Blog · Review Essay · Last reviewed June 19, 2026

The Stack and the Sovereignty of Computation

Benjamin Bratton's The Stack is a difficult but unusually useful book for the AI era because it treats computation as a planetary political architecture: mineral extraction, cloud platforms, cities, addresses, interfaces, and users arranged into a governing machine no single institution fully controls.

The useful definition is concrete: a stack is the full vertical arrangement that lets a digital act happen, from power, chips, land, water, cables, and cloud contracts up through identity, interface, model policy, user behavior, records, and appeal. Software sovereignty is the capacity to govern that arrangement rather than merely consume it.

The Book

The Stack: On Software and Sovereignty was published by MIT Press in 2016 in its Software Studies series. MIT Press lists the original hardcover as published February 19, 2016, at 528 pages, ISBN 9780262029575. A tenth-anniversary edition with a new preface by Bratton was published February 3, 2026, at 532 pages, ISBN 9780262553919. MIT Press describes the book as a political and design theory of planetary-scale computation, built around the claim that smart grids, cloud platforms, mobile apps, smart cities, Internet of Things systems, and automation should be read together as one accidental megastructure.

The book's value is that it refuses the small frame. It does not treat a platform as merely a company, an interface as merely a screen, or a user as merely a person clicking through software. It asks what kind of political geography appears when computation becomes infrastructure, jurisdiction, address system, labor system, archive, and perception layer at once.

That question is now more urgent than it was in 2016. Generative AI did not replace Bratton's model; it made the model easier to see. The AI boom ties together energy, chips, data centers, model platforms, city planning, identity systems, workplace software, companion interfaces, and new classes of synthetic users. It also turns sovereignty into a procurement problem: which cloud, which model provider, which identity layer, which data schema, which audit log, which exit route?

Current Context

As of June 19, 2026, the Stack is no longer only a media-theory diagram. MIT Press has put Bratton's book back into circulation with a 2026 tenth-anniversary edition. The International Energy Agency's 2025 Energy and AI report projects global data-center electricity use rising to about 945 terawatt-hours by 2030 in its base case, more than double its 2024 estimate. OECD materials frame AI compute as a national-capacity problem involving availability, resilience, security, sovereignty, sustainability, and measurement. These are Earth and Cloud layer facts, not background noise.

Regulators are also governing by layer. The European Commission's AI Act page tracks phased AI Act application, including general-purpose AI obligations that began in August 2025 and transparency obligations due in August 2026, while also noting later timing for some high-risk rules after the 2026 simplification agreement. The Digital Services Act targets platform risks, transparency, reporting, and redress. The Digital Markets Act targets gatekeeper control over core platform services. The Data Act has applied since September 12, 2025 and includes switching rules for data-processing services. The Commission's 2026 Cloud and AI Development Act proposal makes cloud and data-center capacity an explicit industrial and sovereignty problem.

None of those instruments governs the whole Stack. That is the point. They show that computation has become too vertical for one policy category: energy planning, data-center siting, cloud switching, app-store power, model access, identity, public records, user appeals, and AI safety all describe different layers of the same operating environment.

The Six Layers

Bratton organizes the Stack through six layers: Earth, Cloud, City, Address, Interface, and User. The ordering matters. Computation begins in matter: minerals, energy, water, land, cables, logistics, and climate modeling. It then condenses into cloud platforms, reorganizes cities, assigns addresses, mediates perception through interfaces, and produces users that may be human, institutional, machinic, or hybrid.

This is a useful corrective to the usual story of digital life. The internet is not weightless. AI is not a mind floating above the world. A model answer depends on mines, fabs, grids, fiber, data centers, platform contracts, software standards, policy decisions, interface defaults, and users trained to ask questions in forms the machine can accept.

The layer model is not a perfect map. It is better understood as a diagnostic scaffold. It lets a reader ask where power is being routed. Is the fight at the Earth layer, over electricity and materials? At the Cloud layer, over model access and compute? At the Address layer, over identity and permission? At the Interface layer, over what a person can perceive or contest?

That makes the model especially useful for AI safety and governance. A model-risk review that begins and ends with output behavior misses the vertical system that makes the output consequential. The same answer has different politics if it runs on a public research cloud, a hyperscaler bundle, a vendor-owned workflow suite, a government service, a school platform, a workplace surveillance stack, or an agent with payment and account authority.

