Europe Just Watched the Off-Switch Work

Washington pulled Anthropic’s two most capable models off the market overnight. The lesson for Europe isn’t about one disputed jailbreak — it’s about who controls the kill switch, and what happens the next time they reach for it.


On the evening of 12 June, a frontier AI system that millions of people could use that morning was gone by midnight. Anthropic’s Fable 5 and Mythos 5 — the company’s most capable models, launched only days earlier — went dark worldwide after the US Commerce Department, citing national-security authority, ordered the company to deny access to any foreign national, whether inside or outside the United States, including Anthropic’s own non-citizen staff. Because no provider can sort its users by passport in real time, the only way to comply was to switch the models off for everyone. Anthropic’s other models, including Opus 4.8, stayed up.

This appears to be the first time a leading lab has had to pull a publicly deployed frontier model because the federal government told it to. The disputed details will be litigated for weeks. For Europe, the specific trigger matters far less than the mechanism — because the mechanism is the part that will still be standing after the dust settles.

A munition, not a product

The legal instrument here is the “deemed export” doctrine, a piece of export-control law originally built for the likes of centrifuge blueprints and encryption code. Releasing controlled technology to a foreign national — even one sitting in an office in San Francisco — counts as an export. Point that doctrine at a frontier model and you have quietly reclassified the most capable AI on the market: not a global consumer product, but a controlled strategic good, governed like a weapon system.

From that vantage point, every European is, by definition, a foreign national. Not because of anything a particular user did, but because of the passport they hold. That is the uncomfortable core of the episode for this continent. The most capable tier of a technology that European companies, researchers, and public institutions increasingly depend on can be switched off for them not through any European process, not in response to any European conduct, but as a function of US domestic law over which Europe has neither a vote nor much visibility.

The dependency stopped being theoretical

European debates about digital sovereignty — the CLOUD Act, the Schrems rulings, the long argument about whether building on US infrastructure leaves you exposed to US jurisdiction — have mostly traded in hypotheticals. As of 12 June, the hypothetical has a date stamp.

Fable 5 had been live in Europe, including on AWS’s Stockholm region. It was revoked on Anthropic’s request to comply with the order. A capability that European enterprises had begun wiring into real workflows vanished within hours, with no notice and no recourse, because of a letter sent in Washington at 5:21 p.m. Eastern. For any organisation on the continent that has made a frontier US model load-bearing in a critical process, that is the whole lesson in a single afternoon: availability is not a technical property you can engineer around. It is a geopolitical variable.

It also punctures a comforting assumption that has guided a lot of European procurement: that choosing the most safety-conscious American lab is the prudent, low-risk bet. The Fable shutdown shows that even the most safety-forward vendor’s own preferences are subordinate to the executive branch. The provider does not hold the switch. Worse, the instrument is blunt: an order that sweeps in foreign nationals inside the United States, and the lab’s own employees, is not really “export policy” in any narrow sense. It is a nationality-based restriction, with a chilling effect on the European researchers who staff US labs and on the idea of open international collaboration in AI at all.

The government’s case deserves a fair hearing

None of this means Washington acted without reason, and an honest argument has to say so. Offensive cyber capability embedded in a broadly deployed model is a legitimate national-security concern, and the Mythos family was marketed precisely on its prowess at finding and fixing software vulnerabilities. A government that sees evidence of a circumvented safeguard on exactly that capability has an understandable impulse to move fast and ask questions later.

The dispute, then, is not really about whether states should be able to halt unsafe deployments. Anthropic itself concedes they should. The dispute is about how. The company argues that the trigger was a narrow, non-universal bypass; that the same capability is readily available from other public models, including OpenAI’s GPT-5.5, which face no comparable order; and that recalling a model deployed to hundreds of millions of people over a finding like this, with no transparent and technically grounded process, would — if applied evenly — halt frontier deployment across the industry. That argument is self-interested, and it should be read alongside the context: the Pentagon labelled Anthropic a “supply-chain risk” in March, the company is fighting that in court, it has just filed confidentially to go public, and the administration had reportedly tried and failed to stop this release earlier. The government, for its part, has not laid out its evidence in public. Both sides have reasons to shade the story. Readers should hold the account loosely.

But process is exactly where Europe’s interest lies. Procedure, proportionality and technical grounding are the only things a dependent ally can ever appeal to. If the precedent is that the off-switch can be thrown unilaterally, opaquely and overnight, then “we followed a fair process” is not a reassurance Europe can count on receiving.

Europe’s real choice

The predictable response will be a fresh surge of sovereignty rhetoric — sovereign compute, a European champion in Mistral, EuroStack-style industrial plans, procurement preferences for home-grown systems. The political case for all of it just got stronger. The problem is the gap between the resolve and the capacity. Europe today leads in neither the frontier models, nor the chips that train them, nor the hyperscale cloud that serves them. That is a triple dependency, and no amount of declaration closes it.

There is also a quieter collision underneath. Europe has staked its approach to AI governance on the rules-based, ex-ante logic of the AI Act: defined risk tiers, transparency obligations, predictability. The Fable shutdown is a demonstration that the most consequential governance lever in the system today is none of those things. It is discretionary, fast, and located in Washington. Two philosophies of control now sit side by side, and European firms occupy the friction between them.

So the honest takeaway is less indignation than risk management. Treat frontier-model availability as a continuity risk, not a settled utility. Build genuine multi-vendor fallbacks. Negotiate for continuity terms with teeth. And make a sober, unsentimental decision about which capabilities Europe must actually build rather than merely resolve to build — because resolve is cheap and capacity is not.

The off-switch worked. It worked cleanly, quickly, and on the highest tier of the stack. The only safe assumption now is that it can be pulled again — and that the next time, Europe will once more find out by reading a press release.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *