Anthropic released Fable 5 (broadly available, safety-classifier-wrapped) and Mythos 5 (the safeguards-lifted model underneath, restricted to vetted cyberdefenders via Project Glasswing) on June 9. On June 12 at 5:21pm ET, it received a US government export-control directive — reported as issued by the Commerce Department — ordering it to block both models for any foreign national, inside or outside the US. By that evening, Anthropic had disabled the models for all customers globally, stating it had no reliable way to distinguish foreign nationals from US persons across a user base in the hundreds of millions. The directive followed reports of a technique to bypass Fable 5's safeguards and reach Mythos's offensive cybersecurity capabilities. It appears to be the first use of US export controls to restrict live access to a commercially available AI model in this way.

Why it matters: This is the model-supply-chain risk this publication has flagged for months, made concrete. Every enterprise that had built on Fable 5 or Mythos 5 lost access overnight, with no notice, no SLA, and no restoration date. The lesson is not "avoid Anthropic" — any frontier provider is exposed to the same authority. It is that single-sourcing a frontier model with no identified fallback is now a board-level continuity gap.

Watch: The outcome of Anthropic's meeting with the administration — whether access is restored, restored selectively, or the ban hardens into precedent.

Source: Bloomberg — US limits foreign access to Fable 5, Mythos 5 · Fortune — Anthropic disables Fable and Mythos

The directive's scope is what makes it unprecedented for enterprise planning. It bars access not just to people outside the US but to any foreign national regardless of location — including non-citizen employees working inside American companies. Commerce used national-security export-control authority, the same legal machinery historically applied to physical dual-use goods, and applied it to live API access to a model. Because real-time nationality-based segmentation of a mass-market service is impractical, the only compliant response available to Anthropic was a global shutoff.

Why it matters: Most provisioning and identity platforms cannot enforce nationality-based access restrictions, and most distributed international workforces cannot be partitioned that way without breaking. If a future directive is narrower — "block these nationals, keep serving everyone else" — many enterprises still could not comply technically. The capability gap is now visible: access governance that can segment by nationality, quickly, is a control most programmes do not have and may need.

Source: CNN — Anthropic suspends Mythos after US bars foreign-national use · Simon Willison — Statement on the US directive

The justification is contested. The government cited a jailbreak that unlocked Mythos's cyber capabilities — reportedly accessed by a Chinese group — and a Trump adviser stated Anthropic "refused" to fix it before controls were imposed. Anthropic counters that the jailbreak was narrow, unlocking the capability in one specific instance rather than universally, and that it shut both models off to ensure compliance, not because the flaw was severe. The company is now meeting the administration to dispute the directive. Security researchers have weighed in on both sides via open letters.

Why it matters: This is the uncomfortable governance lesson: a vendor's own safety architecture — layered safeguards, detection, red-teaming — can be judged insufficient by a government with a different risk tolerance, and the enterprise sitting downstream cannot resolve that disagreement. Vendor safety certifications and model cards do not guarantee regulatory approval will hold. Your diligence has to assume the vendor's posture and the government's posture can diverge without warning.

Watch: Whether this hardens into a standing expectation that frontier-model providers pre-clear capabilities with government before release.

Source: Fortune — "Fix this code": the three words behind the shutdown · Tom's Hardware — Sacks says Anthropic refused to fix the jailbreak

The Centre for European Policy (cep) argues the ban is "more geopolitical signal than necessary security measure." Its analysis (Dr. Anselm Küsters) makes three points: jailbreak vulnerability is not unique to these models, so selective enforcement looks political; the action signals that frontier AI remains subject to US control over allies and competitors alike; and the likely effect is perverse — buyers who lose confidence in Western model reliability migrate toward opaque Chinese open models such as Qwen and DeepSeek, trading transparent dependence for hidden risk. cep's conclusion: European resilience requires credible homegrown capability (it cites OpenEuroLLM), not isolation.

