Until recently, digital sovereignty was not high on the European political or regulatory agenda. Yes, it was considered an important issue, but five years ago it had nothing like the profile or sense of urgency we see today.
Indeed, the momentum for the creation of cloud infrastructure in the EU is growing rapidly, as November’s Franco-German summit is the latest attempt to “develop the key elements of an independent, secure and innovation-friendly digital future in Europe.”
General Manager of EMEA North at SUSE.
At the same time, European stakeholders in all public and private sectors are reassessing their dependence on foreign suppliers, especially US hyperscalers, and the long-term consequences for security, governance and competition.
The article continues below
The underlying issues have become so pressing that the continent now faces a critical moment in deciding how it wants to manage and govern its digital future.
Current situation
How did we get to this point? European organizations have spent years relying on large non-EU technology suppliers. To some extent, this is understandable.
The likes of AWS, Microsoft and Google have compelling infrastructure propositions that have revolutionized the cloud industry and delivered huge benefits to customers wherever they are.
What many European customers did was to assume that local hosting, contract protection and regional compliance measures were sufficient to meet sovereign requirements.
That view was undermined when Microsoft confirmed to the French Senate earlier this year that data stored within the EU could still fall under foreign jurisdiction, calling into question the residency model many had trusted.
In particular, US legal mandates such as the CLOUD Act can, in fact, cross geographic boundaries, raising concerns about how much control European organizations actually retain.
Adding to the problem is that the way organizations manage their data and use cloud services has also changed. Business environments are now more diverse than ever, with unstructured data now dominating and spreading across clouds, applications and environments in ways that are difficult to track.
Mixed and multi-cloud adoption has accelerated these difficulties, reducing visibility into where data resides and which legal entities govern it.
The result is that digital sovereignty has evolved from a conceptual vision to a practical and strategic concern. Organizations can no longer kick the can down the road.
Building the future
Clearly, the current position is unsustainable. According to the 2025 industry report, AWS, Azure and Google Cloud together hold about 70% of the European infrastructure cloud market, while all European-headquartered cloud providers account for about 15%.
From a sovereign perspective, Europe needs digital solutions that are both localized and scalable, rather than niche or limited acquisition offerings. Suppliers operating in Europe are expected to create technologies that compete with the rest of the world while still meeting sovereign expectations.
However, this is not just a matter of opening up infrastructure investment. Sovereignty cannot be achieved in isolation; collaboration across the European technology ecosystem is essential, including partnerships between organizations that may not have traditionally worked together.
Our recent partnership with evroc, is a good example, as we join forces to deliver a secure European cloud infrastructure.
For example, customers need better visibility of the European options available to them, as many remain unaware of the strength and maturity of domestic solutions.
Sovereignty also requires the ability to evaluate suppliers in an objective manner, using clear criteria that reflect sovereign control, transparency of the supply chain and operational independence.
On a practical level, the EU Cloud Sovereignty Framework serves as an important reference point, providing organizations with a systematic way to assess levels of sovereignty and make informed decisions.
Ideally, this will also help create a level playing field in cloud procurement, ensuring that the right European providers are considered rather than automatically ignored.
Looking forward, maintaining positive momentum will be important. Without the emergence of new cloud infrastructure, organizations cannot achieve meaningful sovereignty unless they maintain reliable control over their data.
The main challenge is not only where the data is stored but how organizations can control how it is used, how it is transmitted and how it is accessed in different places.
In this context, it is important to use tools and processes that allow them to implement policies such as occupancy, access controls and maintenance rules in an accurate and verifiable manner.
This approach places more sovereignty in the field of governance and ongoing operational disciplines such as infrastructure investment or regulatory changes. In the coming years, Europe’s ability to strengthen sovereignty will depend on whether organizations can ensure control over their data throughout its lifecycle, not just at the end.
We’ve featured the best business cloud storage.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the tech industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you would like to contribute find out more here:
