The European Commission is looking at new rules that would limit the use of U.S. cloud platforms for handling sensitive government data across the EU.
This step could strengthen Europe’s ongoing efforts for “tech sovereignty” and increase pressure on Amazon Web Services, Microsoft Azure, and Google Cloud.
Officials say the proposal is being developed within the Commission and might be part of a larger “Tech Sovereignty Package” expected on May 27.
The plan does not mean Europe will stop using American cloud services entirely.
The proposal could prevent U.S. cloud giants from handling workloads related to important public functions. This is the EU’s strongest move so far toward data sovereignty, targeting government data instead of the entire commercial cloud market.
Why the issue is surfacing now
CNBC reported that more people in Europe are calling for the region’s most important workloads to move away from leading U.S. providers. This shows the debate is now about core state infrastructure, not just privacy.
TechBuzz linked these concerns to the U.S. CLOUD Act, which can require American companies to give up data stored anywhere in the world, even if it is on European servers.
These legal and geopolitical issues help explain why cloud policy is now seen as a strategic matter. The Commission is considering rules that could affect citizen data, defense systems, and classified information. This is part of a larger effort to rely less on U.S. platforms in areas that Brussels considers especially sensitive.
The market stakes are high
If Brussels goes forward with these rules, the impact could be big because U.S. providers still lead Europe’s cloud market. Amazon Web Services, Microsoft Azure, and Google Cloud together hold about 70% of Europe’s cloud infrastructure.
European governments already depend on these platforms for things like healthcare records and tax systems, so moving away from them would be costly, technically challenging, and politically sensitive.
Europe’s own cloud companies are much smaller. France’s OVHcloud and Germany’s IONOS together have less than 10% of the market. This shows how difficult it would be for European providers to quickly take on important public-sector workloads if countries had to move away from American platforms.
A policy with practical complications
Even supporters of stricter sovereignty rules may face a difficult implementation problem. Many governments across Europe have spent years building systems on AWS and Azure, creating deep dependencies on proprietary tools and architectures. A rapid move to smaller local providers, it noted, could risk disruption during migration and create security problems of its own if transitions are rushed.
That is what makes the Commission’s reported discussions so consequential. Brussels is no longer treating cloud dependence as a background concern. Any real restriction would force a collision between sovereignty goals and operational reality.
For Europe, the question is no longer just whether it wants more control over where sensitive public data is handled.
It is whether it is ready to bear the cost and complexity of building that control at scale.
