Twenty-four executives from European cloud and digital service providers are urging the European Commission to legislate for real tech sovereignty, not the illusion of it, in the upcoming Cloud and AI Development Act (CADA). Their open letter signals growing frustration with what CISPE calls "sovereignty-washing" – measures that would further entrench the dominance of global hyperscalers, most of them American.
The three hyperscalers account for around 70 percent of the cloud services market in the region, creating a structural disadvantage for European competitors. This dominance explains the real tension underlying the regulatory debate. Experts told The Register last year that untangling European workloads and data from the major US clouds could take two decades, given the volume already deployed there. For European providers, early action on procurement and investment now could prevent another decade of entrenchment.
The central issue is definitional. CISPE argues that sovereignty must be defined by control, not by whether a provider merely has an EU presence. This distinction matters because it exposes a critical vulnerability in the current landscape. The letter argues that effective ownership of technology and protection from extraterritorial laws like the US CLOUD Act, which can compel American tech companies to provide data to US authorities, including data stored overseas, subject to legal process, are essential.
That concern is not theoretical. Microsoft's director of public and legal affairs in France was asked if he could guarantee that data on French citizens could not be transmitted to the American government without explicit agreement of the French government, and responded: "No, I cannot guarantee that, but, again, it has never happened before." The admission, made during a French Senate hearing, highlighted the uncomfortable reality that data residency in European data centers provides no protection against US legal demands.
"CADA is a once-in-a-lifetime opportunity to put Europe back on the front foot in the digital economy, and we must not squander it by legitimizing sovereignty-washing," declared CISPE Secretary General Francisco Mingorance. The trade association's specific recommendations target procurement, not just regulation. If just 10 percent of European cloud procurement integrated Gaia-X labels, it could inject €20 billion annually into European cloud infrastructure.
CISPE's requests also address competition. AWS, Azure, and Google Cloud have spent more than a decade building platforms that smaller rivals struggle to match across the full stack. The asymmetry in investment, network effects, and service breadth creates barriers that procurement policy could help level. Reserved shares for European providers handling sensitive data, smaller procurement lots to accommodate SMEs, and requirements that public investment prioritise European supply chains would shift the game without creating outright protectionism.
This is not CISPE's first clash with Brussels on the issue; last year it hit out at the EU Cloud Sovereignty Framework for defining sovereignty so vaguely that it favoured incumbent hyperscalers over local operators. The track record suggests Europe's policymakers face a genuine trade-off. Broad definitions that allow flexibility tend to advantage incumbents. Narrow definitions that mandate true control over data and infrastructure restrict choice and cost. Political urgency has sharpened since the Trump administration took office last year, accelerating European appetite for reducing dependence on American tech infrastructure.
For Australian exporters and investors watching this debate, the stakes extend beyond Europe. How the EU resolves the sovereignty-versus-openness tension will shape the contours of cloud infrastructure globally. A Europe that succeeds in building credible alternatives could open a new export market for security-conscious enterprises worldwide. A Europe that codifies the dominance of US hyperscalers under a sovereignty label will reinforce the global pattern that has already taken hold. CISPE's push, then, is not just a European concern; it is a test case for whether regulation can reshape entrenched market power when the incumbents have already won.