This week the Daily Telegraph ran two pieces that together tell a story the authors did not quite join up.
The first: Trump has snubbed Starmer's plea for a British exemption from export controls on Anthropic's most advanced models. The second: China is tightening its grip on AI as corporate America gets lured by cheap open models, giving Beijing a valuable propaganda vehicle.
The framing in both pieces is the same. Two superpowers, two AI ecosystems, pick a side. Washington's kill switch or Beijing's censorship regime. The UK -- and by extension every small jurisdiction watching from the sidelines -- is apparently supposed to wait and see which superpower cuts the better deal.
Nobody mentioned the third option.
Regular readers of the Sovereign Auditor will not be surprised by any of this. We have been making the infrastructure dependency argument for some time -- from the supply chain control failures in The Control Plane Trap to the foreign jurisdiction risk in The Gatekeeper is in Washington, to the Isle of Man's specific exposure in The Douglas Exposure. This week the mainstream press caught up. Better late than never.
Let us be clear about what this week actually demonstrated.
The Washington kill switch is no longer theoretical. Export controls on Fable 5 and Mythos 5 were sweeping enough that Anthropic had to suspend access for everyone -- including its own paying customers outside the US. The mechanism that could cut off your AI infrastructure with no notice and no appeal has now been exercised. Once. It will happen again.
We argued in The Gatekeeper is in Washington that any organisation building operational dependency on US-jurisdiction AI infrastructure was accepting a foreign policy risk it probably had not modelled. This week that risk materialised. Starmer asked for a carve-out and was told zero chance. The Isle of Man was not in that conversation at all.
Beijing's problem is different but equally structural. DeepSeek will not tell you what happened at Tiananmen Square. That is not a bug or an oversight -- it is deliberate, baked into the training regime, and it runs far deeper than a handful of politically sensitive topics. A model trained to speak the language of the Communist Party and toe the line on Taiwan and human rights is not a neutral tool. The censorship is not a feature you can turn off. It is in the weights.
Two choices. Both compromised at the supply chain level. Small jurisdictions with genuine data sovereignty obligations -- the Isle of Man's professional services sector, for instance, operating under fiduciary duties and regulatory frameworks that make "just use the API" increasingly difficult to defend -- are being handed a false binary and told to choose.
There is a third option. It has been available the whole time.
DeepSeek's model weights are publicly available. So are Mistral's. Meta's Llama series. A growing catalogue of capable, well-documented models that you can download, inspect, and run on infrastructure you control.
This is not the same as using DeepSeek's API. Using the API means your data transits Chinese infrastructure, your queries are logged somewhere you have no visibility of, and you are operationally dependent on a foreign commercial entity subject to Beijing's direction. That is exactly the problem.
Running the weights locally is categorically different. The model is software. Once you have it, it runs where you tell it to run. It does not phone home. It does not have a kill switch. It does not care about export controls because there is no API endpoint to restrict.
The censorship problem is real but it is a known problem -- and known problems can be engineered around. The political restrictions in DeepSeek's outputs come from fine-tuning and reinforcement learning applied on top of the base architecture. The base capability is genuine. With the right approach, you are working with neutral clay.
Building sovereign AI inference is not magic. It requires three decisions, in order.
Pick your model. For most professional services work -- document review, compliance drafting, summarisation, client communications -- a 7B to 14B parameter open model is sufficient. You do not need frontier capability for the majority of what knowledge workers actually do day to day. Match the model to the task, not to the marketing.
Pick your iron. EEA jurisdiction, bare metal preferred, no US cloud exposure in the stack. Hetzner, Netcup, OVHcloud -- the options exist and they are cost-competitive. The model runs locally. Inference stays on your infrastructure. Data does not leave your jurisdiction.
Pick your constraints. This is the part nobody talks about, and it is the most important. The model itself is neutral. What you do with it -- the system prompts that define its behaviour, the retrieval architecture that determines what context it can access, the governance layer that sits around it -- that is where your control actually lives. A well-constrained open model running on sovereign infrastructure, with a tight operational envelope and human review before any output goes anywhere consequential, is more trustworthy than a frontier model on foreign infrastructure that you are trusting blindly.
We made the same argument about control plane dependency in The Control Plane Trap -- the moment a critical function runs on infrastructure you do not control, you have handed someone else a lever over your operations. AI inference is no different. Copilot, not root. The principle applies at the model selection layer just as much as it applies to AI agents with production access.
The Isle of Man sits outside the scale thresholds that get jurisdictions a seat at the table when Washington is handing out exemptions. There is no carve-out coming. Starmer asked and was told zero chance -- and the Isle of Man was not in that conversation at all.
The professional services sector here -- law, fiduciary, finance -- operates under obligations that make data sovereignty a genuine compliance question, not a preference. Client confidentiality. Regulatory frameworks. Fiduciary duty. These are not abstractions. They are legal constraints that shape what infrastructure decisions are actually defensible.
We explored the local exposure in The Douglas Exposure and the compliance implications in Where's the DPIA? -- the CLOUD Act problem does not disappear because a vendor has a UK or EU data centre. Jurisdiction follows the parent company, not the server location. The export control drama of the past week did not create that problem. It made it visible.
The risk was always there -- any jurisdiction that built operational dependency on foreign AI infrastructure without asking hard questions about supply chain control was already exposed. This week just provided the proof of concept.
Digital Isle of Man has been actively promoting AI adoption across Manx sectors. That ambition is welcome. Encouraging local businesses to engage with transformative technology is exactly what a forward-looking government body should be doing.
But promotion without a sovereignty framework is just encouraging dependency on someone else's infrastructure -- and this week demonstrated exactly what that dependency looks like when the politics shift.
The question for Digital Isle of Man is not whether Manx businesses should adopt AI. Of course they should. The question is whose infrastructure they should be adopting it on, under whose legal jurisdiction, with what supply chain visibility, and with what fallback when a foreign government decides to pull the plug.
The third option answers all of those questions. It just requires someone to ask them first.
It is not a geopolitical drama to observe from the sidelines. It is a procurement signal.
The jurisdictions -- and the organisations within them -- that read it that way and act on it will be in a structurally different position in three years. Not because open source sovereign inference is perfect. It is not. The models are less capable at the frontier. The operational overhead is real. It requires people who understand what they are doing.
But it is infrastructure you control. With a supply chain you can audit. In a jurisdiction whose law you operate under. Without a kill switch held by a foreign government that has now demonstrated it will use it.
The third option has been sitting there the whole time. It just needed someone to say it out loud.
Cross-reference: The Theatre Pulldown · The Gatekeeper is in Washington · The Control Plane Trap · The Douglas Exposure · Where's the DPIA?
The Sovereign Auditor covers digital sovereignty, cybersecurity governance, and data protection policy—with particular focus on Isle of Man jurisdiction and Crown Dependency issues.
Payments via PayPal. Credentials delivered by email. No Substack. No Stripe. No middlemen.
