This website uses cookies

Read our Privacy policy and Terms of use for more information.

Yesterday, a policy took effect that will read, in retrospect, as the moment AI access acquired an identity layer. Under Anthropic's updated consumer privacy policy — published June 8, effective July 8 — the company may, in certain circumstances, ask users of Claude's Free, Pro, and Max tiers to verify their age or identity using a government-issued identity document, a photo or video image, and facial geometry templates — data Anthropic itself notes may be considered biometric in some jurisdictions. Verification runs through Persona, a US identity vendor. Team, Enterprise, Developer Platform/API, and other commercial-term services are outside this consumer-policy update — for now.

Seen in isolation, this is a KYC policy. Seen in sequence, it is the second half of a structure whose first half we covered three weeks ago. In June, the US government demonstrated the supply side of AI access control: an export directive that switched two frontier models off worldwide because nationality could not be verified in real time. The July 8 policy is the demand side of the same premise: if access to frontier capability must be conditioned on who you are, then someone has to check who you are. The export control was the crude instrument; identity verification is the precise one. Governments gate model capability; vendors verify the humans. Between the two, access to frontier AI is becoming identity-gated — and the infrastructure being normalised now will outlive the specific policy that introduced it.

For European readers this collides with data protection law at speed. Facial geometry templates used to verify identity are very likely Article 9 GDPR territory — biometric data used for unique identification is special-category data, subject to the highest tier of protection European law affords. As of publication, Anthropic does not appear to have publicly confirmed a DPIA specific to this verification flow, and for EU users the flow raises the usual transfer-mechanism and supplementary-measure questions for sensitive identity data processed through a US-headquartered vendor ecosystem. Europe, meanwhile, has spent two years building exactly the alternative this moment calls for: the EU's age-verification blueprint and Digital Identity Wallet prove attributes without revealing identity — verification without surveillance. The collision between those two models of "prove who you are" is the next European tech-policy fight, and enterprises are standing in the middle of it.

One more thing. The enterprise exemption is narrower than it looks — because your employees' personal AI accounts are not exempt. Every employee who pastes work material into a personal Claude account is now, potentially, an employee whose face and passport sit with a US identity vendor as a condition of a tool they use for your business. Shadow AI just became a biometric exposure. This edition maps the new identity layer and gives you the audit to run this week.

TL;DR
  • Frontier AI access is becoming identity-gated. Anthropic's July 8 policy — government ID, photo/video image, facial geometry templates via Persona, applicable in certain circumstances — is one of the clearest consumer-tier identity-verification gates yet codified by a frontier AI vendor. Treat it as precedent, not exception: the export controls of June and the ID checks of July are two expressions of the same access-control architecture.

  • Facial geometry templates are very likely Article 9 GDPR territory. Biometric data used for unique identification is special-category data. Anthropic does not appear to have publicly confirmed a DPIA specific to this verification flow, and EU-to-US flows of sensitive identity data raise the usual transfer-mechanism questions. If you have EU users or employees on consumer tiers, this is a live data-protection issue, not a US story.

  • The enterprise exemption does not cover shadow AI. Team, Enterprise, and API tiers are exempt — personal accounts are not. Employees using consumer Claude for work make their biometrics a dependency of your workflows. Audit consumer-tier AI use now; it just changed category.

  • Europe built the privacy-preserving alternative. The EU age-verification blueprint and Digital Identity Wallet prove attributes without exposing identity. The maximalist model (document + face scan to a foreign vendor) and the minimalist model (cryptographic proof) are now in open competition. Enterprises should know which one their vendors use.

  • Identity is the control plane — for humans and agents alike. Last week's edition argued agents need first-class identities. This week the same logic arrived for humans, from the other direction. Procurement should now ask every AI vendor: what identity do you demand, from whom, verified by whom, stored where.

The Brief

1. July 8: Anthropic's ID Verification Takes Effect

Anthropic published an updated consumer privacy policy on June 8, effective July 8, under which the company may, in certain circumstances, ask users of Claude Free, Pro, and Max to verify their age or identity before granting or maintaining access to certain capabilities. Verification is handled by Persona, a US third-party identity vendor, and the policy's "Verification Data" includes an image of a government-issued identity document (and the data on it), the user's image in photo or video form, facial geometry templates — which Anthropic notes may be considered biometric data in some jurisdictions — and the verification result. Per Anthropic's help documentation, Persona processes and retains the raw verification data on its own servers; Anthropic stores the verification outcome rather than the raw ID images, and says identity data is not used to train its models. Team, Enterprise, the Claude Developer Platform, and services under Commercial Terms are outside this consumer-policy update.

