The EU delayed its AI Act deadlines but kept core obligations live. The US has no federal AI law but is governing through existing authorities — including an export control directive that disabled Anthropic's Fable 5 and Mythos 5 for all customers globally. China continues layering binding standards with active enforcement. All three trajectories converge on the same outcome: insurance is retreating from AI liability, and model access is now subject to sovereign risk. Under DORA, EU firms should assess inference providers as part of their ICT third-party dependency landscape, test model-switching continuity, and treat provider lock-in as a potential compliance risk.
A comparative analysis of the three dominant AI regulatory models as they stood in June 2026 — the EU's comprehensive law, the US's fragmented patchwork governed through existing authorities, and China's layered standards stack. All three trajectories converge on the same structural gap: compliance obligations are expanding while insurance coverage contracts, and model access has become subject to sovereign risk. Anchored by the 12 June 2026 US export-control directive that disabled Anthropic's Fable 5 and Mythos 5 for all customers globally, the brief argues that organisations — particularly firms subject to DORA — must treat inference as a switchable commodity, map AI providers as ICT third-party dependencies, and build multi-engine resilience against nationality-based access revocation.