Use cases

Four domains.
One decision system.

Regulatory, corporate, political and cognitive constraints operate simultaneously. AUCTORITAS structures all four — and translates each into an executable decision.

Decision variable

Launch a joint DORA × AI Act audit of hyperscaler contracts to identify dependencies cumulating operational criticality and high-risk AI, and trigger reversibility or multi-cloud clauses before ESAs supervision deadlines.

Operational resilience × High-risk AI · DORA + AI Act Exposure high
Who
European financial institutions (banks, insurers, asset managers, market infrastructures) using critical third-party TIC providers — typically US hyperscalers AWS, Microsoft Azure, Google Cloud — for hosting, computing or AI services integrated into their operational value chains.
Obligation
Map, contractualise and supervise critical third-party TIC dependencies under DORA, while simultaneously qualifying any high-risk AI system embedded in these services (scoring, KYC, fraud detection, portfolio management) under the AI Act, assuming deployer responsibility even when the model is provided by an extra-European hyperscaler.
Deadline
DORA applicable since 17 January 2025; AI Act: prohibitions from 2 February 2025, GPAI obligations from 2 August 2025, high-risk systems from 2 August 2026.
Sanction
DORA: national sanctions for financial entities (Art. 50-54); periodic penalty payments up to 1% of average daily worldwide turnover for critical TIC providers (Art. 35). AI Act: fines up to €35M or 7% of global turnover for prohibited practices, up to €15M or 3% for breaches of high-risk system obligations (Art. 99). Cumulation possible with ESAs supervisory measures and authorisation withdrawal.

Regulation (EU) 2022/2554 (DORA) · Regulation (EU) 2024/1689 (AI Act) · DORA Art. 28-30, 35, 50-54 · AI Act Art. 6, 26, 99 · Annex III §5b

55%
Anticipated migration to hybrid sovereign cloud · Proactive

The institution initiates partial migration of fine-tuned AI models towards an intermediate sovereign architecture (qualified European actors of intermediate architecture under SecNumCloud), while retaining hyperscalers for non-critical workloads under DORA Art. 28-30. Double-rail triggering renegotiation of reversibility clauses and a differentiating advantage with regulators.

30%
Maintain hyperscalers and bet on regulatory tolerance · Exposure

The institution maintains its current architecture, betting on graduated application. This position exposes to a cumulative non-compliance risk that may trigger AI Act sanctions up to €35M or 7% of global turnover (Art. 99) and corrective DORA measures imposed by the competent authority.

15%
Sectoral coalition for regulatory clarification · Arbitrage

The institution joins a coordinated approach to obtain from European authorities guidelines on the DORA × AI Act articulation. This path postpones the technical arbitrage by 12 to 24 months but exposes to an unfavourable decision if the coalition fails to converge.

Invalidation conditions
  • The entity is not qualified as a financial entity within the meaning of DORA Art. 2.
  • The TIC service provided by the hyperscaler does not support any critical or important function within the meaning of DORA Art. 3(22).
  • The deployed AI system remains outside the AI Act Annex III perimeter and does not fall under any prohibited practice case (Art. 5).

Simultaneous DORA × AI Act compliance is today structurally unstable for fine-tuned models on non-European infrastructure — neither portable under DORA, nor fully auditable under AI Act. This collision is not a glitch: it is the symptom of a loss of cognitive sovereignty.

Decision variable

Map immediately the target post-funding cap table and file an FDI authorisation request for any extra-EU investor before signing any binding term sheet.

Corporate law · FDI screening Exposure high
Who
Mistral AI SAS and any foreign non-European investor considering a direct or indirect equity participation, as well as the company's governance bodies subject to the French foreign investment screening regime due to its AI activity qualified as critical technology.
Obligation
Any non-EU/EEA foreign investor must obtain prior authorisation from the Minister of the Economy before crossing control thresholds or acquiring an essential activity in Mistral AI, AI being listed as a critical technology subject to French FDI control.
Deadline
Prior to any equity participation operation triggering thresholds (notably crossing 25% of voting rights for an extra-EU investor, or 10% for listed companies).
Sanction
Automatic nullity of any operation carried out without authorisation (Art. L.151-3-1 CMF); pecuniary sanction up to twice the amount of the irregular investment, 10% of annual turnover, €5M for legal entities or €1M for natural persons (Art. L.151-3-2 CMF); ministerial injunction power including restoration of prior situation.

