Essay · July 3, 2026

Frontier today, EU tomorrow

What Trump v. Slaughter means for AI architecture in Europe — and why it changes the sequence, not the whether.

The American constitution has never appeared in a European AI architecture diagram. Since 29 June, it belongs in one.

What the Court actually decided

On 29 June 2026, the US Supreme Court handed down Trump v. Slaughter (No. 25-332), holding by six votes to three that statutory removal protections for the leadership of agencies exercising executive power violate Article II of the constitution. Chief Justice Roberts, writing for the majority, left no room for the old category of the “quasi-legislative” agency: when an agency executes a congressional mandate against private parties, it exercises executive power — “no ifs, ands, or quasis about it”. In doing so, the Court overruled Humphrey’s Executor v. United States — a unanimous precedent that had stood for ninety-one years and underpinned the entire architecture of “independent” American agencies, from the Federal Trade Commission to the SEC. The Court expressly preserved the Federal Reserve’s position, building on its characterisation a year earlier of the central bank as “a uniquely structured, quasi-private entity”, and left the status of non-Article-III tribunals such as the US Tax Court for another day. Justice Gorsuch’s concurrence states the structural consequence: there may no longer be a “fourth branch” of government, but the fourth branch’s powers still exist — “they have just been reassigned to the President”.

Precision matters here, because the popular gloss overstates in one direction and understates in another. The ruling does not say that American agencies ceased to be part of the executive — formally, they always were. It says that any statutory attempt to insulate their leadership from at-will presidential removal is unconstitutional. The practical consequence, however, is exactly what the popular gloss suggests: as of 29 June, there is no such thing, in the European sense of the word, as an independent US oversight authority — with one deliberately preserved exception for the central bank.

The European wiring

Why is a question of American separation-of-powers doctrine Europe’s problem? Because the lawfulness of transatlantic data flows is wired, at the level of primary law, to precisely the property the Court has now foreclosed. Article 8(3) of the Charter of Fundamental Rights makes control by an independent authority a constitutive element of the right to data protection; Article 16(2) TFEU repeats the requirement. The Court of Justice’s Schrems jurisprudence translates this into the test every adequacy decision must pass: protection in the third country must be essentially equivalent to that guaranteed within the Union — including independent oversight and effective redress.

The Commission’s adequacy decision of July 2023 (Implementing Decision (EU) 2023/1795) rests on three American pillars. First, FTC enforcement of the commercial commitments companies make when they self-certify under the Data Privacy Framework — noyb, which has demanded the decision’s orderly withdrawal and describes litigation as its last resort, counts 259 references to the FTC and its independence in the decision’s text. Second, Executive Order 14086, which imposed necessity and proportionality limits on signals intelligence and created the Data Protection Review Court (DPRC) as the redress mechanism Schrems II had demanded. Third, oversight by the Privacy and Civil Liberties Oversight Board (PCLOB).

Two of these pillars were damaged before June. The PCLOB lost its Democratic members to removal in January 2025 and with them, for a period, its quorum. And the DPRC has always been the framework’s soft spot: it is not a court in the constitutional sense but an adjudicative body within the Department of Justice, created and protected by executive order rather than statute.

The Latombe domino

The most consequential effect of Slaughter for Europe is also the quietest, and it concerns the one judicial endorsement the framework has ever received.

In September 2025, the General Court of the European Union — the first-instance court below the Court of Justice — dismissed the first direct challenge to the adequacy decision (Latombe v Commission, T-553/23, judgment of 3 September 2025). Among the reasons it gave for treating the DPRC as sufficiently independent (paras 56–57 and 62 of the judgment; para 78 closes the loop to the deficiencies Schrems II had identified) was that its judges may be removed only by the Attorney General, and only for cause. That is exactly the construction the Supreme Court has now declared unconstitutional where it is enshrined in statute — and the DPRC’s protection is not even statutory. If legislated removal protection cannot survive Article II, protection granted by a revocable executive order cannot either. The reasoning of the only court to have blessed the framework has been superseded by events, ten months after it was written.

It is worth being precise about what this does and does not mean. The General Court’s judgment stands; the adequacy decision stands. But the Court of Justice itself — the court that struck down Safe Harbour in Schrems I (C-362/14) and Privacy Shield in Schrems II (C-311/18) — has never reviewed the Data Privacy Framework. The framework’s only judicial endorsement is first-instance, and it rests on a premise that no longer exists.

