Why Europe S Cloud Sovereignty Push Actually Matters

The global sovereign cloud market is projected to reach over $250 billion in just three years. Image: Alexandre Lallemand/Unsplash Last week, World Economic Forum President Børge Brende warned of three emerging bubbles threatening financial markets: crypto, AI and government debt – now at levels not seen since 1945. But there’s a critical dimension to this warning that wasn’t touched upon: the three bubbles all depend on next generation cloud computing power. And this is increasingly consolidated in the hands of a few geographically concentrated hyperscalers that control more than two-thirds of global cloud infrastructure spending. When investment bubbles meet concentrated infrastructure and a fracturing geopolitical order, systemic risk multiplies.

This is now a potential fourth bubble, and will be one of the top issues facing world leaders. The question for those gathering this week in Berlin for the Summit on European Digital Sovereignty, and those who will meet in Davos in January, is stark: How do you provide the technological and... Last month, the European Commission – with no home-grown hyperscalers – moved to provide an answer: a €180 million tender for sovereign cloud infrastructure to equip its institutions, noting that it “establishes a benchmark... Sovereignty Is Not a Server Location. What Airbus Just Admitted — and Why Privacy Now Depends on Architecture, Not Intent For years, the technology industry has treated cloud computing as a neutral utility: scalable, efficient, and fundamentally detached from politics or power.

That illusion has now collapsed — not because critics shouted louder, but because one of Europe’s most systemically important industrial actors finally stated the obvious. Earlier this year, while addressing these same questions in the context of aviation, infrastructure, smart home and office technology, and regional resilience at CARIBAVIA, I argued that cloud computing had quietly crossed a threshold. It was no longer merely an efficiency layer or an IT procurement choice, but a jurisdictional dependency — one whose implications were being underestimated precisely because failure had not yet forced the issue into... Airbus is preparing to move some of its most sensitive digital systems away from U.S. hyperscale cloud providers and into what it explicitly calls a European sovereign cloud. The systems in question are not ancillary services or experimental workloads.

They include enterprise resource planning platforms, manufacturing execution systems, customer relationship management tools, and product lifecycle management environments tied directly to aircraft design. Airbus leadership has been candid that this migration may fail, estimating roughly an eighty percent chance of finding a European provider capable of meeting the technical and operational requirements. Yet the willingness to accept that risk tells us something far more important than the migration itself. According to TheRegister.com, IONOS and German IT service provider Dataport have partnered to create dPhoenixSuite, a fully cloud-based workplace solution hosted exclusively in German datacenters under European jurisdiction. The platform serves six German federal states and handles tens of thousands of concurrent users while maintaining complete data control and transparency. A February 2025 Bitkom study found that 86% of companies prefer European AI infrastructure, driven by GDPR requirements and concerns about third-country provider risks.

IONOS operates 18 datacenters across the EU and claims pricing up to 50% cheaper than US hyperscalers while complying with EU AI Act and NIS2 Directive regulations. Here’s the thing about government services moving to the cloud: citizens don’t get to choose their provider. When your local registry office or health department goes digital, you’re stuck with whatever infrastructure they picked. And if that infrastructure answers to foreign laws or operates in legal gray areas, well, that’s problematic. The push for digital sovereignty isn’t just bureaucratic box-ticking. We’re talking about citizen data, tax information, health records – the stuff that really matters.

IONOS makes a compelling case that European infrastructure controlled by European companies under European law is the only way to guarantee actual sovereignty. But is it really that simple? Look, the regulatory environment is getting brutal for US cloud providers in Europe. Between GDPR, the EU AI Act, and NIS2, compliance is becoming a nightmare. IONOS claims many US platforms can’t legally meet these standards, which creates a massive opportunity for European providers. That 86% figure from Bitkom is telling.

Companies aren’t just worried about fines – they’re concerned about geopolitical risks and not understanding foreign legal systems. When your entire business could be disrupted because of some legal change in another country, sovereignty starts looking pretty attractive. When Austria’s Ministry of Economy, Energy, and Tourism set out to replace Skype for Business as its virtual meeting platform, Microsoft Teams was the obvious choice. The newer collaboration app is already used across other ministries, and it was widely assumed that the Ministry of Economy would follow suit. “From a management perspective, the path was clear to Teams,” said Martin Ollrom, the Ministry’s CIO. But when the IT, security, and legal leaders reviewed the cloud-hosted application, they reached a different conclusion.

Teams, they argued, posed an unacceptable risk. Call and message data would be processed using software and infrastructure controlled by a US vendor and could therefore be subject to foreign government access requests. “The point is that every voice message will be processed on external computer systems which are not under our full control,” said Florian Zinnagl, the Ministry’s CISO. “At the end of the day, if a security agency from the US wants to force a US vendor to pull out data, then they have to do this.” Instead, the Ministry deployed an open-source collaboration suite on its own servers, rolling it out to 1,200 staff earlier this year. While opting for open-source software over a popular proprietary application such as Teams (which has 320 million monthly users worldwide, according to the most recent stats) may be uncommon, it reflects a growing shift...

As the race to advance digital economies gathers pace, European leaders face a dilemma: How to promote domestic cloud competition that reduces dependence on external providers, while ensuring European security and control over data. This was the central focus of many conversations last week, when over 500 of Europe’s leading voices on sovereign cloud met in Brussels to discuss Europe’s drive for competitiveness and resilience. Now in its third year, the European Sovereign Cloud Day – hosted by Broadcom – brought together regulators, researchers, industry leaders, and policymakers to discuss how Europe can uphold its position as a cloud... Why has cloud sovereignty become such a pressing issue? Nearly three-quarters (72%) of cloud services are provided with AWS, Microsoft Azure and Google Cloud in Europe, and up to 90% of European data resides outside EU-controlled infrastructure - therefore creating serious geopolitical and... Issues like European control, confidentiality and accessibility become even more critical in our digital-first world.