Why it matters: This is the sovereignty argument with a concrete event attached. For a European enterprise, the frontier model in your stack is infrastructure you do not control and a foreign government can withdraw. That is not an argument for abandoning US models — it is an argument for treating model choice as a supply-chain decision with diversification, exit options, and a sober look at European and open alternatives where they are credible. Source: cep — US access ban: geopolitical signal more than security measure

The AI Governance Institute names three gaps enterprise programmes have not planned for: access architecture that cannot enforce nationality-based restrictions; the absence of "government-mandated suspension" as a named continuity scenario; and the misalignment between vendor safety and regulator risk tolerance. The sharpest is the second. Incident-response playbooks are built for technical failures — outages with SLAs, degraded performance, deprecation notices. A government directive has none of these: no restoration timeline, no remedy, no contractual recourse unless your agreement specifically addresses it. Most AI API contracts do not.

Why it matters: This is the March "cloud contract written for earthquakes, not drone strikes" lesson, now applied to models. Your force majeure and government-directive clauses were almost certainly not written with retroactive model bans in mind. The gap is knowable in an hour if you ask your vendor counsel; it is unknowable for months if you wait to discover it during a live suspension.

Watch: Whether the major model providers add government-directive language and notice commitments to their API terms in response.

Source: AI Governance Institute — Three governance gaps from the Fable 5/Mythos 5 suspension · Snyk — What the suspension means for security teams

Underneath the headline event sits the deadline that turns this from a one-off into a discipline. GPAI provider obligations have applied since August 2, 2025, but the Commission's enforcement powers were held back for a transition year. That year ends August 2, 2026. From that date the AI Office can request documentation, conduct technical evaluations, require compliance and risk-mitigation measures, order market restrictions, recalls or withdrawals, and impose fines up to 3% of global annual turnover or €15 million under Article 101. The Digital Omnibus deferred the high-risk tier to 2027/2028 — but it did not move this date, or Article 50 transparency, which also applies August 2.

Why it matters: The reflex after the Omnibus was relief. But the two obligations that actually land in seven weeks did not move — and one of them, GPAI enforcement, is precisely the regime that governs the model supply chain the Fable 5 event just exposed. The regulation is not only a cost here; it is the toolkit. It gives European buyers structured, enforceable diligence rights over exactly the dependency that just failed.

Source: EU AI Act — Enforcement of Chapter V · Latham & Watkins — GPAI obligations in force

The same GPAI regime that the AI Office will enforce creates a corresponding right for everyone downstream. Article 53(1)(b), read with Annex XII, entitles any enterprise that integrates a general-purpose model into its own system to a defined information package: the model's capabilities and limitations, intended tasks, architecture and parameters, input/output modalities, integration constraints, and licensing terms. The Act requires that documentation be made available to downstream integrators. Separately, providers that sign the GPAI Code of Practice commit (Transparency Chapter, Measure 1.2) to furnish additional necessary information on a reasoned request within 14 calendar days, subject to IP and trade-secret protections.

Why it matters: This is the diligence instrument the Fable 5 event makes urgent. The Annex XII request is how you learn — on paper, and with a 14-day response window where your provider is a Code of Practice signatory — what you are actually depending on, what the licence permits, and how the provider handles disruption. Every enterprise wrapping a foundation model is a "downstream provider" with this right, and almost none have exercised it. Sending the request is the difference between documented, informed deployment and a vendor relationship you cannot evidence.

Source: EU AI Act — Article 53 · EU AI Act — Annex XII

GPAI models trained above roughly 10²⁵ FLOP are presumed to carry systemic risk under Article 51, triggering adversarial testing, risk assessment and mitigation, and serious-incident reporting to the AI Office. The frontier flagship models most enterprises build on are the ones most likely to fall in this tier — and they are the ones most exposed to government scrutiny, evaluation, and, as Mythos 5 demonstrated, restriction. The Mythos suspension is the systemic-risk-equals-supply-chain-risk thesis arriving early, via a different government, through a different legal door.

Why it matters: If your product depends on a frontier model, you are building on the most heavily scrutinised regulatory object in the field, on both sides of the Atlantic. Its enforcement exposure is your continuity risk. Know whether the model under your system sits in the systemic-risk tier, and have a fallback identified before you need it — Fable 5's users learned the cost of not having one in real time.