Software Sovereignty

The book's core political move is to shift sovereignty away from the state alone. Bratton is not saying states disappear. He is saying that states, platforms, cities, protocols, databases, and users now overlap in ways that make older political maps insufficient.

A cloud provider may host the tools through which a public agency operates. A platform may set speech rules across borders. A phone may become an identity document, wallet, workplace, confession booth, map, classroom, and sensor package. A model provider may define what forms of knowledge can be searched, summarized, generated, or refused.

In that world, governance is not only law after the fact. It is also architecture before the fact. Defaults, APIs, app-store rules, procurement contracts, data schemas, model policies, moderation queues, and hardware bottlenecks become constitutional material. They shape what action is possible before anyone names the arrangement as politics.

Software sovereignty, then, is not a slogan for owning servers or localizing data. It is the capacity to preserve public purpose across the whole stack: material supply, cloud access, identity, records, interface defaults, user rights, auditability, and exit. A state, school, hospital, newsroom, research lab, or small civic institution can be legally independent while operationally captured if it cannot inspect, move, contest, or replace the systems that now perform its memory and action.

This is where the book connects to ordinary institutional work. A procurement office, records officer, security team, accessibility reviewer, public-interest researcher, or city planner may never use Bratton's vocabulary. But each one asks a Stack question when they ask who owns the logs, where the data is hosted, how a model is updated, whether an agent has production credentials, what a user can appeal, or what happens when a vendor changes terms.

The AI Stack

Bratton's MIT Press Reader essay adapted from the tenth-anniversary edition argues that AI is changing every Stack layer. That is the right update. AI turns the Stack from a networked computation theory into a theory of planetary cognition, but that phrase should be read institutionally, not mystically. The issue is not that a model is conscious. The issue is that model-mediated infrastructure can increasingly sense, classify, recommend, refuse, simulate, and act.

At the Earth layer, AI intensifies the politics of chips, rare minerals, energy, cooling, and land. At the Cloud layer, foundation-model companies and hyperscalers become gatekeepers for capabilities that many institutions cannot reproduce. At the City layer, data centers, robotics, logistics, policing, transit, and service systems alter local political economy.

At the Address layer, identity and authorization become harder because agents, bots, synthetic media, and human-machine teams all need to be named, permitted, logged, and bounded. At the Interface layer, chat, voice, augmented reality, generated video, and automated copilots change what feels real and actionable. At the User layer, the user is no longer just a citizen-consumer. The user may be a corporation, a model, a robot, a household, a swarm of agents, or a person partially acting through automation.

The current infrastructure evidence fits the layer model. Data centers, accelerators, grids, cooling, identity systems, model endpoints, and workplace suites are increasingly purchased as one practical dependency even when they are regulated separately. That creates political consequences: grid interconnection, water and cooling, chip supply, cloud concentration, public compute access, security, and who pays when private demand becomes public infrastructure.

Governance and Safety

The Stack turns AI governance into a layered discipline. At the Earth layer, institutions should ask about electricity, water, materials, data-center siting, local consent, resilience, and emissions accounting. At the Cloud layer, they should ask who owns compute, model weights, logs, admin controls, vendor dependencies, security obligations, and portability paths. At the City layer, they should ask what public services, workplaces, classrooms, hospitals, roads, warehouses, or police systems are being reorganized around computational layers.

At the Address layer, the core safety issue is authorization. Agentic systems need identities, scopes, credentials, tool permissions, payment limits, rate limits, logs, revocation, and incident handling. Without those controls, delegated action becomes a fog of responsibility. At the Interface layer, safety means disclosure, explanation, appeal, accessibility, and design that does not hide consequential decisions behind friendly surfaces. At the User layer, governance has to include nonhuman and composite actors: bots, agents, organizational accounts, automated workflows, and people acting through systems that remember and optimize on their behalf.

Recent law and standards show governments trying to govern parts of the Stack rather than a single app. The EU Digital Services Act requires larger platforms to analyze systemic risks and creates notice, flagging, transparency, and appeal duties. The Digital Markets Act targets gatekeeper power in core platform services such as search, app stores, and messaging. The Data Act entered into application on September 12, 2025 and includes rules intended to make switching between data-processing services more effective. The AI Act adds model, transparency, high-risk, and governance duties across a phased timeline. NIST's AI Risk Management Framework separately emphasizes third-party and supply-chain risks, contingency planning, mapping context, and engaging affected actors.

