeatedly warning that an outside government or provider could interrupt access to critical models.
The latest analysis reinterprets an interruption that had supported that concern. According to the publication, a Commerce directive removed Fable 5 and Mythos 5 on June 12 before access returned on July 1. It characterized the episode as an 18-day degradation involving one vendor, with fallback models available, and argued that ordinary businesses could address that type of disruption through multi-model routing and continuity planning.
Benchmarks and Cost Claims Need Testing
Several parts of the case remain unsettled. The cited benchmark results are vendor-reported, and the supplied material does not show independent replication, workload-specific testing or error ranges. It is also unclear whether the named models perform similarly across production coding, language, security and regulated-data tasks.
The claim that routing provides 90% of resilience for about 2% of the cost is presented as an estimate, not a verified industry-wide result. Costs will vary by traffic, data location, contractual restrictions and integration complexity. The supplied material also does not establish how many organizations are legally bound to sovereign infrastructure or how often foreign-government controls produce longer disruptions.
CTOs Face a Binding Test
The analysis urges technology leaders to determine whether sovereignty is a legal gate, a security requirement or a preference before funding owned clusters, qualification programs or custom model training. Organizations without binding constraints are likely to compare multi-provider routing and fallback models against the cost of dedicated sovereign infrastructure.
Organizations handling classified or tightly regulated information will still need to document ownership, jurisdiction, data access and shutdown authority. The wider argument now depends on independent benchmark replication, clearer cost comparisons and evidence from future service restrictions. Those findings will show whether capability-first deployment remains resilient during a more severe disruption.
Key Questions
Is the analysis saying sovereign AI is unnecessary?
No. It argues that sovereign AI remains justified when laws, classified workloads or regulated data prohibit foreign-controlled services. Its criticism is directed at voluntary sovereignty programs whose costs may exceed their practical risk reduction.
What does choosing the best model mean?
It means selecting the model that best meets an organization’s measured performance, reliability and cost requirements. The analysis does not establish one model as best for every workload, and its cited benchmark results still need independent verification.
What role does a model router play?
A router can direct requests among multiple model providers, allowing an application to use a fallback when one service is unavailable. It can reduce dependency on one vendor, though it does not remove data, contractual or jurisdictional constraints.
Which organizations may still require sovereign systems?
The analysis identifies defense, classified operations, national health data and some regulated financial workloads. The exact requirement depends on applicable law, contracts, data classification and the organization’s documented threat model.
Source: Thorsten Meyer AI