The Continent That Couldn’t Guarantee Its Own Future

Imagine a morning in Brussels where a server farm in Virginia goes dark. Not a dramatic cyberattack. Not an act of war. Just a routine outage, a technical hiccup in a data center that happens to sit on American soil, governed by American law, answerable to American shareholders. And in that moment, the hospitals stop sharing patient records. The financial clearing systems stutter. The government ministries cannot access their own files.

No invasion required. No sanctions necessary. Just a quiet, structural vulnerability that Europe spent two decades building into itself, one cloud contract at a time.

This is not a hypothetical designed to provoke. It is the honest description of where Europe stands right now, and why the continent is finally doing something about it. The question worth asking is not whether Europe has a problem. The question is whether the solution arrives in time.

When the Lights Go Out in Brussels, Who Controls the Switch?

The numbers tell one part of the story. U.S. hyperscalers, primarily Amazon Web Services, Microsoft Azure, and Google Cloud, currently control roughly 65% of the European cloud market. That figure alone should concentrate minds in every European capital. But the raw market share statistic undersells the actual depth of the dependency, because this is not simply about where data is stored. It is about who controls the rails that modern governance, modern medicine, modern finance, and modern defense all run on.

European hospitals process patient data through platforms engineered in California. European banks run risk models on infrastructure that falls under the jurisdiction of the U.S. Cloud Act, a law that grants American authorities the right to demand access to data stored by U.S. companies, regardless of where that data physically sits. European defense ministries coordinate on systems built by corporations whose ultimate accountability runs not to Brussels or Berlin, but to Washington and Wall Street.

The semiconductor layer compounds the problem significantly. Europe currently produces less than 10% of the world’s chips, despite once leading global semiconductor manufacturing. The supply chains for the silicon that powers everything from military communications to hospital scanners run through Taiwan, South Korea, and increasingly through Chinese-influenced networks. When geopolitical tensions tighten, as they have with increasing regularity since 2020, Europe discovers it is not a sovereign player in this landscape. It is a customer. And customers do not set the terms.

The democratic risk embedded in this arrangement is the part that rarely makes the front page but sits at the center of every serious policy conversation in the EU. When critical digital infrastructure operates under foreign legal jurisdiction, democratic accountability becomes a polite fiction. A parliament can pass whatever privacy laws it likes. A court can issue whatever rulings it chooses. But if the infrastructure itself answers to a different sovereign, the gap between legal principle and operational reality grows wider with every passing year.

Europe did not arrive here through negligence alone. It arrived here through decades of prioritizing cost efficiency and convenience over strategic resilience, trusting that the international order would remain stable enough to make dependency affordable. That trust is now being reconsidered, urgently, and at scale.

More Than a Buzzword: The Politics of Digital Independence

Strategic autonomy sounds like the kind of phrase that gets born in a committee room and dies in a policy paper. In practice, it means something specific and consequential: Europe’s right to make decisions, run systems, and operate infrastructure without needing permission from a foreign platform, a foreign government, or a foreign court.

The concept did not arrive fully formed. It grew out of a long institutional reckoning, accelerated sharply by the Snowden revelations of 2013, deepened by the pandemic’s exposure of supply chain fragility, and brought to a head by the geopolitical turbulence of the post-2022 world. What began as a trade policy conversation gradually became an existential one.

Europe’s regulatory instincts produced genuine global landmarks. GDPR redrew the global conversation on data privacy and forced American tech giants to restructure how they handle European user data. The AI Act established the world’s first comprehensive legal framework for artificial intelligence. These were not small achievements. But they also revealed a structural limitation: regulation without the industrial capacity to back it up is leverage without muscle. You can fine a company. You cannot replace it if you have no alternative.

That recognition is what is driving the current pivot. The shift from a regulation-first posture toward an investment-first strategy represents the most significant change in EU digital policy in a generation. Ursula von der Leyen and Digital Commissioner Henna Virkkunen have both signaled clearly that Brussels understands the competitiveness gap is no longer a theoretical concern. The U.S. is pulling ahead on AI infrastructure. China is closing ground on semiconductors and industrial technology. Europe, for all its regulatory ambition, has been losing economic ground in the sectors that will define the next thirty years.

