- CISPE introduces principles to shield EU cloud services from foreign government interference.
- EU procurement rules urged to prioritise European cloud providers, potentially injecting €20B annually.
What happened: 3 new principles to shield EU data from foreign interference
The Cloud Infrastructure Service Providers in Europe (CISPE) association has unveiled three new principles to safeguard European cloud infrastructure and artificial intelligence (AI) systems from geopolitical risks, particularly foreign government intervention. The move aims to “Trump-proof” European cloud services by ensuring data sovereignty, resilience, and legal jurisdiction within the EU. The principles—announced amid growing concerns over reliance on non-European cloud providers—emphasise investing in European-owned infrastructure, guaranteeing choice free from non-EU influence, and pooling resources via open frameworks.
CISPE highlighted fears among public administrations and businesses that foreign governments could disrupt services or access data through extraterritorial laws. For example, reliance on US-based hyperscalers—such as Amazon Web Services or Microsoft Azure—leaves EU data vulnerable to laws like the US CLOUD Act. To counter this, the association urged revisions to EU procurement rules to favour European cloud providers, arguing that even a 10% adoption of Gaia-X-labelled services could generate €20 billion annually for the region’s cloud sector. Public buyers would need to justify opting for non-EU alternatives if comparable local options exist.
The principles also call for interoperable, European-controlled software stacks and networks to ensure data remains under EU legal jurisdiction. CISPE stressed that Europe already hosts more cloud infrastructure providers than any other region, including North America. By collaborating through open frameworks, these providers could collectively rival hyperscalers in scale while offering greater diversity and resilience. Past attempts to create “Airbus-style” cloud giants failed due to top-down approaches, CISPE noted, advocating instead for market-driven collaboration.
Also read: Kao Data partners with 20i for cloud hosting
Also read: COOP NIX: Cloud hosting provider
Why it’s important
The push for digital sovereignty reflects escalating geopolitical tensions and Europe’s desire to reduce dependency on foreign cloud providers. Over 70% of the EU’s cloud market is dominated by non-European companies, raising concerns about data security and legal jurisdiction. Foreign laws, such as the US CLOUD Act, grant governments access to data stored by their domestic firms, even if located overseas. This creates risks for EU entities handling sensitive information, including public administrations and healthcare systems.
CISPE’s principles align with broader EU initiatives like Gaia-X, a project to create a federated European cloud ecosystem. By prioritising local providers, the EU could bolster its €7.4 billion cloud infrastructure market while fostering innovation. The proposed procurement rules would incentivise public-sector adoption of European solutions, potentially redirecting billions into the regional economy. Pooling resources through open frameworks could also address fragmentation, enabling smaller providers to compete with hyperscalers.
Moreover, the principles respond to failed past efforts to create monolithic European cloud champions. CISPE argues that leveraging existing providers—such as OVHcloud and Deutsche Telekom—offers a faster, market-driven path to sovereignty than state-led projects. With AI and data-driven technologies becoming strategic assets, ensuring control over infrastructure is critical for economic competitiveness and regulatory compliance, particularly under the EU’s strict General Data Protection Regulation (GDPR).
