The European Commission unveiled its European Technological Sovereignty Package on June 3, 2026, a four-part plan to cut the bloc's dependence on foreign chips, cloud, and AI. It bundles four named acts and strategies: Chips Act 2.0, the Cloud and AI Development Act (CADA), an Open Source Strategy, and a Strategic Roadmap for Digitalisation and AI in the Energy Sector. CADA's headline target is to at least triple the EU's data-center capacity over the next five to seven years. Commission President Ursula von der Leyen framed the stakes bluntly: Europe "cannot afford to depend on others for the technologies that keep our hospitals running."
What Happened
On June 3, 2026, the European Commission proposed what it calls the European Technological Sovereignty Package — abbreviated by the Commission as the "Tech Sovereignty package." It is not a single law but a coordinated bundle of four named acts and strategies, each aimed at a different layer of the technology stack that Europe currently does not control end to end.
The four confirmed components, using the Commission's exact naming, are: the Chips Act 2.0, targeting semiconductor design and manufacturing; the Cloud and AI Development Act (CADA), targeting compute and data-center capacity; the Open Source Strategy, aimed at reducing reliance on proprietary foreign software; and the Strategic Roadmap for Digitalisation and AI in the Energy Sector, which folds AI adoption into the energy transition and grid management.
The political message was delivered by Commission President Ursula von der Leyen, who said: "We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable and our services secure." It is a deliberately concrete framing — hospitals, grids, services — designed to move sovereignty out of abstract industrial-policy language and into the realm of critical infrastructure.
The sharper warning came from a different official. EU tech chief Henna Virkkunen, the Commission's Executive Vice-President for Tech Sovereignty, warned of a "kill switch" risk — the scenario in which a foreign vendor or government could, in principle, cut off access to cloud services or software that European institutions have grown dependent on. The phrase, amplified in coverage including by CNBC, captures the worst-case dependency that the package is designed to insure against.
The Four Acts at a Glance
| Component | Target layer | Stated objective (official where available) |
|---|---|---|
| Chips Act 2.0 | Semiconductors | Strengthen EU design and fabrication; follow-on to the 2023 Chips Act |
| Cloud and AI Development Act (CADA) | Compute / data centers | At least triple EU data-center capacity over the next five to seven years |
| Open Source Strategy | Software | Reduce dependence on proprietary foreign software stacks |
| Energy Sector Roadmap | Energy + AI | Embed AI and digitalization in grids and the energy transition |
Note on figures: the Commission's own pages state CADA's objective in capacity terms — at least tripling EU data-center capacity within five to seven years — not as a single euro headline. Widely circulated euro figures (covered below) come from press reporting, not from the official proposal text, and we attribute them accordingly.
The Dependency Problem CADA Is Trying to Fix
To understand why CADA leads with a capacity-tripling goal, look at where European workloads run today. By most accounts, US providers control more than 70 percent of Europe's cloud market — a concentration that means the data, models, and applications underpinning European banks, hospitals, and government services largely sit on infrastructure owned and operated by a handful of non-European companies.
The chip picture is even starker. The EU produces less than 10 percent of the world's semiconductors, leaving it structurally exposed to supply shocks and export-control decisions made in Washington, Taipei, or Beijing. That exposure is the unglamorous reality behind every "AI sovereignty" headline: you cannot run sovereign models if you do not control the silicon they run on, or the data centers that house them.
This is the same pressure that has driven a wave of European moves over the past year. Mistral has openly weighed building its own chips even as it concedes it still runs on Nvidia — a tension we covered in Mistral's exploration of custom silicon. And the continent's clearest consolidation play, the Cohere and Aleph Alpha merger, was built around a sovereign cloud anchor precisely because compute sovereignty, not model novelty, is the binding constraint.
Official Targets vs Press Estimates: Reading the Numbers Carefully
This package has generated a flurry of large euro figures. It matters, journalistically and for anyone making decisions off this news, to separate what the Commission actually published from what reporters estimated.
