EU tightens tech sovereignty push

The European Commission on April 17 awarded sovereign-cloud contracts worth up to 180 million euros over six years to four European provider groups, putting procurement money behind a long-running drive to reduce the bloc’s reliance on foreign technology. The move came as Brussels prepared a broader “Tech Sovereignty Package” for May 27 and as European officials debated whether sensitive public-sector data should be kept off U.S. cloud platforms. The Commission has framed the effort as part of Europe’s ability to act independently in the digital world. Officials and industry advocates say the issue has moved beyond competition policy into resilience, security and control over critical systems. ### Why is Brussels focusing so heavily on cloud now? The Commission said on April 17 that EU institutions, agencies and other Union bodies will be able to procure sovereign cloud services under the new contracts for up to 180 million euros over six years. It said the tender was launched in October as part of efforts to strengthen the “digital sovereignty posture” of Union entities and to encourage the market to offer digital solutions that comply with EU laws and values. (commission.europa.eu) A Commission policy page published this week says the European Union currently relies on non-EU countries for more than 80% of key digital products, services, infrastructure and intellectual property. The same page defines tech sovereignty as Europe’s ability to act independently in the digital world by developing and controlling key technologies, data and infrastructure while reducing reliance on non-EU providers. (commission.europa.eu) ### What did the Commission actually buy? Four provider groups won the contracts, according to the Commission: a Luxembourgish-French partnership led by Post Telecom with OVHcloud and CleverCloud; Germany’s STACKIT; France’s Scaleway; and a Belgian-French-Luxembourgish partnership led by Proximus using services from S3NS, Clarence and Mistral. The Commission said it chose four contracts to diversify suppliers and avoid lock-in to a single provider. (digital-strategy.ec.europa.eu) The Commission said most of the awarded providers reached SEAL-3, or “Digital Resilience,” under its scoring system, while Proximus/S3NS reached SEAL-2, or “Data Sovereignty.” It said SEAL-3 implies a service, technology or operation is immune from supply-chain disruption from non-EU third parties, while SEAL-2 means providers comply with EU laws and regulations without customers needing extra technical measures to protect data. (commission.europa.eu) ### What is this “cloud sovereignty” framework? The Commission’s Cloud Sovereignty Framework, dated October 2025, sets out eight objectives covering strategic, legal, operational, environmental, supply-chain, technological, security and compliance issues. The document says tenders that do not meet the required minimum assurance levels across all objectives will be rejected, and that the sovereignty score also contributes to the quality score in procurement. (commission.europa.eu) The April 17 Commission statement said the framework translates digital sovereignty into “objective, measurable procurement criteria.” It added that the highest level, SEAL-4, would require a full EU supply chain “from chips to software.” ### Are U.S. cloud companies facing new restrictions? (commission.europa.eu) CNBC reported on May 7, citing Commission officials, that Brussels was considering rules that would restrict member governments’ use of U.S. cloud providers for sensitive government data. The report said discussions covered financial, judicial and health data processed by governments and other public-sector bodies, though the talks were still ongoing and not final. (commission.europa.eu) Euractiv reported in March that the Commission’s package due on May 27 includes the Cloud and AI Development Act, or CAIDA, and is expected to propose a definition of “sovereign” cloud. Euractiv also said the package includes Chips Act 2, an open-source strategy and a roadmap for digitalisation and AI in energy. ### What pushed this from theory into a live policy fight? (cnbc.com) Politico reported in June 2025 that the disconnection of ICC prosecutor Karim Khan from Microsoft services after U.S. sanctions had fueled fears in Europe about a potential American “kill switch” over digital services. Microsoft President Brad Smith said at the time that the company had not ceased or suspended services to the International Criminal Court, but the episode became part of a wider European debate over dependence on U.S. providers bound by U.S. law. (euractiv.com) EuroStack, an industry-backed initiative pressing for a European digital industrial policy, says it wants Europe-focused investment across connectivity, cloud computing, AI and digital platforms. Its materials call for a “Buy European” framework for strategic digital procurement and say more than 400 signatories have backed its industry letter. The Commission’s next milestone is May 27, when it is scheduled to present the tech sovereignty package, including CAIDA, according to Euractiv and CNBC. (politico.eu) The sovereign-cloud contracts awarded on April 17 are already in force as a procurement route for EU institutions, bodies and agencies. (euractiv.com) (eurostack.eu)