On July 1, 2026, the United States declined to renew CUSMA, leaving the agreement in force but subject to annual review until 2036, a state the Expert Group on Canada-U.S. Relations calls a zombie treaty. The same day, Anthropic began restoring global access to Claude Fable 5, nineteen days after the U.S. Commerce Department ordered it switched off for every foreign national on earth, including Anthropic’s own non-citizen employees.
One is trade law, the other export control. Access to the most capable American models is now a revocable privilege, and the treaty that governs Canada’s digital relationship with the United States contains no language about it at all.
The Treaty Covers Data Flows From a World That No Longer Exists
CUSMA does have a technology chapter. Chapter 19, the digital trade chapter, was state of the art when it was drafted in 2018. It guarantees the free flow of data across borders, prohibits data localization requirements, bars governments from demanding source code or algorithms as a condition of market access, prohibits customs duties on digital products, and requires non-discriminatory treatment of digital goods and services.
Every provision was written to protect American platform companies operating in Canada and Mexico. The data localization prohibition prevents Canada from requiring that sensitive data stay on Canadian soil. The source code protections shield exactly the systems a regulator might want to inspect. The chapter is a sovereignty constraint dressed as a trade facilitation, and it now operates on a technology landscape its drafters could not have imagined.
Chapter 19 says nothing about artificial intelligence. No provisions on model weights. Nothing on training data, compute, inference jurisdiction, model access, or export controls applied to AI systems. The words do not appear. The most consequential technology of the decade is governed, by omission, through a chapter that predates it.
An Annual Negotiation With an Empty Chair Where AI Should Sit
Under a sixteen-year extension, that vacuum would have sat frozen until 2042. Awkward, but stable. The zombie state does something different: it converts the vacuum into an annual negotiating space where the definitions get written under pressure, by the party with leverage.
The 2026 U.S. National Trade Estimate report added four new digital economy complaints against Canada that were absent in 2025, naming the Sovereign Cloud Initiative, Quebec’s Bill 109, and CARM customs data. Trade lawyers reading Ambassador Greer’s statements conclude that Washington intends to use the annual review architecture to manufacture recurring leverage. Every Canadian move toward jurisdictional control over data or AI infrastructure now carries a trade-retaliation cost that renews every twelve months.
Two failure modes follow. If nothing is renegotiated, the wrong provisions govern AI by default, and they cut against Canadian sovereignty measures through obsolete language about data flows. If AI language does get written into the agreement, it gets written in a yearly cycle where Canada’s negotiating posture has already been publicly described as an irritant. Canada wanted the extension precisely because both alternatives are worse. Washington removed it.
Nineteen Days That Defined the Product Category
On June 9, Anthropic launched Claude Fable 5 publicly and Claude Mythos 5 to vetted partners. On June 12, three days later, Commerce issued an export control directive suspending access for any foreign national, anywhere, on the basis of a jailbreak report that Anthropic disputes as narrow and replicable on other publicly available models. Because nationality cannot be verified in real time across global cloud infrastructure, Anthropic shut both models off for everyone. Enterprise customers on AWS, Google Cloud, and Microsoft Foundry lost access overnight, with no warning, no recourse, and no restoration timeline.
Access came back on June 30 after weeks of private negotiation, with new classifiers, new government collaboration on testing and threat sharing, and a tiered structure: Fable 5 restored globally, Mythos 5 restored only to approved American organizations through the Glasswing program, with international expansion to follow at Washington’s discretion.
Frontier model access is not a product relationship. It is a licence that a foreign government can revoke in an afternoon, for reasons it is not required to disclose in detail, through a process with no statutory transparency, over the objection of the vendor itself. Anthropic disagreed with the order and complied anyway, because it had to. Every SLA, every procurement contract, every ministerial assurance about continuity of service sits downstream of that fact.
The restoration was asymmetric. The most capable tier now flows to approved U.S. organizations first. Foreign access, including Canadian access, resumes when and if the U.S. government permits. Canada had been among the countries receiving early access to these models before the suspension. That early access evaporated with everyone else’s. Preferred-partner status conferred exactly zero protection when the directive landed.
Open to Reopen, Never to Settle
The articles can be amended at any time; the parties need only agree. What the current administration has refused is not amendment but closure. Its revealed preference, visible in both the declined extension and the June 2 executive order on AI, is to keep its options open rather than settle them: a trade agreement it can reopen every year, and a security authority it can exercise at discretion without codifying when. The executive order is explicit about this. It directs agencies to build a classified process for designating “covered frontier models” and a voluntary channel for pre-release government access, while expressly disclaiming any mandatory licensing or preclearance regime. One trade official’s formulation, that the aim is to prevent dangerous access and cyber misuse of the models but not to venture into deep regulation, preserves the power that switched off Fable while declining the rules that would make its use predictable.
