Beti Hohler is a Slovenian national who lives in the Netherlands. Like tens of millions of other Europeans, she uses Apple’s app store and has an Amazon account. When she travels for work or leisure, she may want to book a place on Airbnb or Booking, using a credit card issued by Visa or Mastercard, perhaps through PayPal.
But when the Trump administration sanctioned her last year for her work as a judge at the international criminal court (ICC), her ability to use any of these services vanished overnight. Her credit cards, her accounts with US companies – all gone. The sanctions against Hohler and some of her colleagues mean they live in “constant uncertainty”, she said.
The ICC judges’ ordeal is an extreme instance of a reality Europe is starting to reckon with: the Trump administration’s confrontational political approach towards the EU has exposed the continent’s dangerous dependence on US technology.
The US tech market’s dominance is nothing new; increasingly, the danger is that this technological power could be turned against Europe politically. Elon Musk has already used his respective ownership of X and Starlink to interfere in European public debate and influence the war in Ukraine. And the US government has ordered the AI company Anthropic to limit foreign nationals’ access to its products on security grounds.
What if Washington were to cut off Europe’s access to US advanced chips during a trade dispute, or exploit its control of social media and cloud computing to spy on European governments and influence elections? Given that the EU relies on non-EU countries for more than 80% of its technology and 70% of its cloud computing, as well as the Trump administration’s commitment to “cultivating resistance” in Europe, none of this seems too far-fetched.
In response to these dangers, the European Commission published its highly anticipated digital “sovereignty package” to boost homegrown European technologies and shield the EU from foreign interference. Seen as a whole, last week’s package is a welcome, if belated, recognition that dependence on US tech companies isn’t just an economic problem – it’s a direct threat to the continent’s independence, resilience and security.
Its centrepiece is the Cloud and AI Development Act (Cada), which would create a ranking system for cloud providers handling public-sector data – such as Amazon Web Services, Microsoft Azure or France’s OVHCloud. In theory, the most sensitive operations and data – particularly those relating to national security and law enforcement – would be reserved for providers that met the highest sovereignty standards, establishing a clear preference for European providers.
While the framework may help shield Europeans from foreign surveillance and give a small boost to European cloud alternatives, it is undermined by some major flaws. For one thing, the strictest assurance level – the only one where US big tech would be banned from bidding for contracts – will only apply to a narrow segment of public-sector cloud procurement, which in turn represents only a small fraction of overall European cloud spending.
Worse still, Cada’s enforcement would be delegated to individual EU governments, many of which have strong incentives to implement the rules weakly in order to attract US tech investment or avoid US government pressure. This would replicate the unfortunate experience of the EU’s data protection rulebook, where Ireland’s financial dependence on big tech’s investments and tax payments has resulted in systematic underenforcement.
The Commission’s approach on AI highlights a more fundamental problem. Rather than establish how careful, targeted and evidence-based AI adoption could help the EU achieve its policy objectives while minimising societal harm, Brussels largely defers to the AI vision proposed by US big tech firms and backed by the Trump administration.
According to this vision, AI is an end in itself and the goal is to deploy it as quickly as possible, regardless of the consequences for society and the planet. Contrast this with Pope Leo’s recent encyclical on AI, which states that where “technological development advances without a corresponding ethical and social progress, the result may be an increase in means without a growth in humanity”.
The commission’s proposals thus fail to engage critically with AI’s potential benefits, risks and technical limitations, and instead simply take the positive impact of AI as a given without providing much evidence. The same shortsighted approach informs much of the EU’s overall strategy on tech, including rushed plans to weaken EU data privacy and AI safety rules as part of misguided attempts to “catch up” with the US.
This is the shaky rationale behind the commission’s commitment to triple Europe’s datacentre capacity over five to seven years, centred on measures in the Cada forcing every EU country to set up “datacentre acceleration zones”. Within these zones local authorities would have to approve datacentre applications within 12 months, including by watering down environmental and planning reviews to facilitate permitting.
The acceleration zones raise serious concerns about transparency, democratic accountability and sustainability, at a time when public opposition to datacentres is exploding due to their impact on the environment and household electricity bills. They also risk undermining the commission’s own sovereignty goals; by failing to include criteria on company size or nationality, the zones could end up further entrenching the US hyperscalers that dominate Europe’s cloud market.
Brussels fails to recognise that digital sovereignty isn’t just about who owns or controls your technology. It’s also about having an independent vision for how that technology is designed, developed and deployed. If Europe really wants to be sovereign, it needs to free itself from Silicon Valley’s ideology, not just its tech. Without its own vision for how AI should serve society, Europe will remain a decision-taker rather than a decision-maker.