Three administration theories of AI sovereignty
As of yesterday, the Trump administration is working with three theories of AI sovereignty.1
The first comes out of the White House’s Office of Science and Technology Policy. At the India AI Impact Summit in February, OSTP Director Michael Kratsios told governments they could pursue sovereign AI capability now, by adopting the best of the American stack while their national champions developed theirs. AI sovereignty, he said, meant “sovereign infrastructure, sovereign data, sovereign models, and sovereign policies within your borders, under your control.” The American AI Exports Program exists in part to deliver this kind of sovereignty, with the basic idea of “American companies build the AI stack, you buy it, and it’s yours.”
The second is the State Department’s. On June 23, Jacob Helberg, the under secretary of state for economic affairs, called digital sovereignty — AI sovereignty included — a trap. Countries that set out to own their compute, data, and models, he argued, will build subscale clones of last year’s breakthroughs and fall a generation behind. His alternative is innovation sovereignty, which Helberg defines as the power to create what does not yet exist, inside trusted coalitions like Pax Silica.
The third comes out of the Commerce Department. On June 12, Commerce ordered Anthropic to suspend access to its two most capable models, Fable 5 and Mythos 5, by any foreign national, whether inside or outside the United States. Because the company could not screen for nationality in real time, it disabled both models for every customer the same day. Commerce issued no statement on sovereignty, but the action spoke for itself. At the frontier, at least, AI sovereignty is America’s, and a country that benefits from the frontier depends on U.S. decisions about whether and when that technology is available abroad.
Two of these are arguments about what sovereignty should mean. The third is a demonstration of what it currently actually means in application. And neither Kratsios nor Helberg addresses the question the Commerce action forced into the open — What assurance does a partner have that access to the American tech it builds on will not be withdrawn? Until that question is answered, the message partners take from Washington is at best mixed, and the one significant action they can point to shows that sovereignty built on the American stack is weak (again, at best), conditional and without guardrails.
OSTP: sovereignty through adoption
This is the affirmative case, and the one the administration was focused on until this month.
OSTP does not tell partners to build everything themselves. It calls complete self-sufficiency unrealistic for any country and grants that no partner can complete the stack alone. But it does not mock sovereignty as a slogan either. At the India AI Impact Summit, Kratsios took the demand for sovereignty seriously, and the export packages he describes answer it by bundling infrastructure, data pipelines, models, security, and applications, localized to a partner’s needs. OSTP has even put forward a National Champions Initiative, which folds a partner’s leading AI companies into its American export stack.
Kratsios's statements separate sovereignty from self-sufficiency. According to OSTP, a country is sovereign when it controls where its data sits, for example, But it doesn’t have to fabricate its own chips or train its own frontier model to achieve sovereignty and control. In a way, this version attempts to meets partners where they are and takes their interest in sovereignty as a perfectly legitimate one.2
But it says nothing about whether the United States will keep the technology available, or what happens if it decides to withhold or revoke it. Kratsios answers the demand for local control and leaves the assurance question untouched.
State: sovereignty as a trap
State’s case is aimed at autarkic sovereignty, which is a narrow version of digital sovereignty that attempts to build and own the whole stack at home — a national NVIDIA, a national TSMC, a national Anthropic — so that a country depends on no one. Helberg argues this is a fantasy for almost every country. Most national champions will be subscale, and most sovereign clouds will cost more and do less than what they replace. A government that mistakes owning the stack for having capability will spend a fortune rebuilding last year’s technology while the frontier moves on. He calls the result synchronized mediocrity.
To replace sovereignty as autarky, he suggests a redefinition (really a re-conceptualization) of sovereignty. Sovereignty, he writes, is the capacity to contribute to tomorrow's breakthroughs; reproducing yesterday's is something half the world can already do. He calls this innovation sovereignty — the power to create what does not yet exist, inside trusted coalitions like Pax Silica. Sovereignty becomes something to achieve within a coalition, not control over a stack.
The redefinition moves the question from ownership to invention, and in doing so it sets the dependence problem aside. It also carries a Peter Thiel idea (Zero to One) meant for tech companies into the public sector. Zero to one describes how a company escapes competition and protects its margins; it does not describe why a government builds infrastructure it may never run at a profit, for continuity, bargaining power, legal control, and a fallback when the normal channel closes.3 And like the OSTP offer, innovation sovereignty never reaches the assurance question. Instead, it assumes a trusted coalition without explaining how the trust is earned or what holds it together, even though the partner that anchors the coalition controls the technology it can use with few constraints.
Commerce: what sovereignty?
Commerce put its version of AI sovereignty in motion without a published theory of the case. On June 12, it ordered Anthropic to suspend access to Fable 5 and Mythos 5 by any foreign national, including foreign nationals inside the United States, and the company disabled both models for every customer to comply. The order targeted users, but it reached allied institutions, reportedly including the UK’s AI Security Institute, which had been evaluating the models.
