Sovereign by Design: The Case for an Australian National AI Model on Australian Soil

TL;DR

• The risk that triggered this paper, a foreign government withdrawing Australian access to frontier AI by fiat, is not speculative: the US Bureau of Industry and Security's January 2025 "Framework for Artificial Intelligence Diffusion" already created export controls over AI model weights (new ECCN 4E091) and tiered the world's access to AI, and although that specific rule was rescinded in May 2025, the underlying trajectory of treating frontier AI as a strategic national asset is accelerating, not reversing.
• Australia today has world-class sovereign compute coming online (Pawsey, NCI, Firmus/Project Southgate) but no mature sovereign foundation model, the one flagship attempt, Kangaroo LLM, has stalled, leaving the nation a price-taker dependent on a handful of US labs whose access is revocable.
• Australia should build a sovereign national AI model hosted on Australian sovereign infrastructure, governed through a public-private-academic body modelled on proven national-capability precedents (NBN Co, the Australian Space Agency, ANSTO), and anchored to existing regulatory instruments (APRA CPS 230, the SOCI Act, the Privacy Act) that already make third-party AI dependency a board-level resilience problem.

Key Findings

1. US export-control trajectory is real and points one direction. The January 2025 AI Diffusion Rule placed Australia in the top trusted tier, but the very existence of a worldwide licensing regime over AI model weights, and the precedent of semiconductor controls against Huawei and SMIC, demonstrates that AI access is now a lever of US foreign policy. The replacement-rule promise and 2025 "knowledge"-based guidance keep the risk live.
2. Sovereign AI is now a mainstream G20 budget line. France (Mistral, ~€109bn in investment pledges), the UAE (Falcon/TII), India (IndiaAI Mission), Singapore (SEA-LION + National Multimodal LLM Programme) and others have moved from aspiration to funded national programmes. Australia is conspicuously behind regional peers.
3. Europe's "digital sovereignty" pivot has already produced operational decoupling, France's government-wide Windows-to-Linux directive, Schleswig-Holstein's Microsoft exit, and GAIA-X, driven explicitly by fear of the US CLOUD Act. The OS-sovereignty precedent maps directly onto AI-model sovereignty.
4. Australia's own regulatory architecture already frames the problem. APRA CPS 230, ASIC REP 798, the SOCI Act 2018 (as amended 2024), and the reformed Privacy Act 1988 collectively make concentrated, offshore, revocable AI dependency a compliance and director-duty risk, even though none was written with sovereign AI in mind.
5. The economic case is large and the value is leaking offshore. AI is already adding an estimated ~$21bn/year to Australian GDP with credible (if interested-party) pathways to as much as $142bn by 2030; without domestic capability, the value capture, IP and jobs accrue to foreign labs.

Details

1. The real US export-control trajectory for AI

The instrument. On 13 January 2025 (published 15 January, 90 Fed. Reg. 4,544), the US Department of Commerce's Bureau of Industry and Security (BIS) issued the "Framework for Artificial Intelligence Diffusion" as an Interim Final Rule, revising the Export Administration Regulations (EAR). For the first time it placed export controls not only on advanced computing integrated circuits (ECCNs 3A090/4A090) but on closed-weight AI model weights under a new classification, ECCN 4E091, and imposed a worldwide licensing requirement backed by an expanded Foreign Direct Product rule. (Sources: Federal Register; Mayer Brown; Covington & Burling; Gibson Dunn.)

The tiering, where Australia sat. The rule partitioned the world into three tiers. Tier 1 (18 allies plus the US, Australia, Belgium, Canada, Denmark, Finland, France, Germany, Ireland, Italy, Japan, the Netherlands, New Zealand, Norway, South Korea, Spain, Sweden, Taiwan, the UK), listed in Supplement No. 5 to Part 740, faced minimal restrictions and a new "License Exception Artificial Intelligence Authorization (AIA)." Tier 2 (most of the world) faced volume caps and licensing (Validated End-User pathways; "Universal" VEUs limited to shipping no more than 25% of total AI computing power outside Tier 1, and no more than 7% to any single Tier 2 country). Tier 3 (arms-embargoed Country Group D:5, China, Russia, etc.) faced an effective embargo. (Sources: CSIS; Brookings; RAND; Perkins Coie.)

