LoginSubscribe Now
Follow Us
Sign up to our free newsletter
Solicitors Journal LogoInforming the legal profession since 1856

Find the knowledge you need from the SJ library of over 20,000 legal articles

Search now
Solicitors Journal Logo
  • Legal News
  • Opinion
  • Features
  • Practice Notes
  • Business
  • International
  • Court Reports
  • AI Search
  • Digital Edition
  • Subscription Options
  • Advertise with Us
    • About Us
    • Contact Us
    • FAQ
    • Guide to Authors
Solicitors Journal

Informing the legal profession since 1856.

Follow us

Topics

  • Legal News
  • Opinion
  • Features
  • Practice Notes
  • Business
  • International
  • Court Reports

About

  • About Us
  • Contact Us
  • Advertise with Us
  • FAQ
  • Guide to Authors

Subscribe

  • Subscription Options
  • Digital Edition
  • Free Newsletter

Editorial

editorial@solicitorsjournal.com+44 (0)1223 750 755

Subscriptions

subscriptions@solicitorsjournal.com+44 (0)1223 750 755

Advertising

Advertise with usadvertising@solicitorsjournal.com+44 (0)1223 750 755

© 2026 Solicitors Journal in partnership with the International In-house Counsel Journal

ISSN 0038-1047  ·  Images: Freepix, Unsplash and by permission of the authors

Terms and ConditionsCookie PolicyPrivacy PolicyPLS Clear logoCopyright & permissions
Charlie HawesCharlie Hawes

Of Counsel, Bristows

Quotation Marks
Mythos 5 is Anthropic's most advanced model, which demonstrates significantly improved ability for cyber security use cases compared with previous state-of-the-art models

What Anthropic’s model shutdown means for AI law and contracts

3 Jul 2026|International|Add your comment
Share:
What Anthropic’s model shutdown means for AI law and contracts

By Charlie Hawes

The reported restriction of access to Anthropic’s Mythos 5 and Fable 5 models following a US export control directive signals a potential shift in how frontier AI is governed

On 12 June 2026, Anthropic disabled access to its Mythos 5 and Fable 5 models for its customers globally. This was reportedly in response to a US government export control directive requiring Anthropic to limit access to these models to US nationals only (including within Anthropic's workforce), citing national security concerns. As of 15 June, the nature of the national security concern is not clear and it is possible that the situation will be resolved quickly.

Mythos 5 is Anthropic's most advanced model, which demonstrates significantly improved ability for cyber security use cases compared with previous state-of-the-art models. Anthropic has made much of its coding capability and the potential cyber risks that the model presents, and initially offered it only to a small group of trusted customers. Fable 5, launched just last week, is a general-purpose offering, built on the same model as Mythos, but with additional technical restrictions to reduce the risk of its being used for dangerous or illegal purposes (including offensive cyber security applications).

This article considers the legal impact of this decision, how it fits into the UK and EU regulatory context, and some considerations for lawyers working on AI contracts.

History suggests that export controls on software are difficult to sustain in the long-term. We consider the analogy with the "Crypto Wars" of the 1990s, and whether regulation can hold back the tide of AI.

Brussels is likely to see this as a vindication of its emerging "AI sovereignty" agenda. The proposed EU Cloud and AI Development Act (published earlier this month) seeks to ensure that the EU's access to strategically important AI is not at the discretion of foreign states.

Lawyers working on AI contracts need to bear in mind the shifting regulatory environment when drafting and negotiating. In particular, force majeure, export control, compliance with law, and termination/suspension clauses need fresh consideration, especially where a deal involves access to frontier models.

"AI Wars"? Lessons from restricting cryptography

Those who have worked in the field for long enough may have a sense of déjà vu. During the "Crypto Wars" of the 1990s, the US Government (along with other governments, including in the UK) attempted to use export control regulations to restrict the proliferation of strong encryption. In practice, this policy did not prevent functionally unbreakable cryptography from becoming mainstream: internet connections and data storage are now routinely encrypted using algorithms that would have been illegal to export from the US in the 1990s.

