News & analysis · 7 June 2026
EU tech sovereignty package: cloud tiers that bar US hyperscalers and Chips Act 2.0 for the AI era
On June 3, the European Commission unveiled what it calls its most ambitious technology initiative in a decade: a coordinated Tech Sovereignty Package spanning cloud computing, artificial intelligence, semiconductors, and open-source software. The centrepiece is the Cloud and AI Development Act (CADA), which creates four tiers of cloud “sovereignty” and restricts Amazon Web Services, Microsoft Azure, and Google Cloud from processing the most sensitive European public-sector workloads unless they restructure ownership and legal independence from U.S. jurisdiction. Alongside it, Chips Act 2.0 revises the 2023 semiconductor law with emergency override powers, a mandate for at least one advanced foundry inside the bloc, and a target of €120 billion in investment by 2035. Brussels is not asking nicely this time. It is writing compliance obligations that cannot be satisfied by hosting American cloud services on European soil.
The kill-switch moment that made sovereignty concrete
European policymakers have talked about digital sovereignty for years. What changed the conversation from white papers to legislation was a bureaucratic incident with geopolitical teeth. When the Trump administration sanctioned the International Criminal Court’s top prosecutor earlier in 2026, Microsoft cancelled his email account. The action was brief and procedural. For Brussels, it was clarifying: if a single U.S. company could cut off a senior international official’s communications at the stroke of a pen, what else could be switched off?
Commission Executive Vice-President Henna Virkkunen put the framing bluntly in a CNBC interview: “We want to be sure nobody has a kill switch.” The CADA proposal operationalises that fear. Public authorities in healthcare, finance, and judicial systems will be required to assess how much of their infrastructure depends on non-EU firms and route workloads to the appropriate sovereignty tier. Private-sector cloud use is not directly restricted — but the public-sector rules set a template that enterprise procurement teams will feel pressure to follow, especially for regulated industries.
The legal conflict is structural, not cosmetic. The U.S. Cloud Act allows American law enforcement to request user data from U.S. companies regardless of where servers physically sit. CADA’s highest tiers require providers to demonstrate EU ownership, EU-national personnel in control roles, and independence from third-country legal jurisdictions. As The Next Web reported, meeting those criteria would be difficult, if not impossible, for AWS, Azure, and Google Cloud as currently structured. Data residency was never enough; Brussels now demands structural independence.
Four sovereignty tiers: what each level requires
CADA replaces ad hoc national rules with an EU-wide framework. Public bodies must classify workloads and match them to one of four tiers, each with escalating requirements for provider ownership, operational control, and legal autonomy. At the lower tiers, hybrid arrangements and EU-operated subsidiaries may suffice for less sensitive data. At the highest tier — covering the most critical government, health, and judicial systems — providers must prove end-to-end European control of the stack, not merely European hosting of American software.
The practical effect is a compliance cliff. Hyperscalers have spent billions marketing “EU regions” and sovereign cloud partnerships. CADA says that marketing is insufficient for Tier 1 workloads. Microsoft’s ICC prosecutor email cancellation is the case study: jurisdiction follows corporate nationality, not server geography. For AI specifically, the open question is whether GPU-as-a-service arrangements and intermediary resellers count as genuinely sovereign, or whether regulators will require European control of the hardware stack all the way down to the accelerator.
CADA also sets an infrastructure target: tripling EU data-centre capacity within five to seven years, with the goal of fully meeting European business and public-administration needs by 2035. The Commission estimates roughly €200 billion in mostly private investment is required, with streamlined permitting and pre-identified sites to accelerate deployment. That figure sits in the same order of magnitude as the AI infrastructure build-out Goldman Sachs flagged in its $800 billion global AI capex forecast — except Europe is trying to redirect a slice of that spending inside its borders rather than through Virginia and Oregon data halls governed by U.S. law.
Chips Act 2.0: emergency powers and the advanced-foundry bet
The original EU Chips Act entered force in 2023 promising €43 billion to double Europe’s global semiconductor market share to 20% by 2030. Most analysts now consider that headline target unattainable. Chips Act 2.0 acknowledges the miss and pivots strategy: less emphasis on fabs alone, more on stimulating demand for European-made chips, securing design capabilities that currently sit almost entirely outside the bloc, and building at least one foundry for advanced semiconductor manufacturing — the cutting-edge nodes that AI accelerators depend on.
The revision adds teeth the first Act lacked. The Commission would gain emergency powers to override commercial supply agreements during a crisis, prioritising EU-critical chip orders even when that means breaking existing contracts with non-European customers. Reports cited by industry press suggest a €30 billion facility capable of producing chips at the 3nm node is under discussion, with funding split between the Commission, member states, and private enterprises. AI-related chips are projected to account for more than 70% of the global semiconductor market by 2030; Brussels argues the original Act was overtaken by that shift before it was fully implemented.
