AI;DR

A large language model is a statistical system trained to predict the next token in a sequence, given the tokens that precede it. It has been trained on a corpus of text drawn from the internet, books, and other sources — typically hundreds of billions of words. During training, the model adjusts hundreds of billions of numerical parameters to minimise its prediction error across that corpus.

The result is a system that can produce fluent, contextually appropriate text on almost any topic. It does this by pattern-matching at a scale and resolution that no human can match. It does not reason, retrieve information from memory, or understand language in any sense analogous to human cognition. It compresses statistical regularities and reproduces them on demand. That distinction is not philosophical. It determines what the system can and cannot reliably do.

A recommendation algorithm ranks content items by their predicted probability of producing a target behaviour — typically a click, a watch, a share, or a reaction. It uses a model trained on the historical behaviour of users similar to you, updated in real time as you interact with the platform.

The target behaviour is defined by the platform, not by you. Platforms typically optimise for engagement metrics that correlate with revenue: session length, return visits, ad impressions. Content that produces strong emotional reactions — outrage, anxiety, desire — tends to score well on these metrics regardless of its accuracy or social value. This is not a flaw in the algorithm. It is the algorithm working as designed.

The Clarifying Lawful Overseas Use of Data Act (2018) establishes that US companies must comply with valid US legal process requiring production of data, regardless of where that data is physically stored. A US federal court order served on Microsoft can compel Microsoft to produce data stored on its Dublin servers without requiring Irish court authorisation.

The Act includes a mechanism for companies to challenge requests that would violate the laws of the country where data is stored. In practice, this mechanism is rarely invoked. The substantive effect is that any data stored with a US-based cloud provider is potentially accessible to US law enforcement and intelligence agencies under US law, irrespective of European data protection frameworks.

The AI Act classifies systems by the severity of harm their failure could cause. High-risk systems — those used in employment decisions, credit scoring, educational assessment, or law enforcement — must undergo a conformity assessment before deployment: technical documentation, logging of decisions, and registration in a public EU database.

The classification is applied by the provider, not by a regulator. A company that develops a system for CV screening decides whether it falls under the high-risk employment category. National market surveillance authorities can challenge that classification after deployment. The practical effect is that the first line of compliance is self-assessment, with regulatory oversight arriving after the fact.