Decoding the world of cybersecurity

EU tech sovereignty targets dependency

The Commission’s tech sovereignty package links cloud, AI, chips, open source, and energy digitalisation to Europe’s digital dependency problem.

EU tech sovereignty targets dependency
Summary
  • The Commission has set out measures covering chips, cloud, AI, open source, and energy digitalisation.
  • The Cloud and AI Development Act would support datacentre deployment and an EU-wide sovereignty assessment framework.
  • The package connects infrastructure capacity with Europe’s concerns over dependency and operational autonomy.

The European Commission has put cloud, AI, chips, open source, and energy digitalisation into a single technological sovereignty package, connecting Europe’s industrial ambitions with its digital resilience agenda.

The package, published in June, is framed around strengthening the EU’s capacity in semiconductors, artificial intelligence, cloud, and open source. The Commission says it is intended to strengthen digital autonomy and support a more sustainable digital future.

The measures cover four main areas. Chips Act 2.0 is intended to build capacity in advanced semiconductor technologies, boost supply and demand, and support investment. The Cloud and AI Development Act would support research and innovation in sustainable technologies, streamline conditions for deploying datacentres across the EU, and introduce a single EU-wide framework to assess cloud and AI sovereignty.

The package also includes an EU Open Source Strategy, intended to scale alternatives in priority areas, invest in skills, support start-ups and digital infrastructure, and increase open source use in public administrations. A strategic roadmap for digitalisation and AI in energy would address datacentre integration, AI deployment, and secure AI models for the energy system.

The Commission’s summary places the package within its ambition to make Europe an “AI continent”. The policy substance reaches further than AI adoption. Europe’s public bodies, regulated sectors, and industrial base depend on infrastructure, software foundations, processing capacity, and control planes that are often shaped by suppliers outside the EU.

Those dependencies are not automatically unsafe, but they complicate governance. Organisations need to know which legal regimes apply, who operates critical services, how incident response works, what happens when access changes, whether workloads can move, and whether resilience plans assume supplier stability that may not hold under stress.

The datacentre element links digital sovereignty to energy and infrastructure planning. AI deployment, cloud growth, public-sector hosting, and financial services resilience all depend on compute capacity. Expanding that capacity without clear controls over resilience, sustainability, location, and operational dependency would create new exposure while trying to reduce old dependency.

Open source adds another layer. European organisations rely heavily on open source software, but maintenance, vulnerability response, and dependency visibility remain uneven. Treating open source as digital infrastructure could support procurement, software assurance, vulnerability handling, and supplier diversity, provided funding and maintenance follow the policy ambition.

The package brings several policy tracks into one frame: cloud sovereignty, AI infrastructure, semiconductor supply, open source resilience, and energy-system digitalisation. Its practical effect will depend on legislation, funding, and execution, but the direction is clear. Europe is treating digital autonomy as an infrastructure and resilience programme, not only an industrial strategy.

×