The key reason for this failure was that cryptography became commoditised and freely available around the world (PGP being the most famous example, which led to its author being investigated for export of "munitions"). At that point, it became clear that the restrictions were putting US technology companies at a disadvantage without yielding any real national security benefit.

Latest Articles

On 12 June 2026, Anthropic disabled access to its Mythos 5 and Fable 5 models for its customers globally. This was reportedly in response to a US government export control directive requiring Anthropic to limit access to these models to US nationals only (including within Anthropic's workforce), citing national security concerns. As of 15 June, the nature of the national security concern is not clear and it is possible that the situation will be resolved quickly.

Mythos 5 is Anthropic's most advanced model, which demonstrates significantly improved ability for cyber security use cases compared with previous state-of-the-art models. Anthropic has made much of its coding capability and the potential cyber risks that the model presents, and initially offered it only to a small group of trusted customers. Fable 5, launched just last week, is a general-purpose offering, built on the same model as Mythos, but with additional technical restrictions to reduce the risk of its being used for dangerous or illegal purposes (including offensive cyber security applications).

This article considers the legal impact of this decision, how it fits into the UK and EU regulatory context, and some considerations for lawyers working on AI contracts.

History suggests that export controls on software are difficult to sustain in the long-term. We consider the analogy with the "Crypto Wars" of the 1990s, and whether regulation can hold back the tide of AI.

Brussels is likely to see this as a vindication of its emerging "AI sovereignty" agenda. The proposed EU Cloud and AI Development Act (published earlier this month) seeks to ensure that the EU's access to strategically important AI is not at the discretion of foreign states.

Lawyers working on AI contracts need to bear in mind the shifting regulatory environment when drafting and negotiating. In particular, force majeure, export control, compliance with law, and termination/suspension clauses need fresh consideration, especially where a deal involves access to frontier models.

"AI Wars"? Lessons from restricting cryptography

Those who have worked in the field for long enough may have a sense of déjà vu. During the "Crypto Wars" of the 1990s, the US Government (along with other governments, including in the UK) attempted to use export control regulations to restrict the proliferation of strong encryption. In practice, this policy did not prevent functionally unbreakable cryptography from becoming mainstream: internet connections and data storage are now routinely encrypted using algorithms that would have been illegal to export from the US in the 1990s.

The key reason for this failure was that cryptography became commoditised and freely available around the world (PGP being the most famous example, which led to its author being investigated for export of "munitions"). At that point, it became clear that the restrictions were putting US technology companies at a disadvantage without yielding any real national security benefit.

Could attempts to use export controls to limit access to powerful AI models meet the same fate? There are two obvious differences from the cryptography example, at least for the moment. The first is that the proprietary frontier models are provided as a service over API rather than distributed as software, meaning that the provider can control access (just as Anthropic has done in this case). The second is that frontier models usually require data-centre scale hardware to run, meaning that even if bad actors could obtain the model and weights, they would need the resources of a large corporation or a nation state to use it.

But these are not perfect defences. For one thing, nation states (or groups backed by nation states) are one of the key threat actors that authorities have in mind. More generally, open-source models such as Deepseek and Qwen are continually climbing the benchmarks, often outperforming larger, closed models with much lower hardware requirements (albeit usually several months later). If this trend continues, it may soon be possible to have Mythos-like capability in an open model, running on local hardware and at a cost that is accessible to a well-resourced criminal.

AI sovereignty and the UK and EU regulatory agendas

Digital sovereignty, and AI sovereignty in particular, has been a major talking point of the last few years for both policymakers and businesses. The US Government directive, and Anthropic's response to it, provide a clear illustration of why. AI safety and alignment researchers have long predicted that there would come a point where frontier AI models would become so competent in the field of cyber security that governments would feel compelled to restrict – or even monopolise – access to them. Countries that lack domestic technical capability risk being left out.

The UK has announced that this is a policy priority and recently launched a sovereign AI fund which will invest in UK-based start-ups and scale-ups. Earlier this month, the European Commission released its proposal for a Cloud and AI Development Act (CADA), which aims to "reduce critical external dependencies by strengthening homegrown cloud and AI capabilities and infrastructure". This follows hot on the heels of the Chips Act and the recently proposed Chips Act 2.0, which aim to provide supply-side and demand-side support for EU-based semiconductor manufacturing.

