The European Commission is ready to present A technical sovereignty package Later this month it could ban companies like Microsoft, Amazon and Google from processing some sensitive data for public sector organizations in Europe.
The sanctions are expected to include financial, judicial and health-related data, according to two unnamed commission officials cited by CNBC. A Commission spokesperson described the initiative as “Europe waking up and acting united”.
What will be included in the EU’s techno sovereignty package
As described by Commission sources, the sanctions are expected to specifically target public organisations. Private companies will still be free to choose any cloud platform to handle their proprietary data. The main focus appears to be on US-based cloud providers, which currently dominate European public sector cloud workloads.
The Commission sees the package as a way to support European cloud providers and promote sovereign cloud options. One commissioner said the goal is to create opportunities for EU-based companies to grow and reach institutional users who currently rely on US cloud platforms.
Additionally, plans include improving public procurement to provide more diverse cloud and AI service options for European public bodies.
How does it fit into Europe’s broader regulatory pressures
The Tech Sovereignty Package is being developed alongside two other key regulatory initiatives: the Cloud and AI Development Act and the CHIPS Act 2.0. These efforts are part of a broader European effort to reduce reliance on US-based technology infrastructure.
European officials have been working for years to create a sovereign cloud market. The proposed restrictions on US providers mark a more significant intervention than previous voluntary frameworks and could affect Microsoft Azure, Amazon Web Services and Google Cloud’s existing contracts with European public sector bodies.
What is unclear about the EU’s techno sovereignty package?
The technical sovereignty package has not yet been formally introduced. Commission members are still reviewing specific provisions before the package is published. Details such as the scope of the restrictions, categories of data included, implementation timeline and any transition provisions for existing public sector contracts have not been finalized.
The EU has not commented on how these restrictions might interact with existing data protection frameworks or US companies offering EU-based data residency services designed to comply with the GDPR and related regulations.
