Cresti’s core claim is simple: if you can’t explain where data goes and who can access it, you cannot credibly claim governance.

· Source: Pascal’s Substack · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Emerging Technologies & Innovation · Depth: Advanced, medium

Summary

The European Parliament recently disabled built-in AI features on official devices due to untraceable data processing, a move highlighted by Barbara Cresti as a signal that AI is now an embedded infrastructure layer, not just optional software. This decision underscores critical issues like data traceability, AI's shift to a governing layer in workflows, and digital sovereignty concerns related to data visibility, jurisdictional exposure, and dependency economics. The author, ChatGPT-5.2, agrees with the strategic diagnosis that AI is a "cognitive supply chain" requiring serious risk management, but qualifies Cresti's framing by noting the ban was specific to certain features and that disablement is a short-term control, not the sole solution. The analysis suggests a need for clearer threat models, addressing decision-shaping power, anticipating "shadow AI," and considering industrial policy and broader vendor concentration.

Key takeaway

For government leaders and IT directors evaluating AI integration, the European Parliament's device ban signals that opaque AI features pose a constitutional risk to institutional control and data sovereignty. You should implement a "traceability or disablement" policy for sensitive functions, classifying AI features by risk and procuring AI as critical infrastructure with clear audit rights and reversibility KPIs. This approach allows for modernizing with AI while preventing the silent outsourcing of democratic cognitive processes.

Key insights

AI's integration into devices necessitates robust traceability and control to maintain digital sovereignty and institutional competence.

Principles

Method

Institutions should assess AI features based on data traceability, legal regime, and exposure reduction capability, treating AI as a cognitive supply chain requiring risk management and contingency planning.

In practice

Topics

Best for: VP of Engineering/Data, Director of AI/ML, Executive, Policy Maker, CTO, AI Ethicist

Related on AIssential

Counsel's verdict on this

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Pascal’s Substack.