French Monetary and Financial Code · Art. L.151-3, L.151-3-1, L.151-3-2 · Art. R.151-1 to R.151-17 (decree no. 2019-1590 of 31 December 2019, modified by decree no. 2023-1293 of 28 December 2023)

45%
Anticipated contractual mapping and FDI audit · Proactive

The organisation initiates an internal audit of its exposure to Mistral AI (change of control clauses, API dependencies, data transfers) before the valuation triggers disclosure obligations and FDI screening. This mapping directly feeds the Treasury notification file.

35%
Suffer European screening trigger · Exposure

The organisation discovers belatedly that its capital arrangements or technological dependencies fall under the European foreign investment screening mechanism. Ongoing due diligences freeze, closings are postponed, contractual pressure from clients on technological sovereignty intensifies.

20%
Renegotiate clauses and structure dependency · Arbitrage

The organisation uses the window opened by the valuation to renegotiate its Mistral AI contracts: reversibility clauses, model escrow, pricing caps and sovereignty guarantees. The approach transforms a disclosure constraint into a lever for structuring the AI value chain.

Invalidation conditions
  • The incoming investor is fully controlled by entities established in an EU or EEA Member State and the operation does not fall under any threshold applicable to European investors.
  • The operation does not cross any of the regulatory control thresholds (notably 25% of voting rights for an extra-EU investor) and does not concern an essential branch of activity.
  • An explicit or tacit authorisation decision from the Minister of the Economy, with or without conditions, has been obtained prior to closing.

Organisations dependent on Mistral AI — contractually, technologically, competitively — have a window to anticipate a structural capital change. After the round, access conditions and exclusivity clauses transform.

Decision variable

Document each ECB decision as a MIFID II suitability evaluation trigger for exposed portfolios, and anticipate sectoral allocation adjustments before the institutional reading becomes consensual.

Monetary policy · MIFID II regulation · Fiduciary governance Exposure moderate
Who
Asset managers, institutional asset owners, corporate treasurers, wealth advisors operating on euro-denominated portfolios exposed to ECB key rates.
Obligation
Document the suitability of allocations to the evolution of the monetary framework (MIFID II Art. 25), revise suitability assessments at each significant ECB inflection, integrate fiduciary governance documentation into portfolio reviews.
Deadline
Immediate — each ECB decision creates a documentation trigger. The quarterly review cycle is the minimum standard.
Consequence
Governance risk, fiduciary liability, regulatory scrutiny on undocumented allocation drift, net interest margin compression on poorly calibrated positions.

Directive 2014/65/EU (MIFID II) · Art. 25 — adequacy and suitability · ECB framework · Governing Council communications

Political decisions — monetary policy, legislative cycles, sovereignty shifts — create binding constraints on private decision spaces before they are publicly legible. Anticipation is the only defensible posture.

Decision variable

Map the ongoing narrative shift in European institutional spheres and reposition the organisation's engagement doctrine before the consensus becomes opaque.

Cognitive power · Narrative intelligence Exposure emerging
Who
Technology companies · public affairs teams · organisations seeking EU institutional engagement on AI governance.
Constraint
The convergence of institutional narratives around AI sovereignty is creating a new implicit standard. Divergent positioning generates friction with regulators, procurement bodies, and institutional partners.
Window
The narrative transition is at 60-70% completion. Repositioning is still possible before the consensus becomes opaque.
Consequence
Institutional misalignment · Reduced access to EU programmes · Procurement friction · Reputational exposure in regulatory hearings.

Composite sources · EU institutional communications · European parliamentary hearings · Application doctrines of sectoral authorities

Narrative constraints are not softer than legal constraints — they are less visible. An organisation that understands which narrative is dominant holds an interpretation advantage that determines what decisions are possible.

Continue

01 · Section

Home

The paradigm

Four dimensions of power. A new class of decision intelligence.

Explore 02 · Section

Platform

The architecture of decision

Four modules. One pipeline. From ingestion to executable constraints.

Explore 04 · Section

About

Founder and doctrine

Maître Hannan Otmani · Avocate au Barreau de Paris · Over two decades within international legal directorates.

Explore
Your situation

Every organisation has
its own constraints.

Get in touch for a live analysis on a situation directly relevant to your sector and exposure.

By institutional access · Platform available in French and English