Snowflake is a data warehouse in the cloud: a place where large companies dump every transaction, log file and CRM record so analysts can query it. The new twist is that those queries are no longer just typed by humans. AI agents are starting to read the data, write to it, and call other software tools on a company’s behalf. That raises an awkward question: who let the agent in, and what is it allowed to touch? Snowflake spent its May 27 earnings day answering it. It posted record growth, committed $6 billion to Amazon’s cloud over five years, and bought a small startup called Natoma whose job is to police what AI agents are permitted to do. The pitch to enterprise buyers: if your data already lives in Snowflake, so should the guard rails for the agents acting on it.

On a video link from Snowflake’s Menlo Park headquarters, CEO Sridhar Ramaswamy walked analysts through a quarter he framed as a turning point. “Our platform brings together the four elements organizations need to become an agent enterprise,” he told them, ticking off “a unified governed data foundation, access to leading AI models, connectivity across enterprise applications and workflows, and a unifying agent control plane that turns intent into governed action.” He called it a “clear inflection point” in the company’s AI journey. The market took him at his word. Snowflake shares jumped roughly 36% the next trading day, the sharpest single-session move since the company’s 2020 debut. The numbers underneath were genuinely strong. Product revenue reached $1.334 billion, up 34% year-over-year and accelerating 400 basis points from Q4. Remaining performance obligations — the contracted backlog — swelled to $9.21 billion, up 38%. Net revenue retention ticked up to 126%, the first uptick after five flat quarters. Snowflake added 616 net new customers, the most in any fiscal first quarter in its history. Management raised full-year FY27 product revenue guidance to $5.84 billion, implying 31% growth versus the 27% guide it had set in March. But the headline was not the beat. It was what Ramaswamy bundled with it. Snowflake disclosed a five-year, $6 billion commitment to AWS, covering Graviton CPUs, GPU capacity for AI inference, and joint go-to-market spend. That comes on top of more than $7 billion in lifetime sales Snowflake has already routed through the AWS Marketplace, with $2 billion of that booked in calendar 2025 alone. For Amazon, it is a vote of confidence at a moment when hyperscaler customers are openly hedging between clouds. The second announcement was the more strategically interesting one. Snowflake said it had signed a definitive agreement to acquire Natoma, a two-year-old San Francisco startup founded by Pratyus Patnaik, Will Potter, Zachary Hart and Paresh Bhaya. Natoma builds what is, in plain terms, a bouncer for AI agents: a centralized gateway that sits in front of Model Context Protocol (MCP) servers and enforces identity, policy and audit at the level of every individual tool call. When an agent asks to read a Salesforce record or push a row into NetSuite, Natoma decides whether the human behind it had the right to do that, logs the request, and produces an evidence trail. The Register, less reverent than most outlets, summed it up as Snowflake buying Natoma “to help freeze out rogue agents.” That is closer to the operational truth than the marketing language. Terms were not disclosed.

To see why this matters, it helps to understand what MCP is and is not. The Model Context Protocol, originally drafted by Anthropic in late 2024 and since handed to the Linux Foundation, is a thin standard for exposing tools and data to a language model. It looks deceptively like a USB-C port for AI agents: plug in a CRM, a database, a Jira instance, and the model can call them through a uniform interface. The trouble is that the specification itself does not enforce security. Authentication, authorization, rate limits, audit logging — all of that is left to whoever runs the server. A recent arXiv survey of MCP risks lists prompt-injection routes, tool poisoning, token aggregation and shadow servers as the four most common failure modes. That is the gap Natoma fills, and it is the gap Snowflake is now claiming as its own. The acquired platform becomes the chokepoint between Cortex Agents, Snowflake Intelligence and Cortex Code on one side, and the long tail of enterprise SaaS, on-prem systems and APIs on the other. Every tool call passes through a verified library of MCP servers; every action is checked against the identity of the human ultimately on the hook for it. Architecturally, this completes a stack Snowflake has been quietly assembling for eighteen months. Horizon Catalog provides the metadata layer — lineage, tags, masking policies, classification. Cortex Agents provides the reasoning loop. Snowflake Intelligence and Cortex Code sit on top as the user-facing products. Natoma slots in as the policy enforcement plane between agents and the world outside the warehouse. Crucially, it brings the governance perimeter with it: an agent invoking a tool inherits the row-access policies and dynamic masking rules already defined in Snowflake’s RBAC model. The same controls a DAX40 data engineer wrote for a human analyst now apply to an agent acting on that analyst’s behalf. The competitive geometry is unmistakable. Databricks has been building a parallel stack around Unity Catalog and Genie. Microsoft is pushing Fabric and Copilot Studio toward the same outcome. SAP, ServiceNow and Salesforce all want to own the agent layer over their respective application estates. What is unusual about Snowflake’s move is the explicit bet that governance, not orchestration, is the bottleneck. Ramaswamy did not buy an agent framework. He bought a permission system. There is a historical rhyme here. In 2014, AWS acquired a tiny startup called Annapurna Labs for what was then read as a curious silicon play. It became the foundation for Graviton, Nitro and arguably the modern hyperscaler economics. Natoma is a smaller cheque against a similar bet: that the boring infrastructure piece nobody is excited about today will end up shaping who collects the rent tomorrow. The five-year, $1.2 billion-a-year AWS commitment is the matching wager on the compute side.

