ยท 6 min read ยท Wingston Sharon

Why Climate Risk Modelling Will Run on Distributed EU Infrastructure (Not AWS)

---

By Wingston Sharon | March 2026

The European Central Bank stress-tested 104 banks for climate risk in 2022. The exercise revealed something beyond capital buffers: most of these institutions had no functioning climate risk stress-testing framework at all.

Around 60% of banks had not integrated climate risk into their credit risk models. Only 20% considered climate risk when granting loans. The gap between regulatory expectation and institutional capability was stark.

This is partly a data problem and partly a skills problem. But it's also an infrastructure problem. And it's about to get much worse.

The CSRD Deadline Is an Infrastructure Crisis in Disguise

The Corporate Sustainability Reporting Directive (Directive 2022/2464) requires large companies to report on sustainability through a phased rollout:

  • Wave 1 (FY 2024, reports due 2025): Large public-interest entities already under the Non-Financial Reporting Directive
  • Wave 2 (FY 2025, reports due 2026): Large companies with 250+ employees or โ‚ฌ40M+ turnover
  • Wave 3 (FY 2026, reports due 2027): Listed SMEs
  • Wave 4 (FY 2028): Non-EU companies with significant EU operations

Note: The European Commission's February 2025 "Omnibus" proposal would raise thresholds and delay some deadlines for smaller entities. This proposal was still under discussion as of March 2026.

The reporting requirements go well beyond emissions counting. Physical risk assessments, transition risk modelling, and SFDR portfolio alignment all require serious compute. A physical risk assessment for a mid-sized EU bank with 10,000 commercial real estate loans across the Netherlands, Germany, and France means:

  • Running IPCC climate scenarios (SSP1-2.6, SSP2-4.5, SSP5-8.5)
  • Simulating asset valuations across 50+ year time horizons
  • Monte Carlo sampling across thousands of scenario paths
  • Aggregating results into ESRS-compliant disclosure formats

The compute requirement for this type of analysis โ€” while it varies significantly by portfolio complexity and scenario depth โ€” is not trivial. It involves repeated runs of statistical models that benefit from GPU acceleration.

At AWS p3.2xlarge rates (approximately $3.06/hour on-demand, us-east-1), even moderate GPU usage adds up quickly across 50,000+ companies subject to CSRD. Europe is about to generate substantial, recurring demand for climate compute. The question is who owns that infrastructure.

The CLOUD Act Problem No One Is Talking About

When your climate risk models run on AWS, Azure, or Google Cloud, they run under US jurisdiction. The CLOUD Act (18 U.S.C. ยง 2713, 2018) allows US law enforcement to compel US technology companies to hand over data stored anywhere in the world โ€” including EU datacenters.

For most enterprise workloads, this is an acceptable legal risk. For forward-looking climate scenario models, the sensitivity is higher.

Your climate projections encode:
- Your asset portfolio composition (commercially sensitive)
- Your risk appetite and scenario assumptions (strategically sensitive)
- Your transition plan timeline (competitively sensitive)
- Your physical exposure by geography (insurers and counterparties would pay for this)

SFDR Article 9 funds โ€” the ones marketing themselves as "dark green" sustainable investments โ€” are under particular regulatory scrutiny. Demonstrating that your climate data processing infrastructure is GDPR-compliant and jurisdiction-clean is becoming a due diligence requirement.

De Nederlandsche Bank flagged cloud concentration risk in its financial stability review. The direction of regulatory travel is toward requiring institutions to understand and manage jurisdiction risk in their cloud infrastructure, particularly for sensitive workload types. Institutions getting ahead of this are in a better position than those waiting for requirements to crystallize.

Why the Hyperscalers Are the Wrong Tool

The obvious solution seems to be: use the hyperscaler's managed climate services. Microsoft Planetary Computer. Google Earth Engine. AWS Clean Energy Accelerator.

These are excellent tools for satellite data processing and remote sensing. They're the wrong tools for regulatory climate risk modelling.

Problem 1: Data residency is not jurisdiction

"EU datacenter" does not mean "EU jurisdiction." Data residency means your data is stored in Frankfurt or Amsterdam. It says nothing about CLOUD Act exposure โ€” which depends on the nationality of the company storing your data, not the location of their servers.

Problem 2: Vendor lock-in on models

Climate risk models are not commodities. Your institution has spent years calibrating asset-specific risk parameters, sector transition matrices, regional physical hazard maps. When those models run inside AWS SageMaker, they become dependent on AWS APIs, AWS data formats, and AWS pricing changes. You have no leverage.