The crucial nuance, and why the scenario is plausible, not paranoid. On 13 May 2025 BIS announced it would not enforce the AI Diffusion Rule and would rescind it, two days before its 15 May compliance date, promising a replacement rule. Pre-existing controls snapped back into effect. Simultaneously BIS issued three guidance documents (including the "AI Model Training Policy Statement" and General Prohibition 10 guidance) that confer "knowledge" on exporters and can themselves trigger licensing requirements. (Sources: WilmerHale; Akin Gump; Kirkland & Ellis.) The key point: the rescission was about regulatory burden and chip-sales diplomacy, not a retreat from the principle that the US can and will control AI diffusion. The capability to tier or cut off access, including for model weights, now exists in US regulatory architecture and enjoys bipartisan momentum.

Historical precedent, semiconductors. The AI controls are an explicit continuation of escalating chip controls (October 2022 → October 2023 → 2024) against China, Huawei and SMIC. The Foreign Direct Product rule, first weaponised against Huawei, was extended to reach AI frontier models globally. The lesson: a Tier-1 designation is a policy choice, revocable at the stroke of a pen, not a permanent entitlement.

AI as strategic national asset. Executive Order 14179 (23 January 2025), "Removing Barriers to American Leadership in Artificial Intelligence," revoked Biden's EO 14110 and directed that US policy is to "sustain and enhance America's global AI dominance." The ~$500bn Stargate venture (OpenAI/Oracle/SoftBank/MGX) was framed by the White House as providing "a strategic capability to protect the national security of America and its allies." The July 2025 "Winning the Race: America's AI Action Plan" stated "high quality data has become a national strategic asset" and called to "Build, Baby, Build!" A December 2025 EO ("Ensuring a National Policy Framework for Artificial Intelligence") sought to override state AI laws to preserve "One Rulebook," with the President stating the US is "in a race with adversaries for supremacy." The direction of travel is unambiguous: the US treats frontier AI as an instrument of national power.

2. International AI sovereignty movements

France / Mistral, the closest analogue. Mistral AI (founded 2023) is France's designated national champion, backed by sovereign investor Bpifrance and the European Investment Bank. President Macron announced ~€109bn (~US$113bn) in mostly private AI investment pledges on 9 February 2025 (in a France 2 television interview) ahead of the Paris AI Action Summit (10–11 February 2025), led by the UAE's €50bn 1-GW campus commitment and Brookfield's €20bn. Macron explicitly framed it as France's Stargate equivalent: "it's exactly the equivalent for France of what the United States announced with Stargate, $500 billion, it's the same ratio." (Sources: TechCrunch; Bloomberg; CSIS.) In January 2026 France's Ministry of the Armed Forces awarded Mistral a framework agreement (notified 16 December 2025, signed 8 January 2026) to deploy its models across the defence ecosystem, hosted on French infrastructure overseen by AMIAD; ~10,000 public agents already use Mistral inter-ministerially. Mistral's open-weights, SecNumCloud-anchored model (via OVHcloud and Scaleway) is explicitly designed to escape the US CLOUD Act. (Sources: Reuters; Raconteur; Sovereign Magazine.)

UAE / Falcon (TII). Abu Dhabi's Technology Innovation Institute released Falcon 40B (open-sourced May 2023), and by 2026 a hybrid Transformer-Mamba family (Falcon-H1, Falcon-H1 Arabic, Falcon H1R 7B, Falcon Perception) with 55M+ downloads, explicitly framed as building "sovereign AI capabilities" and retaining IP locally under the Advanced Technology Research Council. (Sources: TII; Computer Weekly.)

India. The Cabinet approved the IndiaAI Mission on 7 March 2024 with a budget outlay of ₹10,371.92 crore (~US$1.2bn) over five years (Press Information Bureau); the initial 10,000-GPU target has since expanded to ~38,000 GPUs. BharatGen (IIT Bombay) and Sarvam AI are flagship model efforts.

Others. Singapore's National Multimodal LLM Programme, a two-year, S$70 million (~US$52 million) initiative funded by the National Research Foundation, launched 4 December 2023 by IMDA with AI Singapore and A*STAR, building on the SEA-LION model family. Japan's LLM-jp; Canada's backing of Cohere (C$240m) and the transatlantic Cohere/Aleph Alpha entity; the EU's AI Gigafactories initiative (~€20bn) and EuroStack framework.

