Newsletter · June 2026
Sphere Newsletter — June 2026
The web AI is already reshaping — the EU AI Act moving from policy to practice, AI search vs. links, the Chrome cookies reversal, RAG architecture, and three ideas from Sphere on agent-ready sites.
We’re back with a new edition, and this month is about the web AI is already reshaping.
We’re looking at the EU AI Act’s move from policy to implementation, how AI search could change web traffic and discovery, why third-party cookies are not disappearing from Chrome after all, and why RAG is becoming a starting point for enterprise AI architecture, not the finish line.
Let’s start with the shifts business and technology teams need to watch now.
EU AI Act Compliance Is Moving from Policy to Practice
The AI Act is now entering its operational phase. Prohibited AI practices and AI literacy obligations are already in application, GPAI model obligations began in August 2025, and full applicability arrives in August 2026, with phased timelines for high-risk systems.
The newest Commission guidance is focused on helping providers and deployers determine whether their systems qualify as high-risk, especially where AI can affect safety, health, employment, education, critical infrastructure, migration, or fundamental rights.
For companies building or deploying AI, the priority is shifting from understanding the law to operationalizing it through classification, documentation, governance, and audit readiness.
Read the AI Act timeline (opens in new tab) and high-risk AI guidance → (opens in new tab)
The Web Is Moving from Links to Answers
The next two years are likely to shift more discovery from traditional search results into AI-generated answers, follow-up conversations, and task-running agents. For brands, that means search visibility is no longer just a ranking problem. It is a trust, structure, authority, and distribution problem.
Read The Verge interview (opens in new tab) and the Reuters Institute report → (opens in new tab)
Are Cookies Going Away? Not in Chrome.
Google has stepped back from its plan to remove third-party cookies from Chrome. Instead, Chrome will keep its current approach to user choice, while Google continues investing in Privacy Sandbox APIs and stronger tracking protections in Incognito mode.
Read Google’s Privacy Sandbox update → (opens in new tab)
RAG Is Essential, but It Is Not the Whole Architecture
RAG remains one of the fastest ways to ground AI in enterprise data, but retrieval alone will not solve every problem. As AI systems move deeper into business workflows, teams will need better data pipelines, domain-specific tuning, evaluation, and governance around how answers are generated.
Read the 12 Best Enterprise RAG Platforms and Tools in 2026 →
AGENT-READY SITES
Your site has an API for humans. Now it needs one for agents.
Every major platform shipped agentic browsing in 2024–2025. Claude calls tools. ChatGPT calls Apps. Copilot calls connectors. The agents are arriving, and they don’t read HTML — they read structure. Sites that publish an MCP endpoint get called. The rest get guessed at.
For thirty years, websites have served exactly one client: a person sitting behind a browser. In 2026 a second client showed up — AI agents. Claude, ChatGPT, Copilot, Cursor, custom GPTs, the next thousand. They don’t need pictures or padding. They need structure.
Today they fake it by scraping the HTML and guessing what your site does. They guess wrong frequently. They miss the “Book a demo” button because it’s an aria-label inside a <button> inside a modal. They mis-state your pricing. They send users to your competitors’ pages by accident.
Sphere proposes a second front door. Every site publishes an MCP endpoint — Model Context Protocol (opens in new tab), the open standard Anthropic open-sourced in late 2024 and every major AI platform has adopted. Agents stop scraping. They start calling. The site exposes typed tools and signed resources. Every interaction is auditable.
The result: agents that act on the user’s behalf find the right page, book the right demo, pull the right blog post, and never hallucinate your pricing again. The site stays a website for humans. Underneath, it’s an API for everything else.
One URL. Every visitor sees a different page.
The static landing page is the last surface on the internet not yet personalised by AI — and it’s the one that decides whether a buyer talks to you. The fix isn’t more templating. It’s pages composed at view-time, grounded in what the visitor declared, signed at the wire, with the memory living in the visitor’s browser.
If you wouldn’t send the same handwritten letter to every prospect, why does every visitor see the same landing page? The version a CIO needs is not the version an engineer needs is not the version a curious reader needs — and yet most B2B sites in 2026 still render one version for all three.
The reason is technical. Templating engines — the way Mutiny (opens in new tab), Intellimize (opens in new tab), and Adobe Target (opens in new tab) personalize — swap pre-written blocks. They cannot compose new content because LLMs at view-time were too slow and too expensive until recently. Both have flipped.
Sphere proposes a different shape. The visitor declares who they are and what they’re trying to do (a single click, no form). The page reshapes around that declaration. Where templating ends, the LLM picks up — composing a one-off briefing from the engram store and your knowledge base, in well under two seconds, at well under ten cents.
And the memory of all of it lives in the visitor’s browser — signed with a keypair only they hold, viewable at /me, wipeable in one click. The site can’t read it from a server. Article 17 erasure is structural, not a promise.
The audit binder is dead. The ledger is the binder.
Compliance teams write DPIAs in Word. Auditors review snapshots in Excel. Data flows continuously, and the gap between binder and reality is where every enforcement action lives.
Every company you deal with — your bank, your insurer, your favorite website — is using AI to make decisions about you. Right now, when you (or a regulator) ask “what does your AI know about me, and what did it decide?”, almost none of them can answer truthfully or quickly.
The records exist, but they’re scattered across a dozen systems, often editable, and frequently incomplete. This is why GDPR fines keep getting bigger, why useful AI features sit blocked in legal review for months, and why a simple data request from a customer takes thirty days and a team of lawyers to answer.
Sphere proposes a different shape. Every time a company’s system reads, writes, or decides anything about a person, it leaves a signed entry in a ledger — think of it as a tamper-proof flight recorder for AI. The ledger cannot be edited after the fact; any attempt to alter it breaks a visible cryptographic chain.
The result: data requests that took 30 days take 90 seconds. AI features that stalled in legal review for eight months ship in two weeks. Annual audits that consumed six weeks of engineering time become a thirty-minute saved query.
Looks like you made it to the end! If you enjoyed this newsletter, be sure to subscribe (opens in new tab), and forward to your colleagues! Learn more about Sphere →