Infrastructure dependence risk

Agentic commerce systems are distinguished from classical e-commerce architectures by their capacity for autonomous, multi-step decision-making: they decompose goals into sub-tasks, maintain persistent memory across sessions, invoke external tools including payment APIs and compliance services, and coordinate across multiple specialised agent components within a single commercial transaction [6]. This architectural shift carries a consequential but underanalysed implication for infrastructure governance. Classical e-commerce separated concerns cleanly across identifiable service boundaries; a retailer could procure a cloud host, a payment processor, and a recommendation engine from independent vendors with limited operational coupling between them. Agentic architectures couple those boundaries through session-spanning state: an orchestrating model must persist state, invoke downstream tools, and coordinate inference in real time, creating deep coupling across the LLM provider, the cloud substrate that hosts both the orchestrator and the tool registry, and the payment rail that executes the commercial outcome the agent is optimising toward.

For European operators, the structural consequence is that foreign infrastructure concentration, which was always present in classical deployments, now generates qualitatively different vulnerability. A disruption at any single foreign-controlled layer in a tightly coupled agentic deployment propagates across the other layers rather than remaining contained. The disruption is no longer a service outage at one vendor; it is an architectural failure across the entire commercial pipeline.

This paper makes three contributions. First, it maps infrastructure dependence by explicit stack layer, proceeding from semiconductor design through foundry capacity, cloud compute regions, large language model availability, inference frameworks, and payment clearing networks. That six-layer decomposition is necessary because concentration risk is not uniform across the stack: some layers present concentration without a viable diversification path at any near-term horizon, while others permit meaningful redundancy through open standards and multi-vendor procurement without requiring European sovereign alternatives that do not yet exist at scale [9].

Second, it classifies the risk that concentration at each layer generates, distinguishing between layers where concentration produces operational fragility under normal commercial conditions and layers where concentration produces vulnerability specifically under geopolitical stress. The distinction matters because the appropriate mitigation differs in each case. Operational fragility under normal conditions calls for vendor diversification and interoperability requirements. Vulnerability under geopolitical stress calls for negotiation capacity, treaty-based access guarantees, and managed redundancy across geographically distinct provider regimes.

Third, the paper evaluates the mitigation landscape against the explicit criterion of avoiding autarky. Autarky in this context means mandating European-only alternatives at the aggregate stack level, treating sovereignty as synonymous with domestic supply across every layer. This paper argues that autarky prescriptions fail on three grounds: no European provider currently operates large language model inference, high-performance compute fabrication, or payment network clearing at a scale sufficient to substitute for US and Chinese incumbents across all European deployments simultaneously; the cost of building that capacity is prohibitive relative to alternative mitigation instruments; and blanket mandates generate compliance overhead that concentrates market share further in the dominant non-European providers, which are best positioned to absorb that overhead.

The paper proceeds as follows. Section 2 grounds the urgency in regulatory and geopolitical developments. Section 3 positions the contribution relative to prior work. Section 4 describes the analytical framework. Section 5 presents concentration findings by layer. Section 6 interprets the findings and addresses interdependencies. Section 7 synthesises the strategic posture that the findings support. The limitations, future work, and a case study of generative AI inference in European financial services follow in Sections 8 through 10.

The regulatory and geopolitical environment that European agentic commerce operators face in the mid-2020s is materially different from the environment that shaped prior cloud-adoption decisions. Three developments in particular shorten the interval within which operators can diversify before agentic deployments entrench dependency.

First, European Union regulation now imposes explicit obligations on AI systems deployed in commercial contexts, and those obligations carry upstream implications that extend to the infrastructure on which the systems run. The EU AI Act establishes risk-tiered compliance requirements for AI systems; for high-risk applications in financial services, credit, and insurance, operators must demonstrate conformity of both the AI system and its deployment environment with data governance, robustness, and transparency requirements. The Digital Operational Resilience Act (DORA) imposes contractual and concentration-reporting requirements on critical IT service providers to financial entities, specifically addressing third-party dependency at the infrastructure level. The Data Act and the proposed European Health Data Space introduce data-localisation and portability requirements that interact with cloud-layer concentration. Together, these instruments create a compliance environment in which the infrastructure layer is no longer a procurement decision delegated to technical teams; it is a board-level governance obligation with enforcement consequences.