China as contrast. Locked into Tier 3, China pursued indigenous models (DeepSeek, Ernie Bot) under its own Export Control Law (2020), a demonstration that exclusion accelerates, rather than prevents, sovereign capability, and that bifurcation of the global AI ecosystem is already underway.

The EU AI Act's sovereignty dimension. The AI Act (Regulation (EU) 2024/1689, in force 1 August 2024; GPAI obligations applicable 2 August 2025; full application 2 August 2026) regulates general-purpose AI models, with systemic-risk obligations for models trained above 10²⁵ FLOP. Academic analysis ("EU AI sovereignty: for whom, to what end?", Journal of European Public Policy, 2024) finds EU AI policy "prioritises jurisdictional independence over citizens sovereignty" and "embraces a global AI race logic." A June 2026 Commission "tech sovereignty package" continues the theme.

3. Europe's move away from US tech, the OS-sovereignty precedent

The two source articles requested (PCMag on France's Linux pivot; ZDNet on Schleswig-Holstein) were inaccessible at the time of writing, but the underlying events are corroborated by multiple independent sources:

France. On 8 April 2026, France's Interministerial Directorate for Digital Affairs (DINUM) ordered every ministry to draw up plans by autumn 2026 to migrate ~2.5 million civil-servant workstations from Windows to Linux and eliminate US-tech dependencies across seven domains (OS, collaboration, cybersecurity, AI, databases, virtualisation, networking). It builds on the Gendarmerie Nationale's "GendBuntu" (Linux on ~100,000+ workstations since 2008, saving ~€2m/year, 40% lower total cost of ownership). Public accounts minister David Amiel: "The state can no longer accept that our data, our infrastructure, and our strategic decisions depend on solutions whose rules, pricing, and risks we do not control." The explicit trigger is the US CLOUD Act, which Microsoft conceded before the French Senate it could not guarantee would never reach data stored in France. (Sources: The Next Web; TechHQ; IBTimes; Morocco World News.)

Schleswig-Holstein. Germany's northernmost state is migrating ~30,000 PCs from Windows/Microsoft Office to Linux/LibreOffice, ~80% complete by early 2026, saving an estimated €15m/year in licence costs, with a one-time €9m investment in 2026. Minister for Digital Transformation Dirk Schrödter framed it as escaping "monopolistic structures and high licensing fees" and ensuring "data security of its citizens and businesses." (Sources: The Document Foundation; Cybernews; The Register; It's FOSS.)

GAIA-X and the broader movement. GAIA-X (launched 2019 by France and Germany) aims to build a federated sovereign-cloud framework against the ~70% European market share held by AWS, Azure and Google Cloud. Its mixed record (Scaleway's 2021 exit; "chronicle of a failure foretold" critiques) is itself instructive: sovereignty initiatives fail when they co-opt the incumbents they aim to displace. Denmark's Ministry of Digital Affairs and Switzerland's data-protection authority have made parallel moves. The throughline, across OS, cloud and now AI, is the CLOUD Act and the recognition that infrastructure under foreign jurisdiction is revocable.

4. Australia's current AI and digital sovereignty position

Policy evolution. Australia's AI Action Plan (June 2021) committed $124.1m, including $53.8m to create the National AI Centre (NAIC) and capability centres. This was superseded by the National AI Plan (released 2 December 2025 by DISR), which adopts a "light-touch," existing-law approach rather than EU-style mandatory guardrails. Critically, the Plan: (a) explicitly targets sovereign compute capability and positions Australia as a data-centre hub; (b) commits $29.9m to establish an Australian AI Safety Institute (announced 25 November 2025, operational early 2026, joining the International Network of AI Safety Institutes); (c) launches GovAI, a centralised Australian-based AI hosting platform for the public service; and (d) emphasises Indigenous Data Sovereignty. (Sources: DISR; MinterEllison; IAPP; CRN.) Ministers Senator Tim Ayres (Industry & Innovation; Science) and Dr Andrew Charlton (Assistant Minister) lead the agenda; Ayres framed it as "making sure technology serves Australians, not the other way around."