Why it matters: This is one of the clearest consumer-tier identity-verification gates yet codified by a frontier AI vendor — OpenAI already requires government ID for some API-organisation verification, but the explicit facial-geometry language at consumer scale is new territory. It operationalises the premise behind June's export directive: access conditioned on verified identity. What the market leader codifies, others will follow — the infrastructure, once built, generalises. And the policy applies to the tiers individuals use, which is precisely where enterprise visibility is weakest. Watch: Whether OpenAI and Google adopt equivalent consumer verification tiers, and whether verification expands from "certain circumstances" toward baseline access. Source: Anthropic — Privacy Policy · Anthropic Help Center — Identity verification on Claude

2. The GDPR Collision: Facial Geometry Is Article 9 Data

Biometric data used to uniquely identify a natural person is special-category data under Article 9 GDPR, processable only under narrow conditions and subject to the highest protection tier in European law — and Anthropic's own policy language acknowledges its facial geometry templates may be considered biometric data in some jurisdictions. Separately, Anthropic's policy lists technical information — IP address, device type, identifiers, location derived from IP — that it may receive automatically in service use generally; Persona's own processor policy makes clear that identity-verification data varies by method, so claims about NFC-chip or behavioural-signal collection should be treated as method-specific unless Anthropic confirms them for Claude. As of publication, Anthropic does not appear to have publicly confirmed a DPIA specific to this verification flow. For EEA/UK/Swiss users, Anthropic Ireland acts as controller and the company relies on standard contractual clauses for transfers to countries without adequacy decisions — which, for sensitive identity data in a US-headquartered vendor ecosystem, raises the usual supplementary-measure questions, with the CLOUD Act as background context.

Why it matters: A frontier-AI vendor conditioning consumer access on identity verification involving biometric-grade data, for EU users, through a US processor, stacks up the familiar GDPR pressure points: Article 9 lawful basis, DPIA expectations, transfer mechanism, data-minimisation. Expect complaints to data protection authorities and likely civil-society interest; the first DPA decision on AI-access verification will set the template. If your organisation has any relationship to consumer-tier AI accounts — and via your employees, it does — this is your exposure too, not just Anthropic's. Watch: DPA complaints or an EDPB position on identity verification as a condition of AI service access. Source: Anthropic — Privacy Policy · ppc.land — Anthropic's new privacy policy adds biometric checks

3. From Export Control to ID Check: The Same Premise, Two Instruments

Recall the June sequence: the US export directive ordered Fable 5 and Mythos 5 blocked for any foreign national, and Anthropic disabled both models worldwide because it had no reliable way to verify nationality in real time across millions of users. The July 8 policy was published on June 8 — before the directive — so it should not be presented as caused by the June shutdown. But both events expose the same architectural gap: frontier access increasingly depends on knowing who is behind the account. The export control was the supply-side instrument (restrict the model); identity verification is the demand-side instrument (verify the human). The first was crude and global; the second is precise and durable.

Why it matters: This is why the policy should be read as architecture, not as one vendor's compliance quirk. Once frontier capability is treated as export-controlled technology, verified identity becomes the enforcement layer — and the June shutdown demonstrated to every frontier lab what the alternative to verification looks like: nineteen days of global blackout. The rational vendor response is to build the identity gate before the next directive. Enterprises should assume identity-conditioned access is the direction of travel for frontier AI, and negotiate their own terms — who verifies, what is collected, where it lives — while they still have leverage. Source: Anthropic — Statement on the suspension directive · State of Surveillance — ID verification for consumer capabilities July 8

4. The Exemption Trap: Enterprise Tiers Are Exempt, Your Employees Are Not

The verification policy applies only to consumer tiers; Team, Enterprise, the Claude Developer Platform, and commercial-term services are outside it. That reads as reassurance and functions as a trap. Every organisation has employees using personal AI subscriptions for work — drafting, coding, summarising — outside sanctioned channels. Those employees are now, potentially, subject to identity verification involving biometric-grade data as a condition of the tool they use for your business: their face and their identity document, held by a third-party identity vendor, attached to an account your data flows through.

Why it matters: Shadow AI was a data-leakage problem; as of July 8 it is also a biometric-exposure and duty-of-care problem. An employee who verifies with their passport to keep using the account they paste your documents into has created a liability chain no policy anticipated: corporate data in a consumer account, gated by special-category personal data, processed in the US. The fix is not only prohibition — it is providing sanctioned enterprise access good enough that the personal account is unnecessary, and auditing the gap honestly in the meantime. Source: State of Surveillance — Anthropic ID verification · FourWeekMBA — A credit-gated identity layer for frontier AI access

5. The Verification Wave: This Is Not an AI Story Alone

Anthropic's policy lands inside a broader regulatory wave. The UK's Online Safety Act requires "highly effective" age assurance, with Ofcom recognising photo-ID matching and facial age estimation among compliant methods. The EU is accelerating age verification through the DSA, with implementation completing through 2026. By 2026, age-assurance laws and platform rules had moved from niche compliance into mainstream internet-access infrastructure across the UK, EU, Australia, and multiple US states — and these regimes explicitly reject self-declaration. Identity and age assurance are becoming a standing layer of internet access, and AI platforms are the newest surface.

Why it matters: The question is no longer whether verification layers arrive but which design wins. Two models are competing: the maximalist one — documents and face scans held by commercial vendors — and the minimalist one — cryptographic proof of an attribute without revealing identity. Enterprises will inherit whichever model their vendors choose, in their consumer-facing products and their procurement chains alike. Knowing the difference, and asking for it, is now a governance competence. Source: FPF — The EU Commission's approach to age verification · ppc.land — EU follows UK with age verification in 2026

6. The European Alternative: Proof Without Exposure

The EU has already built the counter-model. The Commission's age-verification blueprint — released July 2025, feature-ready as of April 15, 2026 — lets users prove they are over 18 without sharing anything else, and is designed for full interoperability with the EU Digital Identity Wallet. The architecture is the philosophical opposite of the document-plus-face-scan pipeline: a cryptographic attestation that an attribute is true, with no central store of faces and passports accumulating at a commercial vendor.

Why it matters: This is the sovereignty story inside the identity story. Europe is not merely objecting to the maximalist model — it has shipped a working alternative, and the EUDI Wallet gives it distribution. For European enterprises, two implications: first, when the identity-gated AI era reaches your users, there will be a European-standard way to do it that your DPO can actually approve; second, expect regulatory pressure on vendors to accept wallet-based attestation instead of biometric enrolment for EU users. The enterprises that ask vendors for it early will be the reference cases. Watch: Whether any AI vendor announces EUDI-wallet-compatible verification for EU users — the first to do so wins the European trust argument. Source: European Commission — The EU approach to age verification · BISI — The EU's age verification efforts

7. Geneva: 169 Countries, One Finding — Governance Is Not Keeping Pace

The inaugural UN Global Dialogue on AI Governance convened in Geneva on July 6–7, bringing government delegates from around the world into the most significant multilateral AI governance conversation yet held, running back-to-back into the ITU AI for Good Summit and the first meeting of the UN's AI commission. The headline finding is blunt: AI governance safeguards are not keeping pace with capability advances, and the window for effective global coordination is open but may not stay that way. Focal concerns include labour-market impact, the digital divide, and the concentration of frontier model development in a small number of countries.

Why it matters: The concentration concern is the thread that ties Geneva to everything above. When frontier capability is concentrated in a handful of firms in one or two jurisdictions, those jurisdictions' access-control decisions — export directives, verification mandates — become de facto global policy, which is precisely what June and July demonstrated. Multilateral processes move slowly; access-control architecture is being built now. For enterprises the practical reading is unchanged: diversify dependencies, and treat jurisdiction as a first-order attribute of every AI vendor. Source: UN News — Global push for AI governance · UN Web TV — Global Dialogue opening sessions

8. Three and a Half Weeks to August 2

A standing reminder with the clock now short: on August 2, the AI Office's enforcement powers over GPAI models activate, and Article 50 transparency obligations apply. New generative systems must comply from placement; pre-existing systems have until December 2 for machine-readable marking only. If the June 25 checklist (system map, obligation owners, marking method) and the GPAI diligence requests are not moving yet, this is the last comfortable week to start them.