Strategic autonomy, properly understood, is the answer to that problem. Not isolation. Not protectionism for its own sake. But the deliberate, funded, coordinated effort to ensure that Europe can act on its own values, at scale, without asking anyone else’s permission first.

Building Europe’s Own Internet, From the Ground Up

EuroStack is the most audacious idea currently circulating in European tech policy, and also the most straightforward once you strip away the jargon. The premise is simple: Europe needs its own complete digital stack. Hardware at the base. Operating systems and software platforms in the middle. Cloud services, AI models, and digital applications at the top. Every layer, built and governed within European jurisdiction, under European law, accountable to European institutions.

What EuroStack proposes is not the nationalisation of the internet. It is the construction of a genuine European alternative to the end-to-end dominance currently exercised by American and Chinese technology companies. Right now, when a European public institution, a hospital, a ministry, a university, deploys digital infrastructure, it is almost certainly building on chips designed in California, running software built in Seattle, stored on servers governed by U.S. law. EuroStack says that chain of dependency needs to be broken, layer by layer.

The hardware layer covers semiconductors, servers, and networking equipment. The software layer covers operating systems, databases, development tools, and enterprise platforms. The services layer covers cloud infrastructure, AI compute, and the digital applications that sit on top of all of it. Each layer currently has significant non-European dominance. Each layer is being targeted with specific investment, procurement policy, and industrial strategy.

The support base behind EuroStack is substantial and still growing. More than 400 signatories from across industry, academia, and civil society have backed the initiative, representing a coalition that spans large enterprises, technology startups, research institutions, and public sector bodies. The “Buy European” procurement push embedded within the initiative attempts to use the enormous purchasing power of European public institutions to create guaranteed early demand for homegrown alternatives, effectively de-risking investment in European technology companies before they can achieve scale.

EuroStack’s relationship with existing European cloud providers is one of reinforcement rather than replacement. Companies like OVHcloud, Deutsche Telekom’s Open Telekom Cloud, and Scaleway already operate within the European market. EuroStack does not render them redundant. It gives them the political backing, procurement priority, and investment environment they have long argued they need to compete seriously against hyperscaler rivals with vastly deeper pockets.

The timeline question is where honest assessments become uncomfortable. Building a full sovereign digital stack from hardware to services is not a three-year project. It is a decade-long industrial undertaking that requires sustained political will, consistent funding, and the kind of cross-border coordination that Europe has historically found difficult to maintain over long time horizons. The 400 signatories represent ambition. The harder test is whether that ambition survives budget cycles, election changes, and the persistent temptation of cheaper, faster, already-built American alternatives.

EuroStack is the right idea for the moment Europe finds itself in. Whether it is executed with the urgency that moment demands is the open question that will define European digital policy for the rest of this decade.

Forty-Three Billion Euros and Counting

Money is where political intent becomes real. Declarations and strategies and summits all matter, but the investment landscape behind Europe’s sovereignty push is where you can measure how seriously the continent actually means what it says. The answer, when you look at the full picture, is: seriously enough to be credible, but not yet seriously enough to be certain.

The funding architecture behind Europe’s digital sovereignty plan is not a single budget line. It is a constellation of interlocking initiatives, each targeting a specific vulnerability in the dependency chain, each designed to reinforce the others. Taken together, they represent the most ambitious industrial investment programme Europe has attempted since the postwar reconstruction era.

The European Chips Act and Chips Act 2.0

The European Chips Act of 2023 committed more than 43 billion euros to rebuilding Europe’s semiconductor manufacturing capacity. The logic is direct: you cannot have digital sovereignty if the chips that power your infrastructure are fabricated in Taiwan and designed in California. The Act targets advanced node manufacturing, meaning the cutting-edge chip architectures that power AI systems, military hardware, and next-generation communications. It also invests in workforce development, because factories without engineers are expensive real estate.

