New European restrictions on the use of U.S. cloud services.

On May 27, the European Commission will present its “technological sovereignty package,” which will include a set of measures designed to strengthen the Union’s strategic autonomy in key digital sectors. This regulatory package will include the Cloud and AI Development Act (CADA), the Chips 2.0 regulation and rules aimed at restricting the use of U.S. cloud platforms for processing sensitive government data.

Sensitive public data hosted under European jurisdiction

Proposals will introduce new restrictions on the use of U.S. cloud services and usage segmentation based on data sensitivity, requiring financial, judicial, and health data from public administrations to be hosted on sovereign European cloud infrastructures.

If this regulatory package is adopted, it could send a strong signal in favor of sovereign clouds for critical sectors. While the french public interest group HDH recently switched from Microsoft to Scaleway, other private entities that host sensitive health data, such as Doctolib, still host their data on AWS, a U.S.-based cloud provider.

While no single piece of legislation is currently sufficient to reduce Europe’s dependence on American technologies, Brussels is advancing this agenda of digital sovereignty through several initiatives aimed at strengthening Europe’s capabilities in cloud computing and AI.

In April 2026, the European Commission awarded a six-year contract worth 180 million euros to four sovereign cloud projects intended for European institutions, including Germany’s Deutsche Telekom (T-Systems) and Stack IT (a subsidiary of the Schwartz/Lidl Group), France’s Scaleway, and Belgium’s Proximus.

Beyond the awarding of public contracts, Brussels is also attempting to redefine the boundaries of digital and operational sovereignty. Proposals considered for public contracts now have to meet the requirements of the Cloud Sovereignty Framework, a new benchmark established by the European Commission, based on eight criteria covering strategic, legal, operational, and environmental aspects.

Toward European harmonization of sovereignty?

While an update to the Cloud Sovereignty Framework is underway, the Commission is preparing a “Tech Sovereignty package” that will include, in particular, future legislation dedicated to the cloud and artificial intelligence.

This legislation will aim to harmonize the definition of sovereignty within the single market and to facilitate the emergence of alternative offerings.

In addition to the EU's public initiatives, other initiatives such as EuroStack aim to provide Europe with a sovereign digital infrastructure for the future.

While the current trend in Europe is therefore moving toward digital sovereignty, the dependence on U.S. technologies that has developed over the past few years is such that it will take at least 15 years to wean ourselves off them.

And even then, this applies only to public infrastructure and software, because in the private sector, there is currently nothing that can compel a company to choose European technology over U.S. technology.

Regulations alone will not change this paradigm; rather, it will be driven by commercial partnerships and the ability of European stakeholders to work together across the entire value chain. They do this very well when dealing with public tenders, but with greater difficulty outside that funding framework.

However, the only way for Europeans to compete with U.S. technologies is to develop jointly developed European solutions. Some French companies, such as OVHCloud and Cloud Temple, have clearly recognized this requirement in order to remain competitive in the European market.