Second, the geopolitical framework within which US-China competition operates has shifted from trade rivalry to active contest over network centrality across infrastructure, digital, finance, and production networks [3]. Payment infrastructure illustrates this most concretely: the use of SWIFT access as a sanctions instrument, the development of alternative cross-border payment channels, and the active promotion of digital currency infrastructure by major state actors are all instances of financial network architecture being deployed as geopolitical leverage rather than as operationally neutral network infrastructure. European operators who route payment clearing through non-European network infrastructure are, in this context, exposed to access restriction as a policy instrument of a third-party government, not only to vendor commercial decisions.

Third, supply-chain disruptions in semiconductor markets in the early 2020s demonstrated that physical infrastructure concentration generates economic disruption at scale. The structural dependence of European automotive and electronics manufacturers on concentrated wafer fabrication capacity outside Europe was not a theoretical risk prior to those disruptions; it was a known configuration that generated actual production shutdowns when supply constraints tightened. Agentic AI deployments face a structurally analogous configuration at the model and compute layer: concentration of training compute and inference capacity in a small number of US-headquartered hyperscaler data centres means that access restrictions, whether driven by export control, sanctions, or unilateral policy decision, would propagate directly into European commercial AI systems with no short-term fallback.

These three developments converge on a specific urgency: the interval within which European operators can diversify or build negotiation capacity before agentic architectures entrench dependencies is narrowing. Agentic systems that accumulate persistent memory, fine-tune on proprietary data hosted in foreign cloud environments, and build tool registries around provider-specific APIs create switching costs that increase nonlinearly with deployment tenure. The earlier in the deployment lifecycle diversification or interoperability requirements are applied, the lower the cost of achieving meaningful redundancy [5].

The literature on technology stack concentration and digital sovereignty is distributed across several research communities that have developed complementary but largely non-integrated frameworks.

Schindler et al. [3] analyse US-China competition as a contest for centrality across four networked domains: infrastructure, digital, finance, and production networks. Their central contribution is the network-theoretic argument that geopolitical power accrues to actors who occupy positions of high centrality within interconnected global networks rather than to actors who achieve autarky. This paper builds directly on that framing by applying the centrality logic to the specific stack layers relevant to European agentic commerce, extending the analysis from the macro-network level to the deployment-architecture level. Schindler et al. do not address agentic AI architectures or the specific propagation dynamics of multi-layer coupling; this paper addresses that gap.

Sheikh [9] develops an explicitly layered model of European digital sovereignty, proceeding from physical infrastructure through network, data, and application layers, and argues that the appropriate governance response differs by layer. The layered model is structurally similar to the framework employed here. This paper extends Sheikh's analysis by incorporating the agentic AI deployment context, which adds orchestration and tool-registry layers that do not appear in prior sovereignty frameworks, and by evaluating mitigation options against explicit feasibility criteria rather than at the level of policy recommendation.

Schmitz and Seidl [5] analyse EU digital sovereignty and open strategic autonomy as political constructs that serve coalition-building functions across ideologically distinct factions within the European Commission, operating between neoliberal single-market logic and neo-mercantilist industrial policy logic. Their contribution is the observation that the rhetorical coherence of sovereignty discourse can mask the absence of a technically coherent programme. This paper engages that critique directly: the mitigation analysis in Sections 6 and 7 explicitly applies the criterion of technical feasibility and avoids reproducing sovereignty rhetoric in technical disguise.

Dwivedi et al. [1] provide a multidisciplinary survey of AI challenges and opportunities across research, practice, and policy domains. The survey identifies governance, bias, and systemic risk as principal concerns, providing a broad framing within which the specific infrastructure dependence questions of this paper sit. This paper narrows the focus to the infrastructure layer and operationalises risk classification in a way the survey does not.

Sapkota, Roumeliotis, and Karkee [6] develop a conceptual taxonomy of AI agents and agentic AI, distinguishing single-agent and multi-agent architectures and characterising the specific properties of agentic systems that generate emergent risks: persistent memory, dynamic task decomposition, and tool invocation. Their taxonomy is the technical foundation for this paper's architectural analysis of why agentic deployments generate qualitatively different concentration risk than classical AI service deployments.

Hanisch et al. [4] propose a conceptual framework for digital governance distinguishing analogue, augmented, and automated governance modes. Their framework informs the classification of mitigation mechanisms in Section 7: redundancy and portability mandates operate as augmented governance instruments (embedding digital rules into procurement and contract), whereas interoperability standards and monitoring dashboards operate as automated governance instruments (algorithmic enforcement of structural constraints). The analogue mode, bilateral diplomatic negotiation, applies directly to the negotiation-capacity vector described in Section 7.

