The digital world is increasingly shaped by geopolitical competition, legal fragmentation, and growing pressure on global infrastructure. For some in Europe, digital sovereignty is no longer seen as a policy aspiration but as a strategic imperative. In a high-level discussion with leading voices in EU digital policy, we explore how Europe can assert its digital agency while remaining globally competitive and open. 

Dragos Tudorache (European Commission), Dr. Niamh Christina Gleeson (ICT Legal Consulting), Ioannis Papadopoulos (Permanent Representation of Cyprus to the EU), and Théophane Hartmann (Euractiv), underscore a consistent message: true sovereignty means Europe must have the capacity to act—not alone, but on its own terms. 

Cloud infrastructure: The core of digital sovereignty

The EU’s core digital dependency is cloud infrastructure without which AI, data mobility, and cybersecurity cannot function. As Tudorache put it: 

“Out of the whole stack, cloud is really the one point where we have a mega dependency.” 

That dependency is legal and geopolitical, not purely technical. Hartmann underscored the risk of U.S. extraterritorial influence, pointing to real-world examples of external interference in EU institutions as a trigger for renewed urgency. Yet the panel pushed back against the idea that sovereignty must mean shutting out global providers. 

On the contrary, both Tudorache and Gleeson strongly supported a framework where sovereignty is defined by control instead of geography. 

“You can still achieve sovereignty with current US cloud providers,” Tudorache said, “where you still retain that element of control. If I manage to secure that liberty and that control, also with an American cloud provider, then fine. My data stays here, the control stays here, there is no kill switch.” 

Strategic priorities for a sovereign cloud future

1. Clarity over labels

There is growing concern about “sovereignty washing”, meaning vague promises of compliance without concrete guarantees. The upcoming Cloud and AI Development Act must provide clear, enforceable definitions of sovereign infrastructure based on technological standards – not simply based on the location or ownership of providers or on contractual commitments. As Gleeson noted: 

“It has to be more than just a contractual promise—it has to be a technological solution.”

2. Public procurement as a catalyst for standards

Rather than exclusionary rules, future procurement via the Cloud and AI Development Act should embed functional sovereignty criteria ensuring that any provider (European or not) must prove data autonomy, compliance, and portability to qualify for sensitive workloads.

3. Capital mobilisation

While supporting trusted global providers, Europe must also address persistent investment barriers facing its own cloud and AI ecosystem. Unlocking institutional capital (e.g., pension funds) is key to growing a pluralistic market. 

4. Interoperability and multi-cloud by design

Reducing dependency requires freedom of movement across providers, rather than one-to-one replacements. Policies that embed interoperability, open standards, and ease of switching will enhance sovereignty while preserving flexibility. Both Gleeson and Tudorache emphasised the importance of interoperability in building digital sovereignty. Vendor lock-in – not vendor origin – is the real issue. 

Gleeson: “It’s not about nationality… even if a European hyperscaler were locking in customers or behaving anticompetitively, it would be equally disastrous.” Tudorache: “Let’s actually start doing things ourselves, taking a step toward sovereignty begins with interoperability and realistic, federated approaches.” 

What’s next: The Cloud and AI Development Act

The Cloud and AI Development Act, expected late 2025 / early 2026, is shaping up to be the EU’s most important digital sovereignty instrument to date. With input from Parliament (ITRE tech sovereignty report), Member States (Polish presidency discussions) and industry (“European Way” Blueprint) to date, indicating consensus around the need to: 

• Define sovereign cloud in a way that balances control with competitiveness,
• Establish meaningful technical criteria to guide procurement and certification,
• Address vendor lock-in and improve market contestability,
• Ensure the market remains open to global providers that meet EU standards.

Crucially, this is not about “picking winners” but about ensuring European users, institutions, and governments can make sovereign choices across a diverse cloud landscape. 

The panel made it clear: sovereignty is not about closing doors. It is about creating the conditions where Europe can choose its partners and walk away when it must. 

We thank our guests and speakers for a thoughtful and candid discussion, and we look forward to further debate as the EU shapes its next-generation digital rules. 

Download the PDF

Contact

Alexandros Nikolaidis, Associate Partner

[email protected]

Cristina da Costa Ferreira, Consultant

cristina.da-costa-ferreira@h-advisors.global

Stella Meyer, Senior Associate

stella.meyer@h-advisors.global