The European Commission has published what it describes as one of its most ambitious digital policy initiatives to date: a technology sovereignty package that maps the bloc’s structural dependencies on non-European technology providers and sets out a funding framework intended to reduce them. At its centre is a candid assessment: Europe faces critical dependencies in cloud technology and AI infrastructure, while domestic demand for European alternatives remains weak.
At the intersection of industrial policy and geopolitics, the EU’s technology sovereignty package forces a long-deferred reckoning. The Commission’s own dependency analysis rates Europe’s position in cloud technology and AI infrastructure as “critical” and “high” — the two most severe categories — while simultaneously noting that public procurement of European alternatives is “weak.” This internal contradiction shapes everything that follows.
The initiative allocates €38 million to OpenEuroLLM, a programme to develop genuinely open foundation models covering 24 EU languages. A further €50 million flows to GenAI4EU, and €156 million finances SIMPL, a platform designed to enable federated data spaces — architectures that allow data sharing without centralising control. Alongside these, the Cloud and AI Dependencies Act (CADA) introduces an open-source-first procurement principle, a structural shift that, if implemented consistently, could redirect public spending toward domestically built alternatives.
The dependency picture is not uniform. Europe’s exposure to external providers is most acute in areas that require deep capital and long development cycles: GPU-class chips, foundation model training, and the frameworks underpinning large-scale AI inference. These are sectors where a handful of non-European companies hold market positions that took years to establish and are not easily displaced. Even proponents of European digital autonomy acknowledge that reliance on Nvidia GPUs for AI training will persist for years, and that public administrations and enterprises will continue running US-developed models — GPT, Claude, Gemini — alongside any European alternatives.
Dr. Andreas Nauerz, Chief Product Officer at IONOS and someone who oversees the daily construction of AI and cloud products, puts the core tension plainly: “The question is not whether we build sovereign infrastructure, but how we build it in a world where key components — GPU chips, foundation models, training frameworks — are dominated by a handful of non-European companies.” For Nauerz, the Commission’s most striking finding is not the dependency on hardware or models, but the weakness of demand from the public sector. European alternatives exist. Nextcloud already runs on the IONOS Cloud. EuroOffice is scheduled to launch during the summer. Q.ANT, based in Stuttgart, is developing photonic AI chips that consume one-thousandth of the energy of conventional GPUs. “There are good European products,” Nauerz observes. “What is missing is demand from public institutions.”
This diagnosis points to a structural policy failure that predates the sovereignty package and will outlast it unless addressed directly. Procurement practices across EU member states remain fragmented and frequently default to established international platforms, not for lack of alternatives, but due to path dependency, risk aversion among procurement officers, and the absence of a common European framework for assessing and certifying domestic solutions. CADA’s open-source-first principle represents a departure from this pattern, but its impact will depend on implementation at national level, where procurement decisions are ultimately made.
The broader conceptual debate is equally significant. A strand of thinking in European digital policy has long equated sovereignty with autarky: the ability to produce every critical component domestically. The technology sovereignty package implicitly challenges this framing, even if it does not fully resolve the tension. Dependency analysis alone does not determine policy response. A dependency that cannot be eliminated in the medium term — GPU chips being the clearest example — calls for a management strategy, not a denial of reality. European cloud providers, hyperscalers included, will continue to offer services built partly on American silicon and partly on American software for the foreseeable future. The question is how data governance, contractual protections, and open technical standards can establish meaningful boundaries within that architecture.
The federated data space model, as embodied in the SIMPL platform, offers one answer. By allowing data to be shared without central aggregation, federated architectures reduce the risk of lock-in to any single provider while preserving the interoperability that modern digital services require. The Gaia-X framework has sought to operationalise similar principles at European scale, though its progress has been slower than its architects anticipated. SIMPL represents a more targeted investment in a comparable direction.
OpenEuroLLM addresses a different but related concern: linguistic and cultural representation in AI systems. Foundation models trained predominantly on English-language data perform unevenly across the EU’s 24 official languages, with smaller language communities underserved. The €38 million allocation cannot, by itself, close the gap with models trained on orders-of-magnitude larger budgets, but it establishes an infrastructure — and a governance model, given the open licensing requirement — that could attract further public and private investment.
The technology sovereignty package, then, is neither a declaration of digital autarky nor a surrender to structural dependency. It is a framework for managing a complex reality: Europe will remain embedded in global technology supply chains, but it can negotiate the terms of that embeddedness through procurement policy, open standards, targeted investment, and regulatory leverage. Whether that framework produces durable results depends less on the Commission’s architecture than on the political will of member states to implement it consistently — and the willingness of European enterprises and institutions to choose European solutions when they exist.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de