From regulatory power to technological sovereignty
By Javier
Surasky
The
European Union has a distinctive place on the AI power map. It does not lead
the global race in the number of frontier models, levels of investment, or
concentration of major digital platforms, as the United States does, nor does
it have China’s integrated state and industrial capacity. Its power rests on
the construction of rules, standards, shared public infrastructure, a regulated
market, and a narrative of technological sovereignty grounded in rights,
security, and trust.
Still, we
believe it would be a mistake to reduce the EU’s role to its regulatory
capacity. This is clear in its efforts to move from being the world’s leading
AI regulator to becoming a space for advanced digital production, adoption, and
infrastructure. This shift is key to understanding the EU’s changing place in
the new AI power map.
The
starting point of that architecture is the European Artificial Intelligence
Regulation, known as the AI Act, which has been in force since August 1, 2024,
with gradual stages of application. Prohibited practices and AI literacy
obligations have applied since February 2, 2025, and rules on general purpose
AI models and governance since August 2 of that same year. Most of the AI Act
will begin to apply on August 2, 2026, although some obligations for high-risk
systems embedded in regulated products have an extended application deadline of
one additional year.
The AI Act
expresses Europe’s power to structure the market through risk-based regulation:
minimal risk (e.g., video games using AI), limited risk (e.g., chatbots), high-risk,
(e.g., AI hiring systems), and unacceptable risk (e.g., systems for social
scoring by public authorities). Unacceptable risk systems are prohibited, while
the other three categories are subject to obligations tailored to each level.
The AI Act
builds on existing regulatory architecture, most notably the General Data
Protection Regulation (GDPR), which has been in force since 2018. The GDPR made
the European Union a global benchmark for personal data protection by
establishing requirements for lawfulness, transparency, minimization, purpose
limitation, security, accountability, and individual rights in relation to
automated data processing.
Anyone wishing to operate in EU territory will have to adapt to that regulation, and
that is Europe’s greatest geopolitical asset.
In July
2025, the EU published a Code of Practice for general-purpose AI models that
serves as a voluntary tool to facilitate compliance with the AI Act. It does so
through joint work among independent experts, a wide range of stakeholders, the
European Commission, and the European AI Board, with the aim of finding solutions
that bring together innovation, transparency, security, and accountability.
But
European regulatory power is not enough to position Europe in the AI race. It
needs more infrastructure, capital, talent, data, and models of its own.
Aware of
this, since 2025 the EU has promoted a complementary strategy: the AI Continent
Action Plan, which includes five strategic areas: computing infrastructure,
data, sectoral adoption, talent, and regulatory simplification.
The heart
of the new strategy lies in infrastructure, especially through what have been
called “AI Factories.” These operate as nodes of technological sovereignty that
combine advanced computing capacity, innovation ecosystems, and specialized
support to turn European regulation into real capacity for AI production,
adoption, and application.
These
“factories,” open to startups, SMEs, industry, research institutions, academia,
and public authorities, are built on the European supercomputing network. To
qualify as AI Factories, they must combine advanced computing, that is, high-performance
computing capacity, with quality data, meaning information sets suitable for
training, validating, or applying AI systems that are relevant, representative,
updated, documented, interoperable, and legally usable. They must also include
a data governance framework, meaning the set of rules, procedures, and
responsibilities that organize how data are collected, stored, shared,
protected, and used, as well as specialized technical services, meaning teams
and tools that help users turn an idea into a functional application.
They also require
technical talent, meaning people capable of operating that infrastructure and
supporting projects, regulatory advice, meaning support so that projects comply
with applicable rules, and a user ecosystem, meaning the community of actors
that uses and sustains the AI Factory: startups, SMEs, universities, research
centers, companies, public bodies, and industrial sectors.
According
to the EU itself, in April 2026 there were 19 AI Factories and 13 operational
“antennas,” or associated sites, linked to supercomputers optimized for AI.
The next
step is AI Gigafactories: infrastructures more powerful than the factories,
designed to train and deploy frontier or very large-scale AI models, and
intended to give Europe the strategic capacity to compete with the United
States and China in the development of advanced models. To achieve this, the
InvestAI initiative has been launched, with the aim of mobilizing 200 billion
euros in AI investment, including a European fund of 20 billion euros to
finance up to five gigafactories capable of training complex models at scale.
The Apply
AI strategy reinforces that orientation, but this time with the explicit goal
of improving the competitiveness of strategic sectors and strengthening
European technological sovereignty, especially through AI adoption by SMEs and
productive sectors. This marks a difference between the European project and those of the United States and China. While the former organizes its power
around large private companies, venture capital, cloud infrastructure, and
export controls, and the latter around state planning, industrial integration,
and mass deployment, the EU seeks to articulate a distributed institutional
model that integrates common regulation, European financing, national
capacities, and the single market with rights protection and sectoral adoption.
The
Stanford HAI AI Index Report 2026 also notes that, globally, the European Union
is more trusted than the United States or China to regulate AI effectively.
This is a relevant point if we consider that trust has become a resource of
institutional power, but the same report notes that European private investment
in generative AI is far below that of the United States and China’s, although
Chinese data on the latter are not fully reliable.
Viewed as a
whole, the European AI strategy combines algorithm regulation, a continuum
between data governance and computing capacity, and support for the common
digital market. It is also accompanied by the strengthening of fundamental
rights and institutional oversight mechanisms aimed at constraining
technological power.
The EU’s
challenge today is to turn its regulatory power into productive power. Its
greatest risk is becoming trapped in the paradox of being the space that
defines the rules for trustworthy AI while depending on models, chips, clouds,
and platforms developed by others.
Key Facts
- The AI Act entered into force on August 1, 2024, and will be fully applicable, with exceptions, as of August 2, 2026.
- The Code of Practice for general-purpose AI models was published in July 2025 as a voluntary tool to facilitate compliance with the AI Act.
- The AI Continent Action Plan organizes the European strategy around computing infrastructure, data, sectoral adoption, talent, and regulatory simplification.
- The European Union promotes AI Factories to provide startups, SMEs, industry, research, academia, and public authorities with access to supercomputing.
- By April 2026, the Commission reported that there were 19 AI Factories. One step further is the push for Gigafactories.
- InvestAI seeks to mobilize 200 billion euros in AI investment, with 20 billion euros allocated to finance up to five AI Gigafactories.
- The Apply AI strategy seeks to accelerate AI adoption in strategic sectors.
- Europe’s main strengths lie in its regulatory capacity, internal market, institutional legitimacy, and commitment to trustworthy AI. Its greatest vulnerabilities are the private investment gap, dependence on external infrastructures, and the limited presence of European frontier models.
.png)