MICKAI
Article · 4 July 2026

Schrems III Is Coming. Do Not Bet Your AI Pipeline on an Adequacy Decision

The 29 June 2026 Supreme Court ruling on FTC independence knocked out a load-bearing pillar of the EU-US Data Privacy Framework. Owned, in-territory inference is the hedge that survives whatever the CJEU decides.

Schrems III Is Coming. Do Not Bet Your AI Pipeline on an Adequacy Decision
Author
Micky Irons
Published
4 July 2026
Follow Micky Irons
LinkedInX
data protectionGDPRSchrems IIIData Privacy Frameworksovereign AI

# Schrems III Is Coming. Do Not Bet Your AI Pipeline on an Adequacy Decision

By Micky Irons, founder and CEO, Mickai

On 29 June 2026 the US Supreme Court decided Trump v. Slaughter. By six to three it held that the statutory for-cause protection shielding Federal Trade Commission commissioners from removal at the President's pleasure is unconstitutional, and in doing so it overruled Humphrey's Executor, a precedent that had stood since 1935. The headlines framed it as a story about the American administrative state. For anyone moving personal data across the Atlantic, it is something else entirely. It is the moment a load-bearing pillar of the EU-US Data Privacy Framework quietly cracked.

The next day, 30 June 2026, noyb wrote to the European Commission. Max Schrems pointed out the obvious thing the ruling exposes. The Commission's adequacy decision leans on the FTC hundreds of times as an independent enforcement body for privacy obligations. If FTC commissioners now serve at the will of the President, that independence is no longer guaranteed, and the factual basis the Commission relied on to declare US protection "essentially equivalent" to EU law starts to look shaky. noyb has asked Brussels to plan an orderly wind-down rather than wait to be told to by a court, and has signalled it will litigate if the Commission sits still. A preliminary opinion out of Luxembourg is plausible by late 2026 or early 2027.

If you have seen this film before, that is because you have. Twice.

Two frameworks are already dead. This is the third act

Safe Harbour fell in 2015 when the Court of Justice ruled in Schrems I that it did not adequately protect Europeans from US surveillance. Its replacement, Privacy Shield, fell in 2020 in Schrems II for essentially the same reason. Each time, thousands of businesses that had built data flows on the assumption of a stable adequacy decision woke up to find the legal ground gone from under them, scrambling for standard contractual clauses, transfer impact assessments and supplementary measures that may or may not have held up.

The Data Privacy Framework, adopted in 2023, is the third attempt. It survived its first judicial challenge in 2024. What it has not survived intact is the removal of the very oversight architecture the Commission cited as proof of independent enforcement. noyb is also questioning the Data Protection Review Court created under Executive Order 14086 and the Privacy and Civil Liberties Oversight Board, both of which sit on similarly contested constitutional ground. When the scaffolding an adequacy decision is built on gets pulled out one beam at a time, the pattern is not hard to read.

We are not predicting the outcome of Schrems III. We are pointing out that you should not be predicting it either, and you certainly should not be architecting a production AI pipeline around a guess.

Why this lands harder on AI than on any prior data flow

In 2015 and 2020, the transatlantic data at risk was mostly storage and analytics. Customer records sitting in a US data centre. Marketing telemetry. CRM syncs. Painful to unwind, but bounded.

An AI pipeline is a different animal. When you send a prompt to a US-hosted model, you are transferring personal data on every single inference call, in real time, at volume, often including the most sensitive categories your organisation touches. A clinician drafting notes. A caseworker summarising a vulnerable person's file. A compliance analyst pasting a transaction narrative. Every one of those is a transfer of personal data to a US processor, and every one of them is exposed to the same adequacy question that took down Safe Harbour and Privacy Shield.

If the Data Privacy Framework is invalidated, the fallback for most organisations is standard contractual clauses plus a transfer impact assessment. But the whole problem Schrems II identified was that SCCs cannot paper over US surveillance law that grants government access regardless of what two private parties agree in a contract. The same logic that undercuts the adequacy decision undercuts the fallback. You do not get to keep your US inference provider by signing a stronger form. You get to keep it by hoping nobody enforces the point.

That is not a compliance posture. That is a bet.

Classical marble scene, Hermes, gold rim light on void black

The hedge is not a better contract. It is a different architecture

Here is the shift in thinking that actually removes the exposure. The transfer risk exists because personal data leaves your control and crosses a border to a processor governed by foreign surveillance law. Remove the transfer and you remove the risk, entirely, permanently, and independently of whatever the CJEU decides in 2027.

That is what a Sovereign Intelligence Operating System is for. Mickai is a SIOS: a full AI operating environment that a regulated organisation owns and runs inside its own walls, in its own jurisdiction, air-gapped where it needs to be, with a cryptographically-signed audit record on every action. The model weights sit on your hardware. The inference happens in your data centre, in your country. No prompt leaves the building. There is no transfer to assess, no adequacy decision to depend on, no third framework to pray survives its day in Luxembourg.

Notice what this does to your risk register. Under the cloud-processor model, your legal certainty is a function of American constitutional law, Commission politics and CJEU timing, none of which you control. Under owned, in-territory inference, your data protection posture is a function of your own infrastructure, which you control completely. You are not hoping the framework holds. You have removed the framework from the critical path.

