• 07/30/2026
  • Technical contribution

Towards european digital sovereignty: cloud infrastructure as a foundation

The EU sees risks in transatlantic dominance in the IT sector. European alternatives are intended to enhance independence and thus ultimately improve IT security. Some examples appear promising.

Written by Uwe Sievers

Digital map of Europe with building blocks for cloud infrastructure, artificial intelligence, open source, data centers, regulation, chips, cybersecurity, and data sovereignty.

Hyperscalers form the digital backbone of many companies. Various measures from the political and business spheres aim to strengthen European cloud sovereignty. The European Commission is also making efforts in this area.

US hyperscalers Amazon (AWS), Microsoft (Azure) and Google share more than 70 per cent of the European cloud market. The trend is still rising. A similar picture of dominant US providers is also evident in areas such as the AI sector and office software. This is reported by the US broadcaster CNBC.

To the session: AWS European Sovereign Cloud - Next level of sovereignty

Politicians launch programmes

This development has led to various political responses. In autumn 2025, EU countries, led by Germany and France, organised the European Summit on Digital Sovereignty. Among the measures agreed there is the establishment of a task force on digital sovereignty.

According to the relevant website, its remit includes “developing sovereignty indicators” and supporting concrete measures through “relevant European policy instruments such as sectoral regulation, state aid and the European Competitiveness Fund”.

The European Parliament presented a catalogue of measures, which calls, among other things, for European providers to be given preference in public procurement procedures. Initial measures are to be implemented in the course of this year. Plans to reduce dependency are also being drawn up at other levels, but it is likely to be some time before all this is reflected in the day-to-day operations of public authorities and businesses.

To the topic page: Digital sovereignty: Strategig ability to act in uncertain times

 

New EU initiatives for digital sovereignty  

The European Commission has recently presented a legislative package to strengthen digital sovereignty. The aim is to reduce Europe’s dependence on foreign technology companies.

To this end, the plan is to expand Europe’s own chip and semiconductor production and to accelerate the development of high-performance cloud infrastructures in Europe.

Furthermore, the EU is placing greater emphasis on open source: public administrations and businesses are to move away from dominant US providers and rely more heavily on European alternatives. There are also plans to expand modern data centres for training AI models in Europe, in order to strengthen technological expertise and data sovereignty.

To the topic page: Securing Data & AI in a controlled manner

The switch to open source in public authorities as a signal for greater sovereignty   

Meanwhile, the International Criminal Court has switched from Microsoft Office to the open-source solution Opendesk. This alternative, developed in Germany, comes from the “Centre for Digital Sovereignty in Public Administration” (ZenDiS), a federal agency.

Efforts to reduce dependence on US companies are also underway at state level. Schleswig-Holstein (federal state in Germany) is gradually switching to open-source alternatives and intends to terminate its existing Microsoft contracts by the end of the current decade. Various social security providers are also trialling Opendesk as a contingency measure, for example to remain operational in the event of service outages.

Initiatives from the business sector

Similar efforts are underway in other European countries. For instance, the Austrian Armed Forces have moved away from Microsoft Office and switched to the open-source solution LibreOffice. The Austrian Federal Ministry for Economy, Energy and Tourism recently completed the migration of 1,200 employees to the European open-source cloud platform Nextcloud. The French Gendarmerie has been using Collabora Online for years, another alternative to mainstream Office products. The French Mistral AI is a European Large Language Model (LLM) that aims to compete with major US rivals such as ChatGPT. The AI system has been very well received and is now expanding into other European countries such as Germany.

Meanwhile, several initiatives are also focusing on the topic. Leading the way is the “Federal Association for Digital Sovereignty – Open Source Business Alliance” (OSBA). According to its own statement, the association is the largest alliance in Europe’s open-source industry and represents over 260 member companies.  

 

Major AI projects aim to strengthen Europe’s cloud providers

Meanwhile, European providers such as IONOS, Deutsche Telekom and the Schwarz Group are attempting to capture market share with their own hyperscalers (StackIT). However, according to the statistics mentioned at the outset, these remain largely niche players for the time being.

Deutsche Telekom and the Schwarz Group are also planning a joint large-scale AI project. The focus of this initiative is on establishing a high-performance European AI infrastructure, specifically targeting training and inference capacities for large language models and industrial applications.

The aim is to integrate data centres, cloud platforms and data ecosystems in such a way that businesses and public institutions gain access to high-performance AI services that also comply with data protection regulations.

Another key aspect is ensuring data sovereignty and IT security, for example through high-performance computers operated in Europe, clear governance structures and controlled data spaces.

To the session: Resilience & Sovereignty in an Era of Cloud: Crafting a Vision for What’s Next

 

More than just the cloud: EuroStack as the foundation of digital sovereignty

US hyperscalers are responding to this by setting up data centres on European soil or through partnerships with local operators.

Representatives from politics, business and academia are calling for a more far-reaching approach. They advocate the development of EuroStack as an independent tech infrastructure in Europe. This is not merely an industrial policy project; EuroStack can be understood as a multi-layered reference architecture spanning everything from semiconductors and cloud infrastructures to platform services and applications.

The aim is to systematically reduce critical dependencies whilst simultaneously embedding European values such as data protection, transparency and interoperability at a technical level. From a security perspective, this includes, amongst other things, end-to-end encryption concepts, trustworthy identity and access models based on the zero-trust principle, and the consistent use of open standards to avoid vendor lock-ins. This is complemented by requirements for traceable supply chains (supply chain security), certified hardware and software components, and compliance with European regulations such as NIS2 or the Cyber Resilience Act.

Initiatives such as Gaia-X and European cloud and edge consortia are also incorporated into this concept, which is designed to strengthen both Europe’s economic competitiveness and its strategic autonomy.

To the article: From SBOM to PBOM: Defending Against Supply Chain Attacks

To the article: IT Regulations: 4 IT Laws You Should Be Aware of in 2026

 

From ambition to implementation

Awareness of the importance of digital sovereignty in Europe has grown, particularly in recent years, and initiatives such as EuroStack demonstrate that this can lead to concrete outcomes. As Secretary General of the European Cyber Security Organisation (ECSO), Joanna Świątkowska is committed to strengthening Europe’s cyber security resilience and strategic autonomy.

She believes this must be driven forward jointly by all stakeholders: ‘Europe is entering a decisive phase where digital sovereignty must move from ambition to implementation. At its core, technological sovereignty is about Europe’s ability to develop, control and scale its critical technologies, infrastructures, services and data. Delivering on this vision requires aligning industrial policy, regulatory frameworks and cybersecurity into a coherent approach that builds real capabilities.

The objective is clear: a secure, competitive and resilient digital ecosystem grounded in trust and assurance.’

To the session: Digital sovereignty in reality check: opportunities, risks, feasibility

 

Debate at the it-sa Expo&Congress

The relevance of the various efforts to achieve greater autonomy within Europe to the issue of cybersecurity (report on the topic) was also discussed recently at the it-sa Expo&Congress. The topic is set to be a key talking point again at the next event, which will take place from 27 to 29 October 2026 at the Nuremberg Exhibition Centre.