The European Union has introduced an extensive Technological Sovereignty Package aiming to reduce dependency on foreign cloud providers and strengthen its digital infrastructure through new control standards and a boost to open source technologies.
- EU plans to triple data center capacity over 5-7 years to boost sovereignty.
- New Union Assurance Levels will legally enforce cloud service compliance.
- Open Source Strategy to enhance EU’s digital infrastructure and security.
What happened
In June 2026, the European Commission launched its Technological Sovereignty Package, seeking to strengthen digital autonomy across the bloc. This comprehensive initiative targets key areas such as sovereign cloud infrastructure, advanced AI, microprocessors, and open source software, with a focus on building resilient, legally independent tech systems within Europe.
The plan also introduces mandatory Union Assurance Levels (UALs), a four-tier control framework that assesses organizations based on jurisdiction, data processing, supply chain integrity, and security. These standards will be legally binding under the forthcoming Cloud and AI Development Act (CADA), aiming to provide clarity and control over cloud service procurement for public sector buyers amidst existing overlapping certification schemes.
Why it matters
The EU's initiative arrives amid ongoing concerns about reliance on predominantly US-based cloud providers, which make up about 85% of the European cloud infrastructure market. Recent incidents, including US sanctions impacting International Criminal Court services hosted on Microsoft platforms, have highlighted risks related to foreign jurisdiction and data sovereignty.
This push reflects a broader strategic imperative to ensure that critical services like healthcare and energy remain secure and under EU control. Additionally, the package addresses challenges posed by US laws like the CLOUD Act, which enable American agencies to access data stored worldwide, underscoring the fragility of European digital independence under current arrangements.
What to watch next
Public sector CIOs across Europe will face a complex implementation landscape as they navigate new UAL requirements alongside existing frameworks like Germany’s C3A and France’s SecNumCloud certifications. These overlapping rules could create initial confusion but ultimately push procurement and operational policies toward stricter sovereignty criteria.
Furthermore, the EU’s Open Source Strategy promises significant investments in skills development, startup support, and infrastructure maintenance, aiming to foster a sustainable ecosystem for open source solutions in cloud, AI, cybersecurity, and chips. How effectively these efforts translate into practical alternatives to dominant hyperscalers will be critical to the EU’s long-term digital autonomy goals.