Seven governments, one question they would not answer in writing
The G7 leaders met at Evian from 15 to 17 June, and the future of artificial intelligence sat on the formal agenda as a named working session. The timing was not subtle. On 12 June, three days before they convened, the United States issued an export control directive suspending all access to Anthropic's two most capable models, Fable 5 and Mythos 5, for any foreign national anywhere on earth, and Anthropic disabled both worldwide to comply. So the leaders of the wealthiest democracies sat down to discuss AI with a live demonstration in the room of what dependence on it actually means.
What the allies were reacting to
In the days around the summit the individual reactions came fast and they were governmental. Canada's Prime Minister framed the episode as a lesson in the danger of overreliance on a few American providers. France's domestic intelligence service moved off a US analytics provider and the government committed new money to sovereign capability. The European Commission said it was assessing the consequences and called openly for Europe to strengthen its technological sovereignty. The shared realisation, stated more plainly by allies in days than in years of prior debate, was this: dependence on US frontier AI is dependence on US political discretion. Washington had shown, in one letter, that it could switch off a US company's flagship product for the rest of the world overnight. The allies saw the off switch get pulled, and they did not like who was holding it.
What the leaders actually did about it
Then the summit ended, and the measure of whether the alarm meant anything is simply what the leaders did with it. At Evian they adopted six joint statements: on international partnerships, the Ebola outbreak, cancer, geopolitical issues, migrant smuggling, and drug trafficking. They adopted no statement on artificial intelligence at all. A year earlier, at Kananaskis, the same group had issued a Leaders Statement on AI for Prosperity. This year, with AI on the agenda and the dependence freshly proven, the joint record was empty.
What did happen, happened off the record. The scheme was first reported by the Financial Times and carried by Reuters citing three diplomatic sources: on the sidelines of the opening dinner, a number of delegates discussed with the US Commerce Secretary a plan to grant a limited number of trusted partners, countries or companies, access to the restricted models, an exemption from the ban on foreign nationals. A further source confirmed no statement on the matter was expected from the summit. The talks were ongoing and produced no agreement. So the full extent of the response to the off switch was this: nothing committed to writing, and a quiet request, on the margins, to be let back in. That is the tell, and it is worth reading closely, because it reveals what the allies actually reached for when alarmed.
The exposure was never the dramatic event
The Fable suspension is being treated as a shock, a sudden pull of a lever. But the lever was always there. The capacity of a government to compel a company incorporated under its law did not appear on 12 June. It is a permanent, standing condition of where a provider is incorporated, switched on every day whether or not it is ever used. Export control is the loud version of it. The quieter version, operating continuously and without any announcement, is ordinary legal compulsion: the US CLOUD Act reaches a US incorporated provider and the data in its custody regardless of where that data physically sits, in Sydney or San Francisco. So the off switch the allies are alarmed about is only the visible instance of an exposure that never needed a dramatic event to exist. The real risk was never that the model got switched off. It is that the company was always reachable, and the switch was simply proof.
A trusted partner is still a partner who can be untrusted
Look at what the sidelines scheme actually concedes. An exemption for trusted partners is not an escape from dependence on US discretion. It is a formalisation of it. It accepts that Washington holds the switch and asks to be placed on the list of those allowed through. It does not change who can compel the provider. It changes only whether, for now, the compulsion is pointed your way.
And the revocability is not hypothetical. Before the order, Anthropic had already granted access to its most capable model to selected organisations in more than fifteen countries, in sectors including healthcare, communications, power and water, so they could scan their own systems for vulnerabilities. One government directive withdrew it. The trusted partners scheme is, in substance, a request to restore a privilege that was granted at discretion and revoked at discretion. That is the whole point. Access was never a right, it was a permission, and a permission is exactly what can be taken back.
So a trusted partner is a partner whose access persists exactly as long as the trust does, revocable the moment the relationship sours, which is the precise vulnerability a French politician named this month when he warned that a nation dependent on others for its technology can be unplugged overnight. The trusted partners idea does not remove that risk. It institutionalises it, and dresses it as a solution. This is the deeper error running through the whole reaction, including the calls for diversification: more providers and privileged access both treat a jurisdictional problem as an access problem. But any provider incorporated under a foreign government remains reachable by that government, and no exemption, no contract, and no longer list of vendors alters who can compel each one, because the reach runs through incorporation and operates above the agreement.