On its face the order was narrow and aimed at a class of users.4 But its message was broad and essentially said that any AI technology in the hands of an American provider can be shut off, and now may be. For some countries, it may have been a prompt to scale back their sovereignty efforts; for others, a spur to accelerate them.
Managed (Inter)dependence
Despite the conflicting signals and three potentially incompatible positions on AI sovereignty, something more stable may be taking shape across the administration: the outline of a sovereign AI policy stack that sits alongside the technical one. What is emerging seems to have three layers.
The first is the principle. Sovereignty is a legitimate basis for partnership. Countries want meaningful control over the AI deployed in their territory, and the United States should recognize that demand wherever the partner is not adversarial. State might argue with the point, but its issue is with sovereignty as autarky, not sovereignty through partnership — which is what Pax Silica appears to be.
The second is the form. AI sovereignty should be pursued in an open ecosystem among partners and allies. This is digital solidarity carried into the AI stack: trusted partners pooling capability rather than each rebuilding a lesser copy of it.5 Pax Silica starts from the premise that no country controls the full production system alone, and that trusted partners should combine what they have in a secure coalition. That is compatible with sovereign AI if the coalition is governed. It is not compatible if one partner holds the decisive dependencies and asks the others to treat trust as a substitute for rules of the road.
The third is the outcome. It should be co-production. Partnerships that last cannot treat countries as endpoints for someone else’s stack; partners have to be co-builders of the systems their sovereignty depends on. This is where both Pax Silica and parts of the AAEP point.
What’s now needed is a fourth layer: assurance. This means continuity and predictability. Partners need confidence that access, licensing, and policy commitments will outlast election cycles and political shifts. This is the layer neither the OSTP nor State addresses, and the one the Mythos ban challenges. Note, however, that an assurance is not a guarantee. The United States should not be locked into supplying a country that becomes an adversary or uses American technology against American national interests.6
The AI policy stack is incomplete, but its outline is starting to take shape. The challenge now is to make it explicit and binding before partners conclude that adopting American infrastructure means accepting unacceptable reliance risk (and before China offers a truly competitive AI stack).
Kratsios’s approach is the right starting point, but it stops short of assurance. Helberg’s warning against autarky is correct, but it is business-oriented and upside-focused; like OSTP, State does not address the risks partners see. Commerce showed as much; without guardrails, sovereignty built on the American stack is weak at best.
The answer is managed interdependence — building and innovating on a shared stack, led by the United States and its allies, backed by assurances strong enough to keep partners from pulling away from the ecosystem.
Conflict of Interest Disclosure: The views I share in this essay are my own. Although I hold professional affiliations and advisory roles with several organizations, I don’t receive compensation or instructions from them (or any other entities) regarding the views I express in essays, panels, or other public and semi-public forums unless otherwise stated in a specific piece or setting. In some cases, I might receive an honorarium from the publisher or event organizer.
For a picture of AI sovereignty please see this CNAS Sovereign AI Index.
It’s important to note that some countries for sure are thinking about AI sovereignty and their national AI capacity as a mechanism for competing in their domestic economies and in the broader economy as well, and for those cases the zero to one recommendation is more apt.
In fact, it’s not even clear that the Commerce Department meant to target non-U.S. individuals and enterprises. It may be the case that its main goal was to get Anthropic to take Mythos and Fable offline. But the impact, of course, was felt among allies, partners, and others, as was clear at this month’s G7 meeting.
dig·i·tal sol·i·dar·i·ty | \ ˈdi-jə-təl ˌsä-lə-ˈder-ə-tē \ noun: “Digital solidarity is an alternative path to achieving technological self-determination through partnerships and alliances among open, democratic, and rule-bound societies. The goal of digital solidarity is to enable technological cooperation and interaction that advance collective national interests. Its implementation also ensures competition among technology providers to help safeguard any participating country from being locked into a dependent technology relationship with any other nation.”
It’s not clear to me how allies and partners would respond to this caveat, but it’s an honest one and defining its parameters (and operating within them) will go a long way toward building trust even if the system doesn’t fully eliminate the risks of dependencies on the U.S. AI stack.
The three-theories framing landed for me, especially the Commerce piece as demonstration rather than argument. The fourth layer is the right diagnosis — what I keep getting stuck on is whether it's structurally constructible at all. Footnote 6 already admits the U.S. can't credibly commit to non-revocation, and partners read that.
What I'm watching closely is India. They signed Pax Silica twice, and at the same time they're hosting BRICS NSA meetings, co-developing chips with SMIC, formalising rare earths with Rosatom. Signing without treating the signature as exclusivity. No one is sovereign when everything runs on the same substrate — but plural dependencies seem to be the actual hedge.