AI Policy Moves to the Infrastructure Layer: From Model Regulation to Access Control

A new phase is emerging in AI policy: the debate is no longer only about whether models are sufficiently safe, accurate, or ethical. Increasingly, the center of regulation and power is shifting to infrastructure—platforms, distribution channels, identity verification, integrations into business systems, and even what can be accessed at all in a given market.

The news of recent days makes this very clear. On one side, we see US decisions to restrict or suspend access to certain advanced models; on the other, pressure from the European Commission on major platforms to open access to competing AI services. At the same time, companies such as OpenAI, Google, Meta, and IBM are deploying AI not as a standalone product, but as a layer on top of existing communication, search, security, and workplace tools.

This points to one major shift: in the near future, winners in the AI market will be determined not only by model quality, but also by political and technical control over access points.

The New Regulatory Question Is Not Only What a Model Can Do, but Who Can Access It

For a long time, public discussion around AI regulation focused on familiar themes: misinformation, copyright, safety, and labor market impact. But recent developments show that governments and platforms are beginning to address a more fundamental question—who, when, and under what conditions is allowed to use advanced AI capabilities at all.

The US story around restrictions on access to an Anthropic model reveals that the most advanced models may be governed more like a strategic technology than an ordinary software service. This approach brings AI closer to the logic of export controls, national security, and licensed access.

At the same time, the EU decision requiring Meta to open WhatsApp to competitors’ AI chat systems reflects a different approach: the issue is no longer just the model itself, but the gateway through the user interface. If a platform controls billions of users, it can determine which AI providers are visible and which remain outside the market.

This contrast matters for Europe. The US places greater emphasis on strategic control and security exceptions, while the EU focuses on market openness and competition. But in both cases, policy is already acting on AI infrastructure, not just on abstract principles.

Platforms Are Becoming the Political Layer of AI Distribution

When Getty Images partners with OpenAI, when Google expands Gemini into cars, and when Meta deploys AI agents for business and across its social platforms, we see the same trend: AI is no longer sold only as a standalone model or API. It is taking root where the user, the data, and the daily workflow already are.

That is precisely why platform control is becoming a political issue. If one company controls the communication channel, the operating environment, the search surface, or the enterprise workspace, it can set not only technical standards but also economic terms for competitors. That kind of power naturally attracts regulatory scrutiny.

The EU’s actions toward Meta are significant here for more than competition reasons alone. They signal that a rule may be taking shape in Europe: if a platform becomes critical AI access infrastructure, it cannot remain fully closed. This could have long-term consequences for the design of the entire market—from messaging apps to cars, search, and enterprise software.

For Lithuanian and broader European businesses, this creates a practical need to assess not only a model’s performance, but also its distribution channel. If your business AI capability depends on a single closed platform, a regulatory or commercial shift could quickly change the cost of access, the available functionality, or even service continuity.

Identity Verification and Access Restrictions Are Becoming a New Policy Instrument

Another important signal is the rise of age-, identity-, or risk-based access checks in AI services. Reports that Claude may request ID verification in certain cases suggest that AI usage may increasingly resemble the model of regulated digital services.

At first glance, this looks like a security measure. But at the policy level, it is also a new control architecture. If an AI service provider or a government can link a user’s identity to model usage, that creates a very different level of accountability, access restriction, and auditability.

For businesses, this has two consequences. First, deploying AI tools in an organization may require stricter identity management, authorization, and activity logging processes. Second, it may complicate the use of some services in sensitive sectors, where privacy, data localization, and employee rights requirements are particularly strict in Europe.

This trend is also connected to policy in a broader sense: the more AI is treated as critical infrastructure, the more access to it may be differentiated by user type, country, intended use, or risk level.

What This Means for Europe’s Strategy

Europe has long been seen as a maker of rules, but not a leading supplier of frontier AI. Still, the current phase gives the EU new leverage: if access architecture, interoperability, competition, and accountability become the key issues, Europe can exert major influence even without controlling the largest number of the most powerful models.

This is especially visible where AI intersects with digital market regulation. If the EU continues to strengthen the principle that dominant platforms must open user access points to competitors, it could create a market where model providers compete not only through capital or compute power, but also through their ability to meet European interoperability and compliance requirements.

At the same time, Europe still faces a risk: if the most advanced models become increasingly restricted by geopolitical or national security criteria, regulatory power alone will not compensate for technological dependence. That is why the discussion about European AI sovereignty should include not only model development, but also alternative infrastructure for cloud, identity, data governance, and distribution.

• More attention will be needed for interoperability between AI systems across platforms.
• Pressure will grow to maintain clear chains of data and identity governance.
• Businesses will increasingly assess not only model quality, but also its regulatory accessibility in Europe.
• Public institutions will need to decide which AI integrations should be treated as critical infrastructure.

Practical Takeaways for Lithuanian Business and the Public Sector

For Lithuanian organizations, the key point is to understand that choosing an AI provider is becoming not just a technological decision, but also a political risk decision. If a service depends on a single provider’s platform, a single closed integration, or a model whose availability may change because of geopolitical decisions, a backup plan is essential.

In practice, this means several things. First, it is worth choosing architectures that allow you to switch model providers without rewriting the entire system. Second, it is essential to assess in advance whether AI capabilities in the organization will require additional identity verification, user activity audits, or data localization. Third, organizations should monitor not only the AI Act, but also regulation related to competition, platform openness, cybersecurity, and digital identity.

For the public sector, this direction is even more important. If AI is used in customer service, document analysis, or security processes, dependence on the gateways of foreign platforms can become both an operational and a sovereignty issue. Procurement and architectural decisions should therefore include a new criterion: not only functionality and price, but also access control risk.

In short, AI policy is entering a phase where what matters most is not only the intelligence of the model, but who controls the road to it. It is in this infrastructure layer that the real power of the AI market will be shaped in the coming years.