Skip to content
Back to blog
Build vs Buy Is Dead. Who Owns Your Judgment Is What's Left
Privacy & Security

Build vs Buy Is Dead. Who Owns Your Judgment Is What's Left

F
Fredrik BrunnbergCEO & Writer
July 14, 20268 min read

Last week a founder in Jönköping showed me an agent stack he built in four days that replaced a vendor contract worth 400,000 kronor a year. He was proud. He should have been. Then I asked him one question: when this thing hallucinates a customer's personal data into the wrong output, who signs the incident report to Datainspektionen? He went quiet. That silence is the entire story of build vs buy in 2026.

The question everyone keeps asking, build vs buy software, is dead. Not because the tradeoffs disappeared, but because AI collapsed the cost of the wrong half of the equation. Writing code got cheap. Governing what that code does when it touches real people, real money, and real regulators stayed exactly as expensive as it always was. Maybe more expensive, because now there's more code to govern and less time spent thinking before it shipped.

AI Didn't Fix the Decision. It Made the Bad Version Faster

VentureBeat had it right this week: AI lowered the cost of building software, but enterprise governance hasn't caught up. That gap is not closing. It's widening, because every team that used to spend three months evaluating a vendor now spends three days building an internal tool with Claude Code or an agent harness like ECC and calls the decision made. It wasn't made. It was skipped.

Here's what actually happened to the build vs buy calculus. Before, the friction of building was high enough that "buy" won by default in most regulated categories, because nobody had the engineering hours to build a compliant alternative. That friction is gone. A single senior engineer with the right tools can now stand up a working MVP development cycle in a week that would have taken a team a quarter in 2022. The New Stack's piece on agentic AI in regulated industries nails the real cost that's hiding underneath: it's not the code, it's proving the code is safe, auditable, and someone's name is attached to every decision it makes.

Cheap building did not make governance cheap. It made the temptation to skip governance much stronger, because now you can ship something that looks finished before anyone has asked who owns the risk.

The Real Question: Who Owns Your Judgment?

Every build vs buy decision was always secretly a judgment-ownership decision. When you bought Salesforce, you were buying Salesforce's judgment about how customer data should be structured, retained, and protected, backed by their compliance team, their audits, their liability. When you build it yourself, you inherit all of that judgment and none of the institutional muscle that used to come with it.

AI agents don't change this. They make it worse, because now the "build" side can look, feel, and demo exactly like the "buy" side. A well-prompted agent output is indistinguishable from a properly reviewed decision until it fails. And it fails at the worst possible moment: in front of an auditor, a regulator, or a customer's lawyer.

So the real question a founder needs to answer isn't "can we build this cheaper than buying it." It's: who is the accountable human when this system does something wrong, and can that human actually explain, in plain language, why the system did what it did? If the answer is "the AI decided" or "nobody really reviewed that part," you don't have a system. You have exposure with a nice UI.

The Governance Gap Is Not a Compliance Problem, It's a Design Problem

Most teams treat governance as something you bolt on after the product works. That was survivable when building was slow, because slowness gave you time to think. Now building is fast and governance is still slow, which means governance has to move to the front of the process or it never happens at all. At HEIMLANDR we build this in from day one on every AI agent and AI solution we ship, not because it's trendy, but because it's the only way the thing survives contact with a real audit six months later.

Sweden's Version of This Problem: Anxious, Not Prepared

CIO.com's Swedish coverage this week of the "IT roadmap gotchas" facing Nordic leaders describes something I see constantly in Jönköping and across Swedish IT departments: anxiety without a framework. IT leaders know disruption is coming. They know AI changes their build economics. What they don't have is a decision process that tells them when "we can build this ourselves now" is actually true versus when it's a founder's ego talking. Sweden has a real advantage here that almost nobody is using correctly. Swedish developer costs sit in a strange middle zone, cheaper than the US, more expensive than Eastern Europe or India. For a decade that made the build vs buy math genuinely hard, because labor cost was a real variable in the equation. AI just deleted that variable. It doesn't matter anymore whether your engineer costs 900 kronor an hour or 200. What matters is whether your organization can answer for what gets built, and that answer has nothing to do with hourly rate. Swedish founders who are still doing the old cost comparison are solving yesterday's problem.

Compare that to the US, where venture-funded teams are burning cash to build proprietary agent infrastructure specifically because ownership of the judgment layer is now seen as the moat, not the code itself. Or look at how EU AI Act enforcement is shaping up: the Act doesn't care whether your system was built in-house or bought from a vendor, it cares whether you can demonstrate risk classification, human oversight, and accountability. Sweden, and the EU broadly, wrote governance requirements before the tooling made building trivially cheap. That ordering is actually correct, and it's a rare case where European regulators were ahead of the market instead of behind it. Read that twice, because it doesn't happen often. The problem is Swedish companies aren't using the head start. They're still asking "should we build or buy" when Brussels already answered a more important question: "can you prove you're in control of it either way."