On April 20, 2026, Apple announced that Tim Cook would hand the CEO job to John Ternus, its hardware engineering chief, on September 1. Six weeks later, on June 8, Cook will stand on the WWDC stage in Cupertino and unveil the long-promised overhaul of Siri. The strange part: the new assistant runs partly on Google’s Gemini, licensed in a January 2026 deal worth about a billion dollars a year. And Apple’s own AI infrastructure budget for the year is roughly $14 billion — about 2% of what Amazon, Google, Meta and Microsoft will spend combined. Apple is the only trillion-dollar tech company that decided not to build its own AI factory. That choice, more than any single model launch, is what enterprise buyers and DAX40 boards should be watching.

On a Monday morning in late April, Tim Cook sent the all-staff email Apple watchers had been drafting in their heads for years. He would step aside on September 1, becoming Executive Chairman. The new CEO would be John Ternus, the 51-year-old Senior Vice President of Hardware Engineering who joined Apple in 2001 to work on the Cinema Display and ended up running the iPhone, iPad, Mac, AirPods and Apple Watch product lines. Cook’s written tribute called Ternus a leader with “the mind of an engineer, the soul of an innovator, and the heart to lead with integrity and with honor.” The line read like a deliberate contrast with the moment: Apple was choosing a builder of physical objects to lead a company whose next decade will be judged on software intelligence. The symbolism cut deeper because of where Apple sits in the AI cycle. A year earlier, Robby Walker, the senior director then overseeing Siri, told staff in an internal meeting — reported by Bloomberg’s Mark Gurman — that the delays to the promised “personalized Siri” features were “ugly” and “embarrassing,” worsened by Apple’s decision to advertise capabilities that worked only two-thirds of the time. The TV spots came down. The Siri features slipped from 2025 into 2026. And in January 2026, Apple did something Steve Jobs’s Apple would have found unthinkable: it signed a multi-year deal to license a custom 1.2-trillion-parameter Gemini model from Google for roughly $1 billion a year, eight times the size of Apple’s own cloud model, to sit behind the next Siri. WWDC 2026 opens June 8 in Cupertino and runs through June 12. According to consensus reporting from 9to5Mac, MacRumors and Tom’s Guide, the keynote will introduce iOS 27, a redesigned Siri that behaves like a chatbot with conversation history, a Liquid Glass refresh of the system UI, and the first Apple Intelligence features powered by the Gemini-derived Apple Foundation Models. Craig Federighi will demo. Cook will narrate. Ternus, by then weeks from taking the chair, will likely walk the hardware segment. The scene to keep in mind is not the keynote itself. It is the math on the slide nobody at Apple will show. Apple’s fiscal 2026 capex guidance, repeated on the May earnings call, is roughly $14 billion — essentially flat year over year. Amazon has guided to about $200 billion, Alphabet to $175–185 billion, Meta to $115–135 billion, Microsoft to about $145 billion. Adding it up: the four hyperscalers will spend somewhere near $670 billion this year building AI capacity. Apple will spend 2% of that, license a model from one of them, and ship the result to two billion devices. Either it is the most coherent act of strategic restraint of the cycle, or it is the slowest-motion miss in Apple’s history. WWDC will not settle the question. It will only make the bet visible.