Karim et al. [8] survey blockchain-based coordination mechanisms for multi-agent AI systems, proposing that distributed ledger infrastructure can enable secure, scalable multi-agent collaboration without centralised coordination intermediaries. This paper treats that proposal critically: it evaluates whether blockchain-based interoperability reduces concentration risk at the relevant layers or displaces it to a different concentration point in the validator and protocol governance layer.

Siam et al. [7] survey the artificial intelligence of things (AIoT) landscape, cataloguing integration patterns between edge AI and IoT infrastructure. Their survey is relevant to the edge compute layer of European agentic commerce deployments and is referenced in the results section's treatment of inference distribution.

This paper's specific contribution relative to the cited literature is the integration of the geopolitical network framing, the layered sovereignty model, the agentic architecture taxonomy, and the governance toolbox into a unified risk topology for European agentic commerce, with explicit mitigation evaluation criteria designed to distinguish genuine diversification from autarky-in-disguise.

The analytical framework proceeds in three stages: layer definition, concentration measurement, and risk classification. Each stage is described below with sufficient mechanical detail to permit replication.

Stage 1: Layer Definition

The stack is decomposed into six layers ordered from hardware to application, following the layered model established in the European digital sovereignty literature [9] and extended to incorporate the agentic AI architectural properties identified in [6]:

1. Chip Design: Instruction set architecture, processor IP, and GPU/TPU accelerator design. The relevant concentration unit is design firm market share by revenue and by architecture adoption rate in AI training and inference workloads.
2. Foundry Capacity: Physical semiconductor fabrication at advanced process nodes (below 7nm for training-grade accelerators). The relevant concentration unit is wafer-start capacity by geography and by process node.
3. Cloud Compute and Regions: Hyperscaler infrastructure providing compute, storage, and networking. The relevant concentration unit is data centre region count and compute capacity by provider and by geographic jurisdiction, specifically distinguishing EU-jurisdiction regions.
4. Large Language Model Availability: Access to frontier model weights or inference endpoints for LLMs of sufficient capability for commercial agentic orchestration. The relevant concentration unit is training compute scale, parameter count, and API access terms by provider nationality.
5. Inference Frameworks and Orchestration Runtimes: Software frameworks that coordinate multi-agent task decomposition, tool invocation, and persistent memory management. The relevant concentration unit is framework adoption rate, licensing terms, and upstream dependency on closed model providers.
6. Payment Clearing and Settlement Networks: Networks that execute final monetary settlement for commercial transactions, including card networks, real-time payment rails, and cross-border interbank messaging. The relevant concentration unit is transaction volume share and network membership governance structure by jurisdiction.

Stage 2: Concentration Measurement

Concentration at each layer is assessed using three information sources. First, published market research and regulatory filings provide quantitative market share data where available; this paper reports those figures at the structural level rather than attributing specific figures to sources it cannot independently verify. Second, the academic literature on digital sovereignty, geopolitical network competition, and agentic AI architecture [3, 5, 9, 6, 8] provides structural characterisation of concentration patterns where quantitative data is proprietary or aggregated in ways that conceal layer-specific exposure. Third, regulatory documents including the DORA implementing technical standards and the AI Act risk classification annexes provide a compliance-oriented characterisation of dependency obligations that implies concentration patterns even where direct market share data is unavailable.

For each layer, concentration is characterised along two dimensions: horizontal concentration (the number of providers who collectively serve a dominant share of European deployment demand) and geographic concentration (the share of that capacity under the jurisdiction of a single non-European state or regulatory regime).

Stage 3: Risk Classification

Each layer is assigned a risk classification on two axes. The first axis is operational fragility: the probability that a commercially motivated disruption at a concentrated layer (vendor failure, pricing change, capability withdrawal) generates measurable service degradation in European agentic commerce deployments. The second axis is geopolitical vulnerability: the probability that a state-motivated access restriction (export control, sanctions, foreign investment review, network access revocation) at a concentrated layer generates service disruption for European operators.

Layers are classified as High, Medium, or Low on each axis using the following decision rules. High operational fragility applies where fewer than three providers account for the dominant market share and where no European provider operates at equivalent capability. High geopolitical vulnerability applies where the dominant providers are headquartered or operationally centralised in a jurisdiction that has demonstrated willingness to weaponise infrastructure access as a policy instrument [3]. A compound risk designation applies where both axes register High, indicating that both normal commercial dynamics and geopolitical stress generate unacceptable exposure.

