Taking Control of Our AI Future

Rudi Maelbrancke
Rudi Maelbrancke
AIGENEER
Jul 2, 20264 min. read
Taking Control of Our AI Future
Tags:
EuroStack
GovernanceAI Safety

The EU AI Act is officially here, having started in August 2024. While we won't see the biggest rules kick in until August 2026, the countdown has already begun. For me, this moment is a huge wake-up call. It shows that "AI sovereignty"—which basically means having total control over your own AI tools—is no longer just a fancy dream. It is now a daily requirement for how we run our organizations.

Recently, tech groups like the Computer and Communications Industry Association (CCIA) asked European leaders to push back the timeline. They are worried because the official guidelines for general-purpose AI are not fully ready yet, leaving developers in a tough spot. The way I see it, waiting around for perfect rules is a mistake. Companies that treat AI rules as just a legal checklist to tick off are going to struggle. The companies that win will be the ones that build control, safety, and clear tracking directly into their technology and data setup from day one.

Breaking Down the Risk Levels

To understand where we are going, we have to look at how the EU categorizes AI. The law splits AI systems into four risk buckets, each with its own set of rules.

First, there is the "unacceptable risk" category. These tools, which include social scoring, sorting people by their biology, or using AI to trick and manipulate behavior, were banned completely in February 2025.

Then we have "high-risk" systems. These are used in critical areas like hospitals, schools, hiring, and policing. If you want to use AI here, you have to meet very strict standards. This means having strong risk plans, making sure your training data isn't biased, and keeping clear human control over the system.

Next are "limited risk" tools, like chatbots and AI image generators. By August 2026, these will face transparency rules. If you run these tools, you must label AI-made content, including deepfakes, so users know they are interacting with a machine.

Finally, "minimal risk" systems, like video games and spam filters, are mostly left alone.

To help everyone get ready, the European Commission started the AI Pact to encourage companies to meet these standards early. Many businesses are also looking to international safety frameworks—like ISO/IEC 42001 or the NIST AI Risk Management Framework—to protect themselves from digital attacks. This massive focus on safety is part of a global shift. In June 2026, the G7 Cybersecurity Working Group even released a joint plan to protect telecommunications and small businesses from AI-related digital threats.

How the Big Players Are Responding

What is interesting to me is how major AI developers are shifting their operations to match these new expectations. Look at OpenAI, for example. They have been rapidly growing their footprint in Europe. They recently opened a new office in Madrid, adding to their locations in Dublin, Paris, Munich, and Brussels. This lets them work directly with major local clients like BBVA, Santander, and IE University as they bring AI into their daily work.

To address worries about the future, OpenAI published its AI Jobs Transition Framework. Their research suggests that AI will lead to reorganizing jobs rather than causing massive unemployment. Some roles will grow as costs fall, while others will shift to require a mix of human judgment and AI support.

At the same time, OpenAI is working hard to show they can play by the rules. They signed the EU Code of Practice to help set clear standards for watermarking AI content, and they endorsed the G7 principles to keep digital spaces safe for minors.

On the technical side, they are expanding an initiative called Daybreak, which uses AI to find and fix software bugs. Working with Germany, France, and the EU Agency for Cybersecurity, they launched a project called "Patch the Planet" to secure the open-source software that keeps our digital world running.

The Real Question We Must Answer

All of these developments point in the exact same direction. For me, sovereignty is not about isolating ourselves from the world. It is about control, traceability, and strategic freedom.

We must know exactly where our AI runs, which data it uses, which models we depend on, and how we prove we are following the rules.

Ultimately, the real question we need to ask ourselves is not: "Are we allowed to use AI?"

The real question is: "Can we explain, control, and defend the way we use AI?"