Read in order, three letters point the same way
Take APRA's published output for 2026 and read the three documents as one body of work. From late April, the letter to industry on artificial intelligence. In May, the System Risk Outlook. On 17 June, the letter on geopolitical shocks. Each was written by a different part of the regulator for a different purpose, and each has been read on its own, letter by letter, by the law firms briefing their clients. Read together, they are not three separate observations. They are one direction of travel. The regulator has spent the year describing, in steadily firmer language, a dependence on foreign technology providers that it now expects boards to manage. What it has not done, in any of the three, is name the mechanism that makes that dependence dangerous. The whole of this piece sits in that gap.
What each document added
The System Risk Outlook came first in substance. Among the stress channels it set out for the Australian financial system, it noted that while regulated entities have limited direct exposure to providers in the conflict zones of the moment, a larger share rely on US based providers, particularly for technology services. That is the regulator, in a system level document, identifying concentration on United States technology providers as a vulnerability worth watching. It went further on supplier dependence generally, saying APRA is progressively increasing its supervisory focus on material service provider dependencies, including direct engagement with the providers themselves.
The AI letter, issued to all regulated entities, turned that watching into expectation. Across four observation areas, the sharpest was supplier risk. APRA told entities to map the full AI supply chain including third and fourth party dependencies, and to actively manage concentration risk, which it defined to include the credibility and feasibility of substitution, portability or exit arrangements for critical AI providers. It found that few entities had tested those exit and substitution strategies at all. And in a single sentence that would matter more six weeks later than it did on the day, the letter named, as a frontier model of cyber concern, Anthropic Mythos.
The geopolitical letter, signed by the Chair, made the offshore dimension a board level minimum expectation. Among its named expectations sits one that reads almost as a description of the thing this practice assesses: that at risk offshore operational, asset and investment exposures are identified, with contingency plans in place for disruption, freezes, restrictions or loss of access. Loss of access. The letter ties this expectation to existing standards, CPS 230 among them, and tells boards to satisfy themselves that management is reporting on offshore dependencies and service provider vulnerabilities. It then promises targeted readiness assessments for larger entities, with accountability assigned to accountable persons and reflected in the annual Risk Management Declaration. This is no longer guidance on a shelf. It is becoming a supervised, attributed obligation.
Three documents. Supplier expectations set in April, system dependence named in May, offshore loss of access made a board duty in June. One direction.
The scenario the regulator described, performed in public
While APRA was writing the third letter, the scenario in the first two played out live. On 12 June the United States ordered Anthropic to suspend access to its two most capable models for every foreign national on earth, and the company complied within hours. The model APRA had named in April as a frontier concern was, in June, switched off for every Australian who depended on it, not because it failed, but because a foreign government decided it should be. That is loss of access from state action, the exact phrase the geopolitical letter would use five days later, demonstrated before the letter was even published.
What followed sharpened the point rather than softening it. At the G7 summit five days later, the chief executive of the very company that had been switched off sat at a closed door working lunch with the same heads of state and, in his address to the room, called not for independence from that government's discretion but for structured access to frontier models under United States leadership. Read what that means. Even the provider with the most reason to want to escape the switch was not arguing to remove it. It was proposing to organise the world more neatly beneath it. The dependence APRA had been describing on paper was, in the same fortnight, both proven by a government and embraced by the provider.
The word that completes the sentence
Set the three documents side by side and notice what they all stop short of. The System Risk Outlook names US based providers as a concentration. The AI letter requires exit and substitution analysis for critical providers. The geopolitical letter expects contingency plans for loss of access. Each describes a different face of the same risk, and not one of them names why the risk exists. The reason a US incorporated provider can be cut off, regardless of any exit clause an Australian entity negotiates, is that the provider answers to the law of the country it is incorporated in, and that law operates above the contract. The disruption does not come from the provider failing. It comes from the provider's own government compelling it. That is jurisdictional reachability, and it is the axis every one of these documents describes around and none of them names.
