Europe has an AI law, but companies still hold the keys to the models
A Brussels regulatory chamber facing two sealed model vault doors, one slightly open with a blue review light and one still locked behind frosted glass.📷 AI-generated image / TECH&SPACE
- ★OpenAI reportedly offered the EU Commission access to GPT-5.5 Cyber for security review.
- ★Anthropic remained more cautious after several meetings over Mythos access.
- ★The AI Act provides the legal frame, but practical oversight still depends on technical doors held by companies.
The EU can have a law, an office and political will, but oversight of advanced models starts with a more basic question: will the regulator get access? The Decoder reports that OpenAI offered the Commission direct review access to GPT-5.5 Cyber, while Anthropic has been more cautious after several Mythos meetings.
That is an uncomfortable lesson for Brussels. The AI Act creates the legal frame, but the frame does not run an evaluation by itself. There has to be a technical channel, expertise, confidentiality rules and enough trust for a model to be examined before its risks become public damage.
OpenAI is offering review access, Anthropic is moving slower, and Brussels is learning how much oversight still depends on company cooperation.
A close audit table with model-access keys, confidentiality folders, and a regulator's checklist beside two abstract AI server cubes.📷 AI-generated image / TECH&SPACE
That is why the EU AI Office matters. Its job is not only to issue guidance but to turn law into capacity: who can test, what data can be seen, what happens when a company says access is not possible, and where cooperation ends and oversight begins.
The public consequence is simple. If access depends on company goodwill, the regulator is strongest when the strongest actors decide to open the door. If the EU wants the AI Act to be more than paper, it needs an audit process that is not a diplomatic favor but a normal part of the game.
