Reflects rising political pressure to cut reliance on US tech

The EU is considering new rules that could limit the use of American cloud platforms for handling sensitive government information.

Officials familiar with internal discussions say the proposals are expected to form part of a wider “Tech Sovereignty Package” due to be unveiled by the European Commission on 27th May.

The new measures would not ban US cloud companies from public contracts outright, but could restrict how they are used for highly sensitive sectors such as healthcare, finance and judicial systems.

“The core idea is defining sectors that have to be hosted on European cloud capacity,” one EU official told CNBC.

Officials said the restrictions being considered would apply only to government and public-sector bodies, not private businesses.

Foreign cloud providers would still be permitted to operate across the bloc, although their involvement in handling highly sensitive government data could be limited based on security and risk evaluations.

The wider package is also expected to introduce measures aimed at boosting Europe’s domestic technology capabilities, including the Cloud and AI Development Act and a revamped Chips Act.

Officials cautioned that discussions are ongoing and the proposals have yet to be finalised. Any measures put forward by the European Commission would still need the backing of all 27 member states before becoming law.

Strategic autonomy

European policymakers have increasingly argued that the bloc must develop greater “strategic autonomy” in digital infrastructure, particularly as relations with Washington become more strained under US President Donald Trump’s administration.

A key concern among EU officials is the US CLOUD Act, introduced in 2018, which allows American law enforcement agencies to request data from US-based technology companies regardless of where that data is physically stored.

Critics argue this creates legal uncertainty for governments handling confidential information through American providers.

A spokesperson for the European Commission described the upcoming package as “Europe waking up and getting its act together.”

The spokesperson added that the initiative would seek to “improve opportunities for sovereign cloud offerings, including through public procurement, and support the entry into the market of a more diverse set of cloud and AI service providers.”

Shift already in progress

Several European governments and institutions have already begun moving away from US technology platforms.

France announced earlier this year that it would expand use of Visio, a state-developed video conferencing platform intended eventually to replace tools such as Microsoft Teams and Zoom across government departments.

Denmark has also started phasing out some Microsoft software in parts of its public administration, while municipalities including Copenhagen and Aarhus have cited rising costs and political concerns as reasons for reducing dependence on US systems.

In Germany, the state of Schleswig-Holstein is replacing Microsoft Office products with open-source alternatives and pursuing a longer-term transition to Linux-based systems.

International institutions are also exploring European-built platforms.

The International Criminal Court last year announced plans to migrate systems to OpenDesk, an open-source collaboration suite developed in Germany.

In February, the United States instructed its diplomats to lobby against foreign governments seeking to tighten control over how American technology companies handle citizens’ data.

An internal diplomatic cable signed by US secretary of state Marco Rubio warned that so-called “data sovereignty” or “data localisation” laws could disrupt AI services and cloud computing operations provided by US firms.

We should note that this news comes just one day after the EU delayed implementation of certain AI Act rules, which industry sentiment suggests was at least partly down to the aforementioned US lobbying efforts. Talk about mixed signals.