The Geopolitics of Compute: CTO Strategy in a Fragmented AI Regulatory Landscape

The chapter on AI in Stanford's 2026 Emerging Technology Review reads, in its second half, less like a technology brief and more like a geopolitics one. That's the right framing. The decisions that constrain product roadmaps in 2026 are only partly about model capability. They're increasingly about where the compute is, where the data has to live, who can train what, what disclosure is required, and which jurisdictions accept which workloads. This post is about what mid-market CTOs and founders should actually do with that landscape.

The Numbers That Set the Frame

From the report, the operational facts to internalize:

• Stargate AI infrastructure initiative — privately funded, launched January 2025 — targeted $500 billion over a few years (with subsequent reports indicating scaling-back of initial objectives).
• $27 billion invested in AI from high-tech companies in 2023, against $2.6 billion authorized for the federally backed NAIRR shared-compute resource over six years. Industry has roughly 10x the compute investment of public research, on a faster cadence.
• 70.71% of new AI PhDs in North America (2010–2022 trend) now go to industry; 19.95% to academia; 0.76% to government.
• The EU AI Act entered force August 2024. It bans certain uses (manipulation, workplace and educational emotion tracking outside medical/safety contexts) and imposes transparency, explainability, oversight, cybersecurity, and robustness duties on high-risk systems.
• US state law fragmentation: Colorado SB 24-205 mandates duties on developers and deployers of high-risk AI; Texas's Responsible AI Governance Act prohibits manipulation, discrimination, and deepfake deployment; California has 15+ AI bills including AB 2013 requiring training-data disclosure for systems used by Californians.
• The 2025 Paris AI Action Summit explicitly shifted tone from safety toward acceleration. The 2024 Seoul Declaration had emphasized interoperability between national governance frameworks.

A reasonable read of this stack: AI capability is concentrating in private hands faster than any public framework can absorb, while compliance frameworks are multiplying and diverging. The combined effect for builders is a regulatory surface area that grows roughly linearly with each market you serve.

The Compute-Sovereignty Pattern

Canada and the United Kingdom have announced major sovereign-compute infrastructure programs. The US ran the privately funded Stargate route. China is "aggressively diffusing existing AI capabilities across every sector." DeepSeek's open-source releases — flagged in the report — change the competitive calculus by making capable models accessible outside the US frontier-lab fence.

For an engineering organization, the practical implication is not "pick a side." It's: assume the compute marketplace will diverge, and design so that your inference doesn't depend on a single jurisdictional pipeline.

What this means in concrete terms:

• Inference portability. Your AI features should be runnable against multiple providers, ideally including at least one open-weight option that can be self-hosted. Vendor lock-in is now a geopolitical risk, not just a procurement one.
• Data residency mapped at the feature level. Every AI feature should have a documented answer to: where does the inference compute physically run? Where do the prompts and outputs persist? Which jurisdiction's law applies? If the answer is "we don't know," that's a finding.
• Export-control awareness. The report notes the Trump administration's August 2025 shift considering arrangements that allowed Nvidia and AMD chips to flow to China in exchange for a 15% revenue share to the US government. Whatever the policy at any given moment, the volatility itself is the planning constraint. Expect chip and software export rules to shift.

The Compliance Surface Is Now Multi-Jurisdictional by Default

The EU AI Act is the most ambitious framework. The General-Purpose AI (GPAI) Code of Practice supplements it with detailed provisions on transparency, copyright, and safety/security — giving foundation-model developers a recognized pathway. State-level US law is moving fast and unevenly.

If you operate in more than one geography — and most B2B SaaS does — your compliance posture has to handle:

• Training-data disclosure (California AB 2013). If your model is used by Californians, you may need to disclose what it was trained on. This is a documentation problem before it's a legal one. Most teams cannot produce this disclosure today; getting ready takes months.
• High-risk classification (EU AI Act, Colorado SB 24-205). "High-risk" is defined by use case, not by model capability. A general-purpose model deployed in a hiring decision is high-risk. The same model deployed in a marketing copy generator probably isn't. Your compliance work follows the deployment, not the model.
• Deepfake and manipulation prohibitions (Texas). If any feature could generate or facilitate synthetic content of real people, this is a live exposure. Watermarking, provenance metadata, and consent flows are no longer optional in jurisdictions that have moved on this.
• Explainability and oversight duties. "Why did the model decide this?" must be answerable for high-risk decisions. The honest engineering answer — "we don't fully know" — is not legally sufficient. You need to architect for partial explainability through provenance, retrieval transparency, and decision logging.

The Seoul Declaration's emphasis on interoperability between national frameworks is the optimistic reading. The realistic reading: you should design once for the strictest credible regime in your market mix, and treat looser jurisdictions as relaxations. The teams that take this approach pay a small upfront tax and avoid an extremely large refactor later.

The Talent Brain Drain Is a Procurement Problem

The report's chart on AI PhD employment — 70.71% to industry, 19.95% to academia, 0.76% to government — captures a structural shift. Combined with US immigration policy changes that have caused some researchers to leave and deterred international students, this means: the pool of frontier AI talent in the US is concentrated, expensive, and gated by a narrow set of large companies.

For a mid-market builder, the implication is clear. You are not going to compete with Anthropic, OpenAI, Google DeepMind, or Meta for the people who train foundation models. You don't need to. The skill gap that actually constrains your roadmap is one tier down: senior engineers who can apply foundation models well, ship them safely, and operate them at sensible cost. That tier exists in larger numbers, in more geographies, and at more accessible compensation than the frontier-research tier.

The geographic implication is also clear. If US-based senior AI-applied talent is being absorbed into a small number of well-capitalized firms, distributed and nearshore talent pools become more, not less, attractive. LATAM in particular offers timezone-aligned work with North American teams, English fluency at the senior level, and a senior engineering pool that has been hiring AI-applied work since 2023.

What CTOs Should Actually Do

Operationalizing the Stanford framing into engineering decisions:

• Architect for jurisdictional optionality. Inference portable across providers. Data residency configurable per tenant. Logs sufficient to satisfy training-data disclosure if required.
• Make AI compliance a product surface, not a legal afterthought. Provenance metadata, decision logs, explainability artifacts, watermarking — these are features your enterprise customers will start asking for in RFPs. Build them on a roadmap, not under deadline pressure.
• Hedge talent geography. A US-only senior AI engineering team is a single-source-supplier risk. Distributed teams with at least one strong nearshore region reduce both cost exposure and political-volatility exposure.
• Track the policy surface. Assign a senior engineer (not just legal) to track EU AI Act enforcement, US state-level changes, and major export-control shifts. The engineering implications of these changes are concrete and often fast-moving.

How Conectia Fits

Conectia builds nearshore senior engineering teams across LATAM. The geographic positioning is deliberate: timezone overlap with North American product teams, jurisdictional diversification away from a single US-centric talent pool, and a senior pool that has been doing applied AI work in real production systems for the last two years.

The engineers we place are vetted for exactly the applied-AI tier this post is about — not "can you describe a transformer," but "can you ship a feature against the EU AI Act with provenance metadata, multi-provider failover, and per-tenant cost telemetry." The relevant adjacent reading is CTO Framework for Smart IT Budget Allocation and Building a Compliant AI Legal Engine.

The geopolitical fragmentation isn't going to resolve in the next 18 months. It's going to compound. The teams that build with optionality — across providers, across jurisdictions, across talent geographies — will move faster when the next rule changes than the teams that didn't.