What the Commission states officially: CADA's primary, named objective is to at least triple the EU's data-center capacity over the next five to seven years. That is a capacity goal, expressed in capacity terms, in the Commission's own materials.
What is press reporting, not official Commission figures: Several outlets have attached euro mobilization figures to the four components — press reports estimate roughly 120 billion euros tied to chips, around 200 billion euros for data centers, on the order of 100 billion euros for cloud and AI, and approximately 2 billion euros for open source. Some coverage also references a 2036 horizon. We have not found these specific euro totals or that date in the Commission's own proposal pages, so we present them strictly as press estimates rather than as confirmed Commission commitments.
The distinction is not pedantic. European industrial-policy announcements have a long history of headline "mobilization" numbers that blend public seed funding, expected private co-investment, and aspirational multipliers. Treating a reported 200 billion euros as a confirmed appropriation would misstate what was actually proposed. Until the legislative texts and budget lines are public and scored, the only hard number worth anchoring to is the official capacity-tripling target.
Why "Tripling Capacity" Is the Number That Counts
A capacity goal is more honest than a euro goal because it is measurable against a physical outcome: megawatts of data-center power, square meters of fabrication capacity, gigawatts of grid integration. If the EU triples its data-center footprint over five to seven years, that is verifiable. A euro figure, by contrast, can be hit on paper through accounting that never produces a single additional server rack. For a sovereignty agenda whose entire premise is reducing reliance on foreign infrastructure, the capacity metric is the one that actually tracks the goal.
Why It Matters
The European Technological Sovereignty Package matters because it reframes Europe's AI strategy around infrastructure rather than regulation. For most of the past three years, the EU's defining tech story was the AI Act — a rulebook. Even that has been slipping, with high-risk obligations recently pushed out, as we reported in the AI Act high-risk delay to December 2027. The Sovereignty Package is the counterweight: an attempt to build capability, not just constrain it.
For European enterprises in regulated sectors — banking, healthcare, defense, energy — the package signals that sovereign-by-default options are becoming a policy priority, not just a procurement preference. That is the same demand that produced Mistral's cybersecurity model for EU banks, built for institutions that cannot route sensitive data through US-controlled services.
For US hyperscalers, the message is more pointed. If CADA succeeds even partially, the 70-percent-plus cloud dominance that anchors a large share of European revenue becomes a target for managed erosion through procurement rules, sovereignty requirements, and subsidized European alternatives. None of that happens overnight, but the direction of travel is now codified at the highest level of EU policy.
The Open Source Bet
The least-discussed of the four components may be the most strategically interesting. The Open Source Strategy targets software dependence — the layer above chips and cloud where Europe arguably has the most realistic path to independence, because open-source code is, by definition, not owned by any single foreign vendor.
The logic is straightforward. You cannot quickly build sovereign fabs or sovereign hyperscale data centers; both take years and tens of billions. But you can adopt, fund, and contribute to open-source operating systems, databases, models, and tooling far faster and far more cheaply. Open-weight European models are already part of this picture, from Mistral's releases to Cohere's open-weights work, and a formal EU Open Source Strategy gives that ecosystem procurement pull and funding it did not previously have.
It is also the component where the press-reported figure is smallest — on the order of 2 billion euros, per reporting we cannot confirm against official text. That relative modesty is telling: open source is cheap leverage. A few billion euros of well-targeted funding for European open-source infrastructure could move the dependency needle more per euro than the same money spent chasing fab parity with TSMC.
How It Compares to Other Sovereignty Moves
The Sovereignty Package does not arrive in a vacuum. It sits on top of a year of large, mostly private, sovereignty-flavored bets across Europe.
On infrastructure, SoftBank's commitment of up to 75 billion euros to French AI data centers — detailed in our coverage of the SoftBank France data-center gamble — shows that the private capital needed to triple European compute is at least theoretically available. CADA's role is less to provide that money than to coordinate, de-risk, and direct it, and to set procurement rules that favor European-hosted capacity.
