Build vs Buy Is Dead. The Real Question Is Build vs Burn.

Every Swedish company with more than 50 employees has a secret. Somewhere between the official IT stack and the actual work, there are tools. Internal apps. Dashboards. Automations. Little scripts someone built with GPT-4 in an afternoon. Nobody documented them. Nobody owns them. Nobody knows what data flows through them. And in eleven months, when the EU AI Act's enforcement provisions start hitting with real teeth, nobody is going to accept "we didn't know" as an answer.

The old "build vs buy software" framework assumed that building was expensive and buying was safe. In 2026, that model is not just outdated. It is actively dangerous. Building is cheap now. Building is trivially cheap. The danger has flipped. The real question is no longer whether you can afford to build. It's whether you can afford to maintain, govern, and take legal responsibility for what you build.

I call this Build vs Burn. Because that's what happens to ungoverned software. It burns you.

The Cost of Building Collapsed. The Cost of Owning Didn't.

Let me be specific about what happened. Two years ago, a competent senior developer in Sweden could ship maybe one well-architected internal tool per quarter. Today, that same developer, armed with agent-driven coding environments like OpenHands or the increasingly popular ECC harness for Claude Code and Codex, can generate functional prototypes in days. Hours, sometimes.

VentureBeat is reporting today what we at HEIMLANDR have been seeing on the ground for months: enterprise governance has not kept pace with how fast AI drops the cost of building software. The creation side accelerated by 10x. The ownership side stayed where it was. Or got worse, because now there's more stuff to own.

Here is what this looks like inside a typical Swedish mid-market company right now. Marketing built an AI-powered lead scoring tool using Streamlit and OpenAI's API. Operations built an internal scheduling optimizer. Finance built a reconciliation dashboard. HR built a chatbot for onboarding questions. Each one took a week or two. None of them went through IT governance. None of them have documentation. None of them have a designated owner who will still be at the company in eighteen months.

Each one probably touches personal data. Some of them make or inform decisions about people. Under the EU AI Act, some of these are high-risk AI systems. Nobody has done the classification.

That's the burn.

Sweden's Specific Problem: Expensive Humans, Cheap Generation

This hits Swedish companies differently than it hits everyone else, and I want to be precise about why.

Software development in Sweden runs €80-120/hr for senior talent. That's the reality in Stockholm, Gothenburg, and yes, even here in Jönköping. Compare that to €25-45 in Poland or Romania. €15-30 in India. The old build vs buy calculus in Sweden always tilted toward buy, because Swedish labor costs made custom SaaS development expensive relative to off-the-shelf licenses.

AI-assisted coding flipped that. If you can generate 80% of the code with an AI agent, the labor cost of initial creation drops dramatically. Suddenly, building looks cheap even at Swedish rates. And so people build. A lot.

But here's what the Spiceworks analysis on build vs buy in 2026 misses: the maintenance tail still runs at Swedish labor costs. When that Streamlit dashboard breaks at 2 AM and someone needs to debug it, that someone costs €100/hr. When the EU AI Act requires you to produce technical documentation and a conformity assessment for that internal scheduling tool, the compliance team doing it bills at Nordic rates. When the developer who built the thing leaves and nobody can read the AI-generated code because it was never reviewed, you're paying Swedish consultants to reverse-engineer it.

The generation was cheap. Everything after generation is expensive. And in Sweden, it's more expensive than almost anywhere else on earth.

The Organizational Muscle Most Companies Don't Have

CIO.com is running a piece right now about building effective AI teams, and the core argument is right: the bottleneck is not code generation, it's organizational capacity to own what you build. I agree, and I'd push it further.

Most Swedish SMEs with 50-500 employees do not have an internal platform team. They do not have a software architecture review board. Many don't have a CTO. They have a handful of developers, maybe an IT manager, and a lot of SaaS subscriptions. That was fine in the old world.

In the new world, where anyone with a ChatGPT subscription can generate a working application, these companies need something they never needed before: internal software governance. Not the bureaucratic, waterfall-era kind. The kind where someone asks three simple questions before any tool goes into production:

1. Who owns this? Not who built it. Who owns it on January 15th when it breaks and the person who built it is on parental leave.
2. What data does it touch? Does it process personal data? Does it make automated decisions about people? Does it interact with any system that does?
3. Can we document it? Not after the fact. Right now. Architecture, data flows, decision logic. The EU AI Act requires this for anything classified as high-risk. If you can't document it today, you can't comply tomorrow.