The capex gap is the headline, but the more interesting number is the ratio. Apple’s roughly $14 billion of FY26 infrastructure spend is about one-fiftieth of what its four largest U.S. rivals will commit. To put that in historical scale: when Tim Cook took over from Steve Jobs in August 2011, Apple’s annual capex was about $4.3 billion and the entire S&P 500 tech sector spent under $100 billion a year on physical assets. Today a single hyperscaler signs that figure off in a quarter. Apple has not so much fallen behind as declined to enter the race. The strategic logic, articulated most clearly in Alberto Romero’s May 30 essay in The Algorithmic Bridge and echoed in a Fortune piece from February titled “While big tech burns cash on AI, Apple waits,” rests on three bets. First, that frontier models are converging toward commodity status, which means whoever owns the customer relationship — Apple owns roughly 2.3 billion active devices — captures the durable margin, not whoever owns the GPUs. Second, that on-device inference on Apple Silicon, combined with Private Cloud Compute for harder queries, gives Apple a privacy story it can sell at a premium while the hyperscalers eat depreciation on data centers that may be obsolete in 36 months. Third, that the optionality of licensing — Gemini today, possibly Claude or an open model tomorrow — beats the lock-in of building one’s own. Ben Thompson at Stratechery has noted the elegance of the move: Apple licensed Gemini for about a billion a year instead of spending a hundred billion building its own factory. But Thompson has also been blunt about the risk. He has compared Apple’s repeated AI promises to “an alcoholic making promises, to itself and others, that it almost certainly won’t keep,” and pointedly asked what Apple has done to inspire faith it can build a compelling product on top of a licensed model when Microsoft, after years of trying with OpenAI, concluded that it could not. That is the pivot. The bull case and the bear case use the same facts. The bulls see a disciplined integrator husbanding capital while rivals torch it; the bears see a company that missed the moment, papered the gap with a Google contract, and is hoping nobody notices that the new Siri is, underneath the chrome, a Gemini wrapper. The Cook-to-Ternus handover is being framed by Apple’s PR as long-planned succession. Outside Cupertino, it is being read as a hardware-first board choosing a hardware-first CEO precisely because Apple no longer believes the next decade of differentiation will come from the model layer at all. If that read is right, the $14 billion is not a shortfall. It is a forecast about where value will accrue — and a refusal to subsidize OpenAI’s, Google’s and Anthropic’s compute bills along the way. It is also, notably, the first major succession in tech this decade where the incoming CEO has no software background. Sundar Pichai came from Chrome and Android. Satya Nadella ran Server & Tools. Andy Jassy built AWS. Ternus designed the iPad.

The June 8 keynote will be parsed for four signals beyond the product demos. First, attribution: will Apple name Google on stage, in the press release, or only in a developer session footnote? The branding choice tells you how confident Apple is that consumers will not perceive a downgrade. Second, latency and accuracy in the live demos. The 2024 WWDC Siri demo used a video mockup that Walker later acknowledged was barely a prototype. A repeat would be catastrophic, and the press pool will be checking for staged versus live demonstrations. Third, the developer story. If Apple opens its Foundation Models — Gemini-derived or not — to third-party app developers with a real SDK, the company is signaling that it intends to compete as a platform for agentic AI, not just as a consumer surface. The absence of that SDK would be the loudest negative signal of the week, and would push the European enterprise developer community further toward Anthropic and Mistral. The fourth signal, quieter but more important for enterprise buyers, is how Apple frames Private Cloud Compute in a world where the model behind the curtain is rented from Mountain View. The original Private Cloud Compute pitch was that Apple controls the silicon, the operating system and the model end-to-end. Two of those are still true. The third now has an asterisk. How Apple narrates that asterisk — what data flows to Google’s servers, what stays on device, what is logged, what is auditable, and what an enterprise admin can actually configure — will set the template for every consumer-facing AI product that licenses a frontier model. Which is to say, most of them. Watch for the words ‘zero retention’ and ‘no training on enterprise data’ to appear, or not, in the on-stage privacy slide.

