AI & TechBigTech CompaniesBusinessNewswireTechnology

EU tech package limits US cloud, launches Chips Act 2.0

▼ Summary

– The European Commission’s tech sovereignty package restricts US cloud providers from processing sensitive government data and launches Chips Act 2.0 to build advanced semiconductor capacity in Europe.
– The Cloud and AI Development Act creates four sovereignty tiers for public-sector cloud use, requiring providers to demonstrate EU ownership, control, and independence from foreign legal jurisdictions like the US Cloud Act.
– Chips Act 2.0 shifts focus to stimulating demand for European-made chips and securing design capabilities, targeting €120 billion in total investment by 2035 with a potential €30 billion facility for 3nm chips.
– The package aims to triple EU data centre capacity within five to seven years, requiring €200 billion in mostly private investment, to run AI workloads on European infrastructure.
– Unlike past initiatives, the package has regulatory teeth by restricting non-EU providers for government data and requiring structural independence, not just data residency, to reduce strategic dependencies.

The European Commission has unveiled an ambitious tech sovereignty package designed to curb reliance on US cloud providers while launching a Chips Act 2.0 to boost advanced semiconductor production in Europe. The centerpiece, the Cloud and AI Development Act (CADA) , establishes four tiers of sovereignty for public-sector cloud use, directly challenging American dominance in government data processing.

Earlier this year, when the Trump administration sanctioned the International Criminal Court’s top prosecutor, Microsoft promptly canceled his email account. Though brief and bureaucratic, the incident served as a wake-up call for European policymakers. If a single US company could sever a senior international official’s communications with a simple administrative action, what other digital infrastructure could be shut off at a moment’s notice?

On Wednesday, the European Commission responded with legislative action. Its tech sovereignty package represents the bloc’s most comprehensive effort yet to reduce foreign technology dependence, targeting cloud computing, artificial intelligence, semiconductors, and open-source software in a unified strategy.

“We want to be sure nobody has a kill switch,” Commission Executive Vice-President Henna Virkkunen told CNBC.

The cloud crackdown

The Cloud and AI Development Act (CADA) creates an EU-wide framework defining four tiers of cloud sovereignty. Public authorities must assess how much of their infrastructure relies on non-EU firms and match workloads to the appropriate tier. At the highest levels, providers must demonstrate ownership and control from within the EU, employ EU-national personnel, and prove independence from third-country legal jurisdictions. This last requirement directly targets the US Cloud Act, which permits American law enforcement to request user data from US companies regardless of where it is stored. Meeting these criteria would be extremely difficult for Amazon Web Services, Microsoft Azure, and Google Cloud under their current structures.

The restrictions apply to sensitive public-sector workloads in healthcare, finance, and judicial systems. Private-sector cloud use remains unaffected.

Chips Act 2.0

The package also introduces a successor to the EU’s original Chips Act, which took effect in 2023. Chips Act 2.0 shifts focus from simply building fabrication plants to stimulating demand for European-made semiconductors and securing design capabilities that currently reside almost entirely outside Europe.

The Commission said it would “prioritise” constructing a foundry for advanced semiconductor manufacturing within the bloc. Reports suggest a €30 billion facility capable of producing chips at the cutting-edge 3nm node is under discussion, with funding split between the Commission, member states, and private enterprises.

The revised strategy targets €120 billion in total investment by 2035. Whether that figure is achievable depends on political will that has historically wavered when it comes to the sustained, decade-long commitments semiconductor manufacturing demands.

Tripling data centre capacity

CADA also sets an infrastructure target: tripling the EU’s data centre capacity within five to seven years, with the goal of fully meeting the needs of European businesses and public administrations by 2035. The Commission estimates this will require approximately €200 billion in mostly private investment.

To accelerate deployment, the Act will streamline permitting processes and identify suitable sites for new facilities. The ambition is to ensure that European organisations can run AI workloads on European infrastructure, rather than routing them through US hyperscaler data centres governed by US law.

The question remains whether GPU-as-a-service arrangements and other intermediary structures will count as genuinely sovereign, or whether the Commission will require end-to-end European control of the hardware stack.

The gap between ambition and execution

Europe has announced digital sovereignty initiatives before. The original Chips Act promised €43 billion to double the EU’s global semiconductor market share to 20% by 2030, a target most analysts now consider unattainable. The €180 million sovereign cloud contract awarded earlier this year was a fraction of what US hyperscalers spend in a single quarter.

What makes this package different is its regulatory teeth. CADA does not merely encourage European alternatives. It restricts the use of non-EU providers for specific categories of government data, creating a compliance obligation that cannot be met by simply hosting American cloud services on European soil. The sovereignty tiers require structural independence, not just data residency.

The geopolitical logic is clear. As the Commission’s own framing puts it: “As geopolitical fragmentation deepens and supply chains are increasingly weaponised, technological dependencies are becoming strategic liabilities.” Whether Europe can build the industrial capacity to match that language is the question it has been asking itself for a decade. This time, at least, it has given itself a legal framework to try.

(Source: The Next Web)

Topics

tech sovereignty 98% cloud regulation 95% semiconductor manufacturing 92% data sovereignty 90% ai infrastructure 88% us cloud act 85% geopolitical risk 83% public sector it 80% investment targets 78% Regulatory Compliance 76%