This matters because the assessment APRA now requires cannot be completed without it. An entity can map its full supply chain, document its concentration, and draft a credible exit plan, and still have answered the wrong question, because an exit plan assumes the disruption comes from your side of the relationship. The Fable suspension proved it comes from above the relationship, from a jurisdiction neither party to the contract controls. A substitution analysis that does not ask who can lawfully compel this provider is an analysis with its central variable left blank.
This is the most serious step yet, and the gap is narrow
None of this is a charge that the regulator has it wrong. The opposite. Across these three documents APRA has done more to surface foreign provider dependence than any prior intervention, and it has done so in the right order, identifying the concentration, setting the supplier expectations, and making offshore loss of access a board level duty with supervisory teeth behind it. The signal that APRA intends to engage providers directly is, if anything, the regulator walking toward the jurisdictional question of its own accord. The gap is not one of recognition. APRA has recognised the risk plainly. The gap is one of naming. The regulator has described the symptom precisely and has not yet named the cause, and an expectation framed around exit and substitution will be met, by entities acting in good faith, with exit and substitution analysis that leaves the jurisdictional axis unexamined. The distance between what APRA expects and what the exposure actually requires is exactly one missing word.
What an entity has to add
For a regulated entity, this turns an abstract argument into a concrete task. The supply chain map APRA wants is necessary and is not sufficient. The exit and substitution assessment APRA wants is necessary and is not sufficient. What completes them is a reachability assessment, a separate line of analysis that asks, for each critical provider, which government can lawfully compel it and what that means for the continuity of the service regardless of where the data sits or what the contract says. That analysis sits underneath the supplier risk work APRA already requires. It is not a competing framework or a broader consulting engagement. It is the one specialist layer that the supply chain exercise needs in order to answer the question the regulator is actually circling, and it is the question that contractual analysis alone can never reach, because the reach that matters runs through incorporation and operates above the agreement.
Residency was never the test, and now the regulator is most of the way to saying so
For months the claim that residency is not jurisdiction could be waved away as theoretical. It is harder to wave away now, because the prudential regulator has spent a year describing its consequences without quite naming it, and the world spent a fortnight demonstrating it in public. The honest reading of these three documents is that APRA is most of the way to the conclusion already. It has named the dependence, required the exit analysis, and made loss of access a board duty. The single step it has not taken is to say that the mechanism behind all three is jurisdictional, that a provider's home government can reach it regardless of residency or contract, and that the assessment therefore needs an axis the current framing does not include. An Australian institution does not have to wait for the regulator to take that step. The exposure is already named, in everything but the one word that completes it, and the work of completing it can be done now, on paper, in advance, rather than the way the rest of the world just learned it.
Sources
Australian Prudential Regulation Authority 2026, APRA's System Risk Outlook, May 2026, APRA, viewed 18 June 2026, https://www.apra.gov.au/apras-system-risk-outlook-may-2026.
Australian Prudential Regulation Authority 2026, APRA Letter to Industry on Artificial Intelligence (AI), APRA, 30 April 2026, viewed 18 June 2026, https://www.apra.gov.au/news-and-publications/apra-letter-industry-artificial-intelligence-ai.
Australian Prudential Regulation Authority 2026, Strengthening readiness for geopolitical shocks, APRA, 17 June 2026, viewed 18 June 2026, https://www.apra.gov.au/news-and-publications/strengthening-readiness-geopolitical-shocks.
Anthropic 2026, Statement on the US government directive to suspend access to Fable 5 and Mythos 5, viewed 18 June 2026, https://www.anthropic.com/news/fable-mythos-access.
CNBC 2026, CEOs of Anthropic and Google DeepMind call for US led AI coalition in meeting at G7, 17 June 2026, viewed 18 June 2026, https://www.cnbc.com/2026/06/17/anthropic-amodei-google-hassabis-us-ai-coalition-g7.html.
Australian Prudential Regulation Authority 2025, Prudential Standard CPS 230 Operational Risk Management, APRA, in force 1 July 2025, viewed 18 June 2026, https://handbook.apra.gov.au/standard/cps-230.
Clarifying Lawful Overseas Use of Data Act 2018, Pub L No 115-141, div V, 132 Stat 1213 (US), codified at 18 USC 2713.