The European Commission has awarded €180 million in contracts to four European providers to build an EU sovereign cloud infrastructure, aiming to reduce the bloc’s reliance on American technology giants. The contract to serve EU institutions, bodies, and agencies was divided among Luxembourg’s Post Telecom, Germany’s StackIT, France’s Scaleway, and Belgium’s Proximus.
The project is scheduled to run for six years and is designed to decrease the union’s technological dependence on foreign corporations while strengthening digital sovereignty.
What is the EU sovereign cloud?
the “sovereign cloud” concept is a computing model focused on security and jurisdictional control. Under this model, data from government or private organizations is hosted, managed, and stored in full compliance with the national laws, technical standards, and privacy requirements of the territory where it is physically located.
Which cloud services did the EU use previously?
Before launching the sovereign cloud project, EU structures, like most governments worldwide, relied almost exclusively on the American “Big Three” technology giants.
The primary providers for European agencies were:
- Microsoft Azure (including the Microsoft 365 ecosystem, which handles nearly all daily documentation and communication for EU officials).
- Amazon Web Services (AWS).
- Google Cloud.
Europe used these services because local companies lacked infrastructure of comparable scale, reliability, and computing power for a long time.
Why did the EU decide to move away from them?
The European Commission began the transition due to legal complications that affected the union’s sovereignty:
1. The U.S. CLOUD Act (2018). This law requires U.S.-based IT companies to provide American intelligence agencies and courts with access to user data upon request, even if the servers are physically located in Europe. This created a direct security risk for EU state secrets.
2. The “Schrems II” ruling (2020). The European Court of Justice invalidated the Privacy Shield data exchange agreement between the EU and the U.S. The court ruled that American surveillance laws do not provide Europeans with adequate protection. Storing EU citizens’ data on American corporate servers was found to violate strict GDPR regulations.
3. Vendor Lock-in risks. European policymakers realized that in the event of a geopolitical crisis or trade war with the U.S., EU institutions could lose access to their own critical databases. The state apparatus essentially depended on external infrastructure.
The first attempt: Gaia-X
NEWSROOM IN notes that Europe previously attempted to solve this problem. In 2019, France and Germany initiated the Gaia-X project.
The project aimed to create a unified European cloud ecosystem but faced internal bureaucracy. Gaia-X also allowed American (Amazon, Microsoft) and Chinese (Alibaba) giants to join the consortium because of their technology, which diluted the goal of sovereignty.
The new tender was structured differently, awarding funds only to European companies.
The €180 million budget is small compared to U.S. IT spending, and a full transition away from American clouds will take years. Currently, only the most critical and classified government data is being moved to European servers, while routine operations still run on Microsoft and Amazon infrastructure.