CADA contains measures to support AI research (particularly in the field of cyber security) and expand data centre capacity within the EU, with funding expected to come from existing EU programmes as well as from member state governments and the private sector. It also contains measures to push public-sector (and potentially even private-sector) procurement decisions toward EU-based cloud providers.

While the US Government's decision may vindicate those policymakers concerned about AI sovereignty, it remains to be seen whether the EU will be able to legislate and subsidise a thriving domestic cloud and AI ecosystem into existence this late in the game.

Contracting for AI amid regulatory uncertainty

Regardless of how the situation with Mythos and Fable is resolved, we doubt this will be the last example of a regulatory intervention affecting the cross-border provision of AI services. Lawyers working on AI deals will need to bear this in mind, and consider whether the contract is properly allocating the risks of regulatory change.

Most vendors' standard terms place all of the risk of such an event with the customer. The Cloud Legal Project (Queen Mary University of London) recently released a paper analysing standard terms from the key AI vendors. Unsurprisingly, these terms are very protective of the vendor in this scenario:

  • Where standard terms address export control, they are frequently non-specific and the customer promises to comply with export control laws (which underplays the role of the provider in enabling compliance).
  • Some providers set out a list of supported or unsupported regions which the provider is free to change during the contract term.
  • Many providers reserve the right to terminate the contract for convenience and to suspend the services where required by law.
  • Government orders are often treated as force majeure events, relieving the provider of its performance obligations while usually leaving the customer's payment obligations intact.

Our experience is that these contracts can be negotiated where a deal is sufficiently large or strategic. In this case, customers may wish to consider whether a more balanced position could be reached, for example by:

  • Explicitly addressing regulatory changes: ensuring that they are not treated as force majeure events and that instead the risk is commercially allocated. While it clearly wouldn't be reasonable to expect the provider to continue providing a service in breach of the law, it would be reasonable to seek proper notice, obligations to try to overcome the disruption, and swift resumption of service when possible.
  • Including commercial remedies: where access to cutting-edge models is a core part of the deal, including stronger rights such as termination without penalty if those models become unavailable, or potentially a fee reduction (akin to service credits) if the service falls back to less capable models.
  • Sensible sharing of compliance obligations: resisting boilerplate "compliance with law" wording. Where the parties know that the service may be subject to export controls, customers could seek a more workable regime where the service provider is responsible for identifying whether their product is subject to export control restrictions and obtaining the relevant export permits, and the customer promises to comply with the end user restrictions in the permit.

For practitioners, the Mythos and Fable episode is a prompt to have a different conversation with clients who rely on frontier AI. The instinct is to reach for the contract, but the more valuable advice often comes earlier. Clients should be asked where frontier models actually sit in their business, how exposed they are if access is restricted or degraded overnight, and whether they have a realistic fallback. Many will not have thought about it in those terms until prompted.

The drafting points above then follow naturally from that conversation. But practitioners add the most value by treating this as a business-continuity issue first and a drafting issue second. Advising a client to design for substitutability, and to avoid building a critical process around a single model they may lose access to, will often matter more than any clause. Our view is that the risk of unpredictable national security or other regulatory interventions over frontier models is here to stay, and the firms that serve clients well will be the ones raising the question before the next directive lands, not after.

Legal News desk contact: editorial@solicitorsjournal.com|PLS LogoCopyright & permissions

Could attempts to use export controls to limit access to powerful AI models meet the same fate? There are two obvious differences from the cryptography example, at least for the moment. The first is that the proprietary frontier models are provided as a service over API rather than distributed as software, meaning that the provider can control access (just as Anthropic has done in this case). The second is that frontier models usually require data-centre scale hardware to run, meaning that even if bad actors could obtain the model and weights, they would need the resources of a large corporation or a nation state to use it.

But these are not perfect defences. For one thing, nation states (or groups backed by nation states) are one of the key threat actors that authorities have in mind. More generally, open-source models such as Deepseek and Qwen are continually climbing the benchmarks, often outperforming larger, closed models with much lower hardware requirements (albeit usually several months later). If this trend continues, it may soon be possible to have Mythos-like capability in an open model, running on local hardware and at a cost that is accessible to a well-resourced criminal.