Why it matters: After August 2, the questions in this newsletter stop being preparatory and start being answerable by regulators. The two builds we detailed in June — the Article 50 transparency map and the model supply-chain diligence pack — are each roughly a fortnight of organised work. Started this week, they land before the deadline; started in August, they are remediation. Source: European Commission — AI Act · EU AI Act — Implementation timeline

9. Frontier Revenue Is Concentrating — and the Concentration Question Sharpens

Recent reports put Anthropic's annualised revenue run rate above $30 billion, while Reuters reported earlier this year that OpenAI had topped $25 billion as of February. The precise current comparison is not fully public, but the direction is clear: frontier AI revenue is concentrating around a small number of vendors — the same concentration the Geneva dialogue flagged as a governance risk, now visible in revenue terms. The vendor whose access policies we have spent three editions on is, by these reports, at or near the top of that market.

Why it matters: Market leadership plus identity-gated access plus jurisdiction-bound export control is a potent combination: the practices of the leading vendor become the default architecture of the industry. That is not an argument against using the leader — it is an argument for negotiating deliberately with it, and for keeping the fallback discipline from June alive. The more concentrated the frontier, the more your continuity depends on the two or three decisions you control: contract terms, identity terms, and a tested alternative. Source: Open Data Science — Last week in AI, June 29–July 5 · Tech-Reader — AI news, July 6

Deep Dive

Identity Becomes AI's Control Plane

In June, a government switched off two frontier models because nobody could verify who was using them. In July, the vendor built the verification. The identity layer of AI access has arrived — and Europe is the jurisdiction with both the most to object to and the best alternative to offer.

What Changed

Until this month, access to frontier AI was gated by two things: payment and terms of service. As of July 8, at the market-leading vendor, it can also — in certain circumstances — be gated by verified identity: a government document, a photo or video image, and a facial geometry template matching one to the other, processed by a third-party US vendor, for consumer users. The stated scope is verification "in certain circumstances" on consumer tiers. The structural fact is larger: a frontier AI vendor now operates one of the clearest codified identity-verification pipelines in the industry as a potential condition of access, and the events that made such a pipeline rational are a matter of public record.

Those events are worth restating as a sequence — with the ordering kept honest. June 8: the verification policy is published. June 12: an export directive requires blocking two models for any foreign national, and the vendor — unable to verify nationality across millions of accounts in real time — switches the models off for everyone, worldwide, for nineteen days. June 30: controls lift. July 8: the verification policy takes effect. The policy preceded the directive, so it cannot be presented as caused by it. But the two events expose the same architectural gap from opposite sides: supply-side control demonstrated the cost of not knowing who your users are, and demand-side verification is the mechanism that would close that gap. Frontier capability is increasingly treated as something whose users must be identifiable.

Why It Matters

The precedent matters more than the policy. What one frontier vendor operationalises, under visible government pressure and with market leadership, becomes the template — the FAQ other vendors' lawyers read when their own directive arrives. If the premise holds that frontier capability is export-controlled technology, then verified identity is its enforcement layer, and every frontier vendor eventually needs one. The infrastructure being normalised now — biometric enrolment as an access condition — will outlive the specific policy, the specific vendor, and the specific administration that prompted it.

For Europe, the collision is head-on. Biometric data used for unique identification is Article 9 GDPR special-category data — and the vendor's own policy acknowledges its facial geometry templates may qualify in some jurisdictions. The verification data — document images, facial geometry templates, verification records — sits with a US processor under standard contractual clauses, the transfer mechanism that sensitive identity data strains hardest, with the CLOUD Act as background context. As of publication, no DPIA specific to this verification flow appears to have been publicly confirmed. It is difficult to design a fact pattern more likely to draw DPA complaints, and the first decision will set the template for identity-gated AI access in Europe generally. European enterprises are not spectators here: their employees' consumer accounts are in scope today, and their own customer-facing AI products will face the same verification-design choices within a regulatory cycle.

What Enterprises Usually Miss

First, the exemption illusion. "Enterprise tiers are exempt" is true and almost irrelevant. The tiers that matter for exposure are the ones you do not control: the personal accounts your employees use for work. Shadow AI has been a data-leakage concern for two years; it is now also a biometric-exposure concern, because the employee who verifies with a passport to keep their personal account has bound special-category personal data to a workflow your documents flow through. No DPIA in your organisation covers this, because no one mapped it.

