Summary

The European Union is examining regulations that would restrict the use of US cloud services by member state governments when processing confidential data. The European Commission is to present its sovereignty package on May 27, 2025. The focus is on critical workloads in the finance, justice, and healthcare sectors, which are to be relocated to European cloud infrastructures. European companies using US technology would also be affected.

People

  • Mike Faust (Author, Golem.de)

Topics

  • Digital Sovereignty
  • Cloud Infrastructure
  • EU Regulation
  • Technological Independence

Clarus Lead

The planned measure significantly escalates strategic technology competition between the EU and the US. Against the backdrop of growing political uncertainty in the US, the EU is advancing its decoupling from American platforms – not through blanket bans, but through differentiated sovereignty requirements. This signals a fundamental paradigm shift in public infrastructure decisions and forces tech companies to choose between European and US business models.

Detailed Summary

The EU Commission is planning a multi-layered regulatory framework to strengthen technological autonomy. The core strategy is not the complete exclusion of US providers, but sectoral differentiation: for finance, justice, and healthcare data, European cloud infrastructures with a high degree of sovereignty should be mandatory. These requirements also apply to European service providers if they rely on US technology.

According to CNBC, ongoing discussions focus on how critical workloads can be systematically shifted from US platforms to European solutions. Sectors are strategically defined whose data protection affects national security interests. The approach combines regulatory pressure with investment incentives for building European cloud capacity.

Key Statements

  • EU plans sovereignty requirements for sensitive government data in finance, justice, and healthcare
  • Non-EU cloud platforms should not be excluded outright, but restricted for critical data
  • European companies with US technology dependencies must also expect regulatory consequences
  • Commission to present comprehensive sovereignty package on May 27, 2025

Critical Questions

  1. Data Quality of Planning: What specific security assessments or risk analyses do the planned sector restrictions (finance, justice, healthcare) base on? Were alternative sectors examined?

  2. Technical Feasibility: Does the EU have sufficient European cloud capacity to handle data transfers from US platforms, or is there a risk of a multi-stage implementation gap?

  3. Collateral Damage: How will the EU cushion potential US retaliation against European tech companies or restrictions on digital services?

  4. Practical Enforcement: How can it be verified that European providers actually have no indirect US dependencies through subcontractors or cloud infrastructure partners?

Source Directory

Primary Source: Digital Sovereignty: EU Could Restrict Use of US Cloud Services – Golem.de, 07.05.2026

Secondary Source (cited): CNBC – Report on EU discussions on cloud sovereignty (anonymous sources)

Verification Status: ✓ 07.05.2026

This text was created with the support of an AI model. Editorial responsibility: clarus.news | Fact-check: 07.05.2026