The European Union is planning to reduce its dependence on US technology providers by prioritizing European AI and cloud service providers when awarding public contracts. This strategy is detailed in a document relating to the planned “Cloud and AI Development Act”.
A primary focus of the proposed legislation is to grant the EU greater control over highly sensitive data. Information pertaining to critical sectors, such as defense and health, will henceforth only be stored in “sovereign” clouds. These secure environments will ensure that foreign governments cannot access the data, and that service provision cannot be halted due to trade conflicts or sanctions.
In addition to these data sovereignty measures, the Commission intends to heavily promote European semiconductor production. However, the plan does not involve immediately excluding major US companies like Google, Microsoft, or Amazon. Due to their current dominance in the market, they will likely remain essential for European public administrations and businesses for the foreseeable future; nevertheless, the Commission aims to systematically reduce reliance on them.
The Commission plans to define four distinct levels of cloud sovereignty. These levels will address crucial aspects such as who controls the service, the underlying supply chain, data processing methods, the location of the infrastructure, and the organization of cybersecurity.
Member states are expected to perform sovereignty risk assessments based on these guidelines, determining the specific security level required for various applications within their respective administrations. The Commission intends to release guidelines to support this process. Details of these ambitious plans are set to be unveiled next week, although the final scope may be subject to change.
