Digital Independence: EU Plans Strict Access to State IT Structures
With a new package for technological sovereignty, the EU Commission wants to break dependence on US providers. It calls for hundreds of billions in investment.
(Image: asharkyu / Shutterstock.com)
Brussels is making a major move to reduce dependence on non-European tech giants. After years of reacting, the EU Commission has outlined the transition to a proactive digital strategy. On Wednesday, it presented its repeatedly postponed package for technological sovereignty. A communiqué and accompanying legislative initiatives make it clear: it wants to intervene more forcefully and directly in the IT structures and software procurement of EU countries.
Commission President Ursula von der Leyen emphasized that Europe cannot afford to be dependent on others for critical technologies for hospitals, energy grids, and security services. According to the responsible Vice-President Henna Virkkunen, the package marks a historic systemic shift away from a mere consumer role towards a shaping role.
At the heart of the initiative is the attempt to establish a uniform definition of technological sovereignty. The Commission understands this to mean Europe's concrete ability to independently develop, control, and scale critical technologies, infrastructures, services, and data that form the foundation for the economy, society, and security. Geopolitics and technology are now inextricably linked, which is why Europe must regain control over its supply chains and data.
Departure from Dependencies without Protectionism
The EU Commission emphasizes that this step is not to be equated with digital protectionism or isolation of the European market. Rather, sovereignty is to be based on openness, fair competition, and a human-centered approach that leaves the market open to like-minded partners. To achieve this, it relies on an ecosystem approach that spans the entire value chain, investing in skills, supporting startups, and ensuring the long-term maintenance and security of the open-source infrastructure. This is intended to generate its own European demand to avoid risky dependencies on individual, non-like-minded countries.
A core component of the package is the Cloud and AI Development Act (CADA) as a central element of the "Action Plan for an AI Continent." The regulation is intended to oblige member states to conduct a systematic sovereignty risk assessment for their administrative software. This involves an analysis of which applications in authorities require which levels of sovereignty. The specified four levels assess control over the digital service itself, the underlying supply chain, the extent of AI inference data processing, the physical location of the infrastructure, and the general level of cybersecurity.
Videos by heise
Fighting Sovereignty Washing
With this classification, the Commission aims to strengthen the resilience of the public sector, promote European alternatives, and put an end to sovereignty washing, where foreign cloud providers market their services as supposedly independent through European intermediaries. Furthermore, CADA provides for a principle whereby open-source solutions must be preferred when public administrations procure cloud and AI software.
In particularly sensitive areas such as defense or critical infrastructures, authorities could in future be effectively forced to rely exclusively on European software and hardware. Services worth around 180 million euros are to be specifically channeled to reliable EU partners.
The CADA draft also provides for the designation of certain "acceleration zones" where highly sustainable data centers can be established quickly and in a structured manner. This is intended to help triple Europe's data capacity in the next five to seven years.
A new open-source strategy has been integrated by the Commission directly into the sovereignty package in the form of guidelines for open digital ecosystems. In addition to increased use in authorities, it aims to promote the interoperability of digital systems in the public sphere. Examples of successful open ecosystems cited in the paper include the EUDI Wallet for electronic identification and decentralized social media like Mastodon. Their development is to be actively promoted in the future to counteract the discrepancy that the EU currently spends 264 billion euros annually on non-European, proprietary software.
Chips Act 2.0: Demand Boom and Emergency Powers
In parallel, the Commission plans a new edition of its semiconductor program with the Chips Act 2.0. While the predecessor primarily regulated supply, the new version aims to stimulate demand and reduce bureaucracy. Through procurement communities and "demand accelerators," a stable market for European alternatives in AI chips is to be created, which are expected to account for more than 70 percent of market growth in semiconductors by 2030.
A core project remains the establishment of an open factory for advanced semiconductor manufacturing in a member state, with pilot production between 2030 and 2033, requiring participating companies to have their headquarters in the EU. In addition, extensive emergency powers are being created: in a crisis, the Commission can intervene in supply chains and oblige manufacturers to suspend existing contracts with foreign customers to prioritize demand within the EU.
The package is flanked by a roadmap for digitalization and AI in the energy sector. Energy Commissioner Dan Jørgensen pointed out that technological sovereignty is impossible without energy sovereignty. In 2024 alone, data centers in the member states consumed as much electricity as could have powered almost 20 million European households for a year.
The roadmap envisages a mandatory sustainability rating and standards for data centers, promotes agreements for the use of waste heat, and pushes for the EU-wide expansion of smart meters to enable consumers to reduce costs by using cheaper electricity hours. In addition, a separate AI model for the entire energy sector, trained on European data, is to be developed, and the cybersecurity of critical decentralized devices such as solar installations is to be strengthened.
Trust in Private Capital
The ambitious undertaking raises financing questions above all, as global competitors are pouring immense sums into this sector. The Commission estimates the investment required to strengthen the semiconductor ecosystem alone by 2035 at around 120 billion euros, and for the expansion of data center capacities by 2036 at another 200 billion euros. Since taxpayers cannot bear these sums alone, the strategy remains heavily investment-dependent and relies on the mobilization of private capital.
To this end, Brussels has already initiated consultations with the member states and the European Investment Bank to establish a European equity and venture capital facility. At the EU level, only around 2 billion euros for the CADA research initiative and 1 billion euros for the open-source strategy are planned directly over the next seven years.
As early as Monday, 13 European tech companies such as OVHcloud, Proton, Mastodon, Nextcloud, and Ecosia, NGOs, and the Greens in the EU Parliament called for a change in course. The European digital economy must be strengthened through targeted investments, open ecosystems, and the development of resilient, sovereign infrastructure. The signatories of the open letter demand a commitment to interoperability, competition, and strategic regulation.
To achieve true independence, Europe should therefore be enabled to operate and maintain critical digital infrastructures independently. According to the alliance, one lever lies in reforming public procurement. Before the package can enter into force, the legal regulations must pass through the EU Parliament and the Council of Ministers.
(wpl)