Why this cycle is different

Europe has been here twice. Safe Harbour fell in 2015; Privacy Shield fell in 2020; both times, the repair was executive action on the American side — new commitments, new ombudspersons, eventually a new review court. The pattern trained everyone to treat transatlantic transfer law as cyclical: invalidation, renegotiation, repeat.

Slaughter breaks the pattern, because it removes the raw material every repair was built from. A successor framework would need what EU primary law non-negotiably requires: oversight bodies genuinely insulated from political direction. After Slaughter, that property is constitutionally unavailable in the American executive branch — not withheld as a matter of policy, but foreclosed as a matter of constitutional law, absent an amendment or a Federal-Reserve-like historical carve-out that data protection authorities do not plausibly enjoy. Whatever one thinks the Commission or the Court of Justice will do, and on whatever timeline, the engineering fact is this: the repair path that resolved 2015 and 2020 no longer exists.

What remains lawful — and what has shifted

Two things are true at once, and any honest analysis has to hold both.

The first: the adequacy decision remains formally in force until the Commission repeals or suspends it or the Court of Justice annuls it. Union acts are binding until set aside (Article 288 TFEU), and Schrems I itself confirmed that national supervisory authorities may not simply disregard an adequacy decision. An organisation relying on it today stands on a valid legal basis. Nothing in the ruling creates acute unlawfulness, and nothing in this essay should be read as suggesting otherwise.

The second: what has shifted is the weight American safeguards can carry in any risk assessment. This reaches beyond the adequacy decision itself. Standard contractual clauses, the natural fallback, require a transfer impact assessment under Schrems II — and those assessments have routinely cited the very mechanisms now hollowed out: PCLOB oversight, DPRC redress, FTC enforcement. Nor do EU regions fully insulate a US provider relationship. Residual flows persist around even the cleanest regional deployment — support access, telemetry, abuse monitoring — and on the EDPB’s reading (Guidelines 05/2021), remote access from a third country is itself a transfer. Above all, jurisdiction attaches to the corporate entity, not the data centre: the CLOUD Act reaches the provider wherever the data sits. The distinction between where data resides and who can be compelled was always the right one. Since June, it is visible to everyone.

As for Section 702 of FISA — the surveillance authority at the centre of both Schrems judgments — its status this year is almost too illustrative. The statutory authorisation lapsed at the end of 12 June 2026, after a further extension failed in the House by 198 votes to 218; collection nevertheless continues under the transition provisions of the FISA Amendments Act, on the basis of certifications the FISA Court approved in March 2026, which run into 2027. The legislative mandate expires; executive surveillance carries on. It would be hard to construct a cleaner miniature of the structural problem the Court of Justice has twice been asked to solve — though reauthorisation negotiations continue, so this particular picture may change again.

Fittingly, both halves of this double truth are anchored in the Latombe judgment itself. The General Court noted that an adequacy decision’s legality falls to be assessed against the facts and law at the time of its adoption, so that later developments do not retroactively invalidate it (para 22) — and, in the same judgment, that the Commission is under a continuing duty to monitor the US legal framework and, where it changes, to suspend, amend or repeal the decision as required (para 58). The judgment that blessed the framework also contains the instruction manual for its unwinding: no retroactive invalidity, but a forward-looking duty to act. The temporal structure of the entire situation, in two paragraphs of the same ruling.

A grid with two questions

For AI adoption specifically, I have found it useful to reduce the situation to a two-by-two. Does the use case require personal data? And does it require a frontier model — the class currently occupied by GPT, Claude and Gemini, all from US providers?

NO PERSONAL DATA PERSONAL DATA US FRONTIER MODEL AI MODEL IN THE EU 1 Start development with synthetic or anonymised data Legal uncertainty possible at any time 2 Go productive with personal data Evals + capability diffusion
The two-by-two for AI adoption: develop first without personal data on a frontier model (1), go productive with personal data on the model that clears the bar (2). Evals and capability diffusion carry you from one to the other — around the quadrant where legal uncertainty now concentrates.

Only one quadrant is critical: personal data and frontier capability. In insurance — my industry — that quadrant is largely a health-data quadrant: claims assessment in health and disability lines, long-running bodily-injury files, underwriting with health questionnaires. Which stacks regimes. The data are special categories under Article 9 GDPR, where the severity of potential access weighs directly in any transfer assessment and in fining logic (Article 83(2)(g)). And risk assessment and pricing in life and health insurance are high-risk AI under Annex III 5(c) of the AI Act.