Problem 3: Cost trajectory

Climate risk compliance requirements will only increase. ECB supervisory stress tests are expanding scope. ESMA is broadening SFDR portfolio-level climate metrics. Each regulatory expansion means more compute. If your climate infrastructure is locked to hyperscaler pricing, your compliance costs scale linearly with regulatory requirements.

Infrastructure as the Wedge: The Distributed EU Alternative

The alternative is distributed EU GPU infrastructure โ€” compute owned by European institutions, running on European hardware, under European jurisdiction.

This is what Agentosaurus has built and is running in production today:

  • OCI Frankfurt (primary): Oracle Cloud Infrastructure, Tier 1 datacenter, EU-operated entity
  • Contributed GPU nodes: Mac M-series and NVIDIA hardware contributed by European hardware owners
  • Tailscale mesh networking: WireGuard-encrypted, zero-trust connectivity
  • Beta9 serverless orchestration (open source): Autoscaling compute jobs across the distributed fleet

A note on Oracle: Oracle Corporation is a US company, and Oracle Deutschland B.V. & Co. KG (our primary infrastructure entity) is ultimately a subsidiary. This introduces legal complexity that we acknowledge. We're pursuing additional EU-domiciled infrastructure options. We claim to have materially better CLOUD Act exposure than AWS/Azure/GCP, not a perfectly clean solution.

On pricing: AWS p3.2xlarge on-demand (V100 class) runs approximately $3.06/hour. Our cost on owned EU hardware, amortized over hardware lifetime and utilization, is substantially lower โ€” but the comparison depends heavily on utilization rate. For continuously-running climate scenario workloads (high utilization), EU-native infrastructure tends to look very favorable. For intermittent jobs (low utilization), the economics are less clear.

The key advantage for climate risk isn't just cost โ€” it's jurisdiction. Data never leaves EU governance.

What We Built: The Amsterdam Sustainability Pilot

We've been running production AI workloads on this infrastructure since 2025.

The Amsterdam pilot used our distributed network to analyze 560 sustainability-focused organizations for UN SDG alignment and greenwashing indicators. Full details in our Amsterdam pilot writeup.

The infrastructure is the same infrastructure that would handle climate scenario modelling: distributed GPU, EU-native, privacy-preserving. The workloads are different; the requirements are identical.

The Ownership Test

Before your institution commits to any climate infrastructure provider, ask these questions:

1. Does this make us more dependent or less?
- Hyperscalers: More dependent (proprietary APIs, pricing leverage, lock-in)
- Distributed EU infrastructure: Less dependent (open APIs, commodity compute, exportable models)

2. If this provider disappeared tomorrow, could we rebuild our workflows with open-source tools?
- Agentosaurus: Yes. Beta9 is open source (github.com/Wingie/beta9). Models run on standard CUDA/Metal. Data is yours.
- AWS SageMaker: No. Your pipelines are tied to proprietary managed services.

3. Can we demonstrate GDPR compliance to a regulator clearly and quickly?
- Hyperscaler: Possibly, with documentation, after legal review.
- EU-native infrastructure with full audit trail: More straightforwardly, yes.

The CSRD deadline creates urgency. But the infrastructure decision you make now will shape your AI posture for the next decade. Choose infrastructure that makes you an owner, not a renter.

What Happens Next

The ECB's 2026 supervisory stress test will expand to include transition risk modelling at portfolio level. Banks that haven't built scalable, compliant climate compute infrastructure by then will be scrambling.

The institutions that treat CSRD compliance as an infrastructure investment โ€” not just a reporting exercise โ€” will emerge with cheaper, scalable climate compute, audit-ready data sovereignty documentation, and EU-native AI infrastructure for future regulatory requirements.

The infrastructure is ready. The regulatory direction is clear. The cost math works for high-utilization workloads.

Interested in running climate scenarios on EU-native infrastructure? Or want to understand the architecture better?

hello@agentosaurus.com

Wingston Sharon is the founder of Agentosaurus, building distributed EU AI infrastructure for European organizations.

References:
- ECB 2022 Climate Risk Stress Test: bankingsupervision.europa.eu/press/pr/date/2022
- CSRD Directive: Directive 2022/2464
- SFDR: Regulation (EU) 2019/2088
- CLOUD Act: 18 U.S.C. ยง 2713

Share: X (Twitter) LinkedIn

Build This Infrastructure?

We help AI teams build sovereign GPU clouds and autonomous systems. Free 30-minute consultation. Fixed-price projects from โ‚ฌ5K.

Schedule Free Consultation
Back to all articles