EU tech sovereignty package targets chips, cloud and AI as Brussels moves to curb foreign dependence

The European Commission has proposed a European Technological Sovereignty Package designed to strengthen Europe’s digital autonomy across semiconductors, artificial intelligence, cloud computing, open source software and digital energy systems. The package includes two legislative proposals, the Chips Act 2.0 and the Cloud and AI Development Act, alongside an EU Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy. The move signals that Brussels now sees digital infrastructure, computing power and technology supply chains as core elements of economic security, not merely innovation policy. The package also creates a new policy test for European companies, United States technology providers and public-sector buyers, as the European Union tries to reduce strategic dependence without closing itself off from global partners.

Why has the European Commission proposed a European Technological Sovereignty Package now?

The European Commission has proposed the European Technological Sovereignty Package because Europe’s dependence on foreign technology providers has become a strategic vulnerability across multiple layers of the digital economy. Semiconductors, cloud infrastructure, artificial intelligence systems, open source software and energy-sector digital tools now sit at the centre of industrial competitiveness, public administration, defence readiness, energy security and data control. Brussels is responding to a reality that has become harder to ignore: the digital economy is no longer just an efficiency layer sitting above the real economy. It is the operating system of the real economy.

The package reflects growing concern that Europe lacks enough control over the technologies that will define the next phase of industrial and geopolitical competition. The European Union has strong research institutions, industrial companies and regulatory influence, but it remains heavily dependent on non-European suppliers in advanced chips, hyperscale cloud, artificial intelligence infrastructure and key software ecosystems. That dependence becomes more sensitive when cloud providers, data centres, operating systems, AI models and chip supply chains are linked to foreign legal jurisdictions and strategic rivalries.

The timing also reflects the European Union’s wider economic security agenda. Russia’s war against Ukraine, energy market shocks, United States-China technology competition and the rapid rise of generative artificial intelligence have all pushed policymakers to think differently about resilience. The European Commission is not simply asking whether European businesses can buy cheap technology. It is asking whether European institutions, companies and critical sectors can continue functioning if technology access, data control or supply chains become politically exposed.

How does the Chips Act 2.0 aim to strengthen Europe’s semiconductor supply chain?

The Chips Act 2.0 is intended to build on the existing European semiconductor strategy by strengthening Europe’s capacity in chip design, manufacturing, packaging and supply chain resilience. The European Union has already set an ambition to increase its share of global semiconductor production, but the first phase of the strategy has faced the same hard problem confronting every chip policy worldwide: advanced semiconductor ecosystems are capital-intensive, technically complex and deeply globalised.

The strategic logic behind Chips Act 2.0 is that Europe cannot become digitally sovereign if it lacks secure access to advanced and specialised semiconductors. Chips are embedded in everything from cars and medical devices to defence systems, industrial automation, energy grids, telecom equipment and artificial intelligence infrastructure. A shortage or geopolitical disruption can therefore travel quickly from chip supply chains into factories, hospitals, utilities and public services.

The challenge is that Europe must decide where to compete and where to partner. Building leading-edge chip fabs requires enormous capital and long execution timelines, while European strengths may also lie in industrial chips, automotive semiconductors, power electronics, photonics, research equipment and advanced packaging. The effectiveness of Chips Act 2.0 will depend on whether Brussels can move from strategic ambition to targeted investment, faster permitting and credible demand creation. Semiconductor sovereignty sounds grand, but the actual work is painfully practical: fabs, engineers, suppliers, water, power, customers and time.

Why is the Cloud and AI Development Act central to Europe’s digital autonomy strategy?

The Cloud and AI Development Act is central because artificial intelligence sovereignty increasingly depends on compute infrastructure, cloud availability and data control. Europe cannot become an artificial intelligence leader only by regulating artificial intelligence. It also needs the data centres, cloud platforms, processors, models, software tools and energy systems needed to train and deploy artificial intelligence at scale. The Cloud and AI Development Act is Brussels’ attempt to close that gap.

