Zach Meyers / Jul 2026

Image: Shutterstock
The Trump administration provides frequent reminders to Europe of its uncomfortable dependencies on US technologies. The latest is Washington’s decision to prevent the AI firm Anthropic giving foreign users (including Europeans) access to its most advanced AI models. From artificial intelligence and cloud computing to payment systems and online platforms, the EU depends heavily on technologies subject to US control. That reliance looks increasingly naïve.
But reducing those vulnerabilities is only half of Europe's challenge. The other is competitiveness. Europe's economy continues to lag behind the United States, in large part because European firms have been slower to adopt new technologies and because Europe has struggled to create globally dominant technology companies of its own. Without stronger growth, the EU will not only be a weaker geopolitical player – it will not even be able to deliver the social contract Europeans demand.
These two objectives do not always point in the same direction. Measures that reduce dependence on foreign technology may also make European firms less competitive – and therefore harm growth – if they force businesses to use weaker or more expensive alternatives. Equally, policies that maximise competitiveness may leave Europe more exposed to external pressure.
The European Commission's new Tech Sovereignty Package attempts to grapple with this conundrum. Although the package includes measures supporting AI and semiconductor development, its centrepiece is the proposed Cloud and AI Development Act (CADA), which would introduce ‘sovereignty’ requirements for public sector cloud procurement and reserve the most sensitive public sector cloud contracts to European providers. The package recognises that cloud infrastructure has become critical infrastructure and that governments should assess the risks of foreign governments disrupting services or gaining access to sensitive data.
Yet the package is striking for what it prioritises. Its central objective is not to strengthen European technology companies as a way to boost growth. Instead it knuckles down on managing specific security risks. The justification for restricting procurement is not that Europe should "buy European" for its own sake, but rather that certain government functions require protection against foreign interference which only European providers can possibly deliver.
That cautious and narrow approach has advantages – such as reducing transatlantic tension compared to a more expansive “buy European” mandate – but it also exposes the package's limitations. Restricting a small proportion of government cloud contracts is unlikely either to do much to reduce Europe's strategic vulnerabilities or to transform the competitiveness of its cloud industry.
The procurement opportunities involved are modest in the context of Europe's overall cloud market, which remains overwhelmingly dominated by Amazon, Microsoft and Google. Even within public procurement, implementation will largely rest with member-states, creating a risk that governments favour national providers rather than helping genuinely European firms achieve the scale necessary to compete globally.
The compliance costs may also be substantial. European cloud providers seeking to qualify for the highest security classifications will need to demonstrate extensive independence from foreign-controlled technologies throughout their supply chains. Ironically, some large American providers, with their enormous technical resources and rapidly developing "sovereign cloud" offerings, may find it easier to satisfy many of these requirements than smaller European competitors – apart from the small minority of contracts which will be reserved for European providers.
Despite these flaws, public procurement can still play an important role in boosting Europe’s tech industry while also reducing risk. But if these policies are to boost growth, we must acknowledge these policies represent a bet: that short-term support will allow European firms eventually to become globally competitive. Whether that bet succeeds depends on the strength of the underlying companies, the dynamics of the market they operate in, and the extent to which additional demand genuinely helps European alternatives innovate and scale. That requires a case-by-case assessment. It is not clear that cloud computing – where US firms already have significant advantages, which go well beyond having committed public sector customers – would be the best place to start.
Ultimately, Europe's long-term security will depend less on reducing every dependency than on creating technologies that the rest of the world depends upon. Global technology markets are characterised by specialisation. Even the United States relies on foreign suppliers in critical areas. Europe's problem is not simply that it depends on others, but that too few others depend on Europe.
That suggests a different understanding of technological sovereignty would be sensible – one less focused on reducing risk and more focused on maximising opportunities. Rather than measuring success by how much European demand can be redirected towards domestic suppliers, policymakers should ask whether Europe is creating globally indispensable technologies and companies.
The Tech Sovereignty Package is therefore an important beginning rather than a complete strategy. It acknowledges Europe's vulnerabilities and introduces pragmatic measures to reduce some of them. But Europe's technological future will ultimately be determined not by how effectively it insulates itself from foreign technologies, but by whether it develops technologies that the rest of the world cannot afford to do without.











