The EU AI Act Is a Tax on Europe's Builders. Sweden Is Asleep.

The Next Great AI Company Will Not Be Born in Europe. Brussels Made Sure of That.

Right now, as I write this from Jönköping, Politico is running a piece titled "Why AI is a nightmare for the EU." Carnegie is publishing analysis on Brussels being caught between its regulatory instinct and the reality that OpenAI, Anthropic, and Chinese labs are eating the market. And in Sweden? Silence. No political voices in today's news cycle on AI readiness. Nothing from the government. Nothing from the opposition. That silence is the most important data point in this entire briefing.

I run an AI development company in Europe. Specifically, a tech company in Jönköping, Sweden. We build AI agents, ship SaaS products, and work with clients across the Nordics and beyond. I am telling you plainly: the EU AI Act, as it stands and as it is being implemented in 2026, is a compliance tax on Europe's own builders. It does not protect citizens. It protects incumbents. And the incumbents it protects most are American.

What the AI Act Actually Does to a Small European Builder

Let me walk you through what the tiered risk framework looks like from ground level. Not from a policy paper. From a product team.

You are a startup. You have twelve people. You have built something good. An AI agent that handles customer service workflows, or a computer vision model for quality control in manufacturing. You want to ship it. First question: what risk tier is your product in?

Nobody knows. That is not an exaggeration. The Politico piece today confirms it. European AI companies are paralyzed because they cannot classify their own products under the framework. The definitions are ambiguous. The guidance is incomplete. The penalties for getting it wrong are existential. Up to 7% of global turnover for certain violations.

So what do you do? You hire a compliance consultant. You bring in a law firm. You start building documentation before you have finished building the product. If your model touches anything that could be interpreted as "high risk," you need conformity assessments, risk management systems, data governance frameworks, human oversight mechanisms, and technical documentation that would make a pharmaceutical company blush.

Conservative estimate for a startup to get through this: 12 to 18 months of additional timeline. €200,000 to €500,000 in direct compliance costs. That is a Series A round. Gone. Before you ship.

Meanwhile, OpenAI ships a new model on a Tuesday. Anthropic updates Claude on a Thursday. They deal with the EU AI Act through a Brussels lobbying office and a legal team the size of a Nordic startup's entire headcount.

This is not responsible innovation. This is a moat. And Europe dug it around itself.

The Nordic Situation: Tietoevry and the "Nordic Moat" Question

Tietoevry, one of the largest tech firms in the Nordics, is facing questions right now about whether its regional position is enough for global relevance. This is a company with thousands of employees, deep government contracts, and decades of Nordic market knowledge. If they are struggling with global relevance under the current regulatory environment, what chance does a 10-person AI team in Malmö or Gothenburg or Jönköping have?

The honest answer: very little. Unless something changes.

Sweden has historically been exceptional at producing tech companies relative to its size. Spotify. Klarna. King. iZettle. But every one of those companies was built in a regulatory window that no longer exists. Spotify shipped a music streaming product into a market where the rules were being written after the fact. Klarna built fintech infrastructure before PSD2 was finalized. They moved fast, found product-market fit, and then dealt with regulation from a position of strength.

The AI Act flips that sequence. Now you must comply before you ship. You must classify before you build. You must document before you know what you are documenting. For a two-person founding team with a good idea and a GPU cluster, this is not a speed bump. It is a wall.

And here is what makes it worse for Sweden specifically. The Swedish government is not engaging. Today, right now, there is no visible Swedish political voice on AI readiness in the public discourse. The country that gave the world Spotify is sleepwalking into an era where building AI products in software development Sweden is becoming economically irrational compared to doing it from San Francisco, London post-Brexit, or Singapore.

Who the AI Act Actually Protects

Let me be specific about the incentive structure Brussels has created.

American Big Tech wins. OpenAI, Google, Meta, Anthropic, and Microsoft have the legal teams, the lobbying budgets, and the compliance infrastructure to absorb the AI Act. For them, it is a line item. For a European startup, it is the budget. The AI Act creates a barrier to entry that consolidates the market in favor of companies that are already at scale. These companies are not European.

Chinese labs are indifferent. DeepSeek, Baidu, and others are building for the Chinese market first and expanding into regions that welcome them. The EU AI Act is irrelevant to their R&D velocity. They will comply selectively where market access justifies it. They will not slow down.

European startups lose. Every euro spent on compliance documentation is a euro not spent on model training, product development, or hiring engineers. Every month spent on risk classification is a month your American competitor uses to capture your target market. The math is brutal and simple.

European citizens get theater. The stated goal is to protect people from harmful AI. Noble. Necessary, even. But the Act's complexity does not scale to the speed at which AI capabilities are advancing. By the time the conformity assessment frameworks are finalized for one generation of models, the next generation is already deployed by US companies serving European users. The regulation protects against yesterday's risks while today's risks walk through the front door wearing an American flag.