If the answer to any of those is "I don't know," the tool should not ship. Period. And this is where professional AI solutions architecture matters more than it ever has. Not because you can't generate the code. Because someone needs to design systems that are governable from day one.

Build vs Burn: The Framework

Here's how I think about this at HEIMLANDR. Stop asking "should we build or buy?" Start asking: "Do we have the organizational structure to own what we build?"

If yes, build. Build aggressively. AI-assisted development makes MVP development faster and cheaper than it has ever been. The tools are incredible. The cost curve favors builders. If you have governance, documentation practices, and clear ownership, this is the best time in the history of software to build exactly what you need.

If no, you have two options. You either build that governance muscle first, which is an investment in organizational capability, not technology. Or you buy from vendors who carry the compliance burden for you. A SaaS vendor with SOC 2, GDPR documentation, and EU AI Act conformity assessments is expensive. But that expense is the price of not having to do it yourself.

What you absolutely cannot do is build without governance. That's the burn scenario. That's how you end up with forty internal tools, no documentation, a developer who quit, and a letter from Integritetsskyddsmyndigheten asking for your data processing records.

Where This Goes: 2027-2030

Let me look ahead, because the trajectory here is steep.

The EU AI Act obligations phase in through 2027. Swedish companies will face enforcement before most US competitors even have equivalent regulation. This is both a disadvantage and, if you're strategic about it, a competitive advantage. Companies that build governance-first AI systems now will have a compliance moat that takes competitors years to replicate.

Agent-driven development is going to get more powerful, not less. Tools like Daytona, which provides secure infrastructure specifically for running AI-generated code, signal where the industry is heading. The assumption is that AI will generate most code. The infrastructure question becomes: how do you sandbox it, audit it, and govern it?

As we move toward more capable AI systems, the volume of internally generated software is going to increase by an order of magnitude. Every company becomes a software company, not by choice, but by the sheer ease of creation. Governance becomes the differentiator between companies that scale and companies that drown.

Swedish regulators are going to struggle with this. IMY (the Swedish data protection authority) is already stretched thin on GDPR enforcement. Adding AI Act oversight on top of that, with thousands of companies running unclassified AI systems internally, is going to create a enforcement gap. Smart companies won't wait for the regulator to catch up. They'll get ahead of it.

The SaaS development company of 2028 doesn't just ship features. It ships auditable, documented, governable systems with compliance baked in. At HEIMLANDR, that's what we're building toward with our SaaS development practice. Not because compliance is exciting. Because it's going to be the table stakes for survival.

What to Look At

If you're a CTO or founder processing this, here are the concrete things I'd point you toward right now:

Daytona (72K+ stars on GitHub). Secure, elastic infrastructure for running AI-generated code. If your teams are generating internal tools with AI, this is the kind of sandboxing layer you need between "developer built a thing" and "thing is running in production touching customer data." Worth evaluating immediately.

RTK. A Rust CLI proxy that cuts LLM token consumption by 60-90% on common dev commands. Single binary, zero dependencies. Practical cost management for teams doing heavy AI-assisted development. The kind of tool that pays for itself in a week.

Hoppscotch. Open-source API development ecosystem. If you're building internal tools, having a proper API testing and documentation layer is non-negotiable for governance. It's the open-source alternative to Postman that you can host on-prem. Given Sweden's data residency concerns, that matters.

The EU AI Act's Article 6 classification guidance. Read it. Actually read it. Most Swedish companies I talk to have not read the primary text. They're relying on summaries from law firms. The classification criteria for high-risk AI systems are broader than most people think. If your internal tool makes or informs decisions about employment, creditworthiness, or access to services, you probably have a high-risk system. Act accordingly.

The Actual Takeaway

Build. I am pro-build. AI-powered software development in Sweden has never been more accessible, and custom solutions built right will outperform generic SaaS every time. The speed and cost advantages are real.

But build like an adult. Document everything. Assign ownership. Classify your AI systems before a regulator does it for you. Budget for maintenance at Swedish labor rates, not at the cost of initial AI-assisted generation.

And if you can't do those things yet, either partner with someone who can or buy off the shelf until you're ready. The only wrong answer is building without governance. That's not building. That's burning.

I see it from Jönköping. I see it in Stockholm boardrooms. I see it in the Slack channels of Nordic startups scaling fast. The tools to build are everywhere. The discipline to own what you build is rare. That discipline is the competitive advantage of the next five years.

Don't burn. Build right.

Fredrik Brunnberg is the CEO of HEIMLANDR.IO, building AI and software solutions from Jönköping, Sweden. This is the daily HEIMLANDR briefing. If you found this valuable, share it with someone who builds things.