This classification is applied layer by layer in Section 5.

Chip Design Layer

At the chip design layer, concentration is structurally acute. The market for merchant GPU accelerators used in AI training and inference workloads is concentrated in two US-headquartered firms that together command the large majority of commercial deployment globally. TPU accelerators, by contrast, are proprietary to a single US-headquartered hyperscaler and are not sold as merchant silicon; they are accessible to European operators only through that provider's cloud inference endpoints, which means TPU-based capacity is embedded within cloud-layer concentration rather than constituting a separate competitive entry point in the merchant accelerator market. European chip design activity, while technically sophisticated in certain domains (signal processing, automotive-grade microcontrollers), has not produced a commercially competitive AI accelerator design at the scale required for large language model training or high-throughput inference serving. The instruction set architectures underpinning general-purpose compute in European cloud deployments are US-origin; the dominant alternative architecture increasingly present in Chinese infrastructure is inaccessible to European operators under current export control regimes.

On both axes, chip design registers as High operational fragility and High geopolitical vulnerability. The US government's export control frameworks covering advanced chip architecture, specifically restrictions on high-bandwidth memory and advanced interconnect technology for AI accelerator export to designated entities and jurisdictions, demonstrate that chip design is an established geopolitical instrument [3]. European operators have no credible short-term alternative: no EU-headquartered design house is within three to five years of producing an AI accelerator competitive with current US-origin designs at the process node required for frontier model inference.

Foundry Capacity Layer

Physical fabrication at advanced process nodes is geographically concentrated across two distinct foundry operators. TSMC, headquartered in Taiwan, operates the leading edge of commercial advanced-node fabrication and accounts for the largest share of AI accelerator wafer production globally. Samsung, headquartered in South Korea, operates competing advanced-node capacity and serves a share of the high-performance compute market, though its yield characteristics and customer mix differ from TSMC's at the most advanced process nodes. A US-origin foundry, Intel Foundry, is expanding domestic capacity with public subsidy under the CHIPS Act, though its advanced-node ramp is at an earlier commercial stage than either TSMC or Samsung. These are three independent competitive entities, not a single provider with distributed sites.

European advanced-node fabrication capacity exists at a single major site whose current production process nodes lag the frontier by an approximation of one to two generations for AI accelerator-grade devices, based on the gap between the node at which European capacity operates commercially and the nodes at which TSMC and Samsung produce leading AI accelerators; this approximation reflects public process-node roadmap disclosures and does not rely on proprietary benchmarking data. Chinese foundry capacity at the most advanced nodes remains constrained by equipment export restrictions.

Foundry concentration generates a specific European exposure: a substantial share of the accelerator fabrication critical to European cloud and AI workloads occurs outside European jurisdiction, with the largest single concentration in a geography whose status under international law is contested. Supply-chain disruption in this layer would affect all European cloud providers simultaneously, regardless of their corporate headquarters. Foundry capacity registers as High geopolitical vulnerability; operational fragility is classified Medium because the commercial incentives for the incumbent foundries to maintain reliable supply are strong under current conditions, and because TSMC and Samsung provide some degree of competitive redundancy between them at the advanced-node tier.

Cloud Compute and Regions Layer

European cloud compute is served primarily by three US-headquartered hyperscalers operating EU-jurisdiction data centre regions. Several European cloud providers offer services within EU jurisdiction, but collectively they represent a small fraction of total European enterprise compute consumption. EU-jurisdiction cloud regions operated by US hyperscalers satisfy data-localisation requirements under GDPR for most data categories but remain subject to US extraterritorial legal instruments whose precise scope continues to be contested in European courts.

For agentic commerce deployments, the cloud layer generates a compound operational and governance risk because the orchestration runtime, model inference endpoint, tool registry, and event logging typically co-reside within a single provider's environment to minimise latency. This architectural coupling means that cloud-layer concentration is amplified in agentic deployments relative to classical SaaS deployments where components were more readily distributed across providers. Cloud compute registers as High operational fragility in the sense that no European alternative operates at the capacity depth required for large-scale agentic inference workloads. Geopolitical vulnerability is classified Medium rather than High because the primary instrument of state-level interference at this layer is extraterritorial legal access to data and provider compliance with foreign policy directives, rather than the outright network access revocation that characterises the payment layer. This Medium classification is preserved in the interdependency analysis in Section 6, where the cloud layer's contribution to compound risk arises from its tight coupling with High-vulnerability layers rather than from its own geopolitical vulnerability classification.

