Brussels Bets on the Sovereign Stack

The European Commission’s Tech Sovereignty Package, set for unveiling on 27 May, marks a quiet but consequential pivot in how Brussels engages with American technology. For most of the past decade, EU policy on Big Tech has been principally regulatory, fining Google, scoping Meta, drafting the AI Act, expanding the Digital Markets Act’s reach. The new package, anchored by the Cloud and AI Development Act and a second iteration of the Chips Act, signals something different. Brussels is now trying to build, not just to govern.

The framing in the draft is candid. The bloc, the strategy says, must “reclaim its place in the global race for geoeconomic power” at a “defining moment.” That phrasing acknowledges what European officials have largely been unwilling to concede in public: regulation alone has not produced sovereign capacity, and dependency on US infrastructure has compounded year over year while the Commission was litigating yesterday’s antitrust cases.

The 70 Percent Problem

Three American firms, Amazon, Microsoft and Google, hold roughly seventy percent of the European cloud infrastructure market. The collective share of European providers has eroded to about fifteen percent. Synergy Research’s first-quarter 2026 figures place AWS at twenty-eight percent of the global cloud market, Azure at twenty-one, and Google Cloud at fourteen. By one estimate, American companies absorb roughly eighty percent of the EU’s annual professional cloud spend, a figure approaching $301 billion.

These numbers are not the product of regulatory failure in the narrow sense. They are the product of a decade in which European procurement preferences, sovereign-cloud rhetoric and Gaia-X coordination produced limited industrial traction while AWS, Azure and Google Cloud built physical regions, paid for sales coverage and won the hearts of European CIOs. The market consolidated around them because they shipped. Brussels has now decided that compliance instruments cannot reverse that arithmetic on their own.

From Compliance Burden to Industrial Strategy

The Cloud and AI Development Act attacks the problem on two fronts. It seeks to triple EU data-centre capacity within five to seven years through harmonised permitting and planning incentives, the most prosaic but probably the most important provision in the package. Permitting friction, grid-connection queues, and environmental review timelines have been the single largest brake on European hyperscale build-out. Without faster physical capacity, no industrial policy further up the stack will matter.

Above the physical layer, the law introduces a four-tier classification of cloud sovereignty. Rankings will be tied to who controls the service, who controls the supply chain, where AI training data is processed, where infrastructure sits, and how it is secured. The aim, in the Commission’s own anti-marketing phrase, is to prevent “sovereignty-washing,” a tacit admission that recent American “sovereign cloud” branding has been principally narrative. Microsoft, AWS and Google have each announced jurisdictional overlays for EU customers. Under the four-tier scheme those overlays will be classified rather than accepted at face value.

Public procurement is the lever. European governments will be required to perform “sovereignty risk assessments” for sensitive workloads, with healthcare records, financial systems and legal data already understood to be within scope. The intent is to redirect public-sector cloud demand toward the upper tiers, which by construction favour European providers like SAP, OVHcloud and Mistral. The Commission is not legislating American firms out of the market. It is legislating a price on dependency.

The Nexperia Lesson

The second instrument in the package, a refresh of the 2023 Chips Act, has a sharper political wind behind it. In late September 2025 the Dutch government seized control of Nexperia, the Chinese-owned chipmaker acquired by Wingtech in 2018. The trigger was a warning from the Trump administration that Chinese leadership intended to relocate technology and production from the Netherlands back to mainland China. Beijing retaliated by banning exports of Nexperia components manufactured in China, and a global supply shock followed. Honda has already guided to roughly $960 million of profit erosion in the fiscal year ending March 2026.

The episode demonstrated two things at once: European semiconductor capacity is structurally entangled with Chinese assembly, and the bloc has no rapid mechanism to substitute supply when geopolitics intrudes. Chips Act 2.0 is therefore designed to stimulate not just supply but demand, by linking European suppliers to European users through offtake agreements. The first Chips Act poured roughly €43 billion of public and private capital into fabrication; the political lesson of the past eight months is that fabrication without committed buyers is a museum piece. Offtake commitments are the missing instrument.

The American Counter-Move

US hyperscalers have not been passive. Microsoft has gone furthest, pledging publicly that it will contest, including in court, any US government order that would require it to cut cloud services to European customers. AWS and Google have built sovereign-region overlays with European operating partners. These are credible commercial responses, but they sit awkwardly under the new four-tier scheme. Even a fully European-operated US hyperscaler region will not score at the top of a sovereignty matrix that weighs supply-chain control and AI-training data location. The classification is, in effect, designed to make the highest tier difficult to reach without genuine European corporate control.

The Trump administration’s posture amplifies the underlying anxiety. Brussels officials have spent the past year quietly stress-testing scenarios in which Washington restricts US tech exports as a negotiating instrument, in the way tariffs have been used. The probability of enterprise cloud being cut is low. The probability of a tariff-like measure that disrupts cross-border data flow or licensing is meaningfully higher. Pricing that tail risk into procurement decisions is the substantive case for the sovereignty package, whatever the rhetorical packaging.

The Execution Problem

The harder question is whether European providers can absorb redirected demand at the speed Brussels needs. SAP, the natural anchor at the application layer, has the customer base but is still mid-stride in its RISE cloud transition. OVHcloud has scale within France and is profitable, but its global footprint and AI portfolio remain narrow. Mistral, valued at roughly €12 billion after its €1.7 billion Series C led by ASML in September 2025, is the most ambitious of the trio. It has committed €830 million in debt for a Paris data centre with 13,800 GB300 GPUs, plus €1.2 billion for a 23-megawatt Swedish site, and is targeting 200 megawatts of European compute by the end of 2027.

Even taken together, those commitments are smaller than what a single US hyperscaler will deploy in a single European region over the same horizon. Industrial policy can tilt the demand curve. It cannot accelerate concrete-pouring or substation interconnection on the supply side, which is why the permitting provisions of the new Act matter more than the rhetoric around them. The realistic 2030 outcome is not European displacement of American hyperscalers but a meaningfully larger European share, perhaps twenty-five to thirty percent, concentrated in regulated sectors and public administration. That would still be a significant correction.

The Geoeconomic Frame

The Commission has been careful to frame the package as neither protectionist nor decoupling, but as the construction of “strategic counterweights.” That language is more honest than it sounds. Europe cannot wall itself off from American AI capability without falling behind, and it cannot remain entirely dependent on it without becoming a price-taker on its own digital economy. Hedging is the only available strategy, and the Tech Sovereignty Package is the first serious instrument the Commission has reached for that does something other than fine the incumbents. Whether it works depends less on the legislation than on what Brussels does next: defending the permitting timelines, sustaining the procurement preference through a change of Commission, and resisting the temptation to dilute the four-tier framework under American lobbying pressure. The pieces are on the board. The execution is what matters.

Read our full Report Disclaimer.