Watch: Any AI Office systemic-risk designations or "qualified alerts" after August 2 — these reshape which frontier models are safe long-term bets. Source: EU AI Act — Article 51 · European Commission — GPAI models Q&A

The General-Purpose AI Code of Practice is the Commission's recognised compliance route ahead of enforcement, across three chapters: transparency, copyright, and safety-and-security. Signatories include Amazon, Anthropic, Google, IBM, Microsoft, OpenAI, and Mistral; signature status is not uniform — xAI signed only the safety-and-security chapter, for instance. Signing is voluntary; the underlying Article 53 obligations apply regardless.

Why it matters: A provider's signature status, by chapter, is a diligence signal you can act on today — before any Annex XII request comes back, and independent of any government's export posture. It tells you which providers have committed to a transparency and safety regime the AI Office recognises. Combined with the Fable 5 lesson, the procurement question sharpens: not just "is this model good?" but "what is this provider's regulatory exposure, and what happens to me if it is acted on?"

Source: European Commission — Signatory Taskforce of the GPAI Code of Practice · code-of-practice.ai

Deep Dive

Fable 5 and Mythos 5 went from launch to worldwide blackout in 72 hours. The event is dramatic; the lesson is structural. Model access is now a regulatory variable, and the AI Act has handed European enterprises the tools to govern it.

For two years, the standard enterprise model of AI vendor risk has been the cloud model of vendor risk: outages, deprecations, price changes, lock-in. All of these are commercial events governed by commercial instruments — SLAs, exit clauses, multi-year contracts. The Fable 5 and Mythos 5 suspension introduced a different kind of event. A government, using national-security export-control authority, removed a commercial AI model from the market retroactively, four days after launch, and the practical reach of the order forced a worldwide shutoff. Not a degradation. Not a deprecation notice with a sunset window. A blackout, the same evening the directive arrived.

The trigger was a jailbreak that reportedly unlocked the offensive-cyber capabilities of Mythos, the model Fable 5 is built on, with claims a Chinese group had accessed it. Anthropic disputes the severity and is meeting the administration. But for the enterprise sitting downstream, the merits of that dispute are almost beside the point. What matters is that the model you were using disappeared on a timeline you did not control, for reasons you could not adjudicate, with no restoration date.

The reason this is a new risk class, and not just a vivid outage, is the absence of the instruments enterprises rely on. A vendor outage has an SLA: a committed availability figure, a remedy, a credit, a restoration target. A government directive has none of these. There is no service credit for a national-security order. There is no escalation path your account manager controls. There is no contractual time-to-restore, because the timeline belongs to a regulator and a diplomatic process, not a support queue.

This breaks the standard continuity playbook in a specific way. Most incident-response plans treat model access as a vendor-controlled variable and plan accordingly — failover regions, status-page monitoring, support escalation. None of that applies to a directive. The correct mental model is closer to a sanction or an export restriction on a physical input: a supply-chain dependency that a government can sever, where your only real protection is diversification and a pre-arranged alternative.

For European enterprises the structural reading is unavoidable. The frontier models embedded in European products are, overwhelmingly, American. The Fable 5 event demonstrated that those models can be switched off by the US government, and that the practical reach of such an order extends worldwide. The Centre for European Policy frames it bluntly: this is a geopolitical signal that Western AI remains under unilateral US control. The danger in over-reacting is just as real — the reflex flight to Chinese open models trades a transparent, contestable dependence for an opaque one with embedded censorship and uninspectable behaviour. Neither dependence nor panic is a strategy. Diligence and diversification are.

Three gaps, in ascending order of consequence.

First, access control that cannot segment by nationality. The directive demanded that foreign nationals — including those inside US companies — lose access. Almost no enterprise provisioning system can enforce that quickly, which is why a global shutoff was the only compliant move available to the provider. A future, narrower directive could leave parts of a service running while requiring nationality-based exclusion, and most organisations still could not comply. Access governance granular enough to segment by attribute, fast, is a control most programmes lack and have never tested.

Second, the missing continuity scenario. "Government-mandated model suspension" is almost never a named entry in a business continuity or incident-response plan. It needs to be: a distinct scenario, with an owner, an escalation path, a fallback model, and a communications plan for the moment a core capability vanishes. The organisations that had a fallback for Fable 5 swapped and kept moving. The ones that had single-sourced it spent the week explaining an outage they had no remedy for.