Compute is advancing faster than models. Australia has two Tier-1 HPC facilities, Pawsey (Perth; "Setonix," ~50 petaflops, 750+ AMD GPUs, adding NVIDIA GH200 superchips) and NCI (Canberra; "Gadi"), together delivering 80+ petaflops and described as "secure, sovereign capability." Private sovereign-AI infrastructure is scaling rapidly: Firmus/Project Southgate (with NVIDIA and CDC Data Centres) plans renewable-powered "AI Factories", a first-stage A$4.5bn rising to a A$73.3bn / 1.6 GW plan by 2028, with 36,000 NVIDIA GB300 GPUs slated for Tasmania. Yet a November 2025 Pawsey/HPCwire release notes Japan's Fugaku has ~7× Australia's capacity and Singapore is doubling its national resources.

The gap: no sovereign model. Despite this compute, Australia has no mature sovereign foundation model. The flagship open-source attempt, Kangaroo LLM (consortium led by Katonic AI with RackCorp, NEXTDC, Hitachi Vantara and HPE, announced August 2024), remained stalled in the data-collection phase through 2025 with no released weights or benchmarks. CSIRO's Data61 publishes influential applied LLM research but is "not focused on foundational model development." CSIRO's Director of Digital, Elanor Huntington, has argued "AI foundation models might be Australia's best chance of reversing the productivity slump." This model gap is itself the strongest argument for the paper's thesis. (Counterpoint for balance: Telstra CEO Vicki Brady has argued "I don't think Australia needs to be investing in things like building Large Language Models, I do think that's a global game.")

Strategic context. The SOCI regime, ASD's Essential Eight, the Critical Technology work, and Defence/ASD signals all establish that Australia treats critical-technology dependency as a national-security matter, but AI models are not yet explicitly inside that perimeter.

5. Australian regulatory anchors

• APRA CPS 230 (Operational Risk Management), effective 1 July 2025 (existing contracts from 1 July 2026), consolidates CPS 231/232. It requires APRA-regulated entities to maintain critical operations within board-approved tolerances through severe disruptions, to manage material service providers (MSPs) and even fourth-party dependencies, to maintain an MSP register, and to test against "severe but plausible scenarios." A frontier-AI provider that could be cut off by foreign export control is, on its face, a material-service-provider concentration and continuity risk under CPS 230.
• ASIC REP 798 ("Beware the gap," media release 24-238MR, 29 October 2024) reviewed 624 AI use cases across 23 licensees and warned that AI adoption is outpacing governance. Chair Joe Longo noted "the volume of AI use is accelerating rapidly, with around 60% of licensees intending to ramp up AI usage." Critically for the sovereignty argument, "30 per cent of all use cases in the review had models developed by third parties [and] most licensees relied on third parties for at least 50 per cent of their models." ASIC stressed the regime is technology-neutral: licensees must provide services "efficiently, honestly and fairly," and directors must discharge their duties with care and diligence regarding AI, including third-party model risk.
• Corporations Act 2001 (Cth) s 180, directors' duty of care and diligence, read with REP 798, implies boards must consider critical-technology dependency and continuity.
• Security of Critical Infrastructure Act 2018 (Cth), as amended by the Enhanced Response and Prevention Act 2024 (Royal Assent 29 November 2024; most provisions from 20 December 2024; data-storage provisions from 30 May 2025), introduced a new s 9(7) bringing data storage systems holding business-critical data within the definition of a critical infrastructure asset, extended government powers to an "all-hazards" basis, and added a directions power for deficient risk-management programs. Over 220 assets have System of National Significance declarations. AI infrastructure increasingly falls within this perimeter.
• Privacy Act 1988 (Cth), reformed by the Privacy and Other Legislation Amendment Act 2024 (Royal Assent 10 December 2024), introduced a statutory tort for serious invasions of privacy, automated-decision-making transparency requirements (24-month grace to December 2026), an overseas-disclosure "whitelist" mechanism, and uplifted OAIC penalties, directly relevant to where, and under whose jurisdiction, AI processing of Australians' data occurs. A contentious "Tranche 2" remains pending.
• AICD guidance on technology and cyber governance reinforces that boards bear non-delegable accountability for technology resilience.

