ENDASV · soonNO · soon

JOURNAL

Anthropic wants to let governments stop dangerous AI models. What it means for you as a leader

On 10 June 2026, Anthropic put forward two policy proposals. This is not about a new product. It is a signal of where regulation is heading, and why transparency, documentation and control of data become the norm.

10 June 2026·10 min read·claude · anthropic · ai regulation · policy on the ai exponential · ai governance · eu ai act · ai for b2b saas · claude news

On 10 June 2026, Anthropic put forward two policy proposals. The first is about governing the very strongest AI models and proposes that governments should be able to block or deter dangerous models, with fines tied to the company's global revenue. The second is about preparing the labour market and the economy for AI.

This is not a new product. It is a signal of where regulation is heading. And if you run a company in the Nordics, the point is not FLOPs (a measure of how much computing power was used to train a model) and fines. The point is that requirements for documentation, independent assessment and control of data become the norm. The companies that have this in place now will stand strongest.

Anthropic's proposal, Policy on the AI Exponential

Anthropic proposes that governments should be able to block or deter AI models that pose a serious risk of catastrophic harm, with penalties tied to the company's global revenue.
Anthropic, Policy on the AI Exponential (10 June 2026)

What Anthropic proposes

The proposal is called Policy on the AI Exponential and consists of two frameworks.

The first is the Advanced AI Framework. It calls for governments to have the legal authority to block or deter models that pose a serious risk of catastrophic harm. The penalties are proposed to be tied to global annual revenue and rise with repeated violations. Anthropic itself stresses that the power should be narrow and have built-in safeguards against misuse.

The second is the Economic Policy Framework. It is about preparing workers and the economy for AI's effect and about spreading the economic gains broadly.

The framework is written primarily for the US federal government. Anthropic argues against federal law overriding states' own laws, unless the federal law is at least as strong. It is worth remembering that the figures and claims in the proposal are Anthropic's own. They are not independently verified here.

Who the rules would apply to

This is important, and it is the reason you should not get nervous on your own company's behalf. The rules are proposed to apply only to models trained with more than 10^25 floating point operations (FLOPs), developed by companies with more than 500 million dollars in AI-related revenue or more than 1 billion dollars in AI research and development.

That is a handful of the world's largest AI labs. It is not you, and it is not your ordinary software vendors. You are the user at the other end, and that is exactly why the requirements on the big players are relevant to you: they determine how documented and thoroughly tested the AI you build on top of actually is.

The four risks the framework addresses

Anthropic points to four kinds of catastrophic risk.

Biological risk, that strong models without safeguards could make it easier to develop biological weapons. Cyber risk, that frontier models can now find critical vulnerabilities in software at scale, which protects critical infrastructure when used defensively, but raises the stakes. Loss of control, that it could become harder to govern systems that act outside their developers' control. And automated research and development, that AI starts to develop AI, which can amplify the other three risks.

As a concrete example, Anthropic mentions that Claude Mythos Preview this year found thousands of serious vulnerabilities, including in all major operating systems and browsers. That figure comes from Anthropic itself and is not independently verified here.

This is a tightening, and where I stand

Here is my opinion. The important thing here is not FLOPs, fines or US legislation. It is the direction. Anthropic has supported transparency laws before. What is new is that they now say themselves that transparency alone is no longer enough, and that governments should play a more active role. That is a tightening, not a repeat.

For you as a Nordic company it means that the requirements on the AI you use only go one way: more documentation, more independent assessment, more control of data and access. It also hits exactly what the EU AI Act already requires of you, including that your team must be AI literate. The company that builds this in now avoids having to fix it later. That is the kind of forward-looking setup I build for Nordic companies: not just getting Claude into operation, but getting it into operation in a way that can be documented and hold up to an audit.

The requirements on the big developers, and why they are your filter

Four requirements are worth knowing, because they become the standard your vendors are measured against.

Transparency. Test the models and publish the results. Release a safety framework, system cards and ongoing risk reports. Anthropic points out that parts of this are already legal requirements in California and New York. Independent assessment. At least one qualified independent evaluator should review tests and risk reports. Security. Model weights and training infrastructure are targets for cyberattacks, including from state actors, and the whole development environment must be secured against threats from outside and inside. And enforcement with teeth, where the government should be able to block dangerous models, but with concrete safeguards against power that is too broad.

On top of that, Anthropic proposes an agenda for societal resilience: screening of gene synthesis, early biosurveillance and hardening of the software that critical infrastructure runs on. For you the point is simple. These four requirements are a ready-made filter you can use when you choose an AI vendor. Do they publish their tests, safety framework and system cards? If yes, you are on solid ground. If no, that is a flag.

What it means for Nordic B2B SaaS

For a Nordic B2B SaaS team this is about vendor choice and about being able to sell on credibility. You build on top of a model you did not train yourself. So what determines your own risk is how documented and tested that model is.

