The private sector will need to anticipate change and better equip itself to operate in this more fragmented, multipolar and securitized future. This chapter provides recommendations on how.
As AI starts to be embedded in systems across virtually all sectors of the economy, the technology will only become more central to geopolitical and economic competition. It is not just those directly involved in developing AI systems or those in the business of selling AI solutions that need to prepare for the consequences of multipolarization and fragmentation. The impact of the trends described above would inevitably cascade far beyond the tech industry itself.
Some of this reconfiguration can bring benefits. A more geographically diverse AI market would unlock new sources of funding and innovation. It would help private sector actors in currently smaller AI markets to better compete with those in the US and China, and could bring more innovation and vibrance to AI development more generally as ideas flow from a greater diversity of sources, reflecting a wider range of demands and perspectives. India’s growing market for government solutions specifically tailored to the needs of developing countries offers an example. A growing number of European startups are looking beyond the dominant large language model (LLM) towards developing ‘World models’ (meaning AI solutions that interact and learn from the physical world).
Private sector actors keen to adopt or invest in AI may similarly find themselves in a position to choose from a wider set of solutions, visions and technologies. Diversifying and decentralizing the market for a technology potentially as transformative as AI away from two countries – and, as importantly, a small number of dominant companies in those countries – would both reduce the leverage and power these actors have over the technology’s development and limit their ability to weaponize dependencies. A more diverse market also reduces the risk of groupthink in the industry, and could help prevent a narrowing of perspectives of what kinds of AI solutions are developed.
This securitized, multipolar AI sphere may, however, also bring new risks, especially as these developments take place in an already more geopolitically tense, fractious global order. This final chapter explores the second-order impacts that may result from the developments discussed above. It then offers recommendations for how companies across different sectors may best prepare for this future.
A less open, more protectionist global technology marketplace
The current global push towards tech sovereignty could result in a more fragmented, less open global marketplace for innovation, especially in technologies perceived to be of great geostrategic importance – like AI. In such a world, private sector actors accustomed to operating across borders and jurisdictions may find themselves facing more restrictive operational environments, forced to overcome growing trust deficits and potentially pushed out of existing markets altogether.
By emphasizing their sovereign credentials, local firms may instead benefit from this shift and could see demand increase from both governments and private sector actors in their home markets and those closely aligned. Many governments are already becoming more proactive about using procurement and other tools to favour and help scale homegrown solutions. Private sector actors, too, are increasingly interested in supporting or switching to domestic suppliers, especially if customer demand for sovereign tech increases and concerns about external dependencies grow.
The push for sovereignty may, however, also become a source of friction for those buying and integrating AI tools into their own workflows. Paying the ‘sovereignty premium’ could come to be seen as a business imperative, especially if public and government pressure grows. Governments may start to implement more coercive measures to force the private sector to adopt domestic alternatives to major external AI providers. Measures imposing financial penalties on companies for their exposure to foreign dependencies (not unlike the model used for carbon taxes) or forced decoupling motivated by national security concerns could become more common.
Such pressures could present challenging new trade-offs. By opting for sovereign solutions – whether out of patriotic duty or in response to public pressure or government requirements – private sector consumers of AI may have to forgo what they perceive to be the most technologically mature or cutting-edge solutions. While ‘good enough’ tech can help strengthen the overall technology ecosystem in a market, a strategic transition to less established solutions may – especially in the shorter term – affect the ability of an economy to fully seize the opportunities of AI.
The transition to alternative suppliers could also introduce new security risks, as customers migrate away from sometimes long-embedded, deeply integrated tech stacks towards new, potentially less mature and well-vetted alternatives. These are risks that would likely reduce over time, as domestic alternatives scale and grow their market shares. Planners should, though, account for another less likely, but possible scenario in which a more permanent, multi-speed technology environment emerges, where some markets continue to rely on less advanced solutions – another parallel with the Cold War, during which supply chains and innovation diffusion were similarly far more arranged along political and ideological lines.
‘Buy local’ imperatives will pose an existential challenge for companies that already (or hope to) have a global presence, which may find themselves operating in a more restrictive marketplace.
‘Buy local’ imperatives will pose a potentially existential challenge for companies that already (or hope to) have a global presence, which may find themselves operating in a more restrictive marketplace. This risk is heightened for technology and defence companies, which could see themselves lose market share to sovereign alternatives. Even in the likelier scenario where companies will retain market access, these actors nonetheless are likely to face increased pressure to provide guarantees that their products are not contingent on the benevolence of their respective home governments. In practice, such guarantees may be difficult to provide in a global environment where national governments increasingly undermine international norms and laws, and seek to weaponize the strength of their private sector.
This could present difficult trade-offs. In their attempt to diversify their own technology stacks to placate foreign customers, companies may find themselves under increased scrutiny from their home governments, which could perceive such actions as counter to their policies and perceived national interests.
