EU Tech Sovereignty Plan Turns on Power, Chips and Cloud

EU tech sovereignty took legislative form on June 3, when the European Commission proposed a package covering semiconductors, cloud, artificial intelligence (AI) and open source. The plan would create a Cloud and AI Development Act (CADA), refresh chip rules, push public buyers toward open source and tie new data centres to energy planning.

Ursula von der Leyen, the European Commission president, presented the file as citizen protection. The buildout now runs through data-centre permits, grid capacity, semiconductor demand and procurement rules that will decide how much of Europe’s digital stack can operate under European law.

Brussels Puts Sovereignty Into Law

The official June 3 tech sovereignty package statement lists two legislative proposals and two strategy files. It also says the measures are meant to widen choice for EU businesses, citizens and public administrations in core technologies.

This is about protecting our citizens, defending our interests and making our own choices.

Von der Leyen, the EU executive’s president, used that line in the launch statement. The phrasing matters because the package is written across sectors that usually sit in separate files: chips, cloud infrastructure, AI services, public software and the power system that has to feed them.

The legislative files now go into the EU lawmaking machine. The strategy and roadmap can start moving through guidance, tenders and model agreements while the regulations are negotiated.

The Cloud Bill Starts With Land and Power

The Cloud and AI Development Act proposal carries the hard infrastructure promise: at least triple data-centre capacity in 5 to 7 years. CADA targets permits, deployment and access to energy, land, water and financing. It also gives public administrations a common framework for buying cloud and AI services.

CADA grew out of the AI Continent Action Plan, the EU push to make compute capacity available for companies and public bodies using AI. The file puts zoning offices, grid operators and water authorities into a technology programme usually described through cloud contracts and model training.

• 5 to 7 years – target window for at least tripling EU data-centre capacity.
• Energy, land, water and financing – constraints named in the cloud proposal.
• Public administrations – buyers that would use the common procurement framework.

That bottleneck is already visible in the global AI data-centre energy race, where builders track power availability before model demand. The EU file now makes that constraint part of a legislative target.

Cloud Risk Gets a Four-Step Scale

CADA’s autonomy chapter gives public bodies a scale for choosing cloud services after a risk assessment. The four assurance levels begin with data location and end with full software supply-chain control and no third-country interference.

• Level 1 – data is processed and stored in infrastructure located in the EU.
• Level 2 – providers must show independence from third countries and transparency over the software supply chain.
• Level 3 – providers must be owned and controlled from the EU and meet added criteria such as personnel citizenship; third-country providers can still be recognised by the EU executive.
• Level 4 – providers must have full transparency and control over the software supply chain, with no third-country interference.

Under the draft, most of the market remains open to partners. Higher-risk buying moves toward ownership, control, staffing and supply-chain disclosure. That gives hospitals, energy companies, banks and government bodies a common vocabulary for sensitive workloads.

The classification also creates a commercial ladder. A cloud provider could qualify for low-risk public workloads while missing the highest assurance level for critical systems. Buyers get a scoring system, and suppliers get a set of audit questions that can travel from one tender to the next.

Chips Policy Moves From Factories to Buyers

The Chips Act 2.0 proposal starts with the achievement and the gap. The original Chips Act mobilised more than €52 billion in public and private investment and created an estimated 46,000 direct and indirect jobs, according to the EU executive. The new file says Europe remains dependent on third countries in advanced chip manufacturing and semiconductor design.

The demand side is more explicit this time. By 2030, the global semiconductor market is expected to reach €1.37 trillion, with AI-related components driving around 70% of that growth. The proposal adds demand accelerators, strategic projects and a Semiconductor Regions of Excellence label; permitting approvals would be capped at 12 months.

French quantum chip company Quobly, covered in the Quobly silicon quantum computing report, raised €115 million to industrialise silicon qubits and launch a cloud system. That kind of company sits below the headline fight over hyperscalers, but it is exactly the kind of supplier that demand programmes are meant to pull into public and industrial buying.

ASML, the Dutch lithography-equipment supplier, remains Europe’s obvious semiconductor stronghold. The new proposal reaches for a wider base: design, packaging, raw materials, AI chips and mainstream chips that keep cars, factories and grid equipment running.

Open Source Gets a Procurement Door

The EU Open Source Strategy fact page carries no regulation number, so its first effects are likely to come through buying rules. It says Europe has more than three million open-source contributors while relying heavily on non-EU providers across software, cloud, AI and infrastructure. The same page puts Europe’s annual spend on digital technologies from third countries at €260 billion.

The public-sector section is practical. It calls for procurement guidelines, stronger internal use of open source by EU bodies, better standardisation and international promotion of European open-source tools. The Commission’s code.europa.eu platform already hosts projects for which EU institutions, bodies, offices and agencies hold intellectual-property rights.

Security teams rebuilding vendor checks around the Digital Operational Resilience Act (DORA, an EU financial-sector technology-risk rule) and the Network and Information Security Directive (NIS2, the EU cyber-risk law for essential and important entities) will recognise the direction. The DORA and NIS2 vendor-risk guide covered the move toward continuous supplier scrutiny. Sovereign procurement adds a software question to that work: who can inspect, maintain and replace the code?

Energy Rules Move Into the Technology File

The Strategic Roadmap for Digitalisation and AI in Energy was published with the package and brings grid management into the sovereignty agenda. It aims to accelerate European sovereign AI solutions for electricity grids, building efficiency, industry energy use and demand-side flexibility. It also covers sustainable integration of data centres into the energy system.

The roadmap says 14 European industry associations have agreed to work with the EU executive on a model for tripartite agreements between data-centre operators, energy-related parties and public authorities. Three companies had endorsed the declaration of support by publication, with several others expressing interest.

The funding line is already attached through the EU research programme Horizon Europe:

• approximately €1 billion for research and innovation in energy systems, grids and storage.
• approximately €100 million for advanced smart-grid work in the 2026 to 2027 programme.
• €75 million for AI energy applications and €190 million for digital renewable, building and efficiency tools.

For data-centre regions, the package puts local planning files into the same timetable as cloud capacity. A data hall approved on paper still needs a grid connection, cooling plan and local political consent.

Parliament and Governments Get the File

The two legislative proposals now move to the European Parliament and national governments in the Council. Negotiators will write the definitions that decide how public buyers treat open markets, sensitive workloads, EU added value and third-country interference.

The Mario Draghi competitiveness report, prepared by Mario Draghi, former European Central Bank president, gave Brussels much of the background diagnosis: Europe can no longer rely on many of the factors that supported past growth, and the green and digital transitions demand heavy investment and innovation. The sovereignty package borrows that language, then puts a deadline on one part of it.

Lobbying will split by file: cloud providers over assurance levels, chip users over demand programmes, and open-source groups over procurement formulas that value maintainable code alongside license price. The file now moves into EU negotiations, with the data-centre capacity target already timed at 5 to 7 years.