AI sovereignty and the UK and EU regulatory agendas

Digital sovereignty, and AI sovereignty in particular, has been a major talking point of the last few years for both policymakers and businesses. The US Government directive, and Anthropic's response to it, provide a clear illustration of why. AI safety and alignment researchers have long predicted that there would come a point where frontier AI models would become so competent in the field of cyber security that governments would feel compelled to restrict – or even monopolise – access to them. Countries that lack domestic technical capability risk being left out.

The UK has announced that this is a policy priority and recently launched a sovereign AI fund which will invest in UK-based start-ups and scale-ups. Earlier this month, the European Commission released its proposal for a Cloud and AI Development Act (CADA), which aims to "reduce critical external dependencies by strengthening homegrown cloud and AI capabilities and infrastructure". This follows hot on the heels of the Chips Act and the recently proposed Chips Act 2.0, which aim to provide supply-side and demand-side support for EU-based semiconductor manufacturing.

CADA contains measures to support AI research (particularly in the field of cyber security) and expand data centre capacity within the EU, with funding expected to come from existing EU programmes as well as from member state governments and the private sector. It also contains measures to push public-sector (and potentially even private-sector) procurement decisions toward EU-based cloud providers.

While the US Government's decision may vindicate those policymakers concerned about AI sovereignty, it remains to be seen whether the EU will be able to legislate and subsidise a thriving domestic cloud and AI ecosystem into existence this late in the game.

Contracting for AI amid regulatory uncertainty

Regardless of how the situation with Mythos and Fable is resolved, we doubt this will be the last example of a regulatory intervention affecting the cross-border provision of AI services. Lawyers working on AI deals will need to bear this in mind, and consider whether the contract is properly allocating the risks of regulatory change.

Most vendors' standard terms place all of the risk of such an event with the customer. The Cloud Legal Project (Queen Mary University of London) recently released a paper analysing standard terms from the key AI vendors. Unsurprisingly, these terms are very protective of the vendor in this scenario:

  • Where standard terms address export control, they are frequently non-specific and the customer promises to comply with export control laws (which underplays the role of the provider in enabling compliance).
  • Some providers set out a list of supported or unsupported regions which the provider is free to change during the contract term.
  • Many providers reserve the right to terminate the contract for convenience and to suspend the services where required by law.
  • Government orders are often treated as force majeure events, relieving the provider of its performance obligations while usually leaving the customer's payment obligations intact.

Our experience is that these contracts can be negotiated where a deal is sufficiently large or strategic. In this case, customers may wish to consider whether a more balanced position could be reached, for example by:

  • Explicitly addressing regulatory changes: ensuring that they are not treated as force majeure events and that instead the risk is commercially allocated. While it clearly wouldn't be reasonable to expect the provider to continue providing a service in breach of the law, it would be reasonable to seek proper notice, obligations to try to overcome the disruption, and swift resumption of service when possible.
  • Including commercial remedies: where access to cutting-edge models is a core part of the deal, including stronger rights such as termination without penalty if those models become unavailable, or potentially a fee reduction (akin to service credits) if the service falls back to less capable models.
  • Sensible sharing of compliance obligations: resisting boilerplate "compliance with law" wording. Where the parties know that the service may be subject to export controls, customers could seek a more workable regime where the service provider is responsible for identifying whether their product is subject to export control restrictions and obtaining the relevant export permits, and the customer promises to comply with the end user restrictions in the permit.

For practitioners, the Mythos and Fable episode is a prompt to have a different conversation with clients who rely on frontier AI. The instinct is to reach for the contract, but the more valuable advice often comes earlier. Clients should be asked where frontier models actually sit in their business, how exposed they are if access is restricted or degraded overnight, and whether they have a realistic fallback. Many will not have thought about it in those terms until prompted.

