Shifting away from dependency: The EU’s Tech Sovereignty Package
After several delays, on 03 June 2026, the European Commission published its long-awaited Tech Sovereignty Package. This milestone underscores the European Commission’s ambition in this mandate to address asymmetric dependencies on third countries and to strengthen Europe’s technological sovereignty, especially against the backdrop of a more volatile geopolitical environment and ongoing transatlantic trade tensions.
While framed as a strategic policy initiative, the package has immediate practical implications for cloud procurement, semiconductor supply chains, and the regulatory conditions under which AI infrastructure is deployed in the EU. The package comprises two legislative and two non-legislative proposals: besides the Communication on European Tech Sovereignty, it includes the Cloud and AI Development Act, the Chips Act 2.0, and a Strategic Roadmap for Digitalisation and AI in Energy. An Open-Source Strategy is also directly included in the Communication.
The package focuses on two goals: (i) securing Europe’s supply chains via an open strategic autonomy approach; and (ii) reinforcing the “European way” to technological sovereignty by following a true “ecosystem” approach. The four proposals, which we analyse further below, are intended to be mutually reinforcing, with practical effects across permitting, procurement, investment incentives and supply chain organisation.
Cloud and AI Development Act
The Cloud and AI Development Act (CADA) is one of the backbones of the package. Aiming to address, as the title suggests, Europe’s cloud and AI dependency, it introduces a number of innovative ideas aimed at tripling data centre capacity within five to seven years. CADA will primarily affect three areas of practical relevance for market participants: (i) infrastructure permitting and build-out, (ii) public procurement of cloud and AI services, and (iii) conditions of market access linked to sovereignty assessments.
CADA introduces the idea of sovereignty risk assessments. To that end, it outlines four Union assurance levels that providers of cloud computing services must meet in order to provide their services to Union entities and public sector bodies. Member States have to carry out those assessments to determine which sub-sectors and use cases should be served by services aligned with the respective sovereignty levels.
At the infrastructure level, there is a clear intention to make it easier and faster to build infrastructure at a large scale in Europe by tackling the most significant practical barriers to build-out experienced today. Member States are required to introduce:
Data centre acceleration zones equipped with streamlined, aggregated permitting processes.