Chips Act 2.0, currently moving through the legislative process, deepens that commitment. It addresses gaps the original Act left exposed, particularly around supply chain security and the coordination between member states on where fabs get built and how capacity gets shared. The auditors have noted that original targets risk being missed without faster execution. Chips Act 2.0 is in part a response to that pressure.

EuroHPC AI Factories

If the Chips Act addresses the hardware foundation, the EuroHPC AI Factories initiative addresses the computational layer immediately above it. These are sovereign AI compute facilities: clusters of high-performance GPUs federated across a public-private partnership model, designed to give European researchers, startups, and institutions access to the kind of raw compute power currently dominated by American hyperscalers and their proprietary AI infrastructure.

The strategic purpose is clear. AI leadership in the coming decade will belong to whoever controls the training infrastructure. Europe cannot afford to build its AI future entirely on American cloud credits and American model APIs. The AI Factories create the on-soil, under-EU-jurisdiction alternative that makes genuine AI sovereignty possible rather than merely aspirational.

The Critical Raw Materials Act

Semiconductors require physical inputs: rare earth elements, lithium, cobalt, gallium, germanium. Most of these currently flow through supply chains with significant Chinese influence. The Critical Raw Materials Act of 2024 sets EU production targets for strategic minerals, establishes recycling frameworks to reduce virgin material dependency, and begins the long work of diversifying sourcing away from single points of geopolitical failure.

This is sovereignty at the molecular level. It may be the least glamorous piece of the entire architecture, but without it, every chip factory and AI data centre Europe builds remains dependent on materials it cannot reliably secure.

The Net Zero Industry Act

The final piece connects Europe’s digital ambition to its climate agenda in ways that are more than rhetorical. The Net Zero Industry Act of 2024 supports clean technology manufacturing, covering batteries, solar infrastructure, and the energy systems that power data centres and fabrication plants. The connection to digital sovereignty is practical: a data centre running on imported fossil fuels from geopolitically unstable regions carries its own dependency risk. Building the green energy infrastructure that powers the digital stack is part of building the stack itself.

Taken together, these four initiatives represent a coherent industrial logic. Secure the raw materials. Build the chips. Power the compute. Train the models. Each step reduces a dependency. Each investment makes the next one more viable. The sum is larger than its parts, provided the execution matches the ambition.

Rules With Teeth: DSA, DMA, and the AI Act

Regulation is where Europe has always felt most confident. The instinct to legislate first and build second has defined EU digital policy for the better part of two decades. The current moment represents a maturation of that instinct, an understanding that rules without industrial capacity behind them have limits, but also a recognition that the regulatory architecture Europe has built is not the obstacle critics claim. It is the foundation.

The Digital Markets Act and the Digital Services Act arrived together as a legislative pair designed to address two distinct but related problems. The Digital Markets Act targets the structural power of Big Tech gatekeepers, the platforms that control access to markets, audiences, and data in ways that foreclose competition. It forces interoperability, restricts self-preferencing, and gives regulators meaningful enforcement powers against companies that have historically treated European fines as a cost of doing business. The Digital Services Act addresses what happens on those platforms, creating accountability frameworks for illegal content, algorithmic transparency requirements, and risk assessment obligations that scale with platform size.

Together they represent the most serious attempt by any regulatory body to rebalance the relationship between platform power and democratic governance. They are imperfect. Enforcement remains uneven. But the architecture is real, and the precedent is global.

The AI Act adds a phased safety framework that distinguishes between risk levels, from minimal risk applications to high risk deployments in healthcare, law enforcement, and critical infrastructure. Its implementation timeline runs through 2026 and beyond, giving industry adaptation time while establishing the legal floor below which no AI system operating in Europe can fall.

The Berlin Declaration of November 2025 sits above all of this as a political commitment document. Member states signing it pledged to keep digital infrastructure and data flows under EU control as an explicit condition of preserving democratic governance. It is a statement of intent backed by the regulatory machinery already in place.

The Draghi Report gave this entire architecture its most urgent intellectual framing. Its diagnosis of Europe’s digital lag produced a direct policy response in the form of the EU Cloud and AI Development Act, targeting sovereign high-performance computing and systematically reducing reliance on non-EU providers. The report did not invent the problem. It named it with enough precision that ignoring it became politically impossible.

