
Two terminal agents was one too many
For most of this year we were building two terminal agents. AGTerm had a CLI and an orchestration layer of its own, and …

Mid-2024 to mid-2025 marked a noticeable shift in how European banks evaluate AI vendors. Before the shift, AI procurement at most EU banks was a productivity conversation: which tool helps our analysts the most. After the shift, AI procurement is a sovereignty conversation: which tool meets DORA Article 26 third-party concentration risk requirements, GDPR cross-border transfer provisions, and our national banking regulator’s expectations on operational resilience.
The shift was driven by three things landing at roughly the same time. DORA (the Digital Operational Resilience Act) came into full force in January 2025, with explicit ICT third-party risk requirements that materially change how banks evaluate cloud and AI vendors. The Schrems II ruling from 2020 finally percolated through enough enforcement actions that EU banks could no longer point at US-hosted AI services and call them GDPR-compliant. And the EU AI Act’s high-risk obligations crystallized into the August 2, 2026 deadline that every bank’s compliance team is now staring at.
For European banks, “sovereign AI” is no longer an aspirational architecture. It is a procurement requirement. This piece is about what that requirement actually entails, why Mistral has become the canonical European foundation-model partner, and how a Calliope-based architecture composes with sovereign substrates to satisfy DORA, GDPR, and the EU AI Act simultaneously.
┌──────────────────────────────────────────────────────────────┐
│ │
│ DORA Article 26 — ICT Third-Party Risk │
│ │
│ Banks must: │
│ │
│ 1. Maintain a register of all ICT third-party │
│ service providers, with concentration risk analysis │
│ │
│ 2. Conduct due diligence proportional to the criticality │
│ of the service │
│ │
│ 3. Contractually require providers to support │
│ operational resilience requirements │
│ │
│ 4. Have exit strategies for critical third-party services │
│ │
│ 5. Submit certain provider arrangements to regulator │
│ notification │
│ │
│ 6. Subject critical providers to direct regulatory │
│ oversight (the "CTPP" — Critical Third-Party │
│ Provider — designation) │
│ │
└──────────────────────────────────────────────────────────────┘
The AI-specific consequence of DORA Article 26 is that every model-provider relationship a bank has is now an ICT third-party service relationship. A bank’s use of OpenAI, Anthropic, or any other US-headquartered model provider for any material workflow is, by 2026 enforcement, a third-party risk requiring documented due diligence, contractual resilience clauses, exit strategy, and — for material workflows — concentration risk analysis.
This is what changed the procurement conversation. Two years ago a bank could pilot AI workflows on whatever model provider the team preferred. Today, that pilot has to clear a DORA-grade vendor review before it can move past prototype.
The reasons a French-headquartered, EU-domiciled model provider matters specifically for DORA compliance:
┌──────────────────────────────────────────────────────────────┐
│ │
│ DORA requirement Mistral position │
│ ─────────────────────── ────────────────────────── │
│ │
│ EU jurisdiction Mistral SA, French- │
│ headquartered, subject to │
│ French and EU law │
│ │
│ Provider locality Operations in EU, │
│ European customer support │
│ and contracting │
│ │
│ Exit strategy Open-weights model tiers │
│ enable deployment inside │
│ the bank's own perimeter — │
│ reducing concentration │
│ risk and providing a │
│ natural exit path │
│ │
│ Resilience clauses European contracting │
│ framework familiar with │
│ DORA and national banking │
│ regulator expectations │
│ │
│ Regulator notification Existing relationships │
│ with European supervisory │
│ authorities for the │
│ categories of work banks │
│ typically need │
│ │
└──────────────────────────────────────────────────────────────┘
The “exit strategy” item is the most operationally important. DORA expects banks to be able to migrate away from a critical third-party provider on a reasonable timeline. For an opaque proprietary-model relationship with a US provider, this exit is hypothetical at best — the bank’s workflows are deeply coupled to the specific behavior of the specific model. For Mistral, the open-weights tier is the exit strategy by construction: if the commercial relationship is interrupted, the bank can keep running open-weights Mistral models inside its own perimeter. The capability does not depend on the ongoing vendor relationship.
This is a property that no US-headquartered proprietary-model provider currently offers in a way that would satisfy a DORA-grade exit-strategy review.
A representative architecture for a mid-sized European bank adopting sovereign AI:
┌──────────────────────────────────────────────────────────────┐
│ │
│ EU BANK — SOVEREIGN AI ARCHITECTURE │
│ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Bank's EU cloud — Frankfurt / Dublin / Paris │ │
│ │ Or: AWS European Sovereign Cloud / Bleu / S3NS │ │
│ │ Or: Bank's own on-prem private cloud │ │
│ │ │ │
│ │ Calliope Workbench │ │
│ │ (analysts, traders, compliance officers, devs) │ │
│ │ │ │ │
│ │ ▼ │ │
│ │ Astrolift Runtime │ │
│ │ (internal apps, agent workloads, batch jobs) │ │
