Contents

Europe’s Quest for Digital Sovereignty: Understanding the EU’s New Tech Package

The European Union has embarked on an ambitious journey to secure its digital future with the launch of a new technological sovereignty package. This comprehensive initiative aims to bolster the Union’s control over the entire infrastructure essential for Artificial Intelligence (AI) – spanning from microchips and cloud computing to data centers, energy supply, and open-source software. A core objective is to significantly reduce Europe’s dependence on foreign technology providers, fostering greater autonomy and resilience in the digital sphere.

This strategic shift raises crucial questions for various stakeholders: What does this mean in practice for digital infrastructure providers, public administrations, and businesses across Europe?

Why Europe is at a Digital Crossroads

The European Commission openly acknowledges a significant reliance on non-European entities. Currently, over 80% of critical digital products, services, and infrastructure within the EU are provided by companies from outside the continent. This dependence is particularly evident in the cloud computing market, where three major non-European providers now control more than 70% of the European market share, while the presence of European companies has dwindled to approximately 15%.

This situation results in an estimated €264 billion flowing out of the EU annually, primarily to acquire closed-source IT solutions, many of which originate from outside Europe. This financial outflow is increasingly viewed not merely as a cost concern but as a significant strategic risk to Europe’s long-term digital independence and security.

The EU’s Technological Sovereignty Package Explained

In response to these challenges, the European Commission has put forward the European Technological Sovereignty Package, which includes several key legislative and strategic initiatives:

Chips Act 2.0

This proposed legislation is designed to significantly expand Europe’s capabilities in the semiconductor industry. Its goals include:

Streamlining permit procedures for chip manufacturing facilities.
Strengthening public-private partnerships to foster innovation and production.
Supporting strategic projects and diversifying supply chains to reduce reliance on single sources.

The aim is to enhance Europe’s ability to design and produce its own advanced semiconductors, a foundational component for all digital technologies, including AI.

Cloud and AI Development Act (CADA)

The CADA initiative is focused on accelerating the development of AI models and applications, alongside expanding critical digital infrastructure. Key targets include:

Boosting the growth of European AI capabilities.
Tripling the capacity of European data centers within the next 5–7 years to support the increasing demands of AI and cloud services.

This act is crucial for building the computational backbone necessary for Europe’s digital transformation. You can read more about the broader implications of AI advancements and infrastructure in discussions around NVIDIA’s AI innovations and the shift towards inference.

Open Source Software and Energy Digitization

Beyond hardware and cloud, the package also includes a strategy to strengthen digital sovereignty through the greater adoption and development of open-source software. Concurrently, efforts are being made to digitize the European energy system. These combined initiatives aim to cover the entire value chain:

From hardware design and manufacturing.
Through computational infrastructure.
To software development and sector-specific implementations.

Collectively, this represents the most comprehensive set of actions taken to date to enhance European competencies in semiconductors, cloud computing, artificial intelligence, and open-source solutions. The ultimate goal is to reduce dependencies on providers from outside Europe and strengthen European industrial capabilities “from factory to cloud,” ensuring the EU has greater control over its critical digital infrastructure. This proactive stance also addresses concerns about misinformation and the ethical implications of emerging technologies, as highlighted in reports like the one on AI-generated fake news and disinformation.

Defining True Digital Sovereignty: Key Criteria

Digital sovereignty should not merely be an abstract concept but a set of verifiable criteria that ensure genuine independence and control. Key pillars include:

Data Residency and Processing: Both the storage and processing of data must remain within EU territory. This is particularly vital for regulated sectors, where data integrity and compliance are paramount.
Immunity to Extraterritorial Laws: Full resilience against laws like the U.S. CLOUD Act is essential. This means avoiding ostensible trust models that leave loopholes for foreign intelligence agencies to access data.
Operational Control: Complete operational control over hardware, software, and personnel is necessary, coupled with the ability to conduct independent audits. This ensures that European entities maintain full oversight and management of their digital assets.
IT Architecture Sovereignty: The underlying IT architecture must be designed and controlled in a way that aligns with European values and regulations.
Supply Chain Diversification: Collaboration with multiple independent partners and full, autonomous control over the source code used are crucial. This strategy mitigates risks associated with single points of failure or geopolitical pressures.

Such a model is designed to:

Limit the risk of service interruptions.
Counteract price pressures.
Prevent forced licensing changes.
Facilitate compliance with new regulatory requirements, such as NIS2 (Network and Information Systems Directive 2) and DORA (Digital Operational Resilience Act).

The Impact on European Businesses and Public Administration

According to experts like Magdalena Chudzikiewicz, General Manager at home.pl (a European hosting provider), the implementation of the EU’s technological sovereignty package, including initiatives like Chips Act 2.0 and the Cloud and AI Development Act (CADA), represents a significant step towards building a mature digital ecosystem in Europe. However, true independence necessitates “stack sovereignty”—control at every level of the technology stack.

While the digital market across Europe is experiencing robust, often double-digit, growth, the infrastructure of many small and medium-sized enterprises (SMEs) still relies on services subject to non-EU jurisdictions. This often means that data belonging to European companies falls under both European and non-European legal regimes, with potential implications for security and compliance.

The technological sovereignty package can serve as a powerful impetus for investment in local infrastructure and services that align with EU frameworks. The market’s challenges should not solely be addressed by ostensible trust models, but rather through transparent, open standards and certified local cloud solutions.

Local European providers are well-positioned to support businesses in transitioning to solutions that comply with the new sovereignty frameworks. This requires clear guidelines from regulators and procurers, as well as robust national digital public procurement strategies that translate EU directives into practical implementation.

Frequently Asked Questions (FAQ)

What is the primary goal of the EU’s technological sovereignty package?

The primary goal is to increase the European Union’s control over its digital infrastructure for AI—ranging from chips, cloud, and data centers to energy and open-source technologies—thereby reducing dependence on non-European providers and fostering greater digital autonomy and resilience.

How will the Chips Act 2.0 benefit Europe’s digital independence?

The Chips Act 2.0 aims to expand Europe’s semiconductor industry capabilities by simplifying permit procedures, strengthening public-private cooperation, and supporting strategic projects. This will reduce reliance on foreign supply chains for critical microchips, which are fundamental to all digital technologies.

What does “stack sovereignty” mean in the context of this package?

“Stack sovereignty” refers to maintaining control and independence at every level of the technology stack. This includes hardware (chips), infrastructure (data centers, cloud), software (open source), and the services built upon them, ensuring that European entities have full operational oversight and are not subject to extraterritorial legal regimes.

How does the package address data residency and extraterritorial laws like the CLOUD Act?

The package emphasizes that data storage and processing should remain within EU territory, especially for regulated sectors. It also seeks to ensure full immunity to extraterritorial laws by promoting models that prevent foreign intelligence agencies from accessing data through loopholes, thereby safeguarding data privacy and security for EU citizens and businesses.

Source: Europa.eu, Channel Insider, Blue Wave Tech
Opening photo: Gemini

About Post Author

Deepak Malik

See author's posts

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.