
Sweden's AI Budget: A Butter Knife at a Gunfight
Anthropic just closed a $50 billion round at a $900 billion valuation. That single fundraise is roughly 8% of Sweden's entire GDP. Meanwhile, Sweden's answer to the AI revolution is giving IMY, our privacy watchdog, a modest budget increase to enforce the EU AI Act. I run a tech company in Jönköping. I build AI systems. And from where I sit, we are watching our political class treat a civilizational shift like a zoning dispute.
This is not a regulatory problem. It is an existential competitiveness crisis. And the people making decisions in Stockholm either don't understand that or are choosing not to.
The Numbers Tell the Story
Let me lay this out plainly. Anthropic's round: $50 billion. OpenAI's recent valuation: north of $300 billion. Microsoft's AI capex this year: over $80 billion. Google's: roughly the same. These are not technology companies anymore. They are becoming infrastructure states. They are building the substrate on which all future software, all future services, and increasingly all future economic activity will run.
Sweden's response? A line item increase for a regulatory body that most Swedes have never heard of. IMY now gets to hire a few more lawyers and compliance officers to figure out how to enforce rules that the EU itself is already walking back before they take effect. The timelines are being pushed. The rules are being "simplified." The message is clear: even Brussels knows the AI Act as written is unworkable, but nobody wants to say it out loud.
Here is what kills me. A new free tool had to be created just to help Swedish companies understand EU cybersecurity requirements. Think about that. The regulatory framework is so complex that compliance itself has become a product category. We are generating an entire cottage industry around understanding rules, not building things. That is the state of software development in Sweden right now, and it should alarm every founder and CTO in the Nordics.
Sweden vs. the World: The View From Jönköping
I have a particular vantage point. I don't work in San Francisco. I don't work in Stockholm. I run HEIMLANDR.IO from Jönköping, a city of 100,000 in southern Sweden. We build AI solutions, SaaS platforms, and blockchain systems. We serve clients across Europe. And I can tell you exactly what the competitive reality looks like from here.
In San Francisco, a 22-year-old with a good demo can raise $20 million in a week. In Sweden, a proven team with revenue has to justify every krona to investors who want to see three years of profitability projections before they'll write a check. That conservatism used to be a feature. Swedish companies were stable. They were profitable. Spotify, Klarna, King. The Swedish model worked.
It doesn't work for AI. AI requires massive capital, tolerance for uncertainty, and speed. Three things the Swedish ecosystem is structurally bad at. Not because of talent. The talent here is exceptional. Sweden produces world-class engineers. But talent without capital and speed is just potential. And potential doesn't ship products.
Compare this to what's happening in the US. War chests larger than our GDP. Compute clusters that would require Sweden's entire power grid. And a regulatory environment that, for better or worse, is saying: go build, we'll figure out the rules later. You can disagree with that approach. I have mixed feelings about it myself. But the outcome is undeniable. The US is building the future. The EU is writing rules about it.
Asia is a different story. China's AI labs are closing the gap fast, backed by state capital and a domestic market of 1.4 billion. South Korea and Japan are investing aggressively. Even Singapore, a city-state smaller than Gothenburg's metro area, has a more coherent AI strategy than Sweden does.
The Real Problem: Regulation as Identity
Here is my actual take, and it's one that won't make me popular at policy panels in Stockholm.
The EU has turned regulation into an identity. GDPR was a genuine achievement. It set a global standard for privacy. Fine. But somewhere along the way, Brussels fell in love with the idea that Europe's role in tech is to be the world's referee. The AI Act. The Digital Markets Act. The Digital Services Act. NIS2. DORA. The Cyber Resilience Act. Each one adds another layer of compliance cost that falls disproportionately on small and mid-sized European companies. The big American platforms have legal armies and can absorb it. A 15-person AI startup in Linköping cannot.
The result is perverse. Our regulations are meant to protect European citizens from American tech giants. In practice, they protect American tech giants from European competition. Every hour a Swedish AI developer spends on compliance documentation is an hour not spent building. Every euro spent on legal review is a euro not spent on compute. This is the hidden tax on European innovation, and nobody is calculating the compound cost.
When I talk to other founders building AI development companies in Europe, the frustration is universal. We want to build. We want to compete. But we're drowning in acronyms while our American competitors are drowning in capital. Only one of those problems is a good one to have.
What IMY's Budget Actually Means
Let me be specific about the IMY situation. The budget increase is real. It's also wildly insufficient for the task at hand. IMY is being asked to be Sweden's AI Act enforcement body while simultaneously handling GDPR enforcement, which already stretches them thin. They are staffing up for a regulatory framework that the EU is actively revising. They are preparing to enforce rules that most Swedish companies don't yet understand and that may look completely different by the time enforcement begins in earnest.
This isn't IMY's fault. The people at IMY are competent. They are working with what they're given. The fault lies with a political class that thinks the appropriate response to an AI revolution is incremental budget adjustments to existing institutions. It's like responding to the invention of the automobile by giving the horse inspector a raise.