Where This Goes: 2027-2030 and the AGI Question

Here is where I have to be honest about trajectory, because the regulatory gap is going to get worse, not better.

We are moving toward increasingly capable AI systems. Whether you call it AGI or not is a semantic debate. What matters is that the capability curve is steep and the regulatory curve is flat. The EU AI Act was designed for a world of narrow AI systems that could be neatly categorized into risk tiers. The world is not cooperating with that design.

In the next two to three years, we will see AI agents that operate autonomously across multiple domains. Systems that write code, execute transactions, manage infrastructure, and make decisions that affect real people in real time. The current classification framework has no coherent answer for a general-purpose AI agent that moves fluidly between "minimal risk" and "high risk" activities within a single session.

What happens then? One of two things.

Option one: Brussels tries to update the framework. This takes years. The gap between regulation and reality widens. European companies fall further behind. The brain drain accelerates. The best AI engineers in Stockholm, Helsinki, and Copenhagen take remote jobs at American companies or relocate entirely. We are already seeing this.

Option two: Brussels acknowledges the structural problem and creates a fast-track regime for European-founded AI companies. Regulatory sandboxes with real teeth. Reduced compliance burdens for companies under a certain revenue threshold. A European AI sovereignty fund that offsets compliance costs for strategic technologies. This is what should happen. I am not optimistic that it will.

For builders, the implication is clear. If you are starting an AI company in Europe today, your regulatory strategy is as important as your product strategy. That is not how innovation works. But it is the world we live in.

What We Are Doing About It at HEIMLANDR

I am not writing this from the sidelines. We build AI agents and AI solutions at HEIMLANDR. Every product we ship touches the AI Act. Every client conversation includes a compliance dimension that did not exist two years ago.

Our approach is pragmatic. We build with compliance awareness baked into the architecture from day one. Not because we love regulation, but because our clients need to ship in the EU market and we refuse to let Brussels be the reason a good product dies. We treat regulatory constraints as engineering problems. We automate documentation. We design systems that can demonstrate conformity without requiring a dedicated compliance team on the client side.

If you are a founder looking to build an MVP that can actually ship in Europe without burning half your runway on legal fees, that is exactly the problem we solve. It should not require heroic effort. But right now, it does.

What to Look At

If you are building in Europe right now and dealing with the compliance reality, here are tools and resources worth your attention this week:

CISO Assistant (ciso-assistant-community) is an open-source GRC platform that supports 130+ frameworks including GDPR, NIS2, and ISO 27001. If you need to map your AI product's compliance posture across multiple European frameworks simultaneously, this is the most practical starting point I have seen. It does automatic control mapping, which saves weeks of manual work.

Bearer is a code security scanning tool (SAST) that helps you discover and prioritize privacy risks in your codebase. When the AI Act demands you demonstrate data governance and risk management in your AI pipeline, having automated scanning that catches privacy issues before they become compliance violations is not optional. It is infrastructure.

Prowler is the most widely used open-source cloud security platform. If your AI workloads run in AWS, Azure, or GCP, Prowler automates compliance checks across cloud environments. The AI Act's technical documentation requirements include infrastructure security posture. Prowler gives you that evidence automatically.

Baserow is worth a mention as a self-hosted, GDPR-compliant alternative to Airtable. When you need to manage compliance workflows, risk registers, or audit trails without sending data to a US-hosted SaaS, having a European-friendly no-code database matters more than it sounds.

The Uncomfortable Question

Here is what I keep coming back to. Europe is not short on talent. It is not short on ideas. It is not short on capital, though it could use more. What Europe is short on is political courage to admit that the AI Act, in its current form, is doing more harm than good to European competitiveness.

I say this as someone who believes in regulation. I am not a libertarian tech bro who thinks the market solves everything. I am a Swede. I believe in systems that work. The AI Act is not a system that works. It is a system that looks like it works from the outside while hollowing out European AI capacity from the inside.

Sweden should be leading the pushback. We have the technical credibility. We have the startup ecosystem. We have engineers who want to build here. But our political class is absent from the conversation. That needs to change. If you are a founder, a CTO, or a CEO in Sweden reading this, you need to be louder. Write to your representatives. Show up at EU consultations. Make it impossible for Swedish politicians to continue ignoring the fact that the next generation of AI companies is being regulated out of existence before they can exist.

I am building from Jönköping. I intend to keep building from Jönköping. But I refuse to pretend that Brussels is making it easy. It is making it hard, expensive, and slow. And the only people who benefit from hard, expensive, and slow are the ones who are already big enough not to care.

Ship things. Stay loud.

Fredrik Brunnberg is the CEO of HEIMLANDR.IO, building AI and software solutions from Jönköping, Sweden. This is the daily HEIMLANDR briefing. If you found this valuable, share it with someone who builds things.