Why This Could Still Fail

Honesty demands a reckoning. Europe’s tech sovereignty plan is the right response to a real problem, pursued with genuine political will and significant financial commitment. It could still fall short. Not because the ambition is wrong, but because ambition and execution are different disciplines, and Europe has a complicated relationship with the second one.

The fragmentation problem sits at the center of everything. Twenty-seven member states means twenty-seven procurement systems, twenty-seven sets of political priorities, twenty-seven different relationships with the American tech companies whose contracts fund significant portions of national digital infrastructure. A sovereign cloud strategy that requires coordinated action across that landscape is not impossible, but it requires a level of sustained alignment that the EU has historically struggled to maintain once the summit photos are taken and the declarations are signed.

The talent shortage is structural and severe. Europe produces world-class researchers in AI, semiconductor design, and deep tech. It then watches a significant portion of them leave for better-funded positions in American universities and technology companies. Building the industrial capacity that EuroStack and the Chips Act envision requires not just capital but human expertise at scale. Training pipelines take years. Retention requires competitive compensation structures that European institutions have not traditionally been built to offer.

The cost reality is sobering even by the standards of ambitious industrial policy. Building sovereign cloud infrastructure at the scale required to meaningfully displace U.S. hyperscaler dependency is a 100 billion euro undertaking at minimum, spread across a timeline measured in decades rather than years. The Chips Act’s 43 billion euro commitment is significant. It is also, by the estimates of people who build semiconductor fabs for a living, probably not sufficient to hit the targets the Act originally set. Independent auditors have already flagged the risk of missing those targets without material acceleration in both spending and coordination.

The time pressure is the variable that makes all of the others more acute. Geopolitical conditions are not waiting for European infrastructure to catch up. The window in which Europe can build genuine alternatives before dependency becomes irreversible is not indefinitely open. Every year that sovereign cloud, homegrown AI, and European chip manufacturing remain aspirational rather than operational is a year in which the dependency deepens and the switching cost grows higher.

None of this is a reason to stop. It is a reason to move faster, coordinate harder, and resist the comfortable European habit of treating the production of excellent policy documents as a substitute for the harder work of building things.

The Europe That Could Be

Success does not look like Europe unplugging from the global internet. It does not look like a continent turned inward, suspicious of foreign technology and hostile to international collaboration. It looks like something more precise and more valuable than either of those caricatures: a Europe that participates fully in the global digital economy on its own terms, with its own infrastructure, under its own laws.

The economic dimension is where the returns become tangible. The value generated by AI systems, cloud services, and digital platforms currently flows overwhelmingly to American shareholders and American tax jurisdictions. A sovereign European digital ecosystem captures that value onshore. European AI models trained on European compute, sold to European enterprises and public institutions, generate revenue that stays within the European economy and funds the next generation of investment. That is not nationalism. That is basic industrial logic.

The democratic dimension is where the stakes are highest. Infrastructure under democratic control means that when a European court issues a ruling on data privacy, the infrastructure it governs actually complies. It means that surveillance capabilities are accountable to European parliaments rather than foreign executives. It means that the digital systems running elections, hospitals, and financial markets answer to the citizens those systems serve.

Europe also carries a credible claim to global standard-setting that no other jurisdiction currently matches. The regulatory frameworks built over the last decade, imperfect as they are, have already reshaped how technology companies operate worldwide. A Europe with the industrial capacity to back those standards with genuine alternatives becomes not just a rule-maker but a model.

The political momentum building around figures like Emmanuel Macron and Friedrich Merz, expressed through summits, bilateral commitments, and coordinated industrial policy, signals that this is no longer a conversation happening only among technocrats. It has reached the level where heads of government are staking political capital on the outcome. That matters. Political will at that altitude, sustained over time, is what separates plans that transform continents from plans that fill shelves.

