European Push for Digital Sovereignty in Cloud Infrastructure
European governments and organizations are intensifying efforts to achieve digital sovereignty in cloud infrastructure, driven by geopolitical uncertainties and concerns over reliance on American hyperscalers such as Microsoft, Google, and Amazon Web Services. With U.S. policy shifts and potential transatlantic tensions, European leaders are prioritizing the development of domestic alternatives and strategies to ensure control over sensitive data and critical workloads. Despite these ambitions, local cloud providers currently hold only a small share of the market, and experts suggest that a new European hyperscaler is unlikely to emerge soon, with existing players like SAP and Deutsche Telekom each controlling only about 2% of the market.
In response to these sovereignty concerns, cloud providers are expanding offerings tailored to regulatory and data residency requirements. Amazon Web Services, for example, has introduced Dedicated Local Zones to provide customers with greater control over data location, security, and compliance, supporting sensitive workloads for public sector and regulated industries. These initiatives reflect a broader trend of cloud service adaptation to meet the evolving needs of European customers seeking to balance operational flexibility with strict sovereignty and compliance mandates.
Timeline
Apr 27, 2026
ITIF report urges Canada to prioritize cloud control over sovereignty mandates
ITIF published a report arguing that Canada's sovereign cloud debate overemphasizes domestic ownership and data residency, and that sensitive workloads are better protected through technical, operational, legal, and procurement controls. The report recommended reserving strict domestic-control requirements for defense, intelligence, and a narrow set of highly sensitive government workloads.
Apr 23, 2026
CISPE launches framework to verify sovereign and resilient cloud services
CISPE launched the Sovereign and Resilient Cloud Services Framework to help enterprises and public authorities assess whether cloud offerings genuinely meet sovereignty and resilience requirements. The scheme introduces auditable badges for sovereign and resilient services, and CISPE said more than 40 services had already been declared against the framework.
Apr 21, 2026
Wero disclosed as partly relying on AWS despite sovereignty positioning
European payment service Wero, launched by the European Payments Initiative, was reported to rely in part on Amazon Web Services even as it was marketed as an independent European payment solution. EPI said it uses a mix of European and international providers and maintains control over architecture and operations, while acknowledging extraterritorial access under U.S. law as a relevant risk.
Apr 17, 2026
European Commission awards €180M sovereign cloud contract to four providers
The European Commission awarded a six-year, 180 million euro cloud framework contract to Post Telecom, StackIT, Scaleway, and Proximus. The deal allows EU institutions and affiliated agencies to procure sovereign cloud services aligned with security, transparency, technological openness, and limits on non-EU control.
Apr 16, 2026
Four European firms launch sovereign disaster recovery package
Four European technology companies unveiled a 'fully sovereign disaster recovery pack' at the European Data Summit in Berlin to help organizations reduce reliance on U.S. technology providers. The package combines storage, multi-cloud orchestration, networking, identity, and observability capabilities and was positioned as aligned with DORA, NIS2, and GDPR requirements.
Apr 9, 2026
Gaia-X shifts to operational 'Season 2' for production data spaces
At the 8th plenary session of the Gaia-X France Hub, Gaia-X said it was entering a more mature 'Season 2' phase, moving from subsidized pilot projects toward sustainable production use of data spaces. CEO Ulrich Ahle said Gaia-X was working with Université Dauphine on viable structures and business models, while the initiative emphasized sovereignty-focused cloud labeling and 2026 as a key year for consolidation and adoption.
Dec 12, 2025
European Commission backs local infrastructure with AI factory investments
The European Commission advanced investment in domestic digital infrastructure, including AI factories and gigafactories, to support regional cloud and AI sovereignty. Industrial participants such as Schwarz Group were identified as contributing to expanded European data center capacity.
Dec 12, 2025
Europe intensifies push for sovereign cloud alternatives to U.S. hyperscalers
European policymakers and industry groups renewed efforts to reduce dependence on U.S. cloud providers, citing geopolitical tensions and the dominance of Microsoft, Google, and AWS. Initiatives such as Gaia-X and EuroStack were highlighted as part of a broader digital sovereignty strategy.
Dec 12, 2025
AWS expands Dedicated Local Zones services for digital sovereignty use cases
AWS announced expanded capabilities for Dedicated Local Zones, including support for next-generation EC2 instances, advanced storage, and backup and recovery features. The update targeted public sector and regulated-industry customers seeking stronger data residency, compliance, and operational control.
