What happens when companies become
too big to govern?

Current AI policy & governance efforts keep proposing the same set of tools to address harms that come from AI and corporate power concentration — fines, audits, model cards, transparency, human-in-the-loop, etc. But these solutions presume that the institutional powers and governments will continue to have leverage over the actors they seek to regulate. Evidence suggests otherwise.

With each new technical innovation, we’re witnessing what happens when a handful of companies control everything from the models and compute, to the communications channels, infrastructure, surveillance and decision-making systems, and even the interfaces that increasingly define our lives.

This is what I define as tech extensity: where tech firms and the tools and services they provide become so embedded in the complex systems that society is dependent on, that they become impossible to remove or constrain.¹

Riffing on Robert Greene’s 48 Laws of Power, I distinguish intensity (dominance through mastery, which is finite and impermanent — think of the great artists, or Henry Ford) from extensity (dominance through spread — Henry Kissinger across administrations, Google across the open web, SpaceX across launch + connectivity, Anthropic and OpenAI through AI).²

Here’s what extensity is not:

• A monopoly. Extensity doesn’t require exclusive market share; Google has meaningful competition, and yet, so many of us are reliant on their tools.
• Lock-in. Lock-in is a bilateral switching cost problem — one customer, one vendor, one painful migration. Extensity is systemic: even users who can individually turn off Google still depend on Google’s infrastructure (or systems that depend on Google) to function. The system itself cannot operate without it.
• Regulatory capture. Regulatory capture shapes the rules of regulation, but the actors are still in some sense, constrained; extensity makes rules inapplicable in the first place. A small network of companies who are individually more profitable and powerful than entire countries, and collectively powerful enough to rival nation-states, are being emboldened to ignore the law entirely.

Extensity is the structural condition under which a democratic system becomes unable to discipline or control its own components. “Too big to fail” was the 2008 version. “Too big to govern” is the 2026 version.

The AI scale-up isn’t producing new monopolies. It’s producing new substrates — compute, foundation models, satellite + sensor infrastructure, surveillance & machine-human integrations. Simultaneously, society is building on top of this substrate before a vocabulary is developed on how to properly define the problem.

Compounding this is the loss of friction.³ By friction, I mean the temporal, legal, financial, normative, and knowledge-based barriers-to-entry that have historically inhibited concentrated power grabs and constrained collective disempowerment. Friction keeps our worst human impulses in check; unfortunately the speed of change in frontier AI, surveillance & military technologies, compute, and communications have been eliminating these friction points at an alarming pace.

The literature on gradual disempowerment describes the final outcome;⁴ tech extensity and the loss of friction explains how we get there. And unlike many of the more future-forward x-risk arguments, the harm and impact is empirically measurable today.

Treating extensity as the unit of analysis (rather than, say, “market share” or “AI risk”) changes the policy menu:

1. It predicts which interventions don’t work. Procedural mitigations (audits, registers, model cards, post-hoc transparency) cannot bind a system that extensive entities can easily ignore or tie up in litigation or compliance theatre.⁵ Extensity can be used as a screen: any remedy that assumes external leverage, norms, or ex-post legal remedies is decorative against an entity that is too big to govern.
2. It identifies what does work. Structural remedies that reduce interdependence — structural separation (L. Khan), public-utility / common-carrier framing (K. Rahman), ex-ante chokepoint design (Farrell & Newman), or mechanisms that prioritize keeping humans in the economic loop with respect to AI — are the few interventions whose shape matches the problem.
3. It is testable. Extensity is operationalizable. Measure cross-sector reach × time-to-replace × downstream criticality, and you get a comparable score. This lets you rank exposure and risk (which firms? which jurisdictions? which infrastructures?), and assess regulatory proposals. This makes the framework falsifiable in a way diagnosis-heavy critique isn’t.
4. It offers a European delivery vehicle. The EU is the one jurisdiction with both the regulatory instincts (e.g., the EU AI Act, the Digital Markets Act), and the dependency exposure (80% of the EU’s tech stack is foreign-owned)⁶ to take this question seriously. Building effective and enforceable approaches with actual consequences before this brief window closes is crucial.

The political economy literature names the dynamic but does not fully engage on the frontier-AI and broader future-tech specifics. The technical AI safety community is doing serious work on misaligned models and rogue AI, but has under-invested in the question of what happens when the models are aligned to forces and entities who have liberated themselves from the social contract. The AI governance & policy literature is right about the need and urgency to act, but its proposed solutions assume that the legal structures of today will continue to hold against increasingly ungovernable forces tomorrow.

I sit at that intersection — a practitioner with broad legal and technical knowledge, operational experience inside of big tech platforms (Palantir, Meta), journalistic credentials (Bloomberg BNA), and 10+ years in privacy & data protection. I’ve seen what works, and understand how these firms think.

• A more detailed statement of the extensity framework, and a deeper analysis of how the concentration of power and the loss of friction are increasing dependency and disempowerment (target: October 2026).
• A book proposal applying the extensity framework to where we are today, along with concrete solutions and mitigations (target: Q2 2027).
• Briefing papers translating the framework into specific EU regulatory instruments.
• Continued thoughts and developments on insights.priva.cat.
• Actively seeking: fellowship affiliations, EU briefing collaborations, co-author(s) for materials aimed at policymakers, governance professionals, and ideally, the companies themselves.

Get in touch: carey@priva.cat · insights.priva.cat · in/privacat