How companies can prepare
- Establish a permanent geopolitical risk function to monitor geopolitically motivated operational risks, including the progress and nature of ‘buy local’ policies and government efforts to bolster their strategic autonomy in tech. More importantly, companies should map their own technological and supply-chain dependencies, and work to understand how these may be made more resilient or diversified. Diversifying dependencies does not necessarily have to mean reordering a full technology stack. It could also encompass more limited measures, such as ensuring that back-up solutions and multiple, redundant options are in place.
- Conduct regular ‘tech decoupling’ stress tests to model the implications of a sudden loss of market access or a forced supply-chain and infrastructure decoupling (e.g. localization of cloud storage).
- Develop and design infrastructure architectures that can be replicated across a variety of markets in order to comply with intensified sovereignty or data-localization requirements. Companies should ensure that systems are compatible with multiple cloud providers and AI solutions, and identify which aspects of their business activity may invite such scrutiny. For example, a pharmaceutical company may not need to use a local AI alternative for medicine discovery, but will need to consider switching to sovereign AI solutions if it plans to feed personal data into AI models.
- Structure corporate entities and AI and wider tech stacks to allow genuine legal and operational separation across regions. Companies should embrace the principle of openness in technology stacks. Diversifying inputs can not only bring greater resilience, but also avoids accusations of so-called ‘sovereignty-washing’ – where large incumbents present their existing solutions as sovereign or local by using artificial legal separations.
Fragmentation and regulatory uncertainty
As the AI sector securitizes and the geostrategic dimension of the AI race becomes so important that falling behind is increasingly considered to be an existential economic and security threat, governments’ willingness to place regulatory guardrails on development of the technology will continue to diminish.
2025 already partially demonstrated this trend, with both the US and the EU revisiting earlier regulatory commitments on AI, and countries like Japan are relaxing rulebooks in favour of implementing pro-innovation regimes. For example, the EU temporarily watered down and delayed the implementation of its landmark AI Act, after member state concerns over the constraints placed on would-be European AI champions. The EU’s Digital Omnibus, a package of amendments aimed to simplify and reduce bureaucracy in its existing digital regulation, is about ‘cutting red tape’ to promote innovation and growth. In the US, President Trump has revoked several of his predecessor’s executive orders that placed limitations on the rollout of AI.
The dynamics discussed in this paper may lead to more widespread deregulatory momentum and greater fragmentation in approaches to AI. In a multipolar AI marketplace, more countries would be able to establish themselves as builders of the technology and therefore as market ‘shapers’, not just market ‘takers’ reliant on regulation to influence AI’s parameters. Incentives around regulation may change as a result. Although Europe has, for example, long relied on the so-called ‘Brussels effect’ (the idea that the EU could set global standards via strict regulation of its large internal market) to shape global markets, it is increasingly embracing the idea that control over infrastructure, rather setting the rules, is the main source of influence and power in the digital economy.
Military or national security (and, by extension, dual-use) applications of AI frequently enjoy exemptions from existing regulation, partly because of the ambitions in many central governments to put AI at the heart of their defence strategies. An example is the EU’s AI Act, which does not cover technologies with an explicit national security or military application. Given the significant dual-use nature of AI, this is a distinction that is becoming increasingly porous. More companies exploring dual-use applications of their products will therefore shrink the pool of solutions covered under existing rulebooks. AI companies promoting the geostrategic importance of their solutions will have greater incentive to promote a reining-in of regulation (or, conversely push safety narratives that help cement their market position). Defence imperatives may also add to pressure on leading AI companies to lower safety standards. The recent spat between Anthropic and the Pentagon provides a particularly salient, high-stakes example.
A fragmenting global order, characterized by waning international cooperation and adherence to international law, paired with an accelerating AI arms race, leaves few incentives for countries to collaborate on developing global rules for a technology that many governments believe may be the key to power in the 21st century.
The rush to innovate and deploy AI impacts regulation and governance beyond the domestic level. A fragmenting global order, characterized by waning international cooperation and adherence to international law, paired with an accelerating AI arms race, leaves few incentives for countries to collaborate on developing global rules for a technology that many governments believe may be the key to power in the 21st century.
Coordination is especially unlikely when it comes to the more geostrategic applications of AI, such as those in the growing dual-use realm. While global governance initiatives like the annual AI Summit series and the Responsible AI in the Military Domain (REAIM) continue to attract participation, both the depth of resulting communications, as well as the number of governments signing on to them, continues to decrease – with major powers like China and the US, as well as others like Russia, increasingly opting out. The pace of military AI deployment and development in wars in the Middle East, Ukraine and elsewhere will make it difficult for any durable, global regulatory approaches to emerge.
A more fragmented, deglobalized technology landscape, in which countries increasingly cordon off access to their technology markets and develop alternative technical standards and regulatory frameworks, could even see different technology stacks become incompatible. A wholesale decoupling like this will be especially difficult to prepare for – and would result in a global economy vastly different from the one that has prevailed since the end of the Cold War.
Uncertainty about the degree and nature of these policy changes create a difficult environment for businesses. More restrictive, but predictable, regulatory regimes may frequently be preferable over a light-touch, but constantly changing, rulebook. Navigating a wide range of regulatory approaches, as well as persistent uncertainty as governments delay committing to long-term frameworks, is already a significant source of friction.
How companies can prepare
- Continue to invest in robust internal AI governance processes in the absence of binding frameworks, to pre-empt regulatory shocks and reduce internal risks. Establishing robust safety standards and processes (including documentation, red-teaming, transparency and auditability) can also become a competitive edge, allowing a company to be seen as more trustworthy by some customers.
- Design modular governance frameworks that can be adapted to diverging regulatory regimes. Ensure that in-house knowledge of AI use is retained, so that risks can be mapped and mitigated ahead of time, and processes put in place to adapt to potentially stricter future standards.
- Work closely with private sectors peers to strengthen regulatory collaboration and promote shared standards. In the absence of coordinated government action, the private sector – especially companies in high-risk sectors such as healthcare, law enforcement and defence – can play an important role in pushing governments to adopt robust, enforceable and predictable standards for AI safety and other considerations.
Heightened security risks
A more fragmented AI market may also lead to new and increased security risks, as harmful AI solutions proliferate and the deteriorating global security environment means bad state and non-state actors become more willing and able to exploit weaknesses.
As advanced AI tools become cheaper, easier to deploy and less dependent on large pools of specialized expertise, smaller states and non-state actors will be better able to catch up with traditionally dominant players, altering established power dynamics. Such democratization, however, also provides more opportunities for dangerous capabilities to diffuse. In this more multipolar AI environment, some countries could start to make an absence of guardrails and a willingness to export offensive, high-risk tools selling points for their respective AI offerings. This risk is not hypothetical: countries like Russia are increasingly building – and field-testing – sophisticated dual-use AI solutions of their own and may well see a financial and strategic opportunity in exporting these capabilities.
While some countries and companies, in a bid to improve safety or avoid controversy, already limit the extent to which certain dual-use solutions can be accessed (Anthropic’s recent decision to delay the release of its Mythos model due to concern over its capabilities is an example), others with fewer scruples may be motivated to fill the resulting market vacuum. While existing, widely available commercial AI tools can already be used to great effect to increase the effectiveness and scale of, for example, cyberattacks and misinformation campaigns, in this scenario far more sophisticated capabilities could become available ‘off-the-shelf’. This is a dynamic not dissimilar to the proliferation of spyware tools, which has similarly become a niche, but lucrative area of tech development dominated by a select few countries, which in particular relies on selling high-end capabilities to governments that frequently lack the domestic capacity to develop them.
Democratization of a technology generally makes it far more difficult to limit the proliferation of harmful capabilities and prevent unscrupulous actors from gaining access to more advanced tools. For private sector actors, this means that the AI-enabled cyber and kinetic threats they face could become more frequent, more sophisticated and more harmful. Further investment in bolstering cybersecurity capabilities and capacity will then be necessary, as will the hardening of physical infrastructure. Physical infrastructure used for AI is also becoming a prime target as the strategic and economic significance of the technology grows. For example, in early 2026, Iran targeted data centres owned by US hyperscalers in the Gulf Arab countries to complicate ongoing military operations, but also to undermine these countries’ ambitions to diversify their economies through AI investment.
A more fragmented technology environment in which countries are less interconnected may also see barriers to escalation in the cyber and hybrid domains lowered. Concerns about retaliation through the same technical systems, and about potential spillover and ‘blowback’ (where an attack targeting another country’s systems undermines the attacker’s own) serve as deterrent factors that could encourage states to practice restraint. An example of such blowback resulting from cyber activities was the 2017 NotPetya cyberattack, which generated an estimated $10 billion in damages worldwide and was attributed to Russian proxies intending to undermine Ukrainian systems, but in the process caused significant harm to Russian-linked systems and entities. As technological systems are delinked, and countries become less reliant on AI and dual-use solutions provided by others, some of this restraint may start to fall away.
Examples of this dynamic are already apparent in the hybrid and cyber domains, where so-called ‘spoilers’ in the system – countries like Iran, North Korea and Russia, which are considered to have relatively little to lose from undermining global systems they exist outside of – have become more brazen in their operations. In a securitized, fragmented world, systems will likely be targeted even more often by state actors and their proxies. As much of the critical infrastructure and systems behind AI is privately owned, attacks like these will be a source of increased risk companies will need to prepare for.
How companies can prepare
- Invest in bolstering cyber defence capabilities – for example, in-house cyber capacity, red-teaming activities to identify weaknesses, ‘airgapping’ and duplication critical systems, decentralization of data storage, redundancy and data protection practices, and development of crisis responses and protocols – to better prepare for a more volatile world, in which AI will serve as an increasingly important force multiplier for states and non-state actors alike.
- Map the potential weaknesses and vulnerabilities in physical systems and infrastructure that may be targeted through AI-enabled physical sabotage attacks (e.g. via increased drone activity or targeting of undersea power lines or fibre-optic telecommunications cables). Companies should work closely with governments and militaries to allocate responsibility during a crisis and develop protocols. They should also consider ways in which critical infrastructure may be made less vulnerable to attack, and seek to improve deterrence.