The Clock Is Running

Europe has done the hardest intellectual work. It has named the problem with precision, designed a response with genuine ambition, and begun moving the money that turns strategy into infrastructure. The European Chips Act, EuroStack, the AI Factories, the regulatory architecture, the Berlin Declaration: these are not wishful thinking. They are the components of a credible plan, assembled by people who understand what is at stake.

What remains uncertain is speed. The geopolitical environment that makes this plan necessary is not standing still while Europe builds. American AI infrastructure is scaling at a pace that widens the gap with every passing quarter. Chinese semiconductor capacity is advancing despite export controls. The window for Europe to build genuine alternatives before dependency becomes structural and permanent is real, but it is not infinite.

The question facing Europe right now is not whether digital sovereignty is worth pursuing. That argument is settled. The question is whether a continent that has historically excelled at designing the race can learn to run it fast enough to matter.

The plan exists. The money is moving. The political will is present.

Now Europe has to build.

Sourcing Map With Live Links

Every claim in this blog is traceable. The sourcing architecture below maps each section to its primary references, giving editors, fact-checkers, and readers a clear line of sight from argument to evidence.

Section 1: The Dependency Problem

Atlantic Council, Digital Sovereignty Report (January 2026) https://www.atlanticcouncil.org/in-depth-research-reports/report/digital-sovereignty-europes-declaration-of-independence

Foreign Policy, Europe Is Decoupling From U.S. Tech (February 2026) https://foreignpolicy.com/2026/02/europe-decoupling-us-tech

Section 2: What Strategic Autonomy Actually Means

Draghi Report on EU Competitiveness, EU Commission https://commission.europa.eu/topics/strengthening-european-competitiveness/eu-competitiveness-looking-ahead_en

European Parliament, Promoting Digital Sovereignty in the EU (October 2025) https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2025)digital-sovereignty

Intelligence Strategy, Technological Sovereignty for Europe (January 2026) https://www.intelligence-strategy.com/technological-sovereignty-europe

Section 3: The EuroStack Explained

EuroStack Official Site (March 2026) https://www.eurostack.eu

Digital SME Alliance, Tech Sovereignty and EuroStack (June 2025) https://www.digitalsme.eu/digital-sme-position-on-tech-sovereignty-and-eurostack

Section 4: The Money Behind the Mission

Constitutional Discourse, The Path to Digital Sovereignty: European Chips Act (February 2024) https://constitutionaldiscourse.com/the-path-to-digital-sovereignty-european-chips-act

Broadband Breakfast, Proposed Digital Networks Act and Chips Act 2.0 (March 2026) https://broadbandbreakfast.com/proposed-digital-networks-act-and-chips-act-2-0

EU Commission, European Chips Act Official Page https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-chips-act_en

Section 5: The Regulatory Architecture

Sumsub, EU Digital Services Act and Digital Markets Act https://sumsub.com/blog/eu-digital-services-act-and-digital-markets-act

Dig Watch, Berlin Declaration for European Digital Sovereignty (March 2026) https://dig.watch/updates/berlin-declaration-european-digital-sovereignty

Intelligence Strategy, Technological Sovereignty for Europe (January 2026) https://www.intelligence-strategy.com/technological-sovereignty-europe

Section 6: The Obstacles Are Real

Draghi Report on EU Competitiveness, EU Commission https://commission.europa.eu/topics/strengthening-european-competitiveness/eu-competitiveness-looking-ahead_en

Foreign Policy, Europe Is Decoupling From U.S. Tech (February 2026) https://foreignpolicy.com/2026/02/europe-decoupling-us-tech

Atlantic Council, Digital Sovereignty Report (January 2026) https://www.atlanticcouncil.org/in-depth-research-reports/report/digital-sovereignty-europes-declaration-of-independence

Section 7: What Success Actually Looks Like

EU Commission, Official Digital Policy Documentation https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age_en

Intelligence Strategy, Technological Sovereignty for Europe (January 2026) https://www.intelligence-strategy.com/technological-sovereignty-europe

Dig Watch, Berlin Declaration for European Digital Sovereignty (March 2026) https://dig.watch/updates/berlin-declaration-european-digital-sovereignty

Frequently Asked Questions

What is Europe’s tech sovereignty plan and why does it matter now?

