What 'open weight' actually buys a regulated company, and what self-hosting really does for data sovereignty

This week an AI news feed flagged that Meta moved to support a kids-safety bill once it was packaged with language that would preempt state AI laws. On its own that is Washington horse-trading. But for any company weighing whether to run models in-house, it is a small signal of a larger thing: the legal map under a self-hosting decision is being redrawn right now, and the redrawing is not finished.

I get a version of this question almost every week from technical founders selling into regulated buyers. It arrives as one confident sentence: “We will just use an open-weight model and self-host, so we are sovereign and compliant.” Take a breath. Half of that sentence is doing a lot of work it has not earned.

Open weight, preemption, and a state law going live

Three things are true at once, and a board tends to blur them.

First, the open-weight model space is healthy and mostly permissive. Gemma 4, Qwen 3.5, and Mistral’s recent Large and Small releases ship under Apache 2.0. DeepSeek V4 ships MIT. Those are licenses most counsel has read before. But “open weight” also includes Llama 4, which keeps a custom Meta license with a commercial clause that kicks in above 700 million monthly active users, and the Open Source Initiative still maintains that the Llama license is not, by their definition, open source. So “open” spans permissive to restrictive-custom. It is a range, not a guarantee.

Second, the US regulatory ground is in motion. As reporting around the current deal put it, the package on the table would block state AI regulation for three years in exchange for passing online-safety bills, and this is not the first attempt. As The Next Web reported on June 10, the earlier effort died when “The Senate voted 99-1 to remove an AI preemption provision from the One Big Beautiful Bill Act,” in a year with “1,208 AI bills introduced in 2025 and 145 enacted.” That is the real backdrop to this week’s signal.

Third, a concrete deadline is almost here. Per legal coverage in mid-June, the Colorado AI Act, the first comprehensive US state AI law, takes effect June 30. The federal preemption bill is not law. So for now, state rules still bind.

I am citing that June 10 figure as background, not as fresh news. The genuinely in-window signal this week is just that the fight is live and moving; the decision-grade detail is a few days older. That is fine. A board does not need a bombshell. It needs to see which of these three threads its own AI choice actually touches.

Open weights are not automatically private, free, or license-clean

Here is the reframe that does the most work in a board conversation. “Open weight” answers one narrow question: can the model parameters be downloaded and run in-house. It does not answer whether they can be used commercially, whether usage thresholds apply, who owns the outputs, or whether running them makes a company compliant. Those answers live in the license and in the law, not in the word “open.”

On the license side, the work is boring and knowable, which is good news. Can it be used commercially. Is there a user or revenue threshold. Are there field-of-use restrictions. What does it say about training on the outputs. A permissive Apache 2.0 or MIT model clears most of that in an afternoon of reading. A custom license like Llama’s needs counsel to check the threshold clause against real numbers. The teams that get burned are the ones who assumed “open” meant “free of obligations” and never read past the headline.

On the sovereignty side, the trap is subtler. Self-hosting genuinely changes who controls the stack, which is real and valuable. But it does not, by itself, confer compliance. Under the EU AI Act, broadly applicable August 2, free and open-licence general-purpose models get a meaningful break: they are exempt from the heavy technical-documentation duties. They still have to meet copyright obligations and publish a training-data summary. Running the weights on owned boxes does not erase those.

And the part most sovereignty decks skip: data residency is not the same as data sovereignty. A company can keep every byte inside the EU and still find that a US provider in its stack is reachable under the US CLOUD Act, which can compel access to data held by American companies regardless of where the server physically sits.

Data residency tells you where the bytes sit. Sovereignty tells you whose law can reach them. A board keeps asking the first question and meaning the second.

Does self-hosting make you compliant? Not alone

“Does self-hosting make us compliant?” By itself, no. It removes a third-party data processor from the loop, which closes off a whole category of residency and transfer problems and gives full visibility into data flows plus a real audit trail. That is a strong position to argue from. But the AI Act duties, the copyright and training-data obligations, and the state-law patchwork still apply to what gets done with the model. Self-hosting makes compliance more achievable, not automatic. Treat it as removing one large risk, not all of them.

“If we pick an open-weight model, are we free of license risk?” Only if someone reads the license and it actually says so. For Apache 2.0 and MIT models, the answer is close to yes for most commercial uses. For custom-licensed models, it depends on specific clauses, and the Open Source Initiative’s standing position on Llama is a useful reminder that the marketing word and the legal status can diverge. Have counsel check usage thresholds and field-of-use terms against the real plan before anyone commits in a deck.

“Should we wait for the federal preemption fight to settle?” I would not freeze a sound architecture decision on a bill that already failed once by 99-1 and is now being renegotiated. Subject-matter preemption, if it passes, would displace state laws that cover the same ground as the federal package, but it is not law today and Colorado goes live June 30 regardless. Build for the rules that exist, keep the design flexible, and read the federal motion as a signal, not a starting gun. The whole point of controlling the stack in-house is the freedom to adapt when the rules change, instead of waiting on a vendor to do it.

Self-hosting buys control, not automatic compliance

One minute, the whole thing. Open weights run from permissive to restrictive, so read the license and do not trust the word. Self-hosting buys control of the stack and a clean residency story that matters for regulated buyers, but not automatic compliance and not automatic privacy. The US rules are being rewritten right now and Colorado’s law is live in two weeks, so build for today’s rules and keep the design adaptable. Sovereignty is about who controls the stack and whose law reaches the data, not just where it lives. None of this is a reason to panic, and none of it is a reason to hand-wave the homework.

Watch preemption, licenses, and the real stack

Watch whether the federal preemption package actually moves text, because subject-matter preemption would change which state obligations bind. Watch the license inventory: a quiet term change on a depended-on model is a Tuesday for counsel, not a crisis, but only if someone is actually reading. And watch the gap between the sovereignty story and the real stack. The cleanest data-residency claim in the world does not survive a single US-reachable dependency nobody remembered. That last one is worth a calm hour this month, before a customer’s security team asks first.