Here, we discuss the key themes from the European Sovereign Cloud Day, including the growing need for cloud sovereignty, the role of regulation, and the importance of sovereign cloud to the pressing issue of... Striking a careful balance between cloud innovation and data control is becoming ever trickier, with data volumes increasing exponentially as we enter the generative AI age. We’re expected to go from generating 33 zettabytes in 2018 to an estimated 572 zettabytes in 2030, thus underpinning the growing need for robust sovereign data infrastructures. David Michels, Researcher at Queen Mary University of London, highlighted some of the core concerns around confidentiality and availability of data and why sovereign cloud holds the key to relieving some of these fears... Cloud sovereignty ensures users have control over where their data is stored and who can access it, while providing protection against vendor lock-in. It also limits the jurisdictional reach of non-EU governments over European data.

Cloud sovereignty ensures that data, workloads, and operations stay under EU control. Learn why it matters, the key regulations, and how to achieve true sovereignty. US based hyperscalers continue to dominate digital infrastructure worldwide. Yet across Europe, there is a growing movement to protect data from both cyber threats and extraterritorial laws, and to ensure full regulatory compliance. Cloud sovereignty has become a cornerstone of this effort. Cloud sovereignty ensures that data, workloads, operations, and digital infrastructure remain under the jurisdictional control of the country or region where they reside.

It goes beyond simple data residency. For European organizations, it is about visibility and legal control over how and where sensitive information is stored, processed, transferred, and who can access it. For organizations across the EU, digital and cloud sovereignty are closely tied to trust, compliance, and competitiveness. Regulations such as the GDPR require that personal data remain protected under EU law. Noncompliance can result in severe fines and long term reputational damage. The stakes are even higher for government agencies, operators of Critical National Infrastructure (CNI), and regulated industries such as healthcare and finance.

These sectors handle highly sensitive data and face stringent compliance demands. For them, cloud sovereignty is essential to meet regional laws, build operational resilience, and reduce exposure to foreign surveillance. Brianna Monsanto is a reporter for IT Brew who covers news about cybersecurity, cloud computing, and strategic IT decisions made at different companies. The European Union’s (EU) desire for cloud sovereignty has seemingly been reignited as geopolitical tensions push organizations to reevaluate the region’s reliance on the US for its digital infrastructure needs. Last week, Amazon Web Services (AWS) announced it had launched a new European parent company and three subsidiaries incorporated in Germany for its European Sovereign Cloud offering. The parent company will be “locally controlled” and led by EU citizens.

AWS European Sovereign Cloud is expected to roll out by the end of the year. “There will be zero operational control outside of EU borders; the AWS European Sovereign Cloud will be operated entirely by residents of Europe,” the tech giant wrote in a blog post. “Only AWS employees, residing in the EU, will control day-to-day operations, including access to data centers, technical support, and customer service for the AWS European Sovereign Cloud.” The move joins several efforts by hyperscalers to bolster sovereign cloud solutions for customers. In May, Google Cloud announced several enhancements to its sovereign cloud offerings, including a new solution that conducts “recurring security testing of customer applications to validate sovereignty postures.” The month prior, Microsoft pledged to... Deloitte Insights and our research centers deliver proprietary research designed to help organizations turn their aspirations into action.

For personalized content and settings, go to your My Deloitte Dashboard Stay informed on the issues impacting your business with Deloitte's live webcast series. Gain valuable insights and practical knowledge from our specialists while earning CPE credits. Stay informed with content built for today’s business leaders. From data visualizations to expert commentary, our video content delivers concise, actionable information to help you lead with clarity in a complex world. Looking to stay on top of the latest news and trends?

With MyDeloitte you'll never miss out on the information you need to lead. Simply link your email or social profile and select the newsletters and alerts that matter most to you. Feature Europe’s quest for digital sovereignty is hampered by a 90 per cent dependency on US cloud infrastructure, claims Cristina Caffarra, a competition expert and a driving force behind the Eurostack initiative. While Brussels champions policy initiatives and American tech giants market their own ‘sovereign’ solutions, a handful of public authorities in Austria, Germany, and France, alongside the International Criminal Court in The Hague, are taking... These cases provide a potential blueprint for a continent grappling with its technological autonomy, while simultaneously revealing the deep-seated legal and commercial challenges that make true independence so difficult to achieve. The core of the problem lies in a direct and irreconcilable legal conflict.

The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR). This creates a risk that is difficult, if not impossible, to mitigate contractually. Any private contract between a European customer and a US cloud provider is ultimately subordinate to US federal law. A warrant issued under the CLOUD Act legally compels an American company to hand over data, overriding any contractual commitments of data residency or privacy.

People Also Search

• Sovereignty 2.0: Why Europe's €180 million cloud bet matters
• Europe's Digital Divide: Why Sovereign Cloud Matters for Privacy ...
• Why Europe's Cloud Sovereignty Push Actually Matters
• Global uncertainty is reshaping cloud strategies in Europe
• PDF Too late to act? Europe's quest for cloud sovereignty
• Europe's Sovereign Cloud Crossroads: Competitiveness vs Control
• What Is Cloud Sovereignty? A Guide for European Enterprises
• Why cloud sovereignty is top of mind for Europe - itbrew.com
• Cloud sovereignty in Europe | Deloitte Insights
• Europe gets serious about cutting US digital umbilical chord