I Would Short EU Startups

I’ve never shorted a company. I get the ick from the idea of betting against someone working their ass off; cause shorting is either about that or researching shitty companies and I don’t wana spend time doing either.

That said, if there was a clean way to short EU startups as a whole right now, I would.

Let’s start with a straightforward server.

I’m based in Gouna, a small idyllic coastal town in Egypt and since OpenClaw came out last Feb I’ve run my infrastructure on DigitalOcean Frankfurt. Frankfurt is an obvious choice from Egypt — lowest latency, reasonable pricing, clean setup. No ideology in it, just geography.

This morning Sakana AI, a Tokyo-based lab I hadn’t heard of before, launched something called Fugu. It’s a multi-agent orchestration system. Instead of calling one model, it dynamically assembles a team of frontier models behind a single API. GPT-5.5, Claude Opus, Gemini 3.1 Pro, coordinated by a conductor model that routes tasks to whoever handles them best. Their flagship tier, Fugu Ultra, benchmarks shoulder-to-shoulder with the most capable AI models on earth. One API. Best available intelligence at any given moment.

Obviously I wanted to check it out. Signed up, paid, got a key and: “Fugu is not available in the EU or EEA.”

Sakana’s own page says it plainly: “Not yet available in the EU/EEA while we work toward compliance with GDPR and EU-specific regulations.”

Frankfurt is EU. I couldn’t get in.

So I spun up a new VPS in Singapore. Five minutes. Problem solved.

That’s the whole EU startup thesis in one anecdote. But the anecdote only works because of who I am. I’m a founder in Egypt with no EU users, no EU entity, no EU contracts. For me, the server is just a server. I moved it the way you move furniture.

I’m assuming EU founders can’t just do that shit. Not because spinning up a droplet is hard. Because GDPR follows the person, not the server. If your users are EU residents, their data is EU-regulated regardless of where your compute lives. Move your infra to Singapore tomorrow and you have not escaped GDPR. You have just added cross-border data transfer obligations on top of it, because Singapore is not an adequate country under EU data protection law. You would need Standard Contractual Clauses, Transfer Impact Assessments, and the full compliance apparatus to justify moving data that EU residents generate to a non-EU jurisdiction. The regulation travels with the data subject. The data subject lives in Europe. There is no VPS in the world that fixes that.

So I moved. EU founders can’t. That asymmetry is the thesis.

You guys can tell what I’m writing vs what Mercury is researching and supplementing can’t you? 🙂


Let’s circle back, now to understand what Fugu capitalized on you need to know what happened ten days ago.

On June 9, Anthropic released Fable 5. By any measure, it was the most capable AI model available to the public. It and OpenClaw were the best things that happened this year. Three days later, US Commerce Secretary Howard Lutnick sent a letter to Anthropic CEO Dario Amodei telling him to suspend access to Fable 5 for any foreign national, citing national security concerns about a potential jailbreak that could allow misuse for cybersecurity exploitation.

BTW, it was all cause of that cunt that runs Amazon — can’t remember his name.

Anyway, Anthropic had no way to screen foreign nationals in real time. Their employees, their customers, their API users, H1-B visa holders on US soil, everyone. So they made the only choice available: they pulled Fable 5 for the entire world. Within 90 minutes of receiving the letter.

The most capable public AI model in existence disappeared globally because one government official sent one email on a Friday afternoon.

Sakana launched Fugu ten days later with explicit framing around this event. CEO David Ha wrote: “For an organization or a nation, relying on a single company’s APIs for critical infrastructure, finance, or governance is a material vulnerability. This risk is no longer a hypothetical possibility, but a reality.” Fugu’s pool is swappable by design. If a provider goes dark, the orchestrator routes around it. The product is, in a direct sense, a response to what happened to Fable.

The company building the answer to US sovereign override of AI access is blocked in the EU by EU compliance requirements.

Look at what happened in the 24 hours around the Fable shutdown. It is the clearest possible picture of where the world is heading.

June 12: the US government kills Fable. The most capable public AI model disappears globally.

June 13: Z.ai, a Beijing-based lab spun out of Tsinghua University, releases GLM-5.2. A 753-billion-parameter open-weight model under an MIT license, with a one-million-token context window. On long-horizon coding benchmarks it beats GPT-5.5 at roughly one-sixth the cost. The weights are a free download. You can run it yourself. It cannot be export-controlled because there is nothing to control. It is already everywhere.

June 22: Sakana AI, based in Tokyo, launches Fugu. Not a model. A routing layer that assembles the best available models behind a single API and automatically routes around any provider that goes dark.

Three jurisdictions. Three responses to the same geopolitical moment.

The US restricts access to stay ahead. China open-sources its frontier models so they cannot be restricted. Japan builds the layer that routes around any single point of failure.