Second, the procurement blind spot. Vendor due diligence asks about model capability, data handling, and security posture. Almost no AI procurement questionnaire asks: what identity verification do you impose on users, whose identity data do you collect, who processes it, where is it stored, and what happens to our access if verification requirements change? After July 8, those are material questions — verification terms can change mid-contract, and an identity requirement your workforce cannot or will not meet is an availability risk in the same family as June's export shutdown.

Third, the alternative is real and nobody asks for it. The EU's age-verification blueprint and Digital Identity Wallet demonstrate that attribute verification — over-18, EU-resident, licensed-professional — can be done cryptographically, without a vendor accumulating faces and passports. The maximalist pipeline is a design choice, not a technical necessity. Vendors respond to procurement pressure; a handful of large European buyers asking "will you accept wallet-based attestation for EU users?" moves the market more than any op-ed. Nobody has asked yet. Be first.

The Governance / Infrastructure Implication

Put last week's edition and this one side by side and the pattern is complete: identity is becoming the control plane of AI, in both directions. Downward, enterprises are learning to give every agent a first-class identity, an authority chain, and a reconstructable audit trail — because you cannot govern actors you cannot attribute. Upward, governments and vendors are building the same discipline for humans — because you cannot enforce access conditions on users you cannot identify. The same primitive — verified identity bound to every actor, human or synthetic — is being installed at every layer of the stack at once.

That makes identity architecture a governance decision, not an IT detail. The choice between maximalist verification (collect the face, hold the document) and minimalist verification (prove the attribute, store nothing) will be made vendor by vendor, contract by contract, over the next two years — and Europe is the only jurisdiction that has shipped the minimalist infrastructure at scale. For once, the European position is not "comply with our constraint" but "use our better design." Enterprises that internalise this early get both: GDPR-proof identity flows for their own products, and negotiating language for their vendors.

What Leaders Should Do Next

Run the exposure audit this week: find the consumer-tier AI accounts doing work in your organisation, quantify the gap between sanctioned access and actual use, and close it with provisioning rather than prohibition alone. Add identity-verification terms to AI vendor due diligence — what is collected, by whom, stored where, changeable on what notice. Have your DPO assess the Article 9 exposure of any consumer AI use touching EU employees. And put wallet-based attestation on the table with your vendors before anyone else does. The artifact below structures all four.

Enterprise Playbook

  1. For the CISO / IT: Run a shadow-AI census now — which employees use personal consumer AI accounts for work, on which tiers, with what data. Detection via network telemetry and expense reports is imperfect but sufficient to size the problem. The July 8 policy changed the category of this risk: it is now biometric exposure, not just data leakage.

  2. For the CIO / Head of AI: Close the gap with provisioning, not just policy. Employees use personal accounts because sanctioned access is worse or absent. Enterprise-tier access (currently exempt from verification) that matches what people actually use removes both the leakage and the biometric exposure in one move — and is cheaper than the incident.

  3. For the DPO: Assess Article 9 exposure from employee use of verification-gated consumer AI: whether any duty-of-care or co-responsibility argument reaches the organisation, and what the works council needs to know. In parallel, document your position now on biometric-gated tools in the corporate stack — you will be asked.

  4. For Procurement / Vendor Management: Add an identity clause to AI vendor due diligence: what verification is imposed on users, what identity data is collected, who processes it (name the sub-processor), where it is stored, under what transfer mechanism, and what notice applies if verification terms change. Ask explicitly whether EUDI-wallet or equivalent attribute-based attestation is on the roadmap for EU users.

  5. For the CTO (customer-facing products): If your own AI products will need age or identity assurance — and the DSA/OSA wave says they will — design for attribute attestation, not document collection. The EU blueprint is feature-ready and wallet-interoperable; building the minimalist version first is cheaper than retrofitting away from a biometric store later.

  6. For the Board: The June and July lessons compose into one sentence: access to frontier AI is now conditioned by governments (export controls) and vendors (identity verification), and both conditions can change faster than contracts. Continuity therefore lives in the three things you control — contract terms, identity terms, and a tested fallback. Ask for the status of all three.

Artifact: AI Access Identity Exposure Audit

Four blocks. Blocks A and B size your current exposure; Block C hardens procurement; Block D positions you for the attestation era.

Block A — Shadow AI census (CISO / IT, this week)

  • [ ] Identify consumer-tier AI accounts used for work: network telemetry (AI vendor domains from corporate networks), expense reports (personal subscriptions), and a no-blame survey.