This is bad for everyone outside the United States. The exposure is universal: any foreign buyer of an American closed model, in Frankfurt or São Paulo or Tokyo or Ottawa, now holds access on terms Washington can revise without notice and without a defined process. The undefined threshold and the de facto pressure to participate fall on all of them equally. Foreign governments already distrust U.S. closed models for exactly this reason, and that distrust, not price alone, is the deepest engine of the global move toward open weights.
The American labs whose models are being switched off are paying for the uncertainty too. A foreign enterprise cannot anchor a production system to a model a government can disable without notice, so the rational response to the Fable suspension is migration, designing the American frontier model out of the critical path in favour of something no directive can reach. That flight is measurable and it is not confined to Europe, though European finance and healthcare buyers now treat mandated suspension as a line item in procurement. Lindy, an American startup, moved all of its traffic from Claude to DeepSeek. Reuters put the share of U.S. firms using Chinese open models around 80 percent. On the same day the Mythos controls lifted, OpenAI said it would limit its own GPT-5.6 rollout at the government’s request, which means both leading American labs are now constraining their deployments under the same pressure. David Sacks, the administration’s own former AI czar, warned that throttling access to top American models hands China an opening as the capability gap narrows. The discretionary posture is a competitiveness tax the United States has levied on its own frontier, and the revenue is flowing to open weights.
Canada Sits Closer to the Blast Radius Than Anyone Else
Canada carries that universal exposure at maximum depth, plus one thing no other country carries.
First, integration depth. No country’s public sector, financial system, and enterprise base is more thoroughly wired into American cloud and model infrastructure. The dependency documented across this series, from the CLOUD Act’s extraterritorial reach to Palantir’s expanding government footprint, means the same suspension that hit every foreign buyer would propagate through Canadian institutions faster and deeper than through almost any other jurisdiction. Same trigger, larger detonation.
Second, the treaty, which is Canada’s alone, shared only with Mexico. The European Union faces the kill-switch risk but negotiates AI as a regulatory power in its own right and a market of 450 million. China faces it and builds its own stack. Canada faces the same discretionary risk as everyone else while bound to the American economy through an agreement that is silent on AI, hostile to the localization measures that would reduce the exposure, and now reopened every twelve months. Germany has no CUSMA. Its dependence on American models is real, but it is not sealed inside a trade instrument that penalizes the hedges and hands Washington an annual occasion to press. Most of the world can hedge freely. Canada has to hedge while its primary economic relationship is being renegotiated, annually, by the government that holds the switch.
Third, cutting the other way, Canada is one of very few countries with a domestic frontier-adjacent alternative and a government actively procuring it.
The North Option Is Real and Growing
The federal government has moved from memoranda to deployment: up to 1,400 public servants at ISED are now using the North agentic platform, in what Cohere describes as a technical blueprint for federal modernization. Shared Services Canada contracted Cohere models for CanChat. Calian is evaluating North in defence environments. SAP is integrating North into its Canadian sovereign cloud for public sector and regulated industries. Bell’s AI Fabric deal, signed six days after the Mythos shutdown, puts Cohere’s models on Canadian-located, Canadian-governed infrastructure in Merritt, B.C., with Bell’s CEO framing it explicitly as reducing dependence on frontier models from elsewhere. The Aleph Alpha merger extends the same architecture into Germany under the February 2026 Canada-Germany sovereign technology alliance, and Germany, usefully, has no CLOUD Act equivalent.
Then there is the open-weight move. On June 11, one day before the Commerce directive hit Anthropic, Cohere released North Mini Code: a 30-billion-parameter model under Apache 2.0, self-hostable on a single GPU, benchmarking above models four times its size on coding tasks. The timing was accidental. The strategic logic was not. A model you host yourself on hardware you own cannot be switched off by a foreign government.
Control Follows the Operator, and So Does the Subpoena
Encryption does not establish jurisdiction. What determines who can compel access to a dataset is who controls the entity operating it, and that control does not change when the servers move onto Canadian ground. The CLOUD Act follows provider control rather than data location. A U.S.-incorporated company operating a data centre on Canadian soil remains a U.S. company holding data within American legal reach. A padlock on the suitcase does not move the suitcase back across the border. Canadian residency and encryption at rest are baseline hygiene, and neither confers sovereignty by itself.
The compute layer shows the split. The Cambridge, Ontario facility that anchors the $240 million federal commitment to Cohere is operated by CoreWeave, a U.S. company. The soil is Canadian and the operator is not. The June deal in Merritt, British Columbia, assembled by Bell, Cohere, Hypertec, and BUZZ HPC, is the deliberate correction: a fully domestic stack where Canadian law governs from the facility wall inward and a Canadian operator runs the cluster. One arrangement puts Canadian data on Canadian ground under American operational control. The other puts the control in Canadian hands. Same soil, different custody of the keys.