Where Nordic Companies Are Actually Ahead

Nordic companies have a cultural advantage that gets undersold: we're comfortable with slower, more deliberate decision-making in regulated contexts. Swedish banks, healthcare systems, and public sector IT are used to documentation-heavy processes. That instinct, annoying as it is in a sprint retro, is exactly the muscle you need for AI-era governance. The mistake is applying that instinct only to procurement decisions and not to internal builds, as if code you wrote yourself is somehow exempt from the same scrutiny you'd apply to a vendor contract.

Where This Goes: 2026 to 2030

Over the next two to three years, expect three things to happen in parallel. First, the price of building custom software keeps dropping toward zero for anything that isn't deeply regulated, thanks to better agent harnesses, better tooling like OpenHands, and infrastructure like Daytona making AI-generated code safe to run and test at scale. Second, the vendors who survive will not compete on features, they'll compete on certified accountability. Buying software will increasingly mean buying an audit trail and a legal shield, not a feature set. Third, and this is the part most founders aren't ready for, the AGI trajectory makes this worse before it makes it better. As agents get more autonomous, more capable of chaining decisions without human review at each step, the gap between "we built something that works" and "we built something we can explain" grows, not shrinks. Explainability doesn't scale automatically with capability. It has to be engineered deliberately, and most teams building fast right now are not doing that. I expect a wave of Swedish and EU enforcement actions in 2027 and 2028 against companies that built AI-driven systems fast, launched them, and never built the accountability layer underneath. Not because regulators are hunting for blood, but because the EU AI Act's real teeth start showing up in enforcement cadence right around then, and a lot of "we built it ourselves to save money" decisions from 2025 and 2026 are going to look reckless in hindsight. GDPR fines were the warm-up act. AI Act non-compliance combined with a governance failure is going to be the real show, and Sweden's Datainspektionen has already signaled it's paying close attention to automated decision systems specifically.

What To Look At This Week

If you're actually serious about getting the build side right, not just fast but defensible, a few things are worth your time:

  • awesome-claude-code: not because you need another curated list, but because the tooling ecosystem around agentic dev is maturing fast enough that "what did we actually let the agent decide" is becoming a solvable, documentable problem instead of a black box.
  • Hoppscotch or Bruno: boring, obvious, and exactly the kind of open, auditable, self-hosted tooling that should replace any black-box SaaS touching sensitive API traffic. If you're worried about vendor lock-in and data residency in the Nordics, start with your API layer.
  • ponytail: half joke, half genuinely useful discipline. "The best code is the code you never wrote" is the correct default mindset for any team tempted to build everything just because AI makes it possible. Build less. Govern what you build well.

What To Actually Do About This

Stop running build vs buy as a cost comparison. Run it as an accountability audit. For every system you're considering building instead of buying, ask three questions before a single line of code gets written: who is the named human accountable if this fails an audit, what does the explanation to a regulator look like in plain Swedish or English, and does that explanation survive contact with someone who wasn't in the room when it was built. If you can't answer those three questions, you're not ready to build it yourself, no matter how cheap AI makes the code. That's not a reason to default to buying either. Plenty of vendors are just as unaccountable, they've just had longer to hide it behind a sales deck. It's a reason to build governance into the plan from day one, whether you build or buy. That's the actual work now. Not the code. The judgment trail behind the code. This is also, frankly, where a lot of custom software development gets done wrong in Sweden right now. Teams either over-engineer governance into paralysis, killing the speed advantage AI gave them, or they skip it entirely and ship something fast that becomes a liability in eighteen months. The right move is neither. It's building the accountability structure at the same speed as the product, which is exactly the kind of work we do at HEIMLANDR across SaaS development, rapid MVP builds, and fullstack development projects for Nordic companies who want speed without pretending the accountability question doesn't exist.

I read a good breakdown in Breakit last month about Swedish startups racing to ship AI features without a clear line on who reviews model output before it reaches a customer. That's the same gap, just wearing a different outfit. It's not a Sweden problem specifically. It's a global problem that Sweden, because of its regulatory instincts, is actually better positioned to solve than most. We're just not using the advantage yet.

The Question That Actually Matters

Build vs buy made sense when building was expensive and slow enough that the decision carried real weight on its own. That world is gone. What's left is a much harder, much more honest question: when this system makes a decision that affects a real person, who stands behind it, and can they explain it without flinching. Answer that first. The build vs buy question answers itself after.

Fredrik Brunnberg is the CEO of HEIMLANDR.IO, building AI and software solutions from Jönköping, Sweden. This is the daily HEIMLANDR briefing. If you found this valuable, share it with someone who builds things.

#build vs buy#AI governance#custom SaaS development#Swedish tech#AI agents#EU AI Act#software accountability
F
Fredrik Brunnberg

CEO & Writer

CEO of HEIMLANDR.IO. Punk rock tech from Jönköping, Sweden. Building AI systems, blockchain infrastructure, and writing about where this industry is actually heading — no echo chamber, no hype.