In April, the UK government launched its £500 million Sovereign AI Unit, the state-backed fund built to make Britain, in the (then) Prime Minister's words, "an AI maker, not an AI taker". At the time, it read as an industrial strategy. Within two months, Washington turned it into a warning. On 12 June, the Trump administration ordered Anthropic to restrict foreign-national access to its two most advanced models, citing national security concerns. Anthropic complied and took Fable 5 and Mythos 5 offline for every customer, overnight, and this continued for 19 days. Although the UK holds a government-level memorandum of understanding with Anthropic - it provided no protection at all.For Financial Services leaders, as well as those leaders across regulated industries, these two events have turned a policy debate about sovereignty into an operational risk question that many institutions have not yet fully answered.Access can be withdrawn faster than you can respondThe June directive required a licence for any export, re-export, or domestic transfer of the models, and it applied to foreign nationals in the United States, including Anthropic's own employees (with reports suggesting that the company was given 90 minutes to comply voluntarily before the restriction was imposed). In late June, the Commerce Department partially lifted the ban for a small list of approved American companies, with Washington deciding who qualifies.My view is that this was just the start of what will become a design feature of the frontier AI market. The US is increasingly treating access to its most capable models as a national security lever that can be pulled at any time. A Memorandum of Understanding records goodwill between governments, but when an export directive arrives, goodwill appears to count for nothing. Why this introduces risk for financial servicesMore than 75 per cent of UK financial services firms now use AI, with the heaviest adoption among insurers and international banks, according to evidence gathered by the Treasury Select Committee. These are production workloads from credit decisioning, fraud detection, claims processing and client servicing running against models the institution neither owns nor controls.Published this month, the FCA's Mills Review finds that firms' ability to compete increasingly depends on access to AI models, computing capacity and cloud infrastructure and warns that concentration in those markets could leave firms facing higher prices, restricted access and weaker bargaining power. Restricted access arrived ahead of schedule, and it was delivered by a foreign government rather than a commercial dispute.Regulators have begun responding at the infrastructure layer. On 13 July, the Bank of England, PRA and FCA began jointly overseeing Amazon Web Services, Google Cloud, Microsoft and Oracle as the first designated critical third parties to the UK financial system. Frontier model providers sit outside that regime; the dependency regulators consider the cloud layer systemic, so it remains unsupervised one layer up, where a single directive from Washington has already switched off two production models. Middle management remains accountable for outcomes even where a model's availability sits entirely outside their control.Every institution running critical workflows on US-hosted frontier AI should be able to explain what happens if access is suddenly revoked and how those workflows would continue without it.What £500 million buys and what it does notThe Sovereign AI Unit is a practical instrument. It invests in UK AI companies, provides compute and data access and supports talent relocation, operating at venture-speed rather than procurement-speed. National AI compute capacity has expanded roughly tenfold since the start of 2025, against a target of a twentyfold increase by 2030.Set against France's package of roughly €109 billion in AI commitments, however, £500 million is modest, and the UK government knows it. The honest reading is that the fund exists to secure control over foundations, compute, data and talent, but a scale competition with the US or China cannot be the goal. The risk is a fund too small to build real capability, yet too visible to abandon, with public money absorbed by pre-existing constraints in planning, energy and grid capacity before it produces genuine sovereignty. There is also a question the strategy has not yet answered - what does sovereignty mean in practice when the chips, the leading models and the cloud all remain controlled overseas? Sovereignty at the right layerFrontier-model sovereignty is out of reach for the UK in the short term. However, sovereignty at the application and infrastructure layer is not. In practice, that means building systems in which no single model is load-bearing. It also means self-hosted inference where the workload justifies it, exit plans that have been tested rather than filed and portability written into contracts before it is needed. Domestic capability is already being built at this layer. A UK consortium's sovereign model, Lumen Sovereign, is targeted for deployment readiness by the end of 2026 and is designed to run inside a customer’s own current infrastructure.My recommendation to the UK government is to explicitly state where on the AI stack the UK is pursuing sovereignty and to set expectations accordingly. My recommendation to Financial Services leaders carries more urgency. Define sovereignty for your own institution by assessing which capabilities you must control, which dependencies you can tolerate, and equally which you cannot - and complete this before the next directive lands. June proved that access to the most capable models is now a policy instrument. Institutions that write off the Anthropic episode as an anomaly will find the next one arrives with the same 90 minutes' notice, and no memorandum of understanding will save them either. No#ArtificialIntelligenceVikas KrishanChief Digital Business Officer and Head of UK and EMEAAltimetrik 16 Jul, 2026