Category: Security & Regulation || Posted Jun 13, 2026

Building the Tech Sovereignty Package: Inside the EU’s Massive €120B Semiconductor and Cloud Framework Aimed at Overhauling Non-EU Infrastructure Reliance

For decades, the European Union has been comfortable operating as a regulatory superpower. It wrote the world’s playbook on data privacy with GDPR and set the baseline for algorithmic oversight with the EU AI Act. But as the global race for artificial intelligence and compute infrastructure reaches a fever pitch, Brussels has come to a sobering realization: you cannot govern the digital future if you do not own the physical hardware it runs on.

The numbers painting Europe’s reliance on foreign tech are stark. U.S. cloud hyperscalers currently control over 70% of the European cloud market, while the EU accounts for less than 10% of global semiconductor manufacturing. Every year, the bloc spends an estimated €264 billion primarily on non-EU, proprietary IT products and services.

To break this cycle of dependency, the European Commission unveiled the European Technological Sovereignty Package. Anchored by a target of €120 billion in semiconductor investments by 2035 and an additional €200 billion earmarked to overhaul the cloud landscape by 2036, this sweeping framework represents a massive structural shift. Brussels is transitioning from a regulator of technology to a builder of technological sovereignty.

The Double-Barrelled Legislative Core: Chips Act 2.0 and CADA

At the heart of the tech sovereignty push are two highly ambitious legislative proposals designed to secure the bottom and top of the European computing stack: the Chips Act 2.0 and the Cloud and AI Development Act (CADA).

The original 2023 Chips Act succeeded in mobilizing public and private capital for factory construction, but Europe remains heavily reliant on the United States and Asia for advanced chip design and high-end manufacturing. Chips Act 2.0 directly targets the components driving modern AI. It introduces "Grand Challenges" to stimulate the domestic design of AI chips, matches manufacturing with local demand from data centers, and introduces an aggressive permitting fast-track that slashes bureaucratic approval windows down to a maximum of 12 months.

Directly complementing the hardware push is CADA, which aims to triple European data-center capacity over the next five to seven years. Rather than trying to compete on scale alone, CADA weaponizes public sector demand to force a migration toward domestic infrastructure. It establishes a unified, EU-wide sovereignty framework built on four distinct trust tiers for public cloud workloads.

For standard public services, basic compliance applies. However, for highly sensitive sectors—such as defense, national security, justice, and border management—the framework mandates strict, top-tier cloud sovereignty requirements. Under these rules, critical data must be processed entirely on infrastructure physically located within the EU and operated under the structural control of EU entities, effectively insulating European data from foreign extraterritorial surveillance laws.

The Supply-Side Strategy: Procurement, Open Source, and Grid Integration

Brussels openly acknowledges that setting strict sovereignty rules will fail if European alternatives do not have the capacity to handle the load. To prevent a compliance bottleneck, the package implements three aggressive supply-side mechanisms.

First, it reshapes public procurement. The package introduces "Union added-value" criteria into public tenders, allowing governments to actively favor cloud and hardware providers that can demonstrate European-based design, manufacturing, or operational oversight.

Second, it embraces the Open Source Strategy as a structural lever. Backed by a €2 billion commitment over seven years, the EU is establishing a "Free Software First" principle for public cloud and AI procurement, aiming to cultivate 30 million active users of European open-source collaboration tools by 2030.

Third, the framework addresses the massive environmental and energy strains of computing. The Strategic Roadmap for Digitalisation and AI in Energy establishes "Data Center Acceleration Zones" to guarantee fast-track grid connections. In return, operators must sign tripartite agreements with energy stakeholders and public authorities to sustainably integrate these power-hungry "AI gigafactories" into Europe's green transition, utilizing native AI models to optimize power grid management.

The Enforcement Hurdles: Funding Gaps and Fragmented Compliance

Despite the grand vision radiating from Brussels, the Tech Sovereignty Package faces an incredibly steep climb through the European Parliament and the Council of the European Union, with final adoption expected to take 18 to 24 months.

The most glaring vulnerability is funding. While the Commission states the semiconductor ecosystem requires €120 billion by 2035 and sovereign data centers demand another €200 billion by 2036, the text lacks an immediate, centralized EU pot of fresh capital. Instead, it relies heavily on individual member states utilizing State aid allowances to fund "First-of-a-Kind" facilities, alongside a planned consultation with the European Investment Bank to unlock private equity at scale.

Industry groups, including DIGITALEUROPE, have quickly raised concerns that over-indexing on strict ownership restrictions could alienate global investment and starve European startups of cutting-edge technology. Furthermore, by leaving the administrative burden of enforcing the new "Made in Europe" procurement and compliance rules entirely up to individual member states, critics warn the package risks creating a fragmented, confusing patchwork of regulations across the single market.

The Bottom Line

The EU’s Tech Sovereignty Package is a bold declaration that the era of open digital globalization has been replaced by an era of strategic regional blocks. Commission President Ursula von der Leyen summarized the shift perfectly, stating that Europe simply cannot afford to depend on third countries for the technologies that keep its hospitals running, its energy grids stable, and its public services secure.

By linking advanced chip manufacturing directly to sovereign cloud storage and open-source software, the EU is attempting to build an entirely self-sufficient, top-to-bottom computing architecture. It is an expensive, politically complex gamble. But in a world where data and processing power define geopolitical influence, the cost of building technological autonomy is nothing compared to the price of remaining dependent on someone else's infrastructure.

Can the EU successfully bridge its massive technology funding gap through private capital and state aid, or will strict sovereignty tiers isolate European businesses from global innovation? Share your thoughts in the comments below.