MiniMax is a Shanghai AI lab founded by former SenseTime executive Yan Junjie and backed by Genshin Impact maker miHoYo. It listed in Hong Kong in January 2026, doubled on day one, and now trades at roughly an $11.5 billion market cap. The lab built its developer reputation on freely downloadable models — M2 in October 2025 and M2.5 in February 2026, both released under the permissive MIT license. On 18 March 2026 it released M2.7. The weights stayed on Hugging Face, but the license quietly changed: commercial use now requires written authorization. Two months later, annualized revenue has more than doubled past $300 million, and MiniMax is preparing a second listing on the Shanghai exchange. The trade is visible on the tape: open source built the audience, closed weights monetize it.

On a Wednesday morning in mid-March, a developer in Berlin pulled the new MiniMax-M2.7 repository from Hugging Face and read the file labeled LICENSE. The header still said “MIT.” Three paragraphs down sat a clause she had not seen in M2 or M2.5: any commercial deployment of the weights now required written authorization from MiniMax Group Inc. Within hours, a discussion thread on the model card titled “Open source my ass — they are liars” had hundreds of upvotes; another thread asked, more politely, whether output served from a fine-tuned derivative also counted as commercial use. The answer arrived from Ryan Lee, MiniMax’s head of developer relations, who explained that bad-faith hosting providers had been deploying degraded versions of MiniMax models — wrong chat templates, aggressive quantization, sometimes not even the real weights — and pocketing the reputational damage. “They walk away thinking MiniMax is mid,” Lee wrote. The license, he argued, was a way to push back without locking out hobbyists, who can still run the model freely. The community is right that the framing was misleading; MiniMax is right that the economics had stopped working. The two facts are not in tension. M2.7 is the lab’s first proprietary frontier model, and on its own benchmarks it scores 56.22 percent on SWE-Pro and 57.0 percent on Terminal Bench 2 — within touching distance of Claude Opus 4.6 and GPT-5.3-Codex on software engineering, at roughly one-seventeenth the input-token price. It is, by the numbers, the most commercially valuable artifact MiniMax has ever produced. Two months later, on 28 May, Bloomberg reported that MiniMax’s annualized revenue had more than doubled to at least $300 million, with more than one million users of its enterprise AI services — a fivefold increase from six months earlier. For context, full-year 2025 revenue was $79 million. The growth curve looks less like a software-company ramp and more like a Chinese e-commerce launch: vertical. Then, on 30 May, Bloomberg followed with a second story. MiniMax had filed a listing guidance report with the Shanghai Securities Regulatory Bureau, kicking off an A-share IPO process with CITIC Securities as guidance institution. Four months after going public in Hong Kong, the company is now racing Zhipu AI to become the first large-model lab to list on mainland China. Both moves — closing the weights and chasing a second listing — answer the same question. The question is whether a Chinese frontier lab can fund the next training run without selling the model itself, and the answer MiniMax is converging on is no. The pivot is the story. A company that introduced itself to the global developer community in 2024 with a fully open Mixture-of-Experts release, and whose CEO pledged at the Hong Kong IPO to “ensure cutting-edge AI truly serves everyone,” is now running the same playbook as OpenAI and Anthropic. Yan Junjie put the new doctrine plainly on the most recent earnings call: “In the AI era, the ultimate determinant of success is not simply burning money or resources, but the speed of advancement in intelligent capabilities, which can generate larger-scale commercial revenue and market size.”