Make it a fixed part of your due diligence: require a safety framework, system cards and independent evaluation from any AI vendor you let into the product or the operation. Write it into your own AI policy. When a customer or an auditor asks why you chose that particular model, you have an answer that holds. That is the kind of foundation I build for SaaS teams, so your AI choice stands strong the day it is tested.

What it means for telemarketing and sales teams

If you run Claude on your website as an agent or use it internally in sales, credibility becomes a selling point. Being able to say that your AI vendor meets high standards for security and transparency removes a brake for the customers who are unsure about AI.

Make it concrete. Have a short answer ready on which model you use and why you trust it. Put the vendor's safety framework somewhere a customer can see it. In a sales conversation where a buyer is nervous about AI, that is the difference between an objection that ends the conversation and one you can answer on the spot.

What it means for professional services firms

For a professional services firm this is backing for the governance work you should already be doing. The framework Anthropic proposes looks like what an auditor will ask for: documented tests, independent assessment, control of access and data.

Build it into your rollout now. Choose vendors that publish tests and system cards. Write model choice, data processing and access into your AI policy. It sounds like compliance, and it is, but above all it is how you protect a client relationship. A SOC 2, ISO 27001, ISO 42001 or GDPR audit will ask for exactly that documentation, and it is cheaper to have it ready than to produce it under pressure.

What it means for founders and scale-ups

For a founder the advice is simple: do not build on top of models where you do not know the security and testing level. Regulation on the way means the serious providers become clearer, and the unserious ones fall away. Choose the serious ones now, so you do not have to rebuild when the requirements arrive.

It costs nothing to choose right from the start. It costs a lot to move a whole product onto a new model in the middle of a growth phase because the first vendor could not document anything. Look at who already publishes a safety framework, system cards and independent evaluations, and build on them.

GDPR and security for European companies

This proposal is American and is about the largest model developers. It does not change your legal position in the EU. But the theme is the same as in a SOC 2, ISO 27001, ISO 42001 or GDPR audit: can you document that the AI you use is tested, governed and secured.

There are three concrete things you can do now. Ask your AI vendors for their safety framework and system cards. If they exist, you are well on your way. If they do not, that is a flag. Keep track of which data goes into your AI tools, and whether a data processing agreement is in place. That is still what an audit trips over first. And write into your own AI policy that you only use vendors that meet recognised standards for transparency and security. It is a small sentence that makes you easier to audit.

If you need EU data residency, Claude can be deployed through AWS Bedrock or Google Vertex AI in European regions. That is a choice you make deliberately from the start, not one you discover in an audit afterwards.

This proposal is a reminder of where all of this is heading. The company that wins is not the one that waits for the law. It is the one that can already document that its AI is chosen, tested and governed. That is exactly the work I do for Nordic companies: Claude put into operation in a way that can be documented and hold up to an audit. See more about internal Claude in your workflows, or write to me if you want your governance in order before the requirements arrive.

This work was produced in collaboration with AI. Overall: AI roughly 73 percent, Kim roughly 27 percent. Looking only at the production itself: AI roughly 88 percent, Kim roughly 12 percent. The human sets the direction, AI delivers the volume.

Division of the work between AI and Kim on this article
Division of the work: AI roughly 73 percent, Kim roughly 27 percent.

FAQ

Frequently asked questions

It is two policy proposals Anthropic put forward on 10 June 2026. The first, the Advanced AI Framework, proposes that governments should be able to block or deter dangerous AI models, with penalties tied to global revenue. The second, the Economic Policy Framework, is about preparing the labour market and the economy for AI. The figures and claims are Anthropic's own and are not independently verified.

No. The rules are proposed to apply only to models trained with more than 10^25 operations and developed by companies with very large AI revenue or research. That is a handful of the world's largest AI labs. You are the user at the other end, but the requirements determine how documented the AI you build on is.

Use Anthropic's four requirements as a filter when you choose a vendor: published tests, a safety framework, system cards and independent assessment. Keep track of data and data processing agreements, and write into your AI policy that you only use vendors that meet recognised standards. Consider EU data residency via AWS Bedrock or Google Vertex AI if you need it.

FLOPs stands for floating point operations, the number of calculation steps. In AI it is used as a measure of how much computing power went into training a model. The more FLOPs, the larger and more expensive the model usually is. The 10^25 FLOPs threshold in the proposal only catches the very largest models from the biggest labs, not the tools an ordinary company uses.

Get new essays by email.

Roughly twice a month. Same voice. No list rental, no retargeting.

Sign up for the Brinvik journal. Unsubscribe anytime. See our privacy policy.

Protected by Cloudflare Turnstile. No challenge, no CAPTCHA. Brinvik never shares your address.