Choice is at the heart of European sovereignty and strategic autonomy
Many cloud customers – including European public administration – are deeply concerned that they rely on cloud providers that answer to their foreign governments. These governments may step in, restrict services, and take their data. This is becoming a huge problem in today’s volatile geopolitical landscape.
Europe needs Trump-Proof cloud services and options to select 100% European cloud infrastructure and services, immune from disruption, access and potential removal by foreign actors.
The CISPE Digital Sovereignty Principles for Cloud Infrastructure Services, published in 2022, remain valid and CISPE remains committed to open and competitive markets, fair software licensing and customer choice, while advocating against protectionism which could harm both European technology providers and customers. However, due to the current geopolitical uncertainty, CISPE is incorporating three additional principles it deems essential to achieving a sovereign and autonomous European cloud and digital ecosystem.
- Buy and Invest in European Cloud and AI Infrastructures
- Ensure Choice of Cloud Solutions Independent from Non-European Government Influence
- Pool Distributed European Cloud Resources through Open Frameworks
————————————————-
- Buy and Invest in European Cloud and AI Infrastructures
EU procurement rules should be revised to prioritize European cloud offerings. If just 10% of European cloud procurement integrated Gaia-X labels, it could inject €20 billion annually into European cloud infrastructure. Public sector buyers should favour European providers where comparable solutions exist or justify why they opt for non-European alternatives. Additionally, public investment in cloud and AI infrastructure should be strategically directed to strengthen European cloud capabilities, ensuring that taxpayer funds do not support competing non-European services.
- Ensure Availability of Cloud Solutions Independent from Non-European Government Influence
European businesses and institutions must have the capacity to prioritize and choose cloud solutions that can operate entirely within the EU jurisdiction, ensuring that data remains governed exclusively by European laws and courts. This requires not only European-owned cloud infrastructure but also interoperable software stacks and networks that are free from foreign control or subject to extraterritorial laws which could grant foreign governments access to European customer data. These independent, decentralised cloud services, software stacks and network components enabling data to flow, should be clearly identified and easily recognisable through certification and digital verifiable credentials. By fostering an independent European cloud ecosystem, we safeguard sensitive data, uphold regulatory compliance, and reinforce strategic autonomy in the digital era.
- Pool Distributed European Cloud Resources through Open Frameworks
European cloud providers should collaborate through open frameworks to create joint offerings. This would allow European customers, including the public sector, to dynamically compose cloud solutions by integrating certified components from multiple providers that adhere to shared security and quality standards.
Europe has a strong and diverse cloud sector, with more cloud infrastructure service providers than any other continent, including North America. These are not small players—collectively, they have the scale to match hyperscalers while offering greater diversity, reach, and resilience than any single provider, no matter how large, can match. This would enable European businesses and governments to scale cloud solutions while reducing dependence on hyperscalers.
Leveraging existing strength is a faster and more effective strategy than attempting to build new competitors from scratch. Past efforts to create “Airbus-style” cloud providers have failed and will continue to do so, as top-down approaches ignore market dynamics.