who signs off?

For the past year I have tried to get my head around digital sovereignty in the eu. The european debate about ai is about one important thing. Open or closed. The big companies' models, or the free ones you run yourself on your own machine, or on a local server somewhere. Should data be sent to the US, trained on and used for surveillance, or should it stay in europe, with worse infrastructure than the ai giants?

I think it is the wrong question. Or not wrong, but too small. The right question is not which model is best. It is what should govern what. That turns into three questions instead of one.

where is the data allowed to travel

I do not put my medical record in a stranger's mailbox. The same goes for sensitive information, about patients, clients, children. That should not be sent to computers somewhere in the world that I know nothing about. The harmless may travel if it contributes something. The sensitive may stay.

It is not technophobia. It is some kind of judgment. The more sensitive the content, the shorter the distance it gets to go. Everyday text can happily go to the big, fast services. The rest stays here. The content decides the route, not what the model is called.

who has the stamina to keep the defense running

When I was studying, a teacher showed how to get into the school's network. Not through anything advanced. Through a printer left open (the password still set from the factory? I do not remember every detail). It did not take many minutes.

Today it takes seconds. A machine can look for a thousand such doors at once, around the clock, without getting tired. Building a defense against that and keeping it current every day against new tricks is expensive and heavy. It is not a job for a lone enthusiast.

Here the big companies with billions behind them have a real head start. Not because the free option is worse. Because this particular kind of work demands muscle that costs money you do not have yourself. The cost decides who can manage the security.

who carries it when it went wrong

In the last thing I wrote I landed on the human being left to validate row 40001 and say yes or no. But there is a flip side I did not really develop. What I meant is that time and knowledge still have an obvious place in modern development.

Whoever switches on Auto mode also carries the responsibility when it goes wrong. The machine will not be held to account. It is a tool. When I redid the decking last time, and a small correction had to be made, I did not call the saw table and ask it to fix it, nor DeWalt for that matter. Responsibility runs upward and gathers with the individual who is left in the room when the code is generated and deployed. The one who approves.

Like a responsible publisher at a newspaper. She did not write the text. She answers for it anyway.

Responsibility without the power to say no is no safety. If the one who is supposed to approve does not have the time, or does not understand enough to be able to stop it, then her yes is just a signature. She carries everything and can affect nothing. That is the worst of it. Everyone knows it went wrong, and no one knows why until it is too late. Control is nothing without power. Control is someone to blame after the fact, power is making conscious decisions, and it is starting to become a hygiene factor.

what was the question, really

Not open or closed. It was never that.

The content decides where the data is allowed to travel. The cost decides who can keep the defense running. And a human being, with time and with the right to say no, decides whether the answer is true.

That human will be expensive. The one who has time, and understands. She should be able to read row 40001, and she should dare to sign off and explain why. It is not overhead. It is soon the whole job.