Cloud: 25 European CEOs warn EU against sovereignty washing

25 CEOs of European cloud and digital service providers have addressed an open letter to the EU Commission. In it, the companies organized in the industry association CISPE (Cloud Infrastructure Service Providers in Europe) are calling for five concrete principles to be included in the planned Cloud and AI Development Act (CADA) – the first EU law specifically aimed at cloud services and artificial intelligence.

The letter of March 17, 2026 is addressed to Henna Virkkunen, Executive Vice-President for Technological Sovereignty, Security and Democracy in the EU Commission. She is primarily responsible for CADA and had scheduled a round-table discussion with the industry. Virkkunen herself had already announced the draft law to improve cloud services and expand high-performance computing energy efficiently.

Five Principles Against Pseudo-Sovereignty

At their core, the signatories criticize that US hyperscalers like AWS, Microsoft Azure, and Google Cloud dominate the European market with around 70 percent market share – and market themselves as "sovereign" without relinquishing real control to European customers. CISPE calls this practice sovereignty washing: US corporations advertise with EU data centers and cybersecurity certificates but remain subject to the US CLOUD Act, which allows US authorities to access data stored worldwide. In 2025, Microsoft admitted during a hearing before the French Senate that it could not guarantee data sovereignty for European customers.

The five demanded principles include, firstly, a definition of sovereignty based on actual control rather than mere EU presence. Secondly, where full sovereignty is not feasible, resilience should be ensured through customer-controlled encryption, data portability, and technical reversibility – as protection against extraterritorial access, for example, by the US CLOUD Act. Thirdly, the signatories demand reserved procurement shares for European providers according to the principle "Buy European – Ensure Resilience – or Explain". Fourthly, competition and interoperability should be strengthened, the anti-competitive bundling of AI and cloud services prevented, and the importance of open-source software recognized. Fifthly, tax-funded investments in cloud and AI infrastructure should primarily benefit the European ecosystem.

Local Providers See Opportunity

CISPE Secretary-General Francisco Mingorance described CADA as a "unique opportunity to bring Europe back to the forefront in the digital economy." This should not be squandered by legitimizing sovereignty washing. One gigawatt of sovereign European cloud and AI infrastructure must mean "investment in Europe's digital future and strategic autonomy" – otherwise, Europe will only deepen its dependence on overseas cloud giants. Local providers currently hold a market share of approximately 15 percent and could gain ground with CADA, especially in public procurement and when handling sensitive data.

Furthermore, CADA is intended to anchor sustainability criteria for cloud investments and promote energy-efficient high-performance data centers. The EU Commission has not yet officially responded to the open letter.

(fo)