One clarification, because the point is easy to misread: the AI Act is location-neutral. High-risk obligations are identical whether the model runs in Frankfurt or Virginia; there is no “US problem” caused by the high-risk classification. The relationship is cumulation, not causation — and it cuts three ways. The same use case carries the transfer question and the high-risk duty programme simultaneously. It is watched by three supervisors at once: data protection authorities, AI Act market surveillance, and — for insurers — financial supervision. And, decisive for what follows: a forced model change on a high-risk system is not a migration but potentially a substantial modification, triggering renewed conformity assessment and an updated fundamental-rights impact assessment. Exit costs peak in exactly the quadrant where legal uncertainty is now highest.

Three observations

First, the critical quadrant is smaller than it looks. “Needs frontier” is frequently a false positive. On a narrowly scoped task, the combination of careful scaffolding, retrieval augmentation and task-specific fine-tuning repeatedly lets much smaller models reach the level the task actually requires — a pattern documented across the small-model literature of the past two years and visible in successive editions of the Stanford AI Index, which record a steadily narrowing gap between the top models and the field. Such models are operable in Europe, whether from European providers or as open weights under one’s own control. A subtlety worth keeping: the transfer problem attaches to the US service relationship, not to the provenance of the weights. A self-hosted open-weight model generates no runtime data flow to its maker, wherever that maker is incorporated; what remains is a licensing question, not a data question.

Second, much genuine frontier demand sits in the uncritical quadrant — coding, document-structure analysis, the generation of synthetic test worlds. Development can start there immediately, with synthetic or effectively anonymised cases; the Court of Justice’s judgment in EDPS v SRB (C-413/23 P, 4 September 2025) helps at the margins, accepting that pseudonymised data may fall outside the concept of personal data for a recipient who cannot reasonably re-identify them (para 87) — while the disclosing controller’s own duties are assessed from its own perspective, at the moment of collection (para 111). De-identification of medical free text remains notoriously leaky in any event, and should be treated as a supplement, never a foundation. The by-product of this phase is the actual strategic asset: an eval suite. Not software tests — evals measure the statistical performance of a stochastic system on a representative distribution of real tasks, edge cases included, against known ground truth. Three properties make them strategic. They measure the system — model plus prompts plus retrieval plus scaffolding — which is why a model change without evals is flying blind. They convert “good enough” into a number: a threshold per metric, derived from the professional requirement, which is what makes the bar in the next observation concrete. And they are dual-use: for high-risk systems, the AI Act demands evidence of accuracy and robustness anyway (Article 15); the same suite serves as switch-enabler and compliance artefact.

Third, capabilities diffuse. Techniques are published and copied, larger models are distilled into smaller ones, open-weight releases follow the frontier, and inference prices fall. Epoch AI’s running analysis puts the best open-weight models, as of early 2026, on average four months behind the closed frontier on its capability index; the Stanford AI Index tells the same story, with the open–closed gap re-opening slightly through 2025 after nearly closing the year before. Benchmark averages are not task guarantees, so a planning corridor of six to eighteen months, depending on the capability, remains the conservative assumption — but the direction has been stable for years. The objection writes itself — but the frontier keeps receding — and it is true and irrelevant. You are not waiting for smaller models to catch the frontier; that never happens. You are waiting for them to clear your bar, and your bar, fixed by a defined use case, is static. Diffusion pushes the available models past it on a schedule that has so far been reliable.

The sequence

Put together, the pattern is short enough to state in one breath. Develop without personal data on the frontier; formalise the bar as you go; go productive with personal data on the model that demonstrably clears it. Whether that model is a US frontier system in an EU region, a European provider, or open weights in one’s own operation is then decided by sovereignty requirements — not by the calendar, and not by the news cycle. Frontier today, EU tomorrow.

Exit-capable is whoever has evals. The sequence in brief · July 2026

None of this depends on predicting what the Commission will do under pressure from Washington, whether noyb’s announced challenge succeeds, or how the Court of Justice would rule if the question reaches it. That is the pattern’s virtue: it produces defensible architecture under every branch of the decision tree. Organisations that treat model access as governance architecture — residency options, routes separated by data class, exit capability across providers, evals as the instrument that makes exit real — can read this month’s news with equanimity. Exit-capable is whoever has evals.

Governance as a design principle, not a downstream compliance filter. The ruling changes the sequence, not the whether.


Sources & further reading

Read next