The EU is working on GDPR compliance for tools that are already live everywhere else.


Here is where the EU startup story gets structural.

Everyone writing about EU tech competitiveness focuses on the AI Act. That’s understandable. It’s the visible thing. New rules, new compliance overhead, innovation friction. The story writes itself.

But the AI Act isn’t where the damage accumulates. The damage is in the pre-AI layer, and it operates through exactly the mechanism I described with the server. GDPR doesn’t just create paperwork. It determines the architecture of every EU product from the ground up. Where data lives, how it moves, what can be retained, who can touch it, what consent flows have to exist before any of the interesting AI functions can run. DMA changed how EU startups think about platform integrations and distribution. DSA changed how they think about content, liability, and moderation. Data localization rules constrain where compute can go.

None of these were designed as AI restrictions. They predate the current AI moment by years. But they now interact with AI in ways nobody fully mapped when they were written. GDPR consent requirements create friction at every data touchpoint that an AI product needs to function. Data localization means you cannot always put your compute where the best tools are. And most relevantly: when a product like Fugu launches globally and skips the EU, it is not skipping EU users as an afterthought. It is skipping them because the compliance surface for onboarding EU data is a serious engineering and legal undertaking that a company launching a new product does not want to solve on day one.

That’s the compounding part. As I said earlier, an EU startup cannot route around this by moving servers. The regulation follows their users. So every time a new AI product launches with an EU footnote, EU founders are not just inconvenienced as users. They are competitively disadvantaged as builders. The tools that everyone else is using to build products, EU founders get later, or in modified form, or not at all. That delay is not a sprint. It accumulates across every product cycle for years.

Marc Andreessen called the Precautionary Principle out by name in his 2023 Techno-Optimist Manifesto, listing it among what he called the “enemies” of progress. His framing is maximalist. Mine is narrower.

But he identified the right target.

The Precautionary Principle is the philosophical root of the EU’s approach to technology regulation: restrict or require proof of safety before something new is allowed to scale. It’s a coherent governing philosophy. In pharmaceuticals, in nuclear, in aviation, it has prevented real harms. The logic works in industries where mistakes are catastrophic and irreversible.

AI is not that industry. AI is a compounding-advantage technology where iteration speed is the primary competitive axis. The model that is ahead today trains the next model faster. The data flywheel that starts spinning sooner builds the larger lead. The team that ships and learns this quarter is not one quarter ahead. They are compounding ahead. In this specific context, the Precautionary Principle doesn’t just add friction. It applies the logic of irreversible-harm avoidance to a technology where the primary harm is falling behind.

Andreessen’s version says decelerating AI “costs lives” because cures and breakthroughs not built are a form of harm. You don’t have to accept the maximalist framing to accept the underlying mechanic. In a compounding system, a systematic six-month lag at every product cycle is not a fixed cost. It widens. The EU regulatory stack creates that lag structurally, at every layer, for every EU startup, in every product cycle.

I’m not arguing regulation is murder. I’m arguing that the Precautionary Principle, applied as a governing philosophy to a compounding-advantage technology, structurally disadvantages the builders who live under it. EU startups don’t just face compliance overhead. They face a systematic delay in every iteration loop, baked in by an architecture designed for industries where moving too fast is irreversible. In AI, moving too slowly is just as irreversible in the other direction. The compounding doesn’t care which way it runs.

The pre-AI regulatory layer was a friction cost. Applied to AI it is a capability gap. Each generation of EU AI products is built on a slightly older toolset than the equivalent products built outside EU jurisdiction. Over enough product cycles, that is not a disadvantage. It is a different game.


One side note on why I picked Singapore over the US for my new VPS, because it’s relevant and slightly different from the EU argument.

I’m American. If Fable comes back, I’ll get it back before most people do. As a US citizen the export control carve-outs work in my favor.

I still didn’t pick a US server.

The Fable shutdown proved something I can’t un-know: US infra is subject to the same sovereign flip, just through a different mechanism. Not through bureaucratic process like EU regulations, but faster, oranger and, hence, less predictable. A letter, a Friday afternoon, 90 minutes, global blackout. The mechanism is different from GDPR but the outcome rhymes: government policy determining what tools you can use.


I’m not arguing against regulation broadly. I’m arguing about sequencing and compounding effects. The EU built a regulatory environment optimized for a different era and is now running it against the most consequential technology of our time. EU founders are building anyway, and many I’ve met are sharp. But they’re doing it inside a regulatory stack that follows their users everywhere, that can’t be routed around by moving infrastructure, that adds overhead at every product decision point while their competitors outside the EU don’t pay that overhead at all.

I’d short the environment, not the people.

Singapore doesn’t have a footnote.