The Department of National Defence has run Palantir’s Gotham platform for the Canadian Special Operations Forces Command, the command that houses Joint Task Force 2, since 2020, on a sole-source contract that climbed across a dozen amendments from $14.4 million to $46.8 million by late 2025 and was internally flagged as not for public disclosure. DND says the software ran on closed, classified networks inside secure facilities and that Palantir had no access to the data. Grant the operational claim in full, and the jurisdictional question still stands, because the vendor is U.S.-incorporated and the platform, its updates, and its engineering sit within American legal reach. When a Member of Parliament asked about Palantir’s use at NORAD, DND withheld the answer as proprietary to the United States Government. Palantir remains a pre-approved federal AI vendor.
The CLOUD Act is encryption neutral. It does not compel a provider to break encryption; it compels the provider to hand over what the provider can reach. So the sovereignty of an encrypted Canadian defence dataset reduces to one question: who holds the keys, and in which jurisdiction do they live? Keys held by a Canadian entity in Canadian custody, outside the operator’s technical reach, turn a U.S. directive into a demand answered with ciphertext. Keys the operator can reach make the encryption ornamental. Ottawa has not disclosed which arrangement governs its Palantir deployments or its CoreWeave-operated compute, and that disclosure is what would establish whether the sovereignty is real or nominal.
The measure that would verify cryptographic sovereignty, requiring a U.S. vendor to disclose its source code, algorithms, or key-management design as a condition of a government contract, is the exact thing CUSMA Chapter 19 prohibits. Canada is barred from demanding the audit that would confirm the keys sit beyond American reach, because the treaty forbids source-code and algorithm disclosure as a market-access condition. The same chapter that omits AI actively forecloses this inspection. And the U.S. National Trade Estimate now lists the Sovereign Cloud Initiative, the policy designed to move defence and government workloads onto Canadian-operated, Canadian-key infrastructure, among its barriers for the annual review. The hedge itself has been named as the grievance.
The Open-Weight Map Shows How Little America Holds
Chris Zeoli’s Data Gravity analysis of OpenRouter routing data shows Chinese open-weight models growing from roughly 2 percent to about 61 percent of all tokens processed on the largest neutral model router between late 2024 and May 2026. Four of the five most-used models are Chinese. Meta’s Llama, the presumptive open-weight standard two years ago, has fallen off the rankings entirely. Nine of the top ten open-weight models globally are Chinese. The significant American entry is NVIDIA’s Nemotron, built to sell inference hardware.
The consensus framing of the AI race, American frontier leadership with China six to eighteen months behind, measures the wrong thing. The question that matters for sovereignty is who supplies the tokens the world actually runs, and on that axis the open layer has already gone to Chinese labs, on price. DeepSeek’s V4 Flash prices roughly 150 times below GPT-5.5 output rates at near-frontier coding performance. American enterprises, including household names, are quietly routing production workloads onto Chinese open weights because the economics are irresistible.
The Mythos suspension accelerates the shift. Every government that watched Washington switch off a commercial model mid-deployment drew the same conclusion: American closed models carry political risk that no contract can price. The available hedges are Chinese open weights, which carry their own opacity and jurisdictional questions, or sovereign alternatives. Canada is one of the only Western countries where the sovereign alternative is an actual product with an actual federal deployment rather than a strategy document.
What Canada Can Actually Do
At the treaty layer, Canada can refuse to let Chapter 19 be extended to AI by drift. If AI language enters the annual review, Canada’s position should be that model access continuity, export control transparency, and notification requirements come with it. The U.S. wants things from Canada every year now; that is leverage flowing both ways, and access assurance for frontier models is a legitimate ask alongside steel and autos.
At the procurement layer, the Mythos precedent justifies a hard rule: no critical government workload on a closed foreign model without a tested, contractually specified fallback to a sovereign or self-hosted alternative. The defence deployments extend the rule to the data beneath the model. Any workload touching classified or sensitive information should require customer-managed encryption keys held in Canadian custody, outside the operator’s technical reach, and a contractual audit right over key management, since residency and a U.S. operator together still leave the data within American legal reach. The nineteen-day outage was survivable because deployment was shallow. The attrition logic runs the other way from here.
At the alliance layer, the Germany track matters more after July 1 than before. A Canada-EU sovereign AI corridor, built on the Cohere-Aleph Alpha structure and the joint declaration, gives Canada a frontier development path that does not route through Washington’s export control apparatus.
And at the honesty layer: the gap between Cohere’s enterprise models and the Mythos tier is real. Sovereignty does not require pretending otherwise. It requires knowing exactly which workloads need frontier capability, holding revocable access to it with open eyes, and building everything else on infrastructure no foreign directive can reach. The treaty will not protect Canadian AI access, because the treaty does not know AI exists. The nineteen days in June were the demonstration. The annual reviews are the schedule. The rest is Canada’s to decide.
Jen Evans is Principal of Pattern Pulse AI and co-founder of Tech Reset Canada.

