Digital sovereignty has ceased to be an uncomfortable conversation and has become a product line. For years, much of the European market believed that deploying workloads within regions of the European Union, signing proper contracts, and applying encryption controls was enough to resolve the debate. Now, the major hyperscalers have changed their tone: AWS is launching a European sovereign cloud from Germany, Google relies on alliances with Thales, and Microsoft emphasizes its digital commitments for Europe.
This shift didn’t happen by chance. Artificial intelligence has increased the strategic importance of cloud infrastructure. It’s no longer just about hosting a business application or a database but about deciding where sensitive data is processed, who manages the platforms, under what legislation the provider operates, and what happens in a geopolitical crisis, an overseas court order, or a service interruption. Sovereignty has moved from a niche requirement to a purchasing factor for governments, banking, healthcare, industry, and companies with critical loads.
Hyperscalers have understood the European message
AWS launched its European Sovereign Cloud in January 2026, with the first region located in Brandenburg, Germany. The company describes it as physical infrastructure that is logically separated from its global regions, entirely located within the EU and operated by resident personnel. The project involves an announced investment of €7.8 billion and targets public customers, regulated sectors, and organizations with strict residency and data control requirements.
Google has taken a different approach, based on local partnerships. In France, its alliance with Thales led to S3NS, a “trusted cloud” solution designed for the French market. In 2026, Thales was recognized by Google Cloud as the Partner of the Year in the sovereign infrastructure category, confirming that sovereignty is no longer an afterthought in the business strategy of large tech companies.
Microsoft has also strengthened its European stance. In February 2025, it announced the completion of its EU Data Boundary to store and process data from public and commercial clients within the EU and EFTA. It further expanded its digital commitments for Europe and its sovereign capabilities, including AI services within that European perimeter. The message is clear: top U.S. providers want to remain acceptable to Europe’s most sensitive buyers.
The problem is that sovereignty doesn’t mean just data residency. A data center located in Europe can reduce risks but does not solely eliminate legal exposure, operational dependence, or administrative control. The uncomfortable question remains: if the provider is structurally subject to U.S. legislation, to what extent can full sovereignty truly be claimed?
What Europe once considered standard is now sold as an extra
This highlights one of the market’s most striking contradictions. Many European providers have offered infrastructure on European territory, local operations, contracts under the EU framework, transparency about data location, and less dependency on closed architectures for years. What was once a baseline condition now appears, in the hyperscalers’ discourse, as a premium layer with new branding, logos, and alliances.
The risk is that the market confuses sovereignty with compliance marketing. A cloud can be highly secure, advanced, and very useful for enterprise AI without being fully sovereign. That does not make it a bad choice. For many AI workloads, advanced analytics, or managed services, AWS, Microsoft, and Google offer capabilities that are hard for smaller providers to match. Denying that would be unrealistic.
The question is another: companies need to understand what commitment they are accepting. They can choose hyperscalers to access managed services, AI models, advanced databases, or global scalability. They can also encrypt data, manage keys, segment workloads, and design hybrid architectures to reduce exposure. But security and sovereignty are not synonyms. A dataset can be well protected yet still depend on a legal, technological, and operational chain outside Europe’s control.
This is where European providers like Stackscale (Aire) have a strong argument. Infrastructure in Madrid and Amsterdam, operation under European frameworks, data residency, less exposure to non-EU jurisdictions, and more open models are not commercial ornaments—they are architectural decisions. For many critical loads, this approach removes debates that otherwise require additional layers, complex contracts, and extra costs later.
Vendor lock-in is also part of the discussion. Sovereignty isn’t just about choosing where data is hosted but also about being able to move, recover, and operate data without being trapped by proprietary services that condition exit. Europe’s future competitiveness will depend both on building data centers and avoiding having the software layer, automation, identity, observability, and AI entirely controlled by three or four external platforms.
AI makes sovereignty a strategic infrastructure issue
Regulatory pressure is increasing. The European Commission is preparing the Cloud and AI Development Act to triple the capacity of EU data centers within five to seven years. Additionally, Brussels has awarded cloud contracts to European providers and is reviewing how to reduce technological dependencies in sensitive sectors. The European Parliament has noted that AWS, Azure, and Google Cloud control around 70% of the EU cloud market, while European providers hold a much smaller share.
The debate is no longer theoretical. If AI workloads are trained, tuned, or run on non-European infrastructures, dependency extends to data, models, APIs, chips, networks, development platforms, and managed services. Europe doesn’t need to disconnect from the world or close the door to hyperscalers, but it must distinguish between using foreign technology and depending on it for everything.
The most realistic approach will be hybrid. Organizations will run certain AI workloads on large global platforms when specialized services are needed but should reserve strategic data, critical systems, and sensitive workloads for European environments or architectures where they maintain verifiable control. That decision should be made during the design phase, not as a patch after an audit, regulatory crisis, or a public-sector client demand.
Digital sovereignty shouldn’t be sold as a costly add-on at the end of the bill. It should be integral to the core architecture: clear location, European governance, key control, portability, contractual transparency, reversibility, and absence of unnecessary dependencies. Hyperscalers have understood that Europe demands this and have started packaging it. Now, Europe needs to recognize that it shouldn’t have to pay extra for what its providers have long considered standard.
Frequently asked questions
What is a sovereign cloud?
It is a cloud infrastructure designed to ensure control over data, operations, administrative access, jurisdiction, service continuity, and exit capacity. It’s not enough for servers to be physically located in Europe.
Can AWS, Microsoft, or Google provide useful services for Europe?
Yes. Their platforms are very powerful, especially in AI, analytics, databases, and managed services. The key is to differentiate between security, compliance, and true sovereignty.
Why is the CLOUD Act a concern?
Because the CLOUD Act allows U.S. authorities to request data from providers subject to U.S. jurisdiction, even if that data is stored outside the country. Legal nuances and technical safeguards exist, but the legal risk remains part of the European debate.
What advantage do European providers have?
Their main advantage is operating under European frameworks, with infrastructure and governance closer to the client, less exposure to outside jurisdictions, and easier design of sovereign architectures from the start.