Recently, the United States government handed Anthropic an export-control directive instructing it to block foreign-national access to Fable and Mythos, two of its most capable models. Within hours, Anthropic shut those models down for everyone, everywhere. Researchers and analysts in Australia lost access at the same moment as users in every other country, and the reason is a detail worth understanding. The directive targeted foreign nationals, which is a citizenship test, but a cloud AI provider only knows where its users are, not who they are as a matter of nationality. The only way Anthropic could comply with a rule about citizenship was to switch off everyone, because location was the only lever it actually held.
That episode turned an abstract policy debate into a concrete demonstration. For years the Australian conversation about artificial intelligence has centred on whether the technology is safe and well governed. The Anthropic shut-off asked a different question, and a more uncomfortable one: whether the AI that Australian institutions increasingly depend on is theirs to rely on at all. The Conversation put it plainly in its coverage. Sovereignty, in this context, means not depending on tools and systems that another nation can switch off or restrict at will, and on the evidence of that week, Australia depends on exactly such tools.
The structural version of the problem has a name in the research literature, access-layer fragility. The argument is that a country can have all the visible ingredients of AI capability, the compute and the cloud infrastructure included, and still find that capability disrupted the moment access to the foreign-controlled frontier models is restricted by a legal or geopolitical decision made elsewhere. Owning the infrastructure is not the same as controlling the capability, because the part that does the actual reasoning sits behind an access layer that someone in another jurisdiction can close. The hardware in the data centre keeps running. It just has nothing to talk to.
The dependency does not only run in the direction of access being withdrawn. It runs the other way too, toward data being compelled. Australia’s cloud arrangement with a major American provider will host some of the nation’s most sensitive intelligence material inside a privately owned United States network, and under the US CLOUD Act, American authorities can lawfully compel access to data held by a US company anywhere in the world. So the same relationship that can be switched off from Washington can also be reached into from Washington. A government that has not mapped both of those exposures has not understood the arrangement it has signed.
What makes this difficult to walk back is the asymmetry between how fast the dependency builds and how slowly it unwinds. A new measure called AI Reliance, designed to quantify how deep and how reversible an institution’s AI dependency has become, found that United States federal AI use cases have risen roughly fivefold in two years while reversibility in the public sector is far slower and more costly than in private markets. Agencies adopt at the speed of a procurement cycle and would disentangle at the speed of a parliamentary inquiry. The related Capability-Friction Dynamics work shows why the hole keeps getting deeper: political pressure to deploy AI quickly crowds out the foundational data-governance investment that would make the dependency manageable, so the rush to adopt actively erodes the capacity to adopt safely.
None of this is an argument for digital autarky, and the most useful framing of the week came from ASPI, which argued that Australia should decide where independence matters most rather than chase blanket sovereignty across everything. That is the right instinct. No country builds its own frontier models for every purpose, and pretending otherwise is a fantasy that wastes money on the dependencies that do not matter while ignoring the ones that do. The honest position is managed dependency. The catch is in the word managed, because management implies an agency has actually decided which dependencies it can live with and what it would do on the morning the access is cut. Independent Australia was harsher, calling the current posture security without sovereignty, and the gap between those two descriptions is exactly the work that has not been done.
That work is a governance question before it is a technology one, and it rhymes with arguments I have made elsewhere. The shadow-AI problem I have written about is, at root, an observability failure, an inability to see what AI an organisation depends on. Access-layer fragility is the same failure raised to the geopolitical level, an inability to see or plan for the dependency on a provider that answers to a foreign government. It also recalls the case I made about undersea cables, where the comfortable assumption that the internet is everywhere obscures how few physical and contractual chokepoints actually carry it. The access layer is the newest chokepoint, and it is the one with the shortest distance between a foreign policy decision and an Australian service going dark.
There are faint signs of institutional awareness. The Digital Transformation Agency recently reclaimed responsibility for the APS Digital Profession program from the Australian Public Service Commission, which could signal a tightening grip on digital capability or could be ordinary bureaucratic reshuffling, and it is too early to tell which. What would actually count as awareness is more prosaic and more demanding. It is every agency with a material AI dependency running the simple stress test that almost none of them have run: what happens to our services, tomorrow, if access to our primary provider is restricted. Most do not have an answer, and the value of asking the question early is that the answer is much cheaper to build before the switch is flipped than after.
Australia spent a long time debating whether its artificial intelligence was safe. The Anthropic shut-off reframed that debate around a harder question, easier to ignore, of whether the AI is actually Australia’s own. Sovereignty here was never about owning the compute or the buildings that house it. Sovereignty is about knowing what you would do on the morning someone in another country flips the switch, and on current evidence, most of the institutions leaning hardest on these systems do not yet have an answer worth the name.
References
The Conversation. (2026, June 17). The US government can shut off access to AI at will. What does this mean for Australia?
AI Reliance: a reproducible measure of how deep, and how reversible, systematic AI dependency is. (2026). Zenodo. https://doi.org/10.5281/zenodo.20763481
The Capability-Friction Dynamics: A macro-architecture for public sector AI. (2026). AMCIS 2026 Proceedings.
Australian Strategic Policy Institute. (2026, June). On AI sovereignty: decide where independence matters most. The Strategist.
United States. Clarifying Lawful Overseas Use of Data (CLOUD) Act, 2018.

Leave a comment