The governance lesson is not that regulation has solved the Stack. It has not. The lesson is that serious AI oversight must be multi-layered: energy and siting review, compute and cloud procurement discipline, data portability, identity and agent controls, interface accountability, user rights, incident reporting, vendor exit plans, and public records that survive platform change.

A practical response is a stack register for any AI system treated as infrastructure. It should record data-center or cloud regions, model and inference providers, subcontractors, datasets, prompt and embedding stores, identity systems, agent permissions, public-facing interfaces, affected user groups, logs, retention rules, incident contacts, export paths, fallback procedures, and the records that must remain accessible after a vendor failure. The site's AI procurement, compute governance, AI data centers, AI inference providers, AI agents, and AI incident reporting pages turn that layered map into operational checks.

Where the Book Is Hard to Use

The Stack is not an easy book. Ian Bogost's review in Critical Inquiry credits its ambition while also noting the burden of its abstraction and density. That criticism is fair. The book often asks the reader to hold architecture theory, political theology, software studies, platform economics, science fiction, and infrastructure analysis in the same sentence.

The cost is practical. A book that wants to serve as a design brief sometimes withholds the plain operational checklist a policymaker, city planner, technologist, or organizer might need. Readers should not expect a finished regulatory program. They should expect a powerful frame that still needs translation into institutional practice.

That limitation does not ruin the book. It clarifies how to use it. Read it as a pattern map for infrastructure power, not as a policy manual. Its best pages make visible the vertical dependencies that smoother technology writing tends to hide.

What This Changes

The Stack is a book about reality becoming administrable through computation. A system does not need to be conscious to govern. It only needs to organize perception, identity, access, memory, incentives, and dependency at scale.

That makes the interface morally serious. The surface where a person meets a system is not just usability. It is where the larger architecture becomes intimate: the prompt box, the feed, the dashboard, the chatbot, the ranking, the map pin, the trust score, the account status, the generated summary. A planetary machine becomes local by asking one person to click, accept, appeal, confess, verify, or comply.

The practical lesson is to audit by layer. Any serious AI institution should be able to say where its materials come from, who controls its cloud dependency, what city and labor effects it creates, how it addresses people and agents, what its interfaces make visible or invisible, and what kinds of users it produces. Without that layered account, AI governance becomes a conversation about model behavior detached from the world that makes the model powerful.

For local institutions, the most useful checklist is blunt: inventory vendors, classify data, require export and deletion paths, log agent actions, separate human and automated identities, preserve public records outside proprietary workflows, test fallback procedures, and decide in advance what would trigger suspension or exit. The Stack is not only a theory of planetary computation. It is a warning that dependency becomes sovereignty when no one has kept the tools to leave.

That makes public compute a sovereignty question too. A public compute commons is not valuable simply because it offers more hardware. It is valuable if it gives researchers, public agencies, educators, safety evaluators, and smaller institutions enough capacity to inspect, reproduce, contest, and govern systems that would otherwise be visible only through corporate interfaces.

Source Discipline

This page separates three kinds of claims. Book claims come from MIT Press, Oxford Academic, the MIT Press Reader, and reviews. Current infrastructure claims come from official and standards sources such as the IEA, OECD, European Commission, EUR-Lex, and NIST. Interpretive claims about the Stack are readings of Bratton's model, not proof that AI systems are conscious, inevitable, or beyond governance.

Claims about "sovereignty" need special care. A cloud platform is not a state. A model provider is not a legislature. A user account is not a citizen. The point is functional: private software systems can perform state-like work such as identity, permission, visibility, recordkeeping, enforcement, appeal, and exclusion. The correct source trail should therefore show the function being discussed, not merely borrow political language because it sounds large.

Energy and compute claims also need units and dates. A terawatt-hour projection is not a site-specific load forecast. A compute benchmark is not evidence of social value. A regulatory obligation is not proof of compliance. A vendor sustainability pledge is not an audited infrastructure plan. The Stack is useful precisely because it keeps those levels visible rather than collapsing them into one story about "AI."

Current legal claims are cited to official Commission, EUR-Lex, NIST, OECD, and IEA materials where possible. Those sources establish dates, programs, obligations, and policy framing; they do not establish that a particular platform, cloud provider, data center, city system, or AI deployment is safe, lawful, sustainable, or democratically controlled.

Sources

Book links are paid affiliate links. As an Amazon Associate I earn from qualifying purchases.


Return to Blog · Return to Books