  • [ ] For each: which tier, what data flows into it, is the user now subject to identity verification?

  • [ ] Quantify: number of users, sensitivity of data involved, departments affected.

  • [ ] Classify the gap: no sanctioned alternative exists / alternative exists but is inferior / alternative exists and this is preference.

Block B — Biometric exposure assessment (DPO)

  • [ ] For employees on verification-gated consumer tiers: what special-category data (Article 9) is now bound to accounts carrying corporate data?

  • [ ] Any organisational duty-of-care, works-council, or co-responsibility implications? Document the position.

  • [ ] EU employees specifically: transfer mechanism exposure (biometric templates to US processors; SCCs; CLOUD Act backdrop).

  • [ ] Decide and record: is verification-gated consumer AI use acceptable, tolerated-with-controls, or prohibited — and what is offered instead?

Block C — Vendor identity clause (Procurement)

Add to every AI vendor assessment:

  • [ ] What identity verification do you impose on users, on which tiers, for which capabilities?

  • [ ] What identity data is collected? Document images? Biometric templates? Behavioural signals?

  • [ ] Who is the identity sub-processor? Where is the data stored? Under what transfer mechanism for EU users?

  • [ ] What notice period applies if verification requirements change? Is a change of verification terms a termination-right event in our contract?

  • [ ] Is attribute-based attestation (EUDI wallet or equivalent) on your roadmap for EU users?

Block D — Attestation positioning (CTO / product)

  • [ ] For your own AI products: will age/identity assurance obligations reach them (DSA, OSA, member-state laws)? By when?

  • [ ] Design decision recorded: attribute attestation (prove the property, store nothing) over document collection wherever regulation permits.

  • [ ] Track EUDI Wallet interoperability requirements now if you serve EU consumers — retrofitting away from a biometric store is the expensive path.

Filing note: Blocks A+B completed and dated are your evidence of having assessed the exposure when the category changed (July 8, 2026). If a DPA, works council, or court ever asks when you knew and what you did, this is the answer.

What to Watch Next

  • DPA complaints against the verification pipeline. Facial geometry + US processor + no publicly confirmed DPIA is a fact pattern built for European data protection challenge. The first decision sets the template for identity-gated AI access in Europe.

  • Whether other frontier vendors follow. OpenAI and Google adopting equivalent verification tiers would confirm the architecture reading; their declining to would make July 8 a competitive differentiator instead. Either outcome is informative.

  • The first EUDI-wallet-compatible AI vendor. Any frontier vendor announcing wallet-based attestation for EU users wins the European trust argument at a stroke. Watch for it around the AI Act enforcement date.

  • August 2 — three and a half weeks. GPAI enforcement powers and Article 50 transparency apply. Last comfortable week to start the June checklists.

  • Verification scope creep. The policy covers "certain capabilities" on consumer tiers. Watch whether verification quietly expands toward baseline access, and whether enterprise-tier exemption survives the next government directive.

Next Steps

What to read now?

That’s it for this week.

Before next Thursday, ask your CISO one question: how many people in our organisation use personal, consumer-tier AI accounts for work — and can we name them? Reply to this email with the honest answer: a number, or "we can't tell."

Why this, not the other twenty things you could do: The Deep Dive argued that the enterprise exemption is an illusion — the identity gate applies exactly where your visibility ends. Every downstream action in this edition (the DPO assessment, the provisioning fix, the vendor clause) depends on first knowing the size of the shadow. And unlike most governance questions, this one has a knowable answer sitting in your network logs and expense reports.

If the answer is "we can't tell": That is the finding, and it is worth more than a confident wrong number. An organisation that cannot see its consumer-AI usage cannot assess its biometric exposure, its data leakage, or its continuity risk — three categories that all changed this month. The census in Block A of the artifact takes one week.

If you skip it: The verification wave keeps arriving — this vendor today, the others tomorrow, your own products within a regulatory cycle — and the exposure compounds quietly, one personal account and one passport scan at a time, until a DPA complaint, a works council question, or an incident makes it visible for you.

Until next Thursday, João

OnAbout.AI delivers strategic AI analysis to enterprise technology leaders. European governance lens. Vendor-agnostic. Actionable.

If this landed in your inbox from a forward — subscribe here to get the full picture every week.

Keep Reading