Skepticism is warranted. Europe has announced sovereignty initiatives before and under-delivered. The €180 million sovereign cloud contract awarded earlier in 2026 was a fraction of what U.S. hyperscalers spend in a single quarter. Chips Act 2.0’s €120 billion target by 2035 requires sustained political will across electoral cycles — something semiconductor manufacturing, with its decade-long payback horizons, has rarely received. What is different this round is the regulatory stick paired with the investment carrot: CADA restricts demand for foreign cloud while Chips Act 2.0 tries to ensure European silicon exists to fill the gap.
Regulatory divergence: Brussels vs. Washington in the same week
The Tech Sovereignty Package lands in the same calendar window as two other major policy moves: the EU Digital Omnibus deal that postponed high-risk AI Act deadlines to 2027 while keeping August 2026 transparency obligations intact, and the U.S. push toward federal preemption of state AI rules via the Great American AI Act framework. Read together, the Atlantic regulatory gap is widening, not narrowing.
Washington is racing to keep AI deployment frictionless for domestic hyperscalers and model labs. Brussels is explicitly treating American cloud and chip dependency as a strategic liability and writing restrictions that hyperscalers cannot easily route around with marketing. For multinational enterprises, the compliance surface doubles: U.S. customers may face lighter AI governance while EU operations must satisfy sovereignty tiers, delayed but still incoming high-risk AI rules, and nudifier prohibitions from the omnibus deal.
Apple’s WWDC keynote on June 8 sits awkwardly inside this frame. The company is reportedly routing heavy Siri workloads to Google Cloud on Nvidia hardware — exactly the cross-border, U.S.-jurisdiction stack CADA targets. A billion iPhones running on-device models while complex queries exit to American infrastructure is the sovereignty problem in miniature. European regulators will not ban consumer iPhones, but public-sector procurement and regulated-industry cloud RFPs will start asking questions Apple and its partners cannot answer with a regional data centre alone.
Who wins, who pays, and what to watch
Winners, if execution matches ambition: European sovereign cloud providers (OVHcloud, Deutsche Telekom’s T-Systems, local operators), EU-based open-source infrastructure projects, and any chip consortium that actually breaks ground on an advanced fab. Sovereign AI startups pitching on-prem and air-gapped deployments gain a regulatory tailwind.
Losers or adapters: AWS, Azure, and Google Cloud must either restructure European entities beyond current joint-venture models or accept exclusion from Tier 1 public contracts. AI labs that assumed frictionless GPU rental from Dublin or Frankfurt may face procurement reviews asking who holds the kill switch. The cost is not just compliance lawyers — duplicated infrastructure raises the effective price of European AI compute, potentially feeding back into the enterprise ROI skepticism we covered in Microsoft’s Claude Code cancellation.
Watchlist through 2026: CADA’s legislative path through Parliament and Council (tech sovereignty bills historically get watered down but rarely killed outright); which member state lands the advanced foundry; whether GPU intermediary structures pass sovereignty audits; and whether U.S. retaliation arrives via trade tools or quiet diplomatic pressure on individual commissioners. The package is a proposal, not yet law — but the framing from Virkkunen and the Commission makes clear the political direction is set.
Bottom line
Europe’s Tech Sovereignty Package is the most concrete attempt yet to convert a decade of digital-dependency anxiety into enforceable rules. CADA goes beyond data residency to challenge the U.S. Cloud Act directly. Chips Act 2.0 admits the first semiconductor push failed and tries again with emergency powers and an advanced-node mandate tuned for AI. The €200 billion data-centre target and tripling capacity goal acknowledge that sovereignty requires silicon and floor space, not just legislation.
Whether Brussels can build fast enough is the same question Europe has asked since GDPR made it a regulatory superpower without a matching industrial base. This time the geopolitical catalyst — a cancelled ICC email account — is more vivid than any white paper. For builders deploying AI agents and tool-use pipelines, the actionable takeaway is geographic: assume EU public-sector and regulated workloads will require provably European control of compute, model hosting, and data paths. The kill-switch era is over as a acceptable risk model. Structural independence is the new procurement checkbox.
Sources: The Next Web — EU tech sovereignty package (Jun 2026); European Commission — Tech Sovereignty Package press release; CNBC — Virkkunen kill-switch interview; Eastern Herald — CADA and Chips Act 2.0 summary. Related on Solana Garden: EU AI Act omnibus deadlines, Great American AI Act analysis, Goldman AI capex forecast, Distributed systems explained.