6. Economic case / industrial strategy

• Macro value. Per the 2025 "Australia's AI Opportunities" report (commissioned and funded by OpenAI, in partnership with the Tech Council of Australia and bodies including the Business Council of Australia and the Australian Computer Society): "AI is already adding an estimated $21 billion a year to Australia's economy through productivity improvements" and "AI could add up to $142 billion annually to Australia's GDP by 2030" (decomposed as ~$112bn from adoption, $18bn from a sovereign AI industry, and $11bn from exports). A separate July 2023 Microsoft/Tech Council report ("Australia's Generative AI Opportunity") put the figure at up to $115bn. CSIRO/Data61 (AlphaBeta) earlier estimated digital tech worth $315bn to the economy by 2028; the Productivity Commission flagged a $100bn-plus potential boost. The Australian Academy of Technological Sciences and Engineering warned (November 2025) Australia could miss a ~$150bn boost without investment "including sovereign modelling." (All are interested-party projections, see Caveats.)
• Value leakage. Without domestic capability, the economic surplus, IP, and high-value jobs from AI accrue offshore to a small number of US labs, the inverse of an industrial strategy.
• Digital-infrastructure opportunity. The Deloitte Access Economics report "Digital infrastructure for the AI age: Australia's opportunity to lead the Asia Pacific" (released 25 March 2026) estimates becoming a regional digital-infrastructure hub is worth up to $134bn in additional GDP over 25 years and ~14,300 additional jobs per year, but requires ~A$52bn in digital-infrastructure investment by 2030 (doubling data-centre capacity from ~3.3GW to 6.4GW). Lead author John O'Mahony called it "a sliding doors moment for Australia," warning the window is roughly two years.
• Precedents for government-backed national capability. Australia has repeatedly built national capability through government-backed vehicles: NBN Co (est. 2009, a Government Business Enterprise wholly owned by the Commonwealth; initial envelope ~$43bn growing to ~$51bn, "the most expensive single infrastructure project in Australia's history"); the Australian Space Agency (est. 1 July 2018, $41m seed funding, headquartered at Lot Fourteen, Adelaide, with a goal to triple the sector to $12bn and create 20,000 jobs by 2030); ANSTO (Lucas Heights; ~$1.3bn of science infrastructure; explicitly describes nuclear-medicine manufacturing as a "sovereign capability"); Snowy 2.0 (government-owned Snowy Hydro; cost reset to $12bn in 2023); and CSIRO (~$1.7bn annual budget). These show Australia knows how to stand up sovereign national-capability programmes, the question is political will, not capacity.

7. Academic / theoretical grounding

• Digital/technological sovereignty. The canonical reference is Pohle & Thiel (2020), "Digital Sovereignty," Internet Policy Review 9(4), which argues digital sovereignty is "a discursive practice in politics and policy rather than the legal and organisational concept that it is traditionally conceived of," and is "often used as a shorthand for an ordered, value-driven, regulated and therefore reasonable and secure digital sphere." Couture & Toupin (2019) categorise five discourses of digital sovereignty (cyberspace, state, Indigenous, social-movement, personal). Hummel et al. (2021) define data sovereignty around "meaningful control, ownership, and other claims to data or data infrastructures." Recent work (Couture, Toupin & Mayoral Baños 2024; Pohle 2024, Policy & Internet) extends to civil-society and Indigenous claims, directly relevant to Australia's Indigenous Data Sovereignty commitments.
• AI nationalism. Ian Hogarth's 2018 essay "AI Nationalism" is the origin point; the AI Now Institute's "AI Nationalism(s)" collection and recent IR scholarship (Cogitatio, Politics and Governance 2025) theorise sovereign AI as a new phase of state-building augmenting "coercive, extractive, delivery, and informational" capacities.
• Networked autonomy / interdependence. A key counter-frame (arXiv 2511.15734, drawing on Keohane & Nye's complex interdependence) argues no nation can achieve full AI autonomy given globally interconnected value chains; "sovereign AI reflects a networked autonomy not isolation." This tempers the thesis: the goal is a credible fallback and jurisdictional control, not autarky.
• Critical-infrastructure / platform theory. Emerging literature frames compute as critical infrastructure (RAISE Summit; Tony Blair Institute, "Sovereignty, Security, Scale: A UK Strategy for AI Infrastructure"), arguing states need "some level of domestic compute capacity to ensure resilience for mission-critical areas, such as health care or national security."

