Tech Sovereignty Package: Europe starts building tech capacity, with room to strengthen demand for homegrown solutions
-
The European Commission has published the Tech Sovereignty Package, including the Cloud and AI Development Act (CADA) among its key components. The initiative marks an important shift towards a more proactive industrial strategy to boost Europe’s capacities across cloud, AI and semiconductors while reducing dependence on non-EU technologies.
-
However, its impact may be limited if key sovereignty assessments are left largely to Member States, potentially leading to fragmented implementation across the Union.
-
The European DIGITAL SME Alliance stresses that supply-side investments must be matched by stronger demand-side measures if Europe is serious about scaling its own technology providers. This requires stricter sovereignty requirements as the baseline for all public cloud procurement, complemented by digitalisation vouchers to drive private-sector adoption of sovereign technologies.
With the publication of the Tech Sovereignty Package, the European Commission has taken an important step in redefining Europe’s approach to digital policy.
The Package combines a Communication on European Tech Sovereignty, the Chips Act 2.0 to strengthen Europe’s semiconductor production and ecosystem, and, very importantly, the Cloud and AI Development Act (CADA), aiming to triple the EU’s cloud and AI computing capacity in the next 5-7 years, by strengthening sovereign solutions in these areas.
This Package represents the most significant effort to date by the European Commission to strengthen European technological sovereignty. It explicitly acknowledges that Europe remains structurally dependent on non-EU providers for over 80% of its digital products, services and digital infrastructure.
The European DIGITAL SME Alliance supports the direction of the Package. The inclusion of a Cloud Computing Sovereignty Framework within the CADA, as well as the introduction of non-price criteria for cloud procurement, marks a departure from procurement models based primarily on cost considerations, recognising that the governance, jurisdiction, and control of digital infrastructure carry strategic implications for Europe’s resilience.
These are positive developments. However, the decision to leave sovereignty risk assessments largely in the hands of Member States may result in uneven implementation across the Union. Using implementing acts to provide Member States with a methodology for sovereignty risk assessment adds additional uncertainty and potential fragmentation in the approach. Without a more consistent European approach, there is a risk that public authorities reach different conclusions regarding acceptable levels of dependency on non-European providers, weakening the overall objective of strengthening Europe’s technological sovereignty.
While the Package introduces a dedicated demand-side framework – including procurement provisions under CADA and a structured approach to sovereignty levels – these measures remain limited in scope and ambition. The CADA falls short in establishing a clear and enforceable European Preference for cloud procurement.
Strong sovereignty criteria, including mandatory third-party audit, data localisation in the Union, and restrictions on providers subject to third-country control, should apply as the baseline for all public cloud procurement, not only to the narrow subset of activities Member States classify as security-sensitive. The Co-Legislators should make sure to define a binding European Preference for digital technologies, including cloud and AI, as the standard condition for public sector contracts, including through the upcoming Public Procurement Act.
Federation and aggregation models should be encouraged to allow smaller providers to participate in sovereign cloud, software and AI value chains at scale, avoiding new forms of concentration while strengthening European competitiveness. The so-called ´EuroCloud Federation´, included in the CADA proposal, should therefore also be open to private European cloud and AI providers.
Demand-side measures should not stop with the public sector. If Europe wants globally competitive cloud and AI providers, it must also stimulate private-sector adoption of sovereign European solutions.
The European Commission should therefore consider instruments such as digitalisation vouchers, targeted to European SMEs, to help accelerate uptake of sovereign European solutions and ensure that public investment translates into market growth for home-grown solutions.
Investments in chips, cloud infrastructure, AI capacity and data centres are necessary. But technological sovereignty will not be achieved through supply-side measures alone. Europe must ensure that demand, both public and private, supports the growth of European technology providers.
The Tech Sovereignty Package establishes a promising framework for strengthening Europe’s technological capabilities and reducing critical dependencies. The direction is the right one. Its impact will however depend on complementary demand-side measures to boost market uptake towards innovative and already operational European sovereign solutions.
