AI rules, EU cyber talks, and Columbia’s test-score shift: the quiet power reshuffle

Columbia University is set to bring back mandatory test scores for 2027 admissions, a move that immediately reopens the debate over how US universities calibrate merit, access, and predictive assessment. In parallel, EU-level governance is moving from principle to process: the EU cybersecurity agency is scheduled to meet Anthropic on Thursday, signaling that frontier AI firms are now direct policy counterparts rather than distant innovators. Across the Atlantic, Google’s plan to use UK and EU user IP addresses for ad personalization from August 3, 2026 lands as regulators like the UK’s ICO weigh new consent expectations, raising the compliance and enforcement stakes for large platforms. Finally, Rhode Island is joining other US states issuing AI rules for lawyers, while a separate legal AI startup, Eve, faces a patent infringement lawsuit—together pointing to a tightening web of regulation and litigation around AI deployment. Strategically, these developments reflect a broader contest over who sets the rules for AI—governments, regulators, courts, and standards bodies—versus who merely complies. The EU cybersecurity agency’s engagement with Anthropic suggests the bloc is trying to operationalize AI risk management into concrete obligations, potentially shaping model behavior, data handling, and incident reporting expectations for companies with global reach. The US university policy shift matters geopolitically because it influences talent pipelines and perceptions of institutional fairness, which can affect where students, researchers, and future AI labor concentrate. Meanwhile, state-level AI rules for lawyers and patent litigation indicate that the “AI governance layer” is fragmenting: compliance will increasingly be multi-jurisdictional, and legal uncertainty may slow adoption or redirect investment toward defensible IP and safer product designs. The net effect is a quiet power reshuffle in which regulatory access and legal defensibility become as important as raw model capability. Market and economic implications are likely to concentrate in AI governance, compliance, and legal-tech ecosystems rather than in a single commodity or currency. Cybersecurity and AI-safety vendors could see demand lift as EU engagement with frontier labs translates into procurement, audits, and monitoring requirements, supporting segments tied to assurance, red-teaming, and secure deployment tooling. For adtech and digital advertising, Google’s IP-based measurement change may increase the value of first-party and network signals, but also raises the probability of regulatory friction that can affect targeting efficiency and ad pricing in the UK and EEA. In education-adjacent services, Columbia’s test-score return could shift revenue and demand toward test-prep providers and assessment platforms, while also influencing enrollment forecasting models used by private education analytics firms. For legal AI startups, patent risk and state regulation can compress margins and lengthen sales cycles, potentially pressuring valuations for weaker IP portfolios while favoring companies with stronger patent families and compliance-ready workflows. What to watch next is whether the EU cybersecurity agency meeting produces specific guidance, timelines, or risk-management expectations that can be translated into enforceable standards for frontier model providers. In the US, the key trigger is how Columbia operationalizes the 2027 admissions policy—particularly whether it changes weighting, exemptions, or how it handles test-optional legacies—since that will determine downstream demand for testing and tutoring. For platforms, monitor ICO-related consent enforcement signals and any follow-on clarifications about Google’s August 3, 2026 IP usage, because enforcement actions could quickly alter ad measurement practices. In the legal AI space, track court filings and outcomes in the Eve patent case and the pace at which additional states adopt lawyer-focused AI rules, as these will determine whether the market treats governance as a one-off compliance project or a recurring cost center. Escalation risk is moderate: the most likely near-term shocks are regulatory actions and litigation-driven product pauses rather than any kinetic security event.

Geopolitical Implications

• 01

  The EU is likely to translate AI-safety and cybersecurity engagement into enforceable expectations that can influence global frontier AI deployment standards.

• 02

  US institutional admissions policy changes can affect international student flows and the geographic distribution of AI talent and research capacity.

• 03

  Fragmented US state regulation for legal AI suggests governance will be multi-layered, increasing compliance costs and shaping cross-border business strategies.

• 04

  Patent litigation risk indicates that legal defensibility may become a strategic asset for AI firms competing in regulated markets.

Key Signals

• —Any post-meeting EU guidance, enforcement timelines, or risk-management requirements emerging from the EU cybersecurity agency/Anthropic engagement.
• —Columbia’s detailed admissions policy mechanics for 2027 (weighting, exemptions, and how it handles test-optional cohorts).
• —ICO enforcement actions or consent-rule clarifications that could force changes to IP-based ad measurement practices.
• —Court developments in the Eve patent infringement case and whether other states accelerate AI rules for lawyers.