The proposal is designed to strengthen European capacity in cloud and artificial intelligence infrastructure while creating a framework for assessing cloud and AI sovereignty. That matters for sensitive sectors such as government, healthcare, banking, energy, defence-adjacent systems and critical infrastructure, where data location, legal jurisdiction, operational control and cyber resilience carry strategic implications. A cloud provider may offer excellent service, but policymakers now want to know who controls the infrastructure, which laws can reach the data and whether service continuity is exposed to external pressure.

This does not mean the European Union is trying to ban foreign cloud providers. The more likely direction is a tiered model in which different use cases require different levels of assurance. Routine commercial workloads may remain open to global providers, while sensitive public-sector or critical infrastructure workloads may face tougher sovereignty requirements. The tension is obvious. Too little restriction leaves Europe exposed. Too much restriction could raise costs, reduce choice and slow innovation. Brussels is trying to walk a very thin line, preferably without tripping over a server rack.

How could the EU Open Source Strategy change Europe’s technology stack?

The EU Open Source Strategy is important because open source software sits beneath much of the modern digital economy. Cloud platforms, cybersecurity tools, artificial intelligence frameworks, developer environments, operating systems and enterprise applications all rely heavily on open source components. If Europe wants technological sovereignty, it cannot focus only on visible infrastructure such as chips and data centres. It also needs control, contribution and governance capacity in the software foundations that companies and governments use every day.

Open source can support sovereignty because it reduces dependence on closed proprietary systems controlled by a small number of foreign vendors. It can improve transparency, interoperability, auditability and public-sector flexibility. It can also support European developers, startups and research communities by giving them reusable building blocks for artificial intelligence, cloud, cybersecurity and digital public infrastructure.

The risk is that open source policy becomes too abstract. Open source software may be freely available, but maintaining secure, reliable and widely adopted open source systems requires funding, governance, skilled developers and institutional adoption. Europe already has strong open source communities, but the European Commission will need to ensure that procurement rules, public-sector guidance and industrial incentives turn open source strategy into actual deployment. Otherwise, open source remains the policy equivalent of a gym membership: very impressive until nobody uses it.

Why does the digitalisation and AI roadmap for energy matter for Europe’s power systems?

The Strategic Roadmap for Digitalisation and AI in Energy matters because Europe’s energy system is becoming more decentralised, electrified and data-intensive. Renewable power, batteries, electric vehicles, heat pumps, grid flexibility, smart meters, interconnectors and industrial electrification all require better digital coordination. Artificial intelligence can help forecast demand, manage grid congestion, optimise assets, detect faults and improve energy efficiency.

This is where technology sovereignty connects directly with energy security. If Europe’s power grids, energy platforms and industrial energy systems depend heavily on external digital infrastructure, the energy transition could create a new form of dependency even as it reduces fossil fuel imports. Brussels is trying to avoid a situation where Europe becomes less dependent on imported gas but more dependent on foreign-controlled digital systems managing the grid.

The roadmap also reflects the increasing overlap between climate policy and industrial policy. Clean energy is no longer only about building wind farms and solar plants. It is about software, sensors, data centres, automation, artificial intelligence and cyber resilience. Europe’s energy transition will need digital systems that are secure, interoperable and trusted. The European Commission’s package recognises that the future grid will be as much a data network as an electricity network.

How could the package affect United States technology providers in Europe?

The European Technological Sovereignty Package could affect United States technology providers because many of Europe’s cloud, software and artificial intelligence infrastructure dependencies are linked to American companies. Microsoft Corporation, Amazon.com Inc., Alphabet Inc. and other United States technology groups already play major roles in European cloud, enterprise software, artificial intelligence services and data infrastructure. The new package does not automatically displace those companies, but it may change the rules for sensitive workloads and public-sector procurement.

United States technology providers are likely to respond by offering more European-controlled services, local partnerships, data-residency commitments, sovereign cloud structures and compliance frameworks. Some already do this. The question is whether those arrangements will satisfy European Union sovereignty requirements if the underlying corporate control or legal exposure remains outside Europe. This is where the debate becomes legally and technically complicated very quickly.

