Opinion and analysis. When a new frontier model ships, the first question used to be whether it was any good. Increasingly, the first practical question is whether you are allowed to use it at all. The answer now depends less on your budget or your use case and more on your postcode — specifically, on which regulator governs the market you happen to sit in.
The clearest recent illustration is Grok 4.5. The model from xAI (now operating as SpaceXAI) shipped worldwide in early July 2026 — default in its own apps, live in Cursor, and piped through developer gateways — everywhere except the European Union. German tech outlet heise reported that, “presumably due to legal requirements, the release for the EU region is postponed to mid-July.” A launch that was global by default carved out 450 million people because of the rulebook that governs them. That gap, not the model’s benchmark scores, is the story worth arguing about.
What happened
The facts first, because the opinion has to rest on them. Grok 4.5 was released across most markets in the first week of July 2026, with EU availability pushed to mid-month while the company completed what reporting described as a regulatory-compliance review. Neither xAI nor the outlets covering it pinned the delay to a single named statute — heise hedged with “legal requirements” — so treat any tidier explanation, including mine, as inference rather than confirmed fact.
The inference is not a stretch, though, because of the calendar. The EU AI Act’s obligations for general-purpose AI (GPAI) models began applying on 2 August 2025, and — critically — the European Commission’s power to enforce them, including fines, switches on from 2 August 2026. Models trained above a compute threshold (the Act uses 1025 FLOPs as a marker of “systemic risk”) face the heaviest obligations: model evaluations, adversarial testing, incident reporting and cybersecurity assessments, all documented for review. A frontier model launching weeks before that enforcement switch flips has an obvious incentive to have its conformity paperwork in order before it opens the doors in Brussels. As law firm Mayer Brown noted when the GPAI rules first took effect, providers now operate inside a formal compliance regime, not a voluntary one.
Read that way, the Grok delay is not a glitch. It is the system working as designed: a high-capability model waiting on documentation before it is legally offered to EU users.

Access by jurisdiction
Here is the part I think the industry has been slow to say out loud: the same model is now routinely available in one market and absent in another, and that is becoming normal rather than exceptional. Grok is only the latest case.
In July 2024, Meta said it would withhold future multimodal Llama models from the EU, citing — in its own words — “the unpredictable nature of the European regulatory environment.” Euronews reported the friction was less about the then-unfinished AI Act than about how Meta could train on European data under GDPR. Apple has run the same play on the competition side: it delayed Apple Intelligence in Europe in 2024 citing the Digital Markets Act, and by mid-2026 confirmed it still could not ship its Siri AI in the EU alongside iOS 27, blaming DMA interoperability demands. (The Commission’s retort, worth noting for balance, was that the DMA does not stop anyone launching — Apple simply chose not to.)
Three companies, three different regulations — the AI Act, GDPR, the DMA — and the same outcome: European users at the back of the queue, or off it entirely. When the pattern repeats across unrelated firms and different rules, it stops being a story about any one company’s compliance appetite and becomes a story about the map. And the map has a knock-on effect: developers in gated markets do not wait patiently. They route around the gap — to whatever model is available locally, to a VPN, or to a competitor. Regulation intended to protect a market can quietly hand share to whoever shows up first within it.

The trade-off
None of this makes the EU wrong, and I want to be precise about that, because the easy version of this column is a libertarian shrug at Brussels. The AI Act’s systemic-risk obligations — evaluation, red-teaming, incident reporting — are not busywork. They are roughly the things safety researchers have been begging frontier labs to do voluntarily for years. If the price of a model that has been adversarially tested and documented is a two-week wait, that is a trade many Europeans would take gladly, and reasonably.
The honest framing is that this is a genuine trade-off, not a villain story. On one side: safety, accountability, and a paper trail when something goes wrong. On the other: speed, access, and the compounding advantage of builders who get their hands on the newest tools first. Both sides are real, and pretending otherwise — in either direction — is how you get bad policy.
What deserves more scrutiny is the second-order cost: fragmentation. Every jurisdiction that sets its own conformity bar splits the global market a little further, and compliance is not free. Large labs can staff a Brussels-ready legal and evaluation function and absorb the delay. A smaller startup often cannot, which means the rules written to constrain the biggest players can, in practice, entrench them — because only they can afford the cost of entry. Who bears the compliance burden matters as much as how high it is set.
There is a subtler cost too, one that rarely makes the headlines: the erosion of a single global product. For a decade, software’s core promise was that the same app behaved the same way everywhere. AI is now quietly unwinding that. A model that is present in one market and absent in another is not just a rollout inconvenience; it is a fork in what “the product” even means, with different capabilities, different launch dates and different liability regimes stacking up region by region. That divergence compounds, and it is the users and builders in the slower markets who pay the interest.
The India read
For India, this is not an abstract European drama; it is a live design choice. On 5 November 2025, MeitY unveiled the India AI Governance Guidelines under the IndiaAI Mission — and, tellingly, chose a “light-touch,” soft-law route that leans on existing statutes such as the Digital Personal Data Protection Act rather than a standalone AI law on the EU model. It is a deliberate bet that innovation-friendly guidance keeps India on the early-access side of the map.
I think that instinct is broadly right for where India is in its AI build-out — but it is not free of risk, and the guidelines themselves gesture at the tension by standing up an AI Safety Institute for testing and standards. Go too light and India imports models tested to no one’s particular standard; go too heavy, too fast, and it re-creates the very access gap now frustrating European developers. The sweet spot is a governance posture credible enough that global labs treat India as a launch market, not an afterthought, without becoming so onerous that they treat it like the EU.
The broader lesson for founders and operators, wherever they sit, is to stop assuming model access is universal and permanent. Build for a world where the frontier arrives on different dates in different places — where your EU entity may be a release behind your US one, and where “which model can we legally use here” is a procurement question, not a technical footnote. Regulation now decides who gets the model. The only real choice left is whether you plan for that reality or get caught flat-footed by it.