Dec 12, 2025
GovTech Singapore becomes first AWS Dedicated Local Zones customer
GovTech Singapore adopted AWS Dedicated Local Zones to host confidential government data in customer-specified infrastructure, making it the first disclosed customer for the offering. The deployment was positioned to meet strict data residency, sovereignty, and security requirements.
Oct 1, 2025
European Commission launches Cloud III sovereign cloud tender
The European Commission launched a sovereign cloud services tender in October 2025 under its Cloud III Dynamic Purchasing System. The procurement was framed around the Commission’s Cloud Sovereignty Framework and aimed to diversify providers, improve resilience, and limit non-EU influence over services used by EU institutions.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Organizations
Affected Products
Sources
5 more from sources like help net security, itpro, govinfosecurity, bank info security and ec europa eu
Related Stories
Cloud Providers Expand European Data Sovereignty Offerings
Microsoft and Amazon Web Services (AWS) have announced significant enhancements to their cloud services aimed at addressing European data sovereignty and compliance requirements. Microsoft is introducing new features such as end-to-end AI data processing within Europe as part of the EU Data Boundary, in-country processing for Microsoft 365 Copilot interactions in select countries, and expanding Azure Local capabilities to support larger, more sovereign private clouds. These measures are designed to reassure European customers amid ongoing concerns about the reach of US laws like the CLOUD Act and shifting geopolitical dynamics, particularly following recent changes in US leadership. AWS has released a whitepaper detailing the design and objectives of its upcoming AWS European Sovereign Cloud, which will launch its first region in Brandenburg, Germany by the end of 2025. The new infrastructure will feature dedicated physical resources, logical isolation from other AWS regions, independent operational controls, and a distinct EU-based corporate governance structure. Both providers are responding to increasing demand from public sector and highly regulated industries in Europe for greater control over data residency, operational autonomy, and protection from extraterritorial legal requests.
1 months ago
AWS Launches EU Sovereign Cloud Amid European Data Sovereignty Concerns
Amazon Web Services announced the general availability of its **European Sovereign Cloud**, a physically and logically isolated cloud region designed to meet EU data residency and sovereignty requirements. The offering is operated within the EU by EU-resident staff under a new German parent company, with supporting systems such as **metadata, billing, and identity management** kept inside the EU; AWS said it will start with roughly **90 services** available from Germany and later expand via *Local Zones* in Belgium, the Netherlands, and Portugal, plus *Dedicated Local Zones* for single-tenant, highly sensitive workloads. The launch is positioned as a response to European customer concerns about exposure to **U.S. extraterritorial authorities** (e.g., the **CLOUD Act**) and broader geopolitical risk influencing cloud procurement decisions. Commentary in the accompanying opinion piece frames this as part of a wider “tech dependency” problem in which reliance on U.S.-based providers can become a geopolitical vulnerability, reinforcing why EU organizations are seeking stronger sovereignty controls and alternatives—even as some industry leaders remain skeptical that technical and legal measures (including AWS’s references to protections like the **Nitro System**) can fully eliminate foreign-jurisdiction risk.
1 months ago
EU Push for Digital Sovereignty and Reduced Reliance on US Technology
European policymakers and industry voices are intensifying a **digital sovereignty** push aimed at reducing reliance on non-EU technology and services, framing the issue as both a strategic and practical dependency problem. A G DATA commentary argues that “sovereignty” should be approached pragmatically—expanding options and reducing single-vendor or single-region dependencies through incremental changes rather than unrealistic “all-or-nothing” shifts (e.g., total withdrawal from online services or immediate replacement of global hardware supply chains). In the defense domain, reporting indicates the EU is planning a secure **military data-sharing** capability designed to avoid **U.S.-made technology**, driven in part by concerns about external control or “**kill switch**” risk and broader geopolitical uncertainty. The proposed *Defense Artificial Intelligence Data Space*—described as a sovereign military cloud to improve interoperability and data flows for AI-enabled and automated battlefield systems—is reportedly targeted to be operational by **2030**, aligning with earlier European Commission planning and the EU’s wider effort to build alternatives to U.S. hyperscalers for sensitive workloads.
3 weeks ago