For European customers, the package could widen choice if it helps European providers scale. However, if the rules become too restrictive before European alternatives are mature, public agencies and companies may face higher costs or reduced access to advanced services. The policy aim is digital autonomy. The practical risk is fragmentation. Brussels wants Europe to have more control, but Europe also needs world-class tools. A slower cloud with better flags is not much of a strategy.

What does the European tech sovereignty push mean for startups and industrial companies?

For European startups, the package could create new opportunities if public procurement, funding and demand-generation measures help scale local cloud, artificial intelligence, semiconductor and open source businesses. Startups often struggle not because they lack technology, but because they cannot access large anchor customers, compute resources, procurement channels or late-stage capital. A serious European sovereignty agenda could help create domestic demand for European technology providers.

For industrial companies, the package could improve resilience by encouraging more diversified and trusted technology supply chains. Automotive manufacturers, energy companies, banks, healthcare providers, defence suppliers, telecom operators and industrial automation firms all depend on digital infrastructure. If Europe can strengthen local capacity in chips, cloud and AI, industrial firms may gain more strategic options and reduce exposure to supply shocks.

The risk is compliance complexity. New sovereignty rules could create additional procurement criteria, reporting obligations and technology classification systems. Large companies can manage that. Smaller firms may struggle if the rules are unclear or costly. The European Commission will need to ensure that sovereignty policy supports competitiveness rather than becoming another administrative maze where only the largest players can afford the map.

Why does the package matter for Europe’s competition with the United States and China?

The package matters because technological sovereignty has become one of the defining arenas of global competition. The United States dominates many layers of the digital stack through cloud providers, AI labs, software platforms, chip design companies and venture-backed technology ecosystems. China has built scale in manufacturing, digital platforms, telecoms, batteries, electric vehicles and state-backed industrial technology. Europe has regulatory influence and industrial depth, but it has often lacked global digital champions at the same scale.

The European Commission’s package is therefore an attempt to shift Europe from regulatory power toward industrial capability. Europe has shown it can regulate technology through privacy, competition and artificial intelligence rules. The harder question is whether Europe can build and scale the technology systems it wants to regulate. Sovereignty without capability becomes dependency with better paperwork.

The package also fits into a broader European attempt to reduce strategic vulnerabilities without becoming protectionist. Brussels wants autonomy, but it also wants open partnerships. That balance will be difficult. If Europe moves too cautiously, dependence continues. If Europe moves too aggressively, it may alienate partners, raise costs and fragment technology markets. The success of the package will depend on whether Europe can build capacity fast enough to make sovereignty commercially credible.

What are the key takeaways from the European Technological Sovereignty Package?

• The European Commission has proposed a European Technological Sovereignty Package covering semiconductors, cloud computing, artificial intelligence, open source software and digitalisation of the energy system.
• The package includes two legislative proposals, the Chips Act 2.0 and the Cloud and AI Development Act, alongside the EU Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy.
• The Chips Act 2.0 is intended to strengthen Europe’s semiconductor capacity and resilience, reflecting the strategic role of chips in industry, defence, artificial intelligence, energy systems and critical infrastructure.
• The Cloud and AI Development Act is central because artificial intelligence leadership depends on secure cloud infrastructure, compute capacity, data governance and trusted deployment conditions for sensitive sectors.
• The EU Open Source Strategy recognises that software foundations are part of technological sovereignty, especially where transparency, interoperability, public-sector adoption and cybersecurity resilience are important.
• The Strategic Roadmap for Digitalisation and AI in Energy links digital sovereignty with energy security, as Europe’s power systems become more dependent on data, automation, artificial intelligence and grid flexibility.
• United States technology providers may face new sovereignty expectations in sensitive European markets, but the package also creates opportunities for local partnerships and European-controlled infrastructure models.
• The main execution risk is whether Europe can convert policy ambition into scalable companies, bankable infrastructure, public-sector demand and globally competitive technology ecosystems.