Europe is trying to buy cloud independence, but the chips underneath those services still tie the continent to the US and Taiwan.
That is the awkward truth sitting behind the latest wave of sovereign cloud spending. The European Commission last month awarded four cloud contracts under its new sovereignty framework, yet even that effort makes clear how partial Europe's control really is, because one of the awarded setups still relies on Google Cloud technology through S3NS, while the broader market remains dominated by non-European infrastructure and hardware. According to the Commission's own framework, true sovereignty only arrives at SEAL-4, which requires a full EU supply chain from chips to software, and none of the recent awards get there.
That gap matters more now than it did even a year ago. Cloud sovereignty used to be framed as a question of where data is stored, who can access it, and which legal jurisdiction applies. AI has changed the equation. Once training and inference workloads start leaning on specialized accelerators, the question becomes who controls the processors, who can ship them, and whether those chips can be restricted by export controls or supply chain shocks. Reuters reported in March that US officials were weighing AI chip export rules that could require foreign buyers to make investments or security commitments. The Commerce Department later withdrew that particular draft, but the episode still showed how quickly the hardware layer can become part of a geopolitical bargain Europe does not control.
Europe has not been idle. In April, the Commission said it had awarded sovereign cloud contracts to a Luxembourgish-French group led by Post Telecom with OVHcloud and CleverCloud, Germany's STACKIT, France's Scaleway, and a Belgian-French-Luxembourgish partnership led by Proximus using S3NS, Clarence and Mistral. The point of the exercise was to diversify away from lock-in and give EU institutions cloud services that comply with EU laws and values. That is a real step, and a useful one. But the same Commission document also makes the limitation plain: the framework measures sovereignty across legal, operational, security and supply-chain criteria, and SEAL-4 requires a full EU supply chain, from chips upward. That is the part Europe still does not have.
This is why the processor question has become so central to AI infrastructure. A sovereign cloud can keep workloads in Europe, under European contracts, with European operators. It cannot magically manufacture its own accelerators at scale. For many AI systems, especially the ones that matter in regulated industries, the bottleneck is not the data center shell. It is the silicon, the firmware, the interconnects and the upstream manufacturing network. If those are American or Taiwanese, then the cloud may be geographically European, but strategically it is not fully sovereign.
That distinction is easy to miss because the cloud market has become very good at talking about control. AWS said in January that its European Sovereign Cloud would be physically and legally distinct from its global infrastructure and backed by more than 7.8 billion euros of investment, with EU citizens controlling the service's governance. That is a serious answer to data residency concerns. It is also a reminder that the largest providers are now adapting their products to meet European sovereignty demands rather than retreating from the region. Europe is getting more choices, but it is not getting control of the full stack.
Why AI startups should care
For AI startups, the issue is not abstract policy theatre. It is continuity risk. A finance, healthcare or defense customer in Europe does not just want assurances that data stays within the bloc. It wants to know the service can survive a sanctions regime, a chip shortage, a software export restriction or a sudden shift in procurement policy. That matters when model training depends on scarce accelerators and when inference costs can change quickly if supply tightens. A startup building on sovereign cloud infrastructure may still find its roadmap constrained by hardware it cannot source freely or replace easily.
Reuters reported in February that EU financial services commissioner Maria Luís Albuquerque said Europe must retain control over the key technologies that underpin its economies, while EU regulators have designated Amazon Web Services, Google Cloud and Microsoft as critical third-party computing providers for the bloc's finance industry. That view is becoming more relevant, not less. As Brussels pushes cloud sovereignty harder, the logic will eventually have to extend beyond contracts and compliance into industrial capability, because a regulatory perimeter is not the same thing as a hardware base. If the EU wants a genuine AI stack, it has to decide whether sovereignty is a legal condition, a procurement label or an industrial strategy.
Right now, it is trying to be all three. The problem is that only one of them can be bought quickly. The others take years, capital and scale. That is why the current sovereign cloud push is important but incomplete. Europe has learned how to keep more data at home. It has not yet learned how to keep the machines that process that data under its own control. Until that changes, every sovereign cloud will carry a foreign dependency at its core, and AI startups will have to build on top of it anyway.
Also read: Senate panel advances bipartisan crypto bill, bringing regulatory clarity within reach for startups • Zcash breaks past $500 as privacy coins get a fresh bid • Startups, safety, and the true cost of 'abliterating' Qwen3.6-27B
