Sovereignty
Europe’s missing compliance layer
Europe is building sovereign payments and sovereign AI. The layer that interprets its regulation still runs on foreign software.
New to the topic? Start with What sovereign compliance actually means.
In November 2018, the US Treasury pressured SWIFT, a Belgian company operating on European soil, to disconnect Iran’s banks. Europe objected, updated its blocking statute, and built a dedicated payments vehicle, INSTEX, to keep trading in defiance of Washington. None of it held. SWIFT complied with the United States, European trade with Iran collapsed regardless, and a continent with the law, the institutions, and the political will on its side discovered that its position did not prevail. That episode is the moment European payment sovereignty stopped being a talking point and became a programme.
Two layers of the sovereign stack are already rising
Eight years on, the programme is visible. Wero, the European Payments Initiative’s wallet, has passed 43 million users. On 3 June 2026 the Commission put sovereignty into industrial policy with its Technology Sovereignty Package, citing Europe’s dependence on non-EU providers for more than 80% of its key digital technology. European model builders such as Mistral and Aleph Alpha are contesting the AI layer. Payments and intelligence, the two most capital-intensive layers of the stack, are being built in earnest.
The layer no one is naming
Sitting on top of both is a third layer that receives almost none of the attention: compliance. The systems that read a regulation, work out what it requires, and generate the evidence that an institution obeys it. For most European banks, those systems are American, running on US infrastructure and, in the case of the models that do the interpreting, under US jurisdiction.
- Definition
- The interpretation layer
- Compliance is not only storage and workflow. Its core act is interpretation: reading a legal provision and deciding what it demands of a specific institution. When that act is performed by a foreign-controlled system, the institution has outsourced not just its data but its reading of its own law.
The consequence arrives without anyone deciding it. If the software that interprets European law is built and governed in the United States, then the interpretation of European law becomes a foreign dependency, assembled one procurement decision at a time. It is the same wound as SWIFT, in a less visible place.
Completing the stack
The answer is not to reject foreign technology, which would be both impossible and self-defeating. The answer is to build the missing layer to the same standard Europe is now demanding of payments and AI: developed, hosted, and governed under European control. That is the layer we are building at Harpocrates, and it is the one the sovereignty debate has yet to name.
Europe would not accept its payment rails or its foundational models being switched off from abroad. It should be no more relaxed about the systems that tell it what its own laws require.