The drafting points above then follow naturally from that conversation. But practitioners add the most value by treating this as a business-continuity issue first and a drafting issue second. Advising a client to design for substitutability, and to avoid building a critical process around a single model they may lose access to, will often matter more than any clause. Our view is that the risk of unpredictable national security or other regulatory interventions over frontier models is here to stay, and the firms that serve clients well will be the ones raising the question before the next directive lands, not after.

Comments

CCRC urged to enhance casework assurance
Solicitors Journal

CCRC urged to enhance casework assurance

An independent inspection report has highlighted essential improvements needed in the CCRC's casework quality assurance processes
News3 Jul 2026
MHRA secures convictions for medical fraud
Solicitors Journal

MHRA secures convictions for medical fraud

The MHRA has secured convictions against Kenneth Harrison and Medicina Limited for supplying non-compliant medical devices
News3 Jul 2026
Amber Rudd to lead prison safety review
Solicitors Journal

Amber Rudd to lead prison safety review

Amber Rudd will lead a comprehensive review of prisons in the UK aimed at improving safety and tackling crime
News3 Jul 2026
Swatch files historic trademark lawsuit against Samsung
Solicitors Journal

Swatch files historic trademark lawsuit against Samsung

Swiss watchmaker Swatch is pursuing $170 million in damages from Samsung in a landmark trademark case
News3 Jul 2026
R (Manby) v Hackney: planning permission quashed over failure to apply the 45-degree rule
Solicitors Journal

R (Manby) v Hackney: planning permission quashed over failure to apply the 45-degree rule

The Planning Court quashes a Hackney extension permission after officers noted but never applied the 45-degree rule.
Court Report2 Jul 2026
easyGroup v Cubico: IPEC dismisses trade mark claim against Easy Bathrooms and rejects 'easy' family of marks
Solicitors Journal

easyGroup v Cubico: IPEC dismisses trade mark claim against Easy Bathrooms and rejects 'easy' family of marks

IPEC dismisses easyGroup's infringement and passing off claims against Easy Bathrooms and rejects its pleaded family of marks.
Court Report2 Jul 2026
R (LMN and EFG) v Work and Pensions Secretary: Court of Appeal upholds two-child limit exceptions against discrimination challenge
Solicitors Journal

R (LMN and EFG) v Work and Pensions Secretary: Court of Appeal upholds two-child limit exceptions against discrimination challenge

The Court of Appeal finds the universal credit two-child limit exceptions justified and compatible with Article 14.
Court Report2 Jul 2026
GMC v Tripathi: High Court quashes GP's suspension over sexual misconduct but declines to order erasure
Solicitors Journal

GMC v Tripathi: High Court quashes GP's suspension over sexual misconduct but declines to order erasure

The Administrative Court finds serious irregularities in a tribunal's sanction but remits rather than erasing.
Court Report2 Jul 2026
Ward v Rai: Court of Appeal restores costs judge and warns against appealing case management decisions
Solicitors Journal

Ward v Rai: Court of Appeal restores costs judge and warns against appealing case management decisions

The Court of Appeal reinstates a deputy costs judge's ruling and cautions against uneconomic second appeals.
Court Report2 Jul 2026
Day v Health Education England: EAT upholds refusal of wasted costs order against Hill Dickinson
Solicitors Journal

Day v Health Education England: EAT upholds refusal of wasted costs order against Hill Dickinson

The EAT finds no error in a tribunal's refusal to sanction HEE's solicitors over non-disclosed training agreements.
Court Report2 Jul 2026
SRA report reveals issues in claims sector
Solicitors Journal

SRA report reveals issues in claims sector

A recent SRA report highlights significant consumer issues in the high-volume claims sector, reporting 54% faced problems
News2 Jul 2026
Preston woman wins settlement after tragedy
Solicitors Journal

Preston woman wins settlement after tragedy

A Preston woman has secured a six-figure settlement following the death of her husband from mesothelioma
News2 Jul 2026
SJ Interview: Chris Spelman
Solicitors Journal

SJ Interview: Chris Spelman

Chris Spelman is a partner in DWF's London dispute resolution team, specialising in financial services litigation and investigations, whistleblowing matters, and class action, securities and...
Interview1 Jul 2026
Matters of judgement
Solicitors Journal

Matters of judgement

Foreword1 Jul 2026