On May 27, the European Commission is set to unmask its Tech Sovereign Package, centered on draft legislation, publicly known as the Cloud and AI Development Act (CAIDA) that would require sensitive government data to be exclusively processed on EU sovereign cloud infrastructure.
Brussels is preparing to show American cloud providers the door, at least where it matters the most. The measures? Well, they’re mostly targeting US Big Tech cloud giants.
There’s a push for EU sovereign cloud that is intensifying the bloc’s tightening on infrastructure rules and policies, seeking to restrict US access to sensitive European data in order to boost domestic infrastructure and spreading control over systems across the bloc.
The measure around the cloud storage Europe landscape is explicitly formated to insulate public sector data from the extraterritorial reach of the US CLOUD Act that compels American companies to surrender data to federal authorities, regardless of where it’s physically stored – even if that means Europe.
The list of targeted companies by the EU’s measure is quite short: Amazon, Microsoft, and Google. All three, collectively, dominate the contracting of cloud storage Europe landscape.
The European Commission prepares its Tech Sovereignty Package as officials question how far the bloc should go in limiting exposure to foreign cloud services, while maintaining European cloud services and competitiveness in AI systems, data infrastructure, and digital public services.
CAIDA would effectively disqualify all three cloud Big Tech giants from the most strategically sensitive tier of the European market. The removal is worth billions in annual contract value and will most certainly register in Washington as a provocation from the European side.
Brussels Targets Big Tech’s Cloud Control
The European Commission is considering rules that would limit how member states use US cloud providers for sensitive government data, particularly in sectors such as health, finance, and judicial systems. The proposals are part of the upcoming Tech Sovereignty Package and will guarantee critical workloads are hosted on European cloud services foundations.
“The core idea is defining sectors that have to be hosted on European cloud capacity,” one EU official said.
Even though the Europe cloud backup measures would not fully ban foreign providers, they would restrict their role in processing highly sensitive public sector information.
In February, domestic EU cloud service providers, back by governments, were explored as Brussel seeks local open-source alternatives to US platforms and upping budgets for digital sovereignty, according to CNBC.
The EU sovereign cloud carries an uncomfortable footnote – to say the least – with Brussels seeking to domesticate is cloud infrastructure and wall off American domination over its own citizens’ sensitive public data.
France announced it would roll out Visio in January, a government-developed video conferencing tool, which it said would be available to all state services by 2027. Vision will replace US tools, such as Microsoft Teams and Zoom.
Once presented by the European Commission, CAIDA would require approval from all 27 EU member states.
Officials said the Tech Sovereignty Package will not only include CAIDA, but the Chips Act 2.0 also, to encourage sovereign, homegrown digital infrastructure and technology solutions across key sectors.
Brussels’ hope lies in CAIDA and Tech Sovereignty Package to dismantle the US market dominance of Big Tech cloud providers, while governing a new form of EU sovereign cloud infrastructure that those US cloud providers helped design, lobby into existence, and now operate at a scale no European alternative can match.
“Tech sovereignty doesn’t mean to stop partnering,” said European Commission startup chief Ekaterina Zaharieva, stressing that the goal is not technological isolation of US cloud providers, emphasizing that sovereign EU data residency does not mean the discontinue of engagement with global tech hubs and trade partners.
However, dependence on US technology remains deeply embedded, with cloud infrastructure still dominated by US providers.
Lobbying, Infrastructure, and Dependence
According to The Guardian, Microsoft and other US tech companies successfully lobbied institutions to keep environmental data from data centers confidential, limiting transparency around energy use and emissions linked to rapidly expanding AI infrastructure.
Microsoft, and allied industry lobby groups, secured the confidentiality clause in recent EU law, 2023 Energy Efficiency Directive (EED), amended via a 2024 implementation regulation. Industry groups involved in the lobbying effort included Digital Europe, whose members also include Google, Amazon, and Meta.
Microsoft and Digital Europe secured a secrecy provision that blocks public access to individual data centers’ environmental footprint.
The Commission copy-pasted Microsoft’s amendment almost verbatim.
A senior Commission official then instructed EU member states they were “obligated to keep confidential all information and key performance indicators for individual data centers,” according to a leaked internal email from the Commission figure, who stressed this to national authorities at the time.
According to Investigate Europe, they obtained and shared the email, with the Commission official not names, but the email was shared anonymously with their investigative team. At the time, Amazon’s cloud branch was seeking its own AWS European sovereign cloud presence.
The secrecy weakens accountability as AI data centers consume increasing amounts of electricity across Europe, partly powered by fossil fuels.
“In two decades, I cannot recall a comparable case,” said an environmental law expert at the University of Opole in Poland, Prof Jerzy Jendrośka.
The EU sovereign cloud will triple Europe’s data center capacity within the next five to seven years, seeking to strengthen its AI presence domestically. There’s also a matter of contradiction between Europe’s sovereignty ambitions and the continued dependence on US companies and cloud providers.
While Brussels pushes sovereignty, it remains tied to external investment flows and technology systems dominated by the US, creating a bigger divide between independence and competitiveness.
What the EU is discovering – in other words – is that sovereignty is much harder to legislate than to declare. The behemoth of American capital, proprietary hardware, and embedded lobbying infrastructure underpinning Europe’s digital economy do not become European by mandate. Contrary to that belief, they actually become negotiating leverage. Deployed, with increasing sophistication, against the regulations design to contain them to prevent any EU sovereign cloud on the long run.
As one official put it, the package is ultimately “about Europe waking up and getting its act together.”
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.