8. Governance architecture for a sovereign AI

International models converge on a public-private-academic vehicle with state anchor investment and an independent assurance function: France (Bpifrance + Mistral + AMIAD oversight + SecNumCloud certification), the UAE (TII under the Advanced Technology Research Council), India (IndiaAI Mission + IIT anchors). Australia has directly transferable precedents, NBN Co (GBE structure), the Space Agency (Lot Fourteen cluster model), CSIRO and Pawsey (public research consortium). A credible architecture would:

1. Establish a sovereign-AI entity (GBE or statutory-authority model) with anchor public investment and private/academic co-investment.
2. Host on certified Australian sovereign infrastructure (Pawsey/NCI for training; Firmus/CDC/NEXTDC for scale), explicitly outside CLOUD Act jurisdiction.
3. Build on open-weights to avoid the vendor lock-in the paper warns against, enabling redundancy and independent assurance.
4. Route assurance through the new Australian AI Safety Institute and align with the NAIC's "AI6" Guidance for AI Adoption (October 2025, replacing the Voluntary AI Safety Standard) and Australia's AI Ethics Framework (DISR 2019).
5. Prioritise sovereign-relevant data and use cases (medical, defence, bushfire/flood/Reef, Indigenous-language and -culture) where data cannot or should not leave the jurisdiction.

Recommendations

Stage 1 (0–12 months): De-risk and decide.

• Government (DISR + Home Affairs + Treasury) should commission a sovereign-AI capability assessment that explicitly tests the "access-withdrawal" scenario against CPS 230 and SOCI obligations, and decide whether a sovereign model is in scope of critical-technology policy. Trigger to escalate: any US replacement rule that re-tiers model-weight access, or any allied precedent of access withdrawal.
• APRA and ASIC should issue guidance clarifying that concentrated, offshore, export-control-exposed frontier-AI dependency is a material-service-provider and director-duty risk.

Stage 2 (12–36 months): Build the vehicle.

• Stand up a sovereign-AI entity on a GBE/statutory-authority model with anchor public investment. Benchmark against the Space Agency's $41m seed and the National Reconstruction Fund's $1bn critical-technologies allocation, though a credible frontier effort needs substantially more, at least at the scale of Singapore's funded ~S$70m National Multimodal LLM Programme and well beyond for frontier-class training.
• Mandate hosting on certified Australian sovereign infrastructure; adopt an open-weights strategy; route assurance through the AI Safety Institute.
• Benchmark to change course: if independent assurance shows the sovereign model cannot reach within ~1 generation of frontier capability for the prioritised sovereign use cases, pivot from a general frontier model to targeted domain models plus guaranteed-access procurement.

Stage 3 (36+ months): Operate and iterate.

• Use government procurement as a demand lever (the French model of mandating European/sovereign hosting in public tenders).
• Measure value capture (IP, jobs, GDP contribution retained domestically) against the offshore-leakage baseline.

Caveats

• The triggering scenario ("Fable 5" / "Mythos 5") is illustrative, not real. No such Anthropic models or June 2026 directive exist; they are a plausible dramatisation of a genuine, well-evidenced risk trajectory, and the paper must present them as such.
• The AI Diffusion Rule was rescinded. Any claim that the US currently controls AI model-weight exports to allies would be inaccurate; the accurate claim is that the US built and briefly imposed such a regime, retains the architecture and "knowledge"-based guidance, and has promised a replacement.
• Autarky is not the goal. The interdependence literature rightly warns that full AI self-sufficiency is neither achievable nor desirable; the defensible objective is jurisdictional control, a credible fallback, and value capture, "networked autonomy."
• Forward-looking figures are projections from interested parties. The GDP-contribution estimates ($142bn and $115bn from OpenAI- and Microsoft-commissioned reports respectively; $134bn from Deloitte; $150bn from ATSE), Firmus's $73.3bn plan, and data-centre-capacity forecasts are modelled projections and should be cited as such, with the commissioning party named.
• The "$1 billion" nuance. Australia's $1bn "critical technologies" figure is the allocation within the $15bn National Reconstruction Fund (announced 2022) for AI, quantum and robotics collectively, not an AI-model-specific fund. Cite it precisely.
• Source-quality flags. Government/agency primary sources (Federal Register, APRA, ASIC, DISR, CISC, OAIC, NVIDIA Newsroom, HPCwire/Pawsey) and major law-firm analyses are strong. The two requested URLs (PCMag, ZDNet) were inaccessible and were substituted with corroborating reporting. Some sovereign-AI funding/valuation figures (Firmus, Mistral) come from financial press and vendor announcements and warrant independent verification before publication. Grokipedia/blog syntheses were used only to corroborate figures also found in primary sources.