EU technology sovereignty initiative: emergency measures for semiconductors and restrictions on US cloud services.
The European Commission's rhetoric about becoming an "AI continent" is backed by draft legislation that would allow it to override chip supply agreements and prevent US companies from accessing sensitive governmental data. On Wednesday, the Commission presented its long-awaited technological sovereignty package, which consists of four measures designed to reduce the EU's dependence on American and Asian technologies in the areas of semiconductors, cloud computing, artificial intelligence, and open source technologies.
The Commission's summary framed this initiative as an ambitious step towards achieving its "AI continent" vision. However, the draft laws appear more focused on regaining control than on aspiration. The first of the two key measures is a revised Chips Act, referred to as Chips Act 2.0, which pivots from factory construction to fostering demand for chips produced in Europe.
The original 2023 act heavily invested public funding into fabrication plants but failed to meet its goals, a situation highlighted by Intel's cancellation of plans for two large factories in Germany. The revision introduces more robust crisis powers: according to a draft reviewed by the Financial Times, the Commission would have the authority to compel chipmakers to prioritize orders for essential products during shortages, override existing contracts, centrally purchase chips for member states, and impose fines of up to €300,000 on companies that do not disclose their supply chain capacities.
The urgency of these measures is evident. The EU produces less than 10 percent of the world's semiconductors and depends almost entirely on the US and Asia for the most advanced chips required for training AI models. Over €52 billion in public and private investment has been pledged, but progress remains limited.
The second significant measure is the Cloud and AI Development Act, which aims to establish a unified EU framework defining four levels of cloud “sovereignty.” Public entities would be required to conduct assessments of sovereignty risks, evaluating how much of their infrastructure relies on non-EU companies, with tiers based on control over the service and supply chain, the processing locations of AI inference data, the physical location of the infrastructure, and cybersecurity standards.
As drafted, this measure would limit member states from using US cloud service providers to handle sensitive public data in sectors like healthcare, finance, and judiciary, while private sector usage would remain unaffected. Henna Virkkunen, the Commission's vice-president for tech sovereignty, emphasized the importance of ensuring that critical workload providers do not possess a "kill switch" over European data, noting that US firms may find it challenging to qualify for the highest tier of sovereignty due to the US CLOUD Act, which mandates that American companies can be compelled to disclose data regardless of where it is stored.
Commission President Ursula von der Leyen stated more directly that the EU cannot rely on external sources for the technologies essential for its hospitals and power grids. The remaining two measures are less stringent: one is an open-source strategy aimed at financing European alternatives and encouraging public administrations to adopt open-source tools, and the second is a roadmap for digitalization and AI within the energy sector. Overall, this package is influenced by the Draghi competitiveness report, which highlighted the EU's reliance on non-EU suppliers for over 80 percent of its digital products, services, and infrastructure.
The next steps will depend as much on political negotiations as on the drafting process. All 27 member states must approve the measures, and they are currently divided: France and Germany advocate for a stricter preference for European products, while Nordic countries and Ireland, where many US cloud companies conduct their European operations, favor a more lenient approach. Additionally, the package includes the EU's first formal legal definition of "digital sovereignty," a term that has been used in Brussels for years without a clear definition. Whether these initiatives will yield significant changes remains uncertain; previous efforts, such as the 2023 Chips Act and the faltering AI gigafactory initiative, have established ambitious targets but have yet to deliver on their financial commitments.
Other articles
Virtual invaders at the threshold: protecting the AI blind spot.
AI-driven applications create attack surfaces that conventional security tools overlook. XBOW suggests that ongoing agentic testing, in which AI combats AI, is the adaptive strategy that security teams require at present.
EU technology sovereignty initiative: emergency measures for chips and restrictions on US cloud services.
The EU's tech sovereignty initiative combines the notion of an 'AI continent' with emergency powers related to chips and restrictions on US cloud service providers managing sensitive information.
Google has announced that Nest cameras are now capable of recognizing and following your pets at home.
Google's Pet Memory feature enables compatible Nest cameras to recognize pets by their names; however, the backlash from Ring's Search Party highlights the privacy concerns associated with AI pet recognition.
EU technology sovereignty initiative: emergency measures for semiconductors and restrictions on US cloud services.
The EU's technology sovereignty initiative combines the notion of an 'AI continent' with emergency powers for chips and restrictions on US cloud providers managing sensitive information.