Large Language Model Availability Layer

Frontier LLM capability, defined as model performance sufficient to act as a reliable commercial agentic orchestrator, is concentrated in a small number of US-headquartered providers. European AI research institutions and one or two European commercial labs have produced competitive open-weight models in specific language and task domains, but the compute investment required to train and maintain frontier-scale models has not been replicated by any European organisation at the capability level required for full commercial deployment at scale.

Open-weight model availability partially mitigates this concentration: European operators can download and self-host open-weight models on European compute infrastructure, reducing exposure to API access restriction. However, open-weight model performance for complex agentic orchestration tasks remains below the frontier for closed models, and self-hosting at inference quality requires exactly the accelerator and cloud capacity described in the preceding layers, where European alternatives are also constrained. LLM availability registers as High on both operational fragility and geopolitical vulnerability axes, producing a compound risk classification.

Inference Frameworks and Orchestration Runtimes Layer

Inference framework concentration is softer than model concentration because the dominant frameworks are open-source and their development is distributed across international contributor communities. However, governance of the leading frameworks is concentrated in US-headquartered organisations, and the default integration paths within those frameworks couple most directly to the dominant US-origin model providers. Framework lock-in in agentic deployments is particularly acute because persistent memory schemas, tool registry specifications, and inter-agent communication protocols are framework-specific; migrating an entrenched agentic deployment to a different framework requires re-engineering the memory and tool layers, not only the model endpoint [6, 8]. This layer registers as Medium operational fragility and Low to Medium geopolitical vulnerability, given the open-source nature of the primary codebases.

Payment Clearing and Settlement Networks Layer

Payment clearing presents the most concretely evidenced geopolitical vulnerability across the stack. SWIFT, the dominant cross-border interbank messaging network, has been used as a sanctions instrument with direct state authorisation, demonstrating that the network is not operationally neutral [3]. Card network infrastructure is concentrated in two US-headquartered operators whose terms of service, operating rules, and compliance programmes reflect US regulatory requirements and foreign policy instruments. European real-time payment infrastructure (SEPA Instant, TARGET Instant Payment Settlement) provides domestically adequate alternatives for intra-European transactions but does not substitute for cross-border settlement in non-European currencies or markets.

For agentic commerce, the payment layer is the operational terminus where the agent's commercial decisions become irreversible monetary events. Disruption at this layer is qualitatively different from disruption at the model or cloud layer because it directly prevents revenue realisation rather than degrading service quality. Payment clearing registers as High geopolitical vulnerability and Low to Medium operational fragility under normal commercial conditions.

The layer-by-layer results establish that concentration is present at every material stack layer relevant to European agentic commerce. This section analyses what that distribution of concentration implies structurally, why certain layers are harder to diversify than others, and why the specific intersection of chip design, cloud compute, LLM availability, and payment clearing in a single deployment architecture generates a qualitatively distinct risk profile.

The Compound Failure Mechanism

The central structural finding is that the risk from concentration is not additive across layers; it is multiplicative in architectures that couple layers tightly. An agentic commerce system that depends on a single non-European provider for model inference, cloud hosting, and tool-registry management has not accumulated three independent risk exposures. It has created a single architectural failure mode that can be triggered by a disruption at any one of those layers. The reason is architectural: the persistent state that defines an agentic deployment (accumulated memory, fine-tuned behaviour, registered tool endpoints) is maintained within the coupled system. When one layer becomes inaccessible, the others cannot independently sustain the deployment because the state they reference is no longer reachable [6].

This compound mechanism is what distinguishes agentic infrastructure risk from the cloud concentration risk analysed in prior sovereignty literature, which assumes that layers can fail or be restricted independently. The cloud layer's geopolitical vulnerability is classified Medium in Section 5 because the primary state-level instruments at that layer are extraterritorial legal mechanisms rather than outright access revocation. The compound failure mechanism in Section 6 elevates the practical risk of the cloud layer not by changing that classification but by demonstrating that when the cloud layer is tightly coupled to High-vulnerability layers (chip design, LLM availability, payment clearing), even a Medium-severity legal interference at the cloud layer can trigger cascading failure across the coupled system. The distinction between a layer's standalone classification and its contribution to compound risk is therefore structurally significant: a layer can carry a Medium geopolitical vulnerability in isolation while functioning as the enabling coupling point for a High-severity compound failure.

