EU cybersecurity agency to meet Anthropic under US cloud export deal
▼ Summary
– The EU’s cybersecurity agency ENISA was set to meet Anthropic for early access to its Mythos AI model through Project Glasswing, a meeting arranged before US export restrictions complicated the deal.
– The US Department of Commerce ordered Anthropic to suspend access to its advanced models for foreign nationals, directly conflicting with the offer to give ENISA early access.
– The meeting shifted focus to secure access arrangements, exploring how ENISA could receive promised access without Anthropic violating US directives.
– The episode highlights EU dependence on US frontier AI capabilities, as Europe lacks domestic equivalents and its access can be revoked by US policy decisions.
– Anthropic faces a dual challenge of serving foreign regulators like ENISA while complying with US export controls, testing if a structure can satisfy both requirements.
The European Union’s cybersecurity agency was scheduled to meet with Anthropic on Thursday, a meeting the European Commission confirmed was arranged well before Washington made the situation considerably more complicated. ENISA, the EU’s cybersecurity body, had been invited to discussions with the AI company that were set in motion weeks earlier, long before the US export directive now casting a shadow over them.
At the heart of this relationship is access. Anthropic had offered ENISA entry into Project Glasswing, an initiative that allows selected organizations to test its Mythos model before a broader release. This would make the agency the first European body to gain such early access. The arrangement followed months of negotiation between the Commission and Anthropic, including Commission officials traveling to San Francisco in late May to finalize terms. Thursday’s meeting was a continuation of that process, not a fresh start.
Then the landscape changed. The US Department of Commerce ordered Anthropic to suspend access to its most advanced models, including for foreign nationals, citing the risk that they could reach military or intelligence users in countries of concern. This directive directly impacts the ENISA arrangement: an offer to give a European agency early access to a frontier model, made in good faith, now collides with an American order restricting exactly that kind of access.
That collision is why Thursday’s meeting matters far more than a routine vendor discussion. The Commission has confirmed the meeting is going ahead, but it has not detailed how Anthropic can reconcile an existing offer to a European partner with a fresh instruction from its own government to pull back. According to several accounts, the discussions have shifted toward the mechanics of secure access arrangements, focusing on the question of how, if at all, ENISA can receive what it was promised without putting Anthropic in violation of Commerce regulations.
For Brussels, this episode is a sharp lesson in dependency. The EU has spent years building its own AI and cybersecurity ambitions, and ENISA’s interest in Mythos reflects a desire to understand the most capable systems on the market. But those systems are American, and American export policy can now reach into a European agency’s access to them. The export fight that has consumed Anthropic in Washington is, in this meeting, effectively exported to Brussels.
Anthropic, for its part, is managing relationships in two directions simultaneously. It is racing toward an IPO while warning about AI risk, courting governments and enterprises globally even as its own government tightens what it can sell and to whom. The ENISA meeting is a small, concrete instance of that wider bind: a company trying to be a trusted partner to a European regulator under rules written elsewhere.
The episode also exposes how thin Europe’s options are. ENISA wanted access to Mythos precisely because frontier capability is concentrated in a handful of American labs, and the EU has no domestic equivalent to test against. That dependence is the same one driving the bloc’s push for sovereignty in AI and cloud computing, and the Anthropic meeting is a live demonstration of why: a European agency’s ability to even evaluate the most capable systems can be revoked by a decision made in Washington.
The same dynamic is already reshaping how banks treat the technology, with Wall Street institutions restricting Claude in sensitive jurisdictions even as they court the company elsewhere. For Anthropic, the meeting is a test of whether a company can serve a foreign regulator and comply with its own government at once. The firm has spent the year warning about AI risk while racing to IPO, and has framed access programs like Project Glasswing as good-faith engagement with the institutions that will help govern the technology.
The Commerce directive recasts that engagement as a potential export, and the secure-access discussions now under way are essentially an attempt to find a structure that satisfies both readings. Whether such a structure exists is, in effect, what Thursday is about. The Commission has confirmed the meeting and the broad shape of the discussions, but it has not said whether ENISA will end up inside Project Glasswing, or on what terms. For now, the meeting itself is the news, and the most telling thing about it is the directive under which it is being held.
(Source: The Next Web)