Australia was not in the room, or on the sidelines
Australia is not a member of the G7. It did not sit at the table where AI was discussed, and it was not on the margins of the dinner where the trusted partners scheme was floated. That sets the position Australia actually occupies with precision. If a managed access regime for trusted partners is ever built, it will be negotiated among the great powers, and Australia will be a recipient of whatever terms result, not a party to setting them. The country is not deciding the terms of its dependence. It is waiting to be told them.
Australia has not been idle on AI, and that is exactly what makes the point. On 1 April this year the Australian Government signed its first memorandum of understanding under the National AI Plan with Anthropic, the maker of the suspended models, with the company committing to align any future Australian operations with the Government's published Expectations of data centres and AI infrastructure developers, a document that names data sovereignty as a national interest. The understanding is non binding. Ten weeks later, the United States ordered Anthropic to switch those models off for every Australian, and the company complied within hours. The Australian arrangement did not enter into it. It could not. A bilateral understanding between Canberra and a US incorporated company, however well intentioned, sits beneath the jurisdiction of the company's own government, and that jurisdiction does not pause for an MoU. Australia had written sovereignty into an agreement with the provider, and the provider's home government reached straight past it. That is the local proof of the whole argument: the exposure runs through incorporation, and no understanding signed with the company can reach above it.
This is not to say the question is going unnoticed here. The episode has prompted fresh concern from the technology sector and renewed calls for sovereign capability, and serious analysts have begun to argue that access to critical systems is governed by sovereign authority rather than markets or partnerships. That conversation is welcome and overdue. What it still mostly frames as a problem of capability and diversification is, underneath, a problem of jurisdiction, and that is the precise distinction this assessment is built on.
The exposure is not coming. It is here, and it is unassessed
While the dependence gets managed abroad, the specific exposure already sits, unaddressed, inside Australian regulation. APRA's prudential standard CPS 230 governs how regulated entities manage their service providers, and its service provider transition closes on 1 July, a fortnight away. But the standard's one hard geographic trigger, the offshoring obligation, is keyed to where a service is physically performed, and it expressly excludes the case where a service is performed onshore in Australia by a provider that is not incorporated here. That is precisely the case the world is now alarmed about. A US incorporated provider holding Australian data in an Australian data centre trips no offshoring obligation, sits comfortably in the register, and carries the exact reachability the allies are scrambling to manage. Australia is mapping its providers for resilience, whether they might fail, at the very moment the world has been reminded that the real question is reachability, who can compel a provider that has not failed at all.
Residency was never the test
For months the argument that residency is not jurisdiction has been a niche one, easy to wave away as theoretical. This week it was demonstrated to the whole world, after a single letter took the most capable models on earth offline, and then it was met at the highest level not with a fix but with a request for an exemption. The theoretical has become the proven, and the proof is that even seven governments staring straight at it would not write it down, and reached instead to be let back in. The honest conclusion for any Australian institution is not to wait for a managed access regime negotiated in rooms Australia does not sit in. It is to stop assuming that data on Australian soil, held by a provider performing the service onshore, is therefore beyond foreign reach, and to assess reachability as its own line, on its own axis, before the switch is pulled on something that matters here. The world learned the lesson in public this week. Australia can learn it on paper, in advance, or it can learn it the way everyone else just did.
Sources
Anthropic 2026, Statement on the US government directive to suspend access to Fable 5 and Mythos 5, https://www.anthropic.com/news/fable-mythos-access
Council of the European Union 2026, G7 Leaders' Joint Statements, Evian, France, 16 to 17 June 2026, press release, https://www.consilium.europa.eu/en/press/press-releases/2026/06/17/g7-leaders-joint-statements-evian-france-16-17-june-2026/
Financial Times 2026, G7 leaders discuss trusted partners access to cutting edge US AI models, 16 June 2026, as reported by Reuters
Australian Prudential Regulation Authority 2025, Prudential Standard CPS 230 Operational Risk Management, in force 1 July 2025, https://handbook.apra.gov.au/standard/cps-230
Clarifying Lawful Overseas Use of Data Act 2018, Pub L No 115-141, div V, 132 Stat 1213 (US), codified at 18 USC 2713
Department of Industry, Science and Resources 2026, New agreement on AI collaboration with Anthropic, media release, 1 April 2026, https://www.minister.industry.gov.au/ministers/charlton/media-releases/new-agreement-ai-collaboration-anthropic
Department of Industry, Science and Resources 2026, Expectations of data centres and AI infrastructure developers, 23 March 2026, https://www.industry.gov.au/publications/expectations-data-centres-and-ai-infrastructure-developers
AustraliaOS 2026, Verification Record AOS-TEL-2026-001: Telstra CLOUD Act Assessment, https://australiaos.com.au/verify/AOS-TEL-2026-001