The European Commission has proposed its most ambitious push yet to reduce the bloc's reliance on foreign technology, unveiling a Tech Sovereignty Package built around a new Cloud and AI Development Act. The plan targets the twin risks European officials see in today's digital economy, dependence on a handful of non-European chip and cloud providers, and a shortage of homegrown computing capacity to meet surging AI demand.

For businesses, investors, and public agencies across the EU, this is not a symbolic gesture. It carries binding procurement rules, a four tier sovereignty classification for cloud providers, and hundreds of billions of euros in planned investment over the next decade.

What the Tech Sovereignty Package Includes

The package brings together several pieces of legislation under one strategic umbrella, aimed at strengthening Europe's position in semiconductors, cloud computing, and artificial intelligence.

The Cloud and AI Development Act

The centerpiece of the package is the Cloud and AI Development Act, known as CADA. It creates a formal framework that public authorities and operators of critical infrastructure must use before selecting a cloud or AI provider for sensitive workloads. Under the act, providers are audited and classified into one of four sovereignty levels:

  • Level 1: data processed and stored exclusively within the EU.
  • Level 2: providers must show independence from third country influence and transparency across their software supply chain.
  • Level 3: providers must be owned and controlled from within the EU, with added requirements such as personnel citizenship.
  • Level 4: full transparency and control over the software supply chain, with no interference from any third country.

Commission Executive Vice President Henna Virkkunen has said the goal is ensuring no cloud provider handling critical European data carries a hidden kill switch, a reference to concerns that the U.S. CLOUD Act gives American authorities potential access to data held by U.S. companies regardless of where it is physically stored.

ChatGPT Image Jul 13, 2026, 12_20_32 PM.png
Infographic highlights the EU's digital sovereignty plan, AI and cloud investment, semiconductor funding, and secure tech strategy.

Chips Act 2.0 and the Scale of Investment

Alongside CADA, the package includes an updated Chips Act aimed at building capacity in advanced semiconductor manufacturing and design. The financial scope of the overall package is substantial:

  • An estimated 120 billion euros earmarked for semiconductors.
  • Roughly 200 billion euros for data centers through 2036.
  • About 100 billion euros directed toward cloud and AI infrastructure.
  • 2 billion euros allocated to open source software over seven years.

The Commission wants to at least triple Europe's data center capacity within five to seven years, partly by streamlining permitting procedures that have historically slowed infrastructure buildouts across member states.

Why Brussels Is Acting Now

The push reflects how concentrated the EU's cloud market has become. According to the Commission, U.S. cloud companies control more than 70 percent of the EU cloud market, while Europe produces less than 10 percent of global semiconductors and remains almost entirely dependent on foreign sources for cutting edge chips.

The Funding Gap Europe Still Faces

Turning ambition into infrastructure requires capital Europe does not yet have readily available. The Commission has acknowledged that the bloc lacks sufficient risk capital to scale its own technology champions, and it is betting heavily on private investment channeled through the proposed European Competitiveness Fund and initiatives like InvestAI, which aims to mobilize 200 billion euros on its own. Officials estimate an annual energy investment gap of roughly 400 billion euros tied to powering new data center capacity sustainably.

Balancing Sovereignty With Openness

Commission officials have been careful to frame the plan as protective rather than isolationist. The proposal keeps most of the market open to what officials call like minded partners, and third country providers can still qualify for recognition under the sovereignty framework if they meet the required transparency and independence standards.

Industry analysts remain split on whether the timeline is realistic. Some point out that the global supply chains needed to build large scale AI infrastructure, European or otherwise, are already tightly constrained, meaning Europe's own capacity gains may take years to materially shift where frontier grade AI computing actually happens.

What This Means for Businesses and Investors

  • Public sector cloud contracts will increasingly hinge on a provider's sovereignty tier, affecting how U.S. hyperscalers compete for government work in Europe.
  • Companies operating in regulated sectors should expect earlier and more detailed sovereignty risk assessments before procurement decisions.
  • Data center developers and semiconductor firms based in the EU stand to benefit from streamlined permitting and new investment vehicles.
  • Multinational technology firms may face pressure to restructure European operations to qualify for higher sovereignty tiers.