Europe's comprehensive AI regulation faces an enforcement crisis: open-source AI models developed outside the EU cannot be effectively controlled once released online, even as Chinese laboratories produce frontier-level capabilities at a fraction of US costs. The EU AI Act, finalized after four years of work, contains provisions to regulate dangerous models, but these rules collapse when applied to downloadable files that propagate through mirrors, torrents, and repositories across multiple jurisdictions.

Why Can't Europe Enforce Its Own AI Rules?

The problem is not that the EU AI Act lacks legal authority. The regulation already reaches non-EU developers who place models on the European market, and it voids exemptions for open-source models once they cross high-impact capability thresholds. The real issue is enforcement: a downloadable file has no representative to hold accountable. When Italy banned DeepSeek's app within 72 hours in early 2025, the model's weights remained freely available through platforms like Hugging Face, a US-anchored infrastructure that European companies and researchers depend on but cannot control.

This enforcement gap matters because the capability gap is closing faster than regulators can respond. According to the 2026 Stanford AI Index, the top closed-source model now leads the top open-source model by just 3.3 percent on the Arena Leaderboard, a widely used AI performance benchmark. On cybersecurity tasks specifically, AI agents' success rates jumped from 5 percent to 96 percent in roughly two years, excluding Anthropic's unreleased Claude Mythos model.

Chinese open-source models complicate this further. DeepSeek's performance over the last 15 months demonstrated that Chinese laboratories can produce frontier-adjacent open-source models at a fraction of US compute costs, and those models ship with weaker safety guardrails. Palo Alto Networks found DeepSeek R1 highly susceptible to jailbreaking, and an earlier version was reportedly compromised to provide instructions for synthesizing methamphetamine.

What Are the Structural Mismatches Between EU Rules and AI Reality?

Beyond open-source enforcement, the EU faces deeper structural challenges in applying its existing regulatory frameworks to generative AI. A recent study commissioned by the Computer and Communications Industry Association (CCIA) warns that extending the Digital Markets Act (DMA), Europe's competition rulebook for tech giants, to generative AI would create what researchers call a "taxonomy trap".

The DMA was designed for stable, mature platform services with clear gatekeeping roles. Generative AI does not fit this model. The study identifies three fundamental mismatches:

• Data Flow Assumption: The DMA assumes data flows are confined to a particular service, while AI operates dynamically across pretraining, fine-tuning, inference, and memory phases.
• Access Point Stability: The DMA assumes stable access points where users interact with a service, while AI agents determine connections dynamically as they perform tasks.
• Content Ranking vs. Generation: The DMA's self-preferencing rules address rankings of existing items, while generative systems create entirely new content.

According to the research, creating a standalone core platform services category for generative AI would not solve the problem. It would lock a fast-evolving technology into a rigid framework that would quickly become outdated. The study concludes that case-by-case enforcement under traditional competition law, including Article 102 of the Treaty on the Functioning of the European Union (TFEU), is the only viable approach.

"The DMA already covers AI when it is integrated into designated core platform services. But generative AI is a general-purpose technology, not a separate service category that can be neatly fitted into the DMA's rigid, static framework," stated Boniface de Champris, AI Policy Lead at CCIA Europe.

Boniface de Champris, AI Policy Lead at CCIA Europe

How Can Europe Regain Control of Its AI Ecosystem?

Experts argue that Europe has one critical lever it has not yet pulled: regulating the distribution platforms themselves. GitHub and Hugging Face, both US-anchored infrastructure, have become de facto global model distribution channels. By assigning these platforms regulatory obligations, Europe could create a chokepoint where enforcement becomes technically feasible.

The second piece involves building internal capacity. When the European Union Agency for Cybersecurity (ENISA) wanted to evaluate Anthropic's Claude Mythos model, it spent weeks petitioning a private American laboratory for access under Project Glasswing, a limited-access initiative. If the EU must ask permission to view threats aimed at its own infrastructure, it is not shaping the ecosystem but queuing for access to it. The Fable 5 shutdown, where the US government ordered a guardrailed version of Mythos pulled offline worldwide within three days, demonstrated that even the queue can be closed by US action with no European input.

The stakes are concrete. PwC noted that the time between a new model's release and its weaponization shrank dramatically across 2025. A responsible disclosure norm, like the one Anthropic modeled with Project Glasswing, could create a six-month window between when frontier capabilities appear in proprietary labs and when they become universally accessible in open-source form. But that window only helps if it reaches beyond the largest companies already in the room.

The pessimistic scenario: capability convergence proceeds faster than regulators can classify and enforce. A Mythos-equivalent open-source model appears within 18 months, and Europe finds itself with a regulatory framework designed for a slower world, unable to prevent a dramatic lowering of its expertise threshold for withstanding serious cyberattacks.

The optimistic scenario requires coordination but is not implausible. As capabilities converge, safety practices could converge too. Open-source developers, facing reputational and market-access pressure, might gradually adopt responsible release norms. Europe's role would be to shape those norms through trade leverage and the gravitational pull of the world's largest regulatory market.

What Europe cannot afford is to treat the Mythos announcement as just a US story. The six-month window between a frontier capability and its open-source equivalent is still open but closing. The legal text of the EU AI Act mostly already covers this scenario. The task now is to build the machinery to make existing provisions bite, and to treat distribution platforms as the chokepoint the file actually passes through.