On models and consolidation, the Cohere and Aleph Alpha merger created what the companies framed as a sovereign AI champion at roughly 20 billion dollars in combined value, anchored on a European sovereign cloud. The Sovereignty Package is the public-policy scaffolding around that kind of private champion-building: it does not create the champions, but it tries to create the demand and the rules that let them survive against better-capitalized US rivals.
The contrast worth holding in mind is the United States approach, which has been overwhelmingly private and capital-led — Nvidia's order book, hyperscaler capex, and frontier-lab funding rounds dwarf anything in Europe's package. The EU's bet is that coordinated policy plus targeted public capital plus a captive regulated-procurement market can substitute for the raw capital advantage it does not have.
The "Kill Switch" Question
Virkkunen's "kill switch" framing is the emotional core of the whole package, and it deserves a clear-eyed reading. The fear is not that a US vendor will arbitrarily switch off European hospitals tomorrow. The fear is structural leverage: if essential services run on infrastructure that a foreign company or government can legally compel, suspend, or de-prioritize, then Europe's autonomy is conditional on someone else's goodwill and politics.
That concern is not hypothetical in spirit. Export controls, sanctions regimes, and shifting trade politics have repeatedly shown that access to critical technology can be turned into a lever. The same dynamic runs through the chip-control story we examined in China's talent curbs as a mirror image of US chip controls: when technology becomes a strategic asset, access to it becomes a weapon, and dependence becomes vulnerability.
Whether the Sovereignty Package meaningfully reduces that vulnerability depends entirely on execution — on whether the capacity actually gets built, whether procurement rules actually shift demand, and whether European alternatives become good enough that institutions choose them rather than being forced to tolerate them.
Our Take
We have been tracking Europe's sovereignty push closely, and the Sovereignty Package reads as the most coherent statement of intent the EU has produced on this front. The framing — chips, cloud, software, energy as one integrated stack — is correct. You cannot solve AI dependence by fixing only one layer, and previous European efforts have tended to be siloed. Bundling four acts under a single sovereignty banner is the right architecture.
What gives us pause is the gap between the official, measurable target and the press-amplified euro headlines. The capacity-tripling goal is credible and verifiable; the reported 200-billion-euro and 120-billion-euro figures are not yet anything we would treat as committed money. Europe's track record on translating mobilization announcements into delivered infrastructure is mixed, and the honest position today is that the package is a strong strategy whose financing and timelines are not yet pinned down in public text.
The open-source component is the part we would watch most closely for near-term, real-world impact. It is the cheapest lever, the fastest to pull, and the one where Europe's structural position is strongest. If the EU is serious, the Open Source Strategy is where we would expect to see concrete wins first, well before any new fab or hyperscale campus comes online.
What's Next
The proposal now enters the EU's legislative machinery. Each of the four components will need to be turned into actual legal texts, negotiated with member states and the European Parliament, and — crucially — backed by real budget lines before any of the press-reported figures become meaningful. That process typically takes many months and frequently reshapes the original proposal substantially.
The signals worth watching: whether the official capacity-tripling target survives intact or gets diluted; whether the euro figures circulating in the press are confirmed, revised, or quietly dropped when legislative texts appear; how member states with their own national champions and data-center ambitions position themselves; and how US providers respond to a policy framework explicitly designed to erode their European dominance over time.
For now, the European Technological Sovereignty Package is best understood as a clear, integrated declaration of where Europe wants to go — control over its own chips, compute, software, and energy-sector AI — backed by one hard, measurable target and a still-unsettled financing story. The strategy is sound. The execution, as always, is the part that will decide whether sovereignty becomes reality or stays a slogan.
Frequently Asked Questions
What is the European Technological Sovereignty Package?
The European Technological Sovereignty Package is a coordinated bundle of four acts and strategies that the European Commission proposed on June 3, 2026 to reduce the EU's dependence on foreign chips, cloud, AI, and software. The Commission abbreviates it as the "Tech Sovereignty package." Its four named components are the Chips Act 2.0, the Cloud and AI Development Act (CADA), an Open Source Strategy, and a Strategic Roadmap for Digitalisation and AI in the Energy Sector.
What are the four acts in the package?
The four confirmed components, using the Commission's exact naming, are: Chips Act 2.0 (semiconductor design and manufacturing), the Cloud and AI Development Act or CADA (compute and data-center capacity), the Open Source Strategy (reducing reliance on proprietary foreign software), and the Strategic Roadmap for Digitalisation and AI in the Energy Sector (embedding AI in grids and the energy transition).
What is the official goal of the Cloud and AI Development Act (CADA)?
CADA's primary official objective is to at least triple the EU's data-center capacity over the next five to seven years. That is the figure stated in the Commission's own materials, expressed as a capacity target rather than a single euro headline. The capacity goal is the most reliable number to anchor to, because it is measurable against a physical outcome.
Are the 120 billion euro and 200 billion euro figures official?
No. Figures such as roughly 120 billion euros for chips, around 200 billion euros for data centers, about 100 billion euros for cloud and AI, and approximately 2 billion euros for open source come from press reporting, not from the Commission's official proposal pages. A 2036 horizon also appears only in press coverage. We present these strictly as press estimates, not as confirmed Commission commitments.
Who said the package addresses a "kill switch" risk?
EU tech chief Henna Virkkunen, the Commission's Executive Vice-President for Tech Sovereignty, warned of a "kill switch" risk — the scenario in which a foreign vendor or government could cut off access to cloud or software that European institutions depend on. The phrase was amplified in coverage including by CNBC. It was not said by Commission President Ursula von der Leyen.
What did Ursula von der Leyen say about the package?
Commission President Ursula von der Leyen framed the stakes by saying: "We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable and our services secure." The framing deliberately ties technological sovereignty to critical infrastructure — hospitals, grids, and services — rather than abstract industrial policy.
Why does Europe need this package?
Europe faces deep structural dependence. US providers control more than 70 percent of the EU cloud market, and the EU produces less than 10 percent of the world's semiconductors. That means the data and applications behind European banks, hospitals, and government services largely run on foreign-owned infrastructure, and Europe is exposed to supply shocks and export-control decisions made elsewhere.
How does the package relate to the EU AI Act?
The Sovereignty Package reframes Europe's AI strategy around building infrastructure rather than writing rules. For three years the EU's defining tech story was the AI Act, a rulebook whose high-risk obligations were recently pushed to December 2027. The Sovereignty Package is the counterweight — an attempt to build capability in chips, compute, and software, not just constrain how AI is used.
How does this compare to US AI infrastructure spending?
The US approach is overwhelmingly private and capital-led, with Nvidia's order book, hyperscaler capex, and frontier-lab funding rounds dwarfing anything in Europe's package. The EU's bet is that coordinated policy, targeted public capital, and a captive regulated-procurement market can substitute for the raw capital advantage it does not have.
What is the Open Source Strategy meant to achieve?
The Open Source Strategy targets software dependence — the layer above chips and cloud where Europe has the most realistic near-term path to independence, because open-source code is not owned by any single foreign vendor. It is the cheapest and fastest lever in the package, with the smallest reported funding (around 2 billion euros per unconfirmed reporting), and it gives European open-source models and tooling procurement pull they previously lacked.
How does this connect to the Cohere and Aleph Alpha merger?
The Cohere and Aleph Alpha merger created a sovereign AI champion valued at roughly 20 billion dollars, anchored on a European sovereign cloud. The Sovereignty Package is the public-policy scaffolding around that kind of private champion-building: it does not create the champions, but it tries to create the demand, procurement rules, and capacity that let European players survive against better-funded US rivals.
When will the package take effect?
The June 3, 2026 announcement is a proposal, not a finished law. Each of the four components must be turned into legal texts, negotiated with member states and the European Parliament, and backed by real budget lines before the press-reported figures become meaningful. That process typically takes many months and often reshapes the original proposal, so the official capacity-tripling target is the most durable commitment to watch for now.