We are honest about the market this sits in. Almost every regime, GDPR included, permits cloud processing with the right controls. Most organisations are not legally barred from using a US model, and we will not tell you they are. The genuine no-cloud bar is workload-specific: classified material, ITAR-controlled data, isolated operational technology, cases where a data protection impact assessment comes back negative. For everyone else the case for sovereignty is preference, not prohibition: control over your own data, protection against exfiltration, cost predictability, and freedom from exactly this kind of framework whiplash. Schrems III does not change whether cloud is legal. It changes how comfortable a serious DPO should be betting a live pipeline on a decision that has already been reversed twice.

What a data protection officer should do this quarter

Map your transfers first. Every AI feature that sends a prompt to a US-hosted model is a transatlantic transfer of personal data. Most organisations have more of these than they think, because inference got embedded into products faster than data protection teams could inventory it.

Then triage by sensitivity. Special-category data, anything covered by professional confidentiality, anything about children or vulnerable people. Those are the workloads where an adequacy invalidation turns into an enforcement problem overnight, and those are the workloads to move in-territory first.

Then choose your hedge deliberately. You can wait, keep your US provider, and hope Schrems III lands your way. Or you can move the sensitive inference onto infrastructure you own, where the transfer question never arises. The first option is cheaper this quarter and hostage to a court for the next three years. The second is a one-time architectural decision that makes the whole question moot. Our 104 filed UK patent applications, spanning around 2,340 claims across 13 families, cover the sealed inference, signed-audit and sovereign-deployment machinery that makes the second option real rather than aspirational.

We have written more on how this fits together in the Sovereign Intelligence Operating System explained and on why we treat data residency as an architecture decision, not a checkbox. If you are weighing this against a hyperscaler contract, our piece on owned inference versus cloud AI for regulated organisations walks through the trade in detail.

Classical marble scene, Hermes, gold rim light on void black

The takeaway

Two adequacy frameworks have already been struck down. The third has just lost the independent-enforcement pillar the Commission cited to justify it, and the people who took down the first two are back in front of the Commission with a letter and a plan. You do not have to know how Schrems III ends to make the right decision now. You have to stop making legal certainty for your most sensitive AI workloads depend on a ruling you cannot influence and cannot predict. Own the inference, keep the data in territory, and let the CJEU decide whatever it decides. Your pipeline will not notice.

Frequently asked questions

What is Schrems III?

It is the widely used label for the anticipated third legal challenge to the mechanism that lets personal data flow from the EU to the US. The first two challenges, brought by Max Schrems and later his organisation noyb, struck down Safe Harbour in 2015 and Privacy Shield in 2020. Following the US Supreme Court's 29 June 2026 ruling in Trump v. Slaughter, which removed the independence protection for FTC commissioners, noyb wrote to the European Commission on 30 June 2026 signalling a fresh challenge to the current EU-US Data Privacy Framework. A preliminary opinion from the Court of Justice is considered plausible in late 2026 or early 2027.

If the Data Privacy Framework is invalidated, can I just fall back on standard contractual clauses?

Only up to a point. Schrems II established that contractual clauses cannot override US surveillance law that permits government access to data regardless of private agreements. The same reasoning that threatens the adequacy decision also weakens the SCC fallback for US transfers, because the underlying problem is the legal environment the data lands in, not the paperwork governing it. SCCs are not a reliable substitute for keeping the data out of scope in the first place.

Does owning my inference actually remove the transfer risk?

Yes, because the risk is created by personal data crossing a border to a foreign processor. If inference runs on hardware you own, in your own jurisdiction, no personal data is transferred to a US processor, so there is no transfer to assess and no adequacy decision to rely on. That is why we describe in-territory inference as the hedge that survives whatever the CJEU decides. It takes the framework out of your critical path entirely.

Are regulated organisations legally barred from using US cloud AI?

No, and we will not tell you otherwise. GDPR and almost every sector regime permit cloud processing with appropriate controls. The genuine no-cloud bar applies to specific workloads such as classified, ITAR-controlled or isolated operational-technology data, or where a data protection impact assessment comes back negative. For most organisations the case for owned, sovereign AI rests on control, exfiltration risk, cost and resilience against exactly this kind of framework instability, not on a blanket legal prohibition.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/schrems-iii-data-privacy-framework-risk-hedge-with-owned-inference. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Alex Karp Is Right: You Are Paying For Tokens You Cannot Audit
Alex Karp said hosted-AI vendors capture your data and bill you for unproductive tokens that create no value. He is right. We built Mickai so regulated organisations own the substrate instead of renting it, with a signed audit record on every action.
4 Jul 2026
The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting
The Digital Omnibus provisional agreement moves the EU AI Act high-risk deadlines from August 2026 to December 2027. Most coverage frames the delay as relief. We frame it as the window to own your compliance stack outright, so you are compliant on day one in 2027 instead of retrofitting logging, oversight and traceability under a live deadline.
4 Jul 2026
Article 50 Lands in August: Machine-Detectable AI Provenance, and Why We Sign It At Source
Article 50 makes synthetic content machine-detectable from 2 August 2026, and the draft Code of Practice names C2PA as the route. We bind Content Credentials to the cryptographically-signed audit record Mickai writes on every action, so provenance is produced at source inside your own walls, not bolted onto a cloud API afterward.
4 Jul 2026
Under Oath, They Said They Could Not Say No. That Sentence Is the Whole Market
Microsoft France told the French Senate under oath that it cannot guarantee European data will never reach US authorities under the CLOUD Act, even inside a French sovereign region. We think that single sentence defines the market. Sovereign cloud is a real engineering improvement, but while the parent is US-domiciled the legal gap stays open. The only structure where the answer to a foreign subpoena is genuinely no is one you own and run inside your own walls.