The compound mechanism also explains why the risk is asymmetric by firm size: large financial institutions with dedicated infrastructure teams can architect explicit decoupling between layers, separating model inference from cloud hosting and maintaining payment routing that does not depend on the same provider as the AI orchestration layer. Small and medium enterprises implementing agentic commerce through managed API services typically cannot impose that decoupling without accepting capability and cost penalties that are commercially prohibitive [5].

Layer-Specific Diversification Constraints

Not all layers present the same diversification constraint. At the foundry and chip design layers, diversification requires capital investment at a scale and time horizon that no individual European operator can contemplate; the constraint is a structural property of the semiconductor industry that requires state-level coordination and multi-decade investment cycles. At the LLM layer, diversification is partially achievable through open-weight models hosted on European infrastructure, but with performance penalties that are material for complex agentic orchestration tasks. At the inference framework layer, diversification is substantially achievable because the dominant frameworks are open-source and European operators can fork, modify, and self-host them without licence restriction.

At the payment layer, the diversification constraint is qualitatively different from the technical layers above it. European alternatives to SWIFT for intra-European transactions exist and function; the constraint is the absence of a European-controlled substitute for cross-border settlement in major trading currencies. The EU's recognition of this constraint is documented in the development of INSTEX (Instrument in Support of Trade Exchanges) following the Iranian SWIFT disconnection. INSTEX is an instructive precedent precisely because it demonstrated the limits of ad hoc European alternatives: the vehicle was wound down in 2023 having processed a negligible transaction volume, was restricted to humanitarian goods, and required bilateral clearing arrangements that did not scale to commercial transaction flows [3]. The failure was institutional and political rather than technically inherent, but it demonstrates that payment-layer alternatives require sustained institutional mandate and network-effect investment to function at commercial scale, neither of which INSTEX received. A credible European cross-border settlement alternative would require a fundamentally different design premise: open participation, commercial transaction scope, and pre-committed correspondent banking relationships sufficient to create network effects before a crisis triggers demand.

Why Autarky Fails

The prior literature on digital sovereignty has identified autarky as a recurring prescriptive failure mode: policies that mandate domestic alternatives without differentiating by layer-specific feasibility impose compliance costs that large non-European providers are best positioned to absorb, because they can distribute those costs across larger revenue bases [5]. The layer analysis in this paper makes that mechanism precise. A blanket sovereignty mandate applied at the aggregate stack level would require European operators to simultaneously replace chip architecture (ten or more year horizon), foundry capacity (similar horizon, capital-intensive), frontier LLM capability (three to five year horizon with concentrated investment), and payment network infrastructure (achievable within EU for domestic transactions, not for cross-border). No single European operator can accomplish that substitution, so the mandate generates compliance overhead without generating substitution. The operators with the lowest overhead absorption capacity, typically SMEs, face the sharpest cost increase, which accelerates their consolidation around the dominant non-European providers who have invested in compliance tooling as a competitive advantage.

This is the autarky-in-disguise failure mode that the synthesis analysis must avoid [5]: proposals that present as promoting European sovereignty but whose operational effect is to reduce European operator diversity by eliminating smaller actors who cannot absorb the compliance cost of sovereign alternatives that do not yet operate at commercial scale.

Interdependencies and Cascading Sequences

The results also reveal a specific cascading sequence that deserves analytic attention. The chip design and foundry layers determine the capacity ceiling for cloud compute. Cloud compute capacity determines the inference throughput available for LLM orchestration. LLM orchestration capability determines the sophistication of agentic workflows that can be executed within acceptable latency and cost constraints for commercial deployment. The payment layer sits downstream of all of these and is triggered by the commercial decisions the agentic workflow produces. Disruption propagates upward: a restriction on advanced chip export reduces cloud compute capacity, which reduces inference throughput, which degrades orchestration quality, which impairs the commercial reliability of the agentic system, which ultimately disrupts the transaction pipeline that the payment layer was designed to settle.

This cascading sequence means that the most efficient point of intervention is not necessarily the layer where disruption originates. Export controls on chip architecture affect European agentic commerce at three removes from the direct operational impact. The policy implication is that monitoring and mitigation effort should be allocated to the layers where the cascade can be interrupted most efficiently, which varies by the nature of the disruption being anticipated [4].