What Sweden actually needs is a national AI strategy with teeth. Real capital. A sovereign compute initiative. Tax incentives for AI R&D. Fast-track immigration for AI researchers. A willingness to move fast, even at the risk of making mistakes. Basically, everything we are culturally averse to.
Where This Goes: 2027-2030
Let me sketch the trajectory I see from here.
Near term (2026-2027): The AI Act's enforcement timeline continues to slip. More "simplification" rounds. Swedish companies remain confused about requirements. Compliance costs continue to rise, but actual enforcement stays minimal. The gap between US and EU AI capabilities widens. Some Swedish AI companies relocate their AI operations to the US or UK.
Medium term (2027-2029): AI agents become the default interface for business software. Companies that haven't integrated AI agents into their operations start falling behind visibly. The talent drain from Sweden accelerates as American companies offer remote positions at 3x Swedish salaries. Nordic tech becomes a talent farm for Silicon Valley.
The AGI question (2029+): If anything approaching AGI arrives, and the current trajectory suggests something in that neighborhood within 3-5 years, the countries that own the infrastructure and the models will have an economic advantage that makes oil look trivial. Europe will be a consumer of AGI, not a producer. The regulations we spent a decade crafting will be as relevant as horse-and-buggy traffic laws.
This is not inevitable. But it requires a fundamentally different posture from Swedish and EU policymakers. Stop optimizing for risk avoidance. Start optimizing for capability. The biggest risk isn't an AI doing something harmful. The biggest risk is not having AI capability when you need it.
What Builders Should Actually Do
I'm not going to sit here and just complain. If you're a founder, CTO, or senior engineer in Sweden or Europe, here's what I think you should be doing right now.
Build anyway. Don't wait for regulatory clarity. It's not coming. Build your AI products, build your agent systems, and stay within the spirit of the regulations while accepting that the letter will keep changing. Regulatory ambiguity is not an excuse for inaction.
Own your compliance stack. If you're going to operate in the EU, compliance is a cost of doing business. Make it as cheap and automated as possible. Don't hire armies of consultants. Use tooling.
Don't limit yourself to Swedish capital. If Swedish VCs won't fund your AI ambitions at the scale you need, look elsewhere. US investors are increasingly comfortable with European teams. The money exists. You just need to go find it.
Hire AI developers in Sweden before the talent market gets completely distorted. The engineers are here. They're good. But they won't wait forever while politicians debate frameworks.
What to Look At
A few tools and repos that are relevant to this whole mess, especially for European builders dealing with the compliance-vs-building tension:
CISO Assistant (4,000+ stars) is an open-source GRC platform that covers 150+ frameworks including GDPR, NIS2, DORA, and ISO 27001. If you're spending money on compliance consulting, look at this first. It handles automatic control mapping across frameworks, which means you're not duplicating work every time a new EU regulation lands on your desk.
Prowler (13,800+ stars) is the most widely used open-source cloud security tool. Automates security and compliance checks across AWS, Azure, and GCP. If you're running cloud infrastructure in Europe and dealing with multiple compliance requirements, this should be in your stack already.
Baserow (4,900+ stars) is a self-hosted, GDPR-compliant alternative to Airtable that now includes AI capabilities. It's the kind of tool that lets small European teams move fast without sending their data to US servers. Build databases, automations, and internal apps without writing code, while keeping data sovereignty.
Hemmelig.app ("hemmelig" is Scandinavian for "secret") lets you share sensitive information through encrypted, self-destructing links. Small tool, but relevant if you're handling client data and trying to keep things out of Slack logs and email.
The Bottom Line
Sweden is a country of 10 million people that has produced more billion-dollar tech companies per capita than almost anywhere on earth. That is not luck. It is talent, infrastructure, and a culture that values engineering excellence. Those advantages are real. They still exist.
But they are being eroded. Not by competition, which is healthy, but by our own institutional response to the most important technology shift since the internet. We are choosing to be rule-makers instead of builders. We are bringing a butter knife to a gunfight and congratulating ourselves on our table manners.
From Jönköping, from this small tech company in Småland, I see both the problem and the possibility. We at HEIMLANDR build because building is how you participate in the future. If Swedish politicians won't create the conditions for AI competitiveness, then Swedish builders will have to do it despite them. We've done it before. We can do it again. But the clock is ticking, and $50 billion just walked through someone else's door.
Fredrik Brunnberg is the CEO of HEIMLANDR.IO, building AI and software solutions from Jönköping, Sweden. This is the daily HEIMLANDR briefing. If you found this valuable, share it with someone who builds things.
CEO & Writer
CEO of HEIMLANDR.IO. Punk rock tech from Jönköping, Sweden. Building AI systems, blockchain infrastructure, and writing about where this industry is actually heading — no echo chamber, no hype.