│ │ │ │ │
│ │ ▼ │ │
│ │ Zentinelle Policy Gateway │ │
│ │ (DORA / GDPR / EU AI Act enforced inline) │ │
│ │ │ │ │
│ └───────────┼─────────────────────────────────────────┘ │
│ │ │
│ ┌───────┴───────┐ │
│ ▼ ▼ │
│ Mistral SA Open-weights │
│ commercial Mistral / Mixtral │
│ EU endpoint inside the bank's │
│ perimeter │
│ │
│ For most workloads: Mistral commercial endpoint │
│ For most-sensitive: open-weights inside the perimeter │
│ For non-sensitive: optionally other EU-hosted providers │
│ │
│ Routing decided by Zentinelle policy per request │
│ Audit evidence stored in bank's compliance systems │
│ │
└──────────────────────────────────────────────────────────────┘
The four parts of sovereign AI all land in EU jurisdiction:
The audit chain is what makes this defensible at examination. When the regulator asks “show us your AI third-party risk register and the supporting evidence for every material model call in the last 12 months,” the bank produces a queryable record. Not a project. A query.
Specific AI workloads that European banks are running through this architecture in 2026:
┌──────────────────────────────────────────────────────────────┐
│ │
│ Workload Sovereignty implication │
│ ─────────────────────── ────────────────────────── │
│ │
│ AML / KYC drafting Customer PII; strict │
│ residency; EU-only models │
│ │
│ Transaction-pattern analysis Customer financial data; │
│ residency + GDPR + DORA; │
│ open-weights local for │
│ highest sensitivity │
│ │
│ Internal-policy drafting Internal IP; relaxed │
│ residency; EU endpoint or │
│ internal model │
│ │
│ Customer-support agent Customer interaction data; │
│ GDPR Article 22 attention │
│ (automated decision-making);│
│ policy gateway essential │
│ │
│ Trading-desk research Market data + IP; mixed │
│ residency by data class; │
│ workload-specific routing │
│ │
│ Regulatory submissions Per-regulator format; │
│ exact match to expectation; │
│ EU-hosted model essential │
│ │
│ Code generation for internal Internal IP + occasional │
│ systems customer data leakage risk; │
│ EU endpoint or internal │
│ │
└──────────────────────────────────────────────────────────────┘
The right-column entries vary in their residency strictness. A bank that adopts a uniform “EU-only” posture across all of these is over-restricting low-sensitivity workloads (paying a productivity tax for no compliance benefit) and may still be under-restricting high-sensitivity workloads (because uniform policy is, by definition, not aware of per-request data classification).
The right architecture is workload-specific residency policy, applied by the gateway, audit-trailed per request. This is the same pattern we covered in the horizontal data-residency piece , specialized to the banking workload set.
The DORA exit-strategy requirement is worth one more focused look, because it is where the sovereign architecture really earns its keep in a banking context.
For a critical AI workflow — say, an AML drafting assistant in production use — DORA requires the bank to be able to migrate off the third-party provider in a defined timeframe. With a Calliope + Mistral architecture, the exit strategy is operational, not hypothetical:
Step 1: Detect impairment of Mistral commercial endpoint
or end-of-relationship trigger.
│
▼
Step 2: Zentinelle gateway policy update routes all AML
requests to internal open-weights Mistral.
│
▼
Step 3: Workload continues running, with documented
capability impact assessment (open-weights vs.
commercial tier benchmark).
│
▼
Step 4: Regulator notified per DORA timeline; transition
plan filed.
│
▼
Step 5: Optional: evaluate alternative European model
providers (Aleph Alpha, other EU-domiciled) for
re-routing the workload long-term.
Total time from trigger to operational continuity: hours, not months. The capability degrades modestly (open-weights vs commercial tier), but the workflow does not stop and the bank does not breach any regulatory obligation.
This is what a real DORA exit strategy looks like. It is not a runbook in a binder. It is an architectural property of a sovereign-AI substrate.
For European bank executives evaluating AI procurement, the diagnostic question is:
For each of your material AI workloads, can you produce — today — a documented third-party risk assessment that names a credible exit strategy executable in under a quarter?
For most US-hosted proprietary-model relationships, the honest answer is no. The exit strategy exists on paper as “switch to a different provider,” but the operational reality is that the workflows are coupled to specific model behavior, the prompts have been tuned to a specific model’s idiosyncrasies, and a real cutover would take two to three quarters with capability degradation throughout.
For a Calliope + Mistral architecture, with open-weights inside the perimeter as the documented exit destination, the answer is yes. The exit destination already runs in production for the most-sensitive subset of workloads; expanding it is configuration, not migration.
Next: sovereign AI applied to EU public sector — government, defense, and the categories of work where the sovereignty bar is higher still.

For most of this year we were building two terminal agents. AGTerm had a CLI and an orchestration layer of its own, and …

When Operational Reliability Is the Regulation Most regulated industries have a data-protection focus: customer …