EU Unveils Sweeping Tech Sovereignty Push, Balancing Autonomy with Openness

After multiple delays, the European Commission on Wednesday unveiled what it calls its first comprehensive strategy to curb Europe’s reliance on foreign cloud services, semiconductors and software — a sweeping package spanning the full technology stack from chips to cloud to AI.

The “tech sovereignty” package marks the bloc’s most ambitious attempt yet to reduce dependence on non-European providers. It includes plans to bar cloud companies that fail to meet new EU sovereignty criteria from sensitive government contracts and would grant Brussels emergency powers to prioritize chip production during supply crises, including the ability to override existing commercial agreements.

Ironically, the move comes two days after the EU signaled it would align with Pax Silica, a US-led initiative coordinating semiconductor export controls targeting China.

“We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable and our services secure,” Commission President Ursula von der Leyen said. “This is about protecting our citizens, defending our interests and making our own choices.”

The Commission frames “tech sovereignty” as Europe’s capacity to “develop, control and scale” critical technologies, infrastructure, services and data, while reducing strategic dependencies and exposure to foreign interference. The language reflects growing concern in Brussels over the weaponization of supply chains and the use of sanctions and restrictive measures — though the US is not explicitly named.

The package formalizes a shift already underway across EU institutions and member states. The European Parliament this week said it would replace Google with the French search engine Qwant as its default, citing sovereignty and privacy concerns. The Netherlands has also blocked a US attempt to acquire Solvinity, which operates the DigiD digital identity system.

At the same time, officials stress the package is not about closing markets. The proposed Cloud and AI Development Act would create a single EU framework to assess cloud and AI sovereignty while keeping most of the market open to “like-minded partners.” Commission Executive Vice-President Henna Virkkunen said the goal is to strengthen Europe’s “digital autonomy and resilience” without undermining openness.

Cloud rules and sovereignty tiers

The scale of Europe’s dependence is significant. According to the Commission, US cloud companies control more than 70% of the EU cloud market while the EU produces less than 10% of global semiconductors and is almost entirely dependent on the United States and Asia. The EU itself said it currently spends €264 billion a year mostly on US proprietary IT products and services.

At the core of the package is the Cloud and AI Development Act, which introduces four trust tiers for cloud services used by public authorities. The tiers are based on criteria including ownership and control, supply chain dependencies, data processing, infrastructure location and cybersecurity.

The proposal directly addresses concerns about extraterritorial laws. Providers may be subject to third-country legislation requiring access to data stored in Europe — a reference widely understood to include US law. The Commission notes that the EU-US Data Privacy Framework, while governing transatlantic data transfers, does not remove sovereignty concerns about dependence on third-country providers — as 'the notion of sovereignty goes beyond data transfers and relates to operational autonomy too.'"

The framework is mandatory but graduated. All public bodies must use at least tier 1 services, while more sensitive functions — such as national security, defense, law enforcement and border management — would require higher-tier providers subject to independent audits. The Commission estimates just 1% of Europe's public services are sensitive enough to require the strictest tier, which would effectively exclude providers subject to foreign jurisdiction. Limited exemptions would be possible in duly justified cases.

Building European capacity

Beyond the sovereignty tiers, the Commission is also targeting the supply side — an implicit acknowledgment that rules alone will not shift a market dominated by foreign providers.

The Cloud and AI Development Act sets out a series of “Cloud and AI Leadership Initiatives” aimed at scaling European capabilities, from research funding to large-scale industrial deployment. It proposes fast-track “data center acceleration zones,” where permits would be granted within 12 months, and introduces procurement criteria designed to give preference to providers that demonstrate added value within the EU.

The package also foresees a “EuroCloud Federation” allowing member states to pool and share unused cloud and data center capacity across borders, alongside a requirement for governments to adopt national cloud and AI strategies aligned with the Commission’s broader AI policy framework.

Taken together, the measures reflect a deliberate shift in approach. Rather than excluding foreign providers outright, Brussels is seeking to build the conditions under which European alternatives can compete — using public procurement, coordination and targeted investment to tilt the market over time.

Chips: from supply push to demand strategy

The 2023 Chips Act committed around €52 billion in public and private investment toward a target, set at the time, of doubling Europe's global semiconductor market share to 20% by 2030. The EU's share remains below 10%.

A revised Chips Act shifts focus from supply to demand, seeking to connect European chipmakers with domestic industrial users. Demand is expected to surge, driven by data centers, automotive and consumer electronics, potentially doubling by 2040.

In the event of a declared shortage, the Commission would gain powers to issue priority-rated orders requiring manufacturers to prioritize certain production. Companies complying would be shielded from liability for breaching existing contracts, although the proposal acknowledges limits where capacity is insufficient or economic harm would be disproportionate.

Data centers and energy strain

The EU also plans a major expansion of data center capacity, aiming to roughly triple output within five to seven years and reduce geographic concentration in hubs such as Dublin, Frankfurt, Amsterdam and Paris.

Installed capacity is already projected to grow significantly by 2030, driven by market demand alone. But the Commission warns that unchecked expansion could strain electricity systems, worsen grid congestion and increase energy prices. Data centers already account for around 2.5% of EU electricity consumption, although research suggests existing facilities are running significantly below capacity.

The EU’s initial approach relies on a voluntary framework between operators, energy providers and public authorities, due in the second half of 2026. Binding measures remain an option if voluntary coordination proves insufficient.

Funding gap looms

The scale of investment required is substantial: an estimated €120 billion for semiconductors, €200 billion for data centers by 2036, €100 billion for cloud and AI, and €2 billion for open-source software over seven years. The annual energy investment gap is put at €400 billion.

Brussels is betting heavily on private capital. Funding would be channeled through the proposed European Competitiveness Fund in the EU’s next long-term budget, alongside initiatives such as InvestAI, which aims to mobilize €200 billion.

Brussels itself noted that Europe still lacks the risk capital needed to scale its own tech champions.

Next steps

The legislative proposals now move into negotiations between the Commission, the European Parliament and member states.

Further measures are in the pipeline, including a data center energy labeling scheme later this year and potential minimum performance standards, though formal assessment is not expected before 2027.

The package significantly expands EU intervention powers in strategic sectors. Whether Europe can mobilize the investment, infrastructure and political coordination needed to match its ambitions remains an open question.