Third, the contract that never anticipated this. Most AI API agreements lack any provision addressing regulatory suspension — no notice requirement, no remedy, no statement of whether the scenario is even covered. The force majeure and government-directive clauses, where they exist, were written for a different world. Reviewing them is an hour of counsel's time now, or a frantic read during a live incident later. This is the precise move we recommended for cloud contracts in March, applied to models: know the clause before you need it.

Here is where the regulation stops being a cost and becomes the toolkit. The August 2 activation of GPAI enforcement is not just another deadline competing for attention — it is the framework that governs exactly the dependency that just failed. The AI Act gives European downstream deployers a statutory information right over their model providers (Article 53(1)(b) and Annex XII): the documentation must be made available. For providers that sign the GPAI Code of Practice, the transparency commitments add a concrete 14-calendar-day expectation for additional information necessary to your own compliance. That channel is how you document, in advance, what you depend on, what the licence permits, how the provider handles disruption, and whether the model sits in the systemic-risk tier most exposed to government action.

This is the constraint-as-advantage thesis with an unusually clean proof. A US buyer operating under a voluntary framework has no equivalent statutory leverage over its model vendor and learned about Fable 5 the same way everyone else did — when it stopped working. A European buyer has an enforceable question set and a response deadline. The diligence the AI Act mandates is precisely the diligence the Fable 5 event proves you need. The two are the same work.

Treat the suspension as a drill you were lucky to run on someone else's model. For each foundation model in production, do three things before August 2: send the Annex XII information request and file the answer; name a fallback model that could be substituted within a defined window; and have counsel read the government-directive and force majeure clauses in the API agreement. Then add "government-mandated model suspension" to the continuity register as a standing scenario with an owner. The artifact below gives you the request letter and the continuity addendum to do all of it this month.

Two reusable assets. Part A is the diligence request that documents what you depend on. Part B is the continuity insert that prepares you for the day it disappears.

Send to each foundation-model vendor on letterhead or via your vendor portal. Article 53(1)(b) and Annex XII require the documentation to be made available; for vendors that sign the GPAI Code of Practice, a 14-calendar-day response expectation (Transparency Chapter, Measure 1.2) begins when you send a reasoned additional-information request.

Subject: Article 53(1)(b) / Annex XII information request — [your model name/version]

We integrate [model name and version] into [our system/product], making us a downstream provider under the EU AI Act. Pursuant to Article 53(1)(b) and Annex XII, we request the following to understand the model's capabilities and limitations and to meet our own obligations. A direct link is sufficient where information is already published.

Please respond within 14 calendar days where you rely on the GPAI Code of Practice transparency commitments; otherwise, please provide the Article 53 / Annex XII documentation without undue delay. Where information is withheld (e.g., to protect IP or trade secrets), please state the basis.

Filing note: A complete Part A per model plus a populated Part B is your evidence of informed, resilient deployment. A non-response from a vendor is itself a finding — record the date and escalate to the continuity review.

The Story

Governance / Enterprise Risk

European Angle

Regulation

Before next Thursday, identify the single model in your stack whose disappearance tomorrow would hurt most — the one powering a revenue product or a safety-critical workflow — and write down two things next to it: its named fallback, and whether your contract with the provider says anything about government directives. Reply to this email with that model's name.

Why this, not the other twenty things you could do: The Deep Dive argued that model access is now a regulatory variable with no SLA. Fable 5's users found that out the hard way this week. The exercise takes thirty minutes and converts an abstract dependency into a named risk with a named answer — which is the difference between swapping a model in a day and explaining an outage for a week.

If you find there is no fallback and no clause: That is the finding, and it is the most valuable half-hour you will spend this quarter. Log it, and put the fallback on next sprint's board.

If you skip it: The next time a model in your stack is pulled — by export control, by a systemic-risk order, by a licence change — you will discover your exposure the way Fable 5's customers did: when your product stops working and there is no one to escalate to.

Until next Thursday, João

OnAbout.AI delivers strategic AI analysis to enterprise technology leaders. European governance lens. Vendor-agnostic. Actionable.

If this landed in your inbox from a forward — subscribe here to get the full picture every week.