The Dual-Integration Constraint

Finally, the geopolitical framing in [3] predicts that many European operators will remain integrated with both US and Chinese stacks rather than consolidating onto one bloc's infrastructure. The agentic AI architecture evidence complicates this prediction: multi-model orchestration architectures can, in principle, route different agent functions to different provider endpoints, but in practice, the persistent memory and tool registry constraints identified in [6] create strong coupling to a single orchestration provider. An operator who routes inference to a US provider but payment compliance checking to a Chinese provider has not achieved genuine diversification; they have created a different single point of failure at the inter-system interface. Genuine diversification at the agentic layer requires that the persistent state be portable across providers, which requires interoperability standards that do not currently exist at production deployment scale [8].

The analysis establishes that European agentic commerce is structurally dependent on non-European infrastructure across all six stack layers, that the concentration risk is not uniform across those layers, and that the risk is compounded by architectural coupling in agentic deployments in ways that prior sovereignty frameworks did not anticipate. This paper's three contributions, the layer-by-layer concentration map, the dual-axis risk classification, and the mitigation evaluation against the autarky criterion, together support a strategic posture built around four specific implementation vectors. The three contributions are analytic instruments; the four vectors are the operational response those instruments prescribe.

The appropriate strategic response is managed interdependence, structured as follows.

Redundancy at layers where diversification is technically and commercially feasible. The inference framework and orchestration runtime layer, and partially the cloud layer for European hyperscaler capacity, permit meaningful redundancy through open-source adoption, multi-region deployment, and structured provider contractual terms that preserve data portability. Regulatory instruments that mandate open data formats and portability rights at these layers reduce switching costs without requiring the creation of European sovereign alternatives. DORA's contractual requirements on ICT service providers point in this direction but require extension to address agentic-specific state portability: specifically, persistent memory schema formats and tool-registry endpoint specifications must be included within the scope of data portability obligations, because an agentic deployment that cannot export its accumulated state is operationally locked to its current provider regardless of formally open API terms. The practical mechanism is a standardised agent-state export format, analogous to the account data portability requirement in PSD2, applied to orchestration runtimes as a licensing condition for operation within the EU.

Negotiation capacity for layers where European alternatives are not commercially viable within a ten-year planning horizon. For chip design and foundry capacity, the realistic instrument is the capacity to negotiate access terms, resilience guarantees, and extraterritoriality limitations through bilateral and multilateral agreements. This requires that European institutions develop technical staff capacity sufficient to engage credibly with counterpart technical agencies: negotiators who understand process-node economics, interconnect bandwidth constraints, and export control technical definitions can identify specific carve-outs and assurance mechanisms that are operationally meaningful; those who do not will accept formally adequate commitments that fail in implementation. The CHIPS Act coordination between the European Commission and the US Department of Commerce provides one template for this engagement, though its focus on supply security rather than access assurance limits its direct applicability to the geopolitical vulnerability scenario this paper addresses.

Monitoring infrastructure calibrated to the specific indicators of geopolitical vulnerability change. Concentration risk is not static. The competitive positions of specific providers, the regulatory instruments being deployed in the US and Chinese jurisdictions, and the open-weight model capability frontier all change on timescales of twelve to twenty-four months. The indicators most relevant to geopolitical vulnerability are not market share movements but changes in demonstrated willingness by upstream jurisdictions to restrict infrastructure access as a policy instrument [3]: new export control categories, foreign investment review decisions involving AI infrastructure, and changes in sanctions designation criteria all provide earlier warning than provider revenue data. European regulatory bodies and commercial operators require persistent monitoring capacity that tracks these indicators by layer and translates them into updated vulnerability classifications on a structured review cycle.

Sector-specific and firm-size-specific calibration of compliance obligations. The analysis demonstrates that small and medium enterprises face asymmetric switching costs and lower redundancy capacity relative to large financial institutions. Compliance frameworks that impose uniform obligations across firm sizes and sectors without accounting for this asymmetry will accelerate the consolidation of European agentic commerce around large operators who can absorb compliance overhead, reducing the diversity of the European AI deployment ecosystem and increasing effective concentration at the application layer even where the infrastructure layer remains nominally diverse. Calibration requires that compliance obligations be expressed as capability outcomes (the operator can port its agent state within a specified recovery time objective) rather than as prescriptive technical requirements (the operator must use a European-domiciled cloud provider), because outcome-based requirements permit SMEs to achieve compliance through lighter-weight mechanisms, such as contractual portability guarantees backed by escrow, rather than requiring duplicated infrastructure investment that only large institutions can sustain.

