EU Cloud Rules Target American Tech Giants in Strategic Contracts
The European Commission's draft Cloud and AI Development Act would require EU-made software and hardware for sensitive government contracts, effectively excluding Amazon, Microsoft and Google.
The new framework, set to be announced Wednesday as part of the Cloud and AI Development Act by EU Commissioner for Tech Sovereignty Henna Virkkunen, targets major US firms including Amazon, Microsoft and Google by imposing stringent requirements on providers bidding for critical state tenders, according to Brussels Signal.
The draft legislation introduces mandatory “non-price” evaluation standards for public procurement in sensitive sectors, including explicit requirements that both software and hardware be developed within EU borders. The measures represent Brussels’ latest attempt to reduce European dependency on American cloud infrastructure, where US hyperscalers currently command approximately 63 percent of the global market.
Dirk Auer, Director of Competition Policy at the International Center for Law & Economics, delivered a sharp rebuke of the Commission’s approach in remarks to Brussels Signal. He characterized the proposal as allowing governments to favor domestic cloud providers over foreign competitors even when the latter offer superior pricing or capabilities.
Auer warned that mandating EU-made software and hardware amounts to protectionism in everything but name, with European taxpayers and consumers ultimately bearing the cost through inferior and more expensive digital infrastructure. He argued that shielding European providers from top-tier competition will keep them technologically backward rather than driving innovation forward.
The initiative expands upon the EU’s existing Cloud Sovereignty Framework, which evaluates providers across eight objectives including legal jurisdiction, data residency, supply-chain transparency and operational control. Earlier this year, the Commission awarded a €180 million sovereign cloud contract exclusively to European companies.
A senior EU official justified the move to Reuters as necessary for “strategic autonomy in critical infrastructure,” citing concerns that highly sensitive data in defense, healthcare and justice sectors could be exposed to extraterritorial legal frameworks such as the US CLOUD Act.
The proposal still requires approval from EU member states and the European Parliament, leaving room for potential amendments before implementation. Industry groups have cautioned that excessively restrictive regulations could inflate costs and hamper digital modernization efforts across the continent.
Commission officials counter that the package will help triple EU data center capacity within five to seven years and foster the development of competitive European hyperscalers. The draft forms part of a broader “Tech Sovereignty Package” aimed at closing what Brussels estimates is a €1 trillion investment gap with the United States in digital infrastructure.
The timing of the proposal adds another friction point to already strained transatlantic trade relations, with Auer noting that Washington is likely to view the measures as fresh evidence of European digital protectionism at a diplomatically sensitive moment.
While Auer acknowledged that supply-side provisions in the package designed to fast-track data center construction and reduce infrastructure barriers are reasonable and long overdue, he warned that the demand-side restrictions create a central purchasing body that could depress returns on data centers and ultimately shrink the very infrastructure Europe claims it urgently needs to expand.
With information from Brussels Signal
