The Tech Sovereignty Package arrives on Wednesday, but the EU is still arguing internally over what ‘digital sovereignty’ should actually require.
The European Commission is preparing to publish its Tech Sovereignty Package on Wednesday afternoon, the most concentrated single attempt yet to reduce European reliance on American cloud, AI and chip infrastructure. The package, according to a Reuters report on Tuesday, has been visibly tempered by internal debate over how aggressive the bloc’s sovereignty stance should actually be.
The published documents are expected to include the Cloud and AI Development Act, an update to the original Chips Act, and the first formal EU-level definition of “digital sovereignty”, a phrase the bloc has used for years without legally defining.
The Cloud Act would restrict EU member states from using US cloud providers to process sensitive public-sector data in healthcare, finance and judicial systems. Private-sector usage is, on current drafts, untouched.
The internal debate centres on whether sovereignty requires an exclusively European supply chain or whether it can be achieved through interoperability and managed dependency. EU digital commissioner Henna Virkkunen told Euronews last week that “technological sovereignty is not about isolation,” framing the project as building European capacity in critical sectors rather than retreating from US technology.
That framing is doing work; the original drafts of the Cloud Act, several outlets have reported, were significantly more restrictive on US vendors than the version commissioners will see on Wednesday.
Member states are split. France and Germany have pushed for a stricter European-preference posture, particularly on data hosted by hyperscalers like Microsoft Azure and Google Cloud. The Nordics and Ireland, where US cloud companies have most of their European operations and tax bases, have argued for a softer reading.
The Commission’s compromise position is to apply the strongest restrictions only to government-controlled sensitive data, leaving the much larger private-sector market alone for now.
The sovereignty package sits alongside several adjacent actions taken over the past month. The Commission is also preparing record DMA fines against Google, has spent the past several weeks in stalled talks with Anthropic over access to its Mythos cybersecurity model, and is expected this week to reserve two-thirds of the 2 GHz mobile-satellite spectrum band for European operators.
Each of these moves carries its own justification, but the cumulative pattern is unmistakable: a European policy apparatus that has decided, in 2026, that the cost of dependence is now higher than the cost of duplication.
What the Tech Sovereignty Package will not do is force European companies to switch away from existing US providers. The political ceiling on that has held: every European member state government uses Microsoft 365 or Google Workspace, every European bank runs on US-built cloud, and the bloc’s indigenous alternatives are not yet ready to absorb that workload.
The package’s actual instruments work at the margin, restricting new sensitive-data deployments, redirecting public procurement, and funding European cloud and AI capacity over the medium term.
The harder question is whether the resulting incentive structure is enough to produce European hyperscalers in the time available. Earlier waves of European industrial policy, on lithium-ion batteries, on telecoms equipment, on cloud infrastructure under the Gaia-X programme, did not.
The Tech Sovereignty Package is, in effect, a wager that the political will and the public-spending commitments lined up behind it in 2026 are different in kind from what came before. Wednesday’s announcement will indicate whether that wager has been bet in full or hedged.
Get the TNW newsletter
Get the most important tech news in your inbox each week.