The China-is-open, America-is-closed shorthand that dominated AI commentary through 2024 and 2025 is dissolving in real time. MiniMax shipped MiniMax-Text-01 as open weights in January 2025. DeepSeek’s V3 release in late 2024 and R1 in January 2025 made open Chinese models the default reference point for cost-efficient frontier capability. Alibaba’s Qwen team open-sourced essentially everything it built. Moonshot’s Kimi K2 in mid-2025 went the same way. The pattern was so consistent that Hugging Face download data for the year ending August 2025 showed Chinese open-weight models accounting for 17.1 percent of global downloads, narrowly overtaking the US share of 15.86 percent — the first time China had led that metric. Western enterprise buyers, including several DAX40 CIOs, started writing Chinese open weights into their sovereign-AI roadmaps as a hedge against US-hosted closed APIs. That window is closing. Zhipu AI released GLM-5 Turbo as a proprietary model earlier this year. Alibaba’s Qwen 3.6 Plus is closed, even as Qwen 3.6 base remains open. Doubao, ByteDance’s flagship, was never meaningfully open. MiniMax is now in the same column. The labs still shipping under genuinely permissive licenses — Moonshot’s Kimi K2.6, DeepSeek V3.2, Step 3.5 Flash under Apache 2.0 — are increasingly the exception rather than the rule. The historical comparison is instructive. When OpenAI moved from the GPT-2 release of 2019 — which itself was staged out of stated safety concern — to the closed GPT-3 API in 2020, the framing was “safety and commercialization.” Six years later, the framing in Hangzhou and Shanghai is “commercial sustainability and reputational control.” The vocabulary differs; the trajectory is identical. The macroeconomic logic is also identical. Training the next generation of frontier models costs hundreds of millions of dollars per run, and US export controls on Nvidia H100 and Blackwell chips mean Chinese labs spend more compute-equivalent dollars per FLOP than American competitors. Open-weight releases were never charity; they were marketing collateral that absorbed feedback, drove API traffic, and pressured competitors. Once a lab has the audience — MiniMax has built it, with more than 70 percent of revenue now generated overseas across 200 countries — the marginal value of an open release falls and the marginal cost of cannibalizing your own API rises. The pivot point arrives when commercial revenue can fund the next pretraining run. MiniMax appears to believe it has reached that point. The 30 May Shanghai filing suggests the capital markets agree, or will be asked to. Strip away the geopolitical framing and what remains is a familiar software story: a company that gave away the product to win distribution, and is now charging for the product because distribution is won.

For European enterprise buyers, the practical consequence is narrower than the headline suggests but more important than it looks. The sovereign-AI thesis in Germany — the one that powers procurement conversations at the Bundeswehr, the Bavarian state administration, Siemens, BMW, and the Schwarz-backed Cohere–Aleph Alpha merger — depends on a credible supply of frontier-grade open weights that can be self-hosted inside an EU data perimeter. For the past eighteen months, that supply has effectively come from China. Mistral remains the European benchmark for downloadable models, but Mistral alone cannot saturate the procurement pipeline of every DAX40 company simultaneously, and pricing reflects that scarcity. Chinese open weights, particularly DeepSeek and Qwen variants hosted on European GPU clusters, have been the relief valve. As that valve narrows — as MiniMax M2.7 joins GLM-5 and Qwen 3.6 Plus behind paywalls — European CIOs lose optionality just as the Cohere–Aleph Alpha integration is consolidating supplier power on the European side. The likely result is a two-track market: a small number of genuinely open frontier models (Kimi K2.6, DeepSeek V3.2, Llama derivatives, Mistral) commanding scarcity premiums for self-hosted deployments, and a much larger commercial-API market where the choice between OpenAI, Anthropic, Google, Mistral and MiniMax is decided on cost, capability and jurisdictional risk rather than on whether the weights are available. The naive “China = open” hedge no longer works. Procurement teams that wrote it into 2026 roadmaps will need to rewrite them. The harder question is whether anyone in Brussels or Berlin draws the obvious lesson and pushes for a Member-State-funded permanent open-weight commitment from one or more European labs, treating frontier open weights as critical infrastructure rather than a feature of someone else’s commercial strategy. SPRIND’s €125 million Next Frontier challenge is a first signal; it is also, given the scale of compute economics, a rounding error against what the moment requires.

On 7 May 2026, EU negotiators agreed the so-called Digital Omnibus on AI, a targeted rewrite of the AI Act. The headline change is timing: obligations for standalone high-risk AI systems listed in Annex III (HR, education, credit scoring, biometrics and similar) move from 2 August 2026 to 2 December 2027. High-risk systems regulated as products under Annex I slip a year to 2 August 2028. Two new prohibitions — AI that produces non-consensual intimate imagery and AI-generated child sexual abuse material — take effect on 2 December 2026. Synthetic-content marking rules slip four months to the same date. The Member-State regulatory sandbox deadline is pushed back a year. The substantive obligations are largely intact; the calendar has been reset.

Trilogue staff in the Justus Lipsius building filed out at 4:30 a.m. on Thursday, 7 May, with a deal they had been told to bring home before 2 August. The corridor verdict was unanimous: the AI Act’s original timetable would not survive contact with the standards-making process. Harmonised standards for high-risk AI are still in draft, Member States have only patchily designated their market-surveillance authorities, and the Commission’s own classification guidelines for Article 6 — statutorily due 2 February 2026 — only landed on 19 May as a consultation draft running to 23 June. Executive Vice-President Henna Virkkunen, the Commissioner who inherited the file from Thierry Breton, framed the package in characteristically uncontroversial terms: “Our businesses and citizens want two things from AI rules. They want to be able to innovate and feel safe. Today’s agreement does both.” Parliament rapporteur Brando Benifei, who has been openly nervous about institutional credibility, warned that “continuous slippage threatens the Act’s credibility” and resisted attempts to fragment the horizontal framework into sectoral regimes. The compromise text reflects that tension. Annex III obligations — the part of the Act that touches enterprise HR, credit, insurance underwriting, education, critical infrastructure, law-enforcement and biometrics use cases — are deferred 16 months, from 2 August 2026 to 2 December 2027. Annex I product-regulated high-risk systems (medical devices, machinery, toys, automotive safety components and the rest of the New Legislative Framework family) get a full extra year, slipping from 2 August 2027 to 2 August 2028. The Article 50 synthetic-content marking obligations — the watermarking and detectability rules for generative outputs — were not deferred to 2027 as some lobbyists wanted; they move just four months, to 2 December 2026. Member States now have until 2 August 2027, rather than next August, to stand up at least one regulatory sandbox. And while industry got time, civil society got two new red lines: from 2 December 2026, placing on the market or using AI systems that produce non-consensual intimate imagery of an identifiable person — the so-called nudifier apps — is prohibited, as is the generation of AI child sexual abuse material, subject to a narrow national-law carve-out. The Council press release framed the package as simplification; the Parliament’s plenary endorsed the position by 569 votes. Formal adoption is still pencilled in for before 2 August. If it slips — and the original Act could in principle snap back into force on that date — the entire timeline is again in play. That tail risk is why every general counsel in Frankfurt and Munich is reading the trilogue text and not the press release.

Strip out the politics and the Omnibus is a recalibration of three things: dates, definitions, and supervisors. On dates, the picture is now unusually clear for a file of this complexity. Prohibitions under Article 5 — social scoring, manipulative AI, real-time biometric identification in public spaces, emotion recognition at work and school — have been in force since 2 February 2025 and are untouched. The GPAI obligations on model providers that took effect 2 August 2025, with the AI Office’s Code of Practice as the de facto implementation manual, also remain in place. What moves is the high-risk regime. Standalone Annex III systems: 16 months later. Annex I product systems: 12 months later. Article 50 synthetic-content marking: 4 months later. National sandboxes: 12 months later. Two new Article 5 prohibitions land on 2 December 2026. The pivot in the story is that the destination — not the journey — is what matters for boards. The GPAI inventory, model cards, copyright opt-out registers, FRIA-style impact assessments and conformity-assessment workflows that DAX40 compliance teams scoped for the August 2026 deadline are still required; they are simply due 16 months later, and now with a draft Commission interpretation of Article 6 in hand. The 1,600-example annex to the Commission’s 19 May guidelines is the document AI governance officers should be marking up over the summer, not the press release. On supervisors, Germany has finally settled the hybrid model that has been gestating since the cabinet adopted the KI-MIG draft on 10 February. The Bundesnetzagentur becomes the central market-surveillance authority and houses a new Koordinierungs- und Kompetenzzentrum (KoKIVO) that other competent authorities will plug into. The BfDI keeps jurisdiction over data-protection-relevant high-risk AI systems — the explicit refusal to make BfDI the lead market-surveillance authority is itself a political signal. BaFin supervises financial-sector AI under the existing prudential framework. The BSI handles cybersecurity and KRITIS-relevant systems. For a DAX40 risk function, that means up to four federal counterparties per use case, plus sector regulators (BAG for medical devices, KBA for automotive) and 16 Land-level data-protection authorities for downstream deployment questions. The historical comparison is instructive. GDPR’s 24-month grace period was famously squandered until the spring of 2018; the eventual cost of compliance came in at roughly €7.8 million for an average large enterprise, according to IAPP-EY data. MiFID II’s 12-month deferral in 2016 was used productively by tier-one banks and badly by everyone else. The AI Act now offers a similar 16-month window. The firms that treat the Omnibus as relief will spend 2027 in the same scramble they would have faced in 2026. The firms that treat it as runway — to finalise inventories, lock down GPAI vendor terms, codify FRIA processes and pre-register Annex III deployments with BNetzA’s KoKIVO — will have an enforcement-ready posture before the first audit cycle.