Europe’s tech sovereignty plan is a coordinated strategy to reduce the continent’s structural dependency on foreign, primarily American and Chinese, technology companies across cloud computing, semiconductors, artificial intelligence, and data infrastructure. It matters now because the geopolitical conditions that made that dependency affordable have fundamentally changed. Trade tensions, the threat of U.S. export controls, and the growing use of technology infrastructure as a lever of geopolitical pressure have forced European policymakers to confront a vulnerability that was decades in the making. The plan is not about isolationism. It is about ensuring that Europe retains the ability to govern itself, protect its citizens’ data, and compete economically in a digital century without requiring permission from a foreign platform or a foreign court to do so.

What is EuroStack and how is it different from existing European cloud providers?

EuroStack is a proposed end-to-end European digital infrastructure covering every layer of the technology stack, from semiconductor hardware at the base through operating systems and software platforms in the middle, up to cloud services and AI applications at the top. What distinguishes it from existing European cloud providers like OVHcloud or Deutsche Telekom’s Open Telekom Cloud is its scope and ambition. Those companies already operate within the European market and represent important pieces of the puzzle. EuroStack does not replace them. It provides the political backing, coordinated procurement policy, and investment environment that gives those providers a genuine opportunity to scale and compete against American hyperscalers that currently control roughly 65% of the EU cloud market. EuroStack is the architecture. Existing European providers are among the builders.

How much is Europe actually investing in digital sovereignty and where is the money going?

The investment picture is substantial and still growing. The European Chips Act of 2023 committed more than 43 billion euros to rebuilding semiconductor manufacturing capacity within Europe, targeting advanced chip production, supply chain security, and workforce development. Chips Act 2.0 is currently deepening that commitment. The EuroHPC AI Factories initiative is funding sovereign artificial intelligence compute infrastructure through a public-private federation model, giving European researchers and companies access to high-performance GPU clusters hosted on EU soil. The Critical Raw Materials Act of 2024 secures the physical mineral inputs that chips and hardware require. The Net Zero Industry Act connects clean energy manufacturing to digital infrastructure resilience. Taken together, the total investment picture runs well beyond 100 billion euros when sovereign cloud buildout costs are included, making this the most ambitious European industrial programme since postwar reconstruction.

What are the biggest obstacles standing between Europe and genuine digital sovereignty?

Three structural challenges stand out above the rest. First, fragmentation: twenty-seven member states mean twenty-seven procurement systems and twenty-seven sets of political priorities, and sustained coordination across that landscape over a decade-long buildout timeline is genuinely difficult. Second, talent: Europe produces exceptional researchers in AI and semiconductor design but loses significant numbers of them to better-compensated positions in American institutions and technology companies, and training pipelines take years to rebuild. Third, time: the geopolitical window for building credible alternatives before dependency becomes permanent is real but not unlimited. American AI infrastructure is scaling rapidly. Chinese semiconductor capacity is advancing. Independent auditors have already flagged that Chips Act targets risk being missed without material acceleration. The plan is credible. The execution pace is the variable that will determine whether it succeeds.

How do regulations like the GDPR, the AI Act, and the Digital Markets Act fit into the sovereignty strategy?

These regulations form the legal scaffolding that gives the sovereignty strategy its enforceable shape. GDPR established European data privacy as a global standard and forced American technology companies to restructure how they handle European user data. The Digital Markets Act targets Big Tech gatekeeping behaviour, forcing interoperability and restricting the self-preferencing practices that have historically foreclosed competition. The Digital Services Act creates accountability frameworks for platform content and algorithmic transparency. The AI Act introduces a phased safety framework that distinguishes between risk levels and sets the legal floor below which no AI system operating in Europe can fall. Taken together these frameworks do not create digital sovereignty on their own, regulation without industrial capacity behind it has real limits, but they establish the rules of the road that any sovereign European digital ecosystem will operate within. They are the law. EuroStack, the Chips Act, and the AI Factories are the industry being built to operate under it.