Maintaining this four-vector posture requires ongoing coordination between the technical community that produces feasibility assessments of stack-layer alternatives, the regulatory community that designs compliance obligations and interoperability mandates, and the commercial community that absorbs those obligations in deployment decisions. The geopolitical and agentic AI architecture evidence reviewed in this paper points to a specific institutional gap: the organisations mandated to govern European digital infrastructure dependencies do not yet operate with the layer-by-layer technical specificity that the agentic deployment context requires. Closing that gap means that ENISA's concentration monitoring, the EBA's ICT third-party risk assessments, and the European Commission's enforcement of AI Act infrastructure obligations must converge on a shared layer taxonomy so that concentration data collected at one regulatory body informs enforcement decisions at another, rather than each body mapping dependencies at a level of abstraction that makes cross-body comparison impossible.

1. Proprietary market data unavailability. The concentration analysis relies on structural characterisation of market share patterns rather than on independently verified quantitative figures at the level of specific provider market shares by layer and European sub-market. Hyperscaler compute capacity, LLM API traffic volumes, and card network transaction shares are proprietary data that neither the academic corpus nor public regulatory filings disclose with the layer-specific granularity the framework requires. The concentration classifications (High, Medium, Low) are therefore robust at the ordinal level but cannot be converted into specific numerical thresholds without access to proprietary commercial data.

2. Forward-looking geopolitical uncertainty. The risk classifications assign geopolitical vulnerability based on demonstrated historical willingness of upstream jurisdictions to weaponise infrastructure access. The future trajectory of US export control policy, Chinese digital infrastructure expansion, and the resolution of contested territorial status in regions where critical foundry capacity is located are all subject to geopolitical dynamics that are not predictable within the time horizon relevant to current deployment decisions. The classifications represent the current risk surface; they require update as the geopolitical environment evolves.

3. Failure attribution difficulty. The compound failure mechanism described in the discussion section is analytically coherent but has not been empirically observed in a European agentic commerce context at the scale analysed here. Attribution of service disruptions to specific layer concentration is methodologically difficult in live commercial environments because operators do not publicly disclose failure root causes in the layer-specific terms the framework requires.

4. Firm-size and sector disaggregation. The analysis identifies asymmetric exposure by firm size and sector at the structural level but cannot quantify the differential switching costs or redundancy capacity deficits for SMEs versus large institutions without firm-level financial and architectural data that is not publicly available.

5. Temporal volatility in competitive positions. The open-weight model frontier is advancing rapidly. Assessments of European LLM capability relative to US frontier models made in the current period may not remain accurate over a three to five year planning horizon, which is the interval most relevant to infrastructure investment decisions. The framework requires periodic re-evaluation rather than static application.

Real-time concentration monitoring. The most immediate research need is a persistent monitoring system that tracks provider market share, capability levels, and access terms by stack layer on a quarterly basis. This requires a data-collection instrument combining regulatory filing analysis, public API capability benchmarking, and structured interviews with European cloud procurement teams. The European Union Agency for Cybersecurity (ENISA) and the European Banking Authority (EBA) each maintain partial monitoring capacity; a unified layer-specific concentration dashboard integrating their data streams would provide the early-warning function currently absent.

Scenario stress-testing. The compound failure mechanism identified in the discussion section has not been empirically tested. A structured programme of tabletop exercises and simulation-based stress tests, following the methodology established in DORA's Digital Operational Resilience Testing framework, applied specifically to agentic commerce deployment architectures would produce empirical disruption propagation data. The specific scenario of interest is a geopolitically motivated restriction on LLM API access combined with simultaneous export control tightening on advanced AI accelerators.

Interoperability standards development. The inference framework and agent orchestration layer presents the highest near-term regulatory leverage point. Research into the technical specifications required for agent state portability, specifically portable memory schema formats and open tool-registry protocols, would establish whether genuine interoperability is achievable at production scale or whether architectural coupling is a fundamental property of the performance envelope that agentic systems require [6, 8].

Policy feasibility mapping. The distinction between genuine diversification instruments and autarky-in-disguise proposals requires empirical testing through comparative policy analysis across EU member states that have adopted differing degrees of sovereign cloud mandates. Measuring the market share outcome of those mandates at the SME level would test the hypothesis that compliance overhead accelerates consolidation rather than achieving diversification [5].