European Commission weighs curbs on non-EU clouds for sensitive government data
Updated
Updated · CNBC · May 7
European Commission weighs curbs on non-EU clouds for sensitive government data
12 articles · Updated · CNBC · May 7
Officials said a May 27 Tech Sovereignty Package could require EU-based hosting for public-sector financial, judicial and health data across the bloc’s 27 member states.
The plans would not fully bar foreign providers from government contracts, but could restrict U.S. platforms in strategic sectors depending on data sensitivity; talks remain unfinished.
The move reflects concern over reliance on American tech and the U.S. Cloud Act, alongside wider EU efforts including sovereign cloud funding, CADA and Chips Act 2.0.
Is Europe's push for a sovereign cloud a path to digital independence or an expensive technological dead end?
As Europe builds its digital fortress, is it starting a tech trade war with the United States?
EU's €180M Tech Sovereignty Package Responds to Microsoft France's CLOUD Act Data Access Admission
Overview
In June 2025, Microsoft France admitted it could not guarantee that French citizen data would not be shared with U.S. authorities due to the U.S. CLOUD Act, which compels American companies to provide data globally. This revelation exposed a major legal conflict with the EU's GDPR and undermined the idea of sovereign cloud services from U.S. providers. In response, the European Commission launched the Tech Sovereignty Package in 2026, enforcing strict data localization, encryption controls, and favoring European cloud providers. These measures aim to protect EU data from foreign surveillance, driven by longstanding mistrust rooted in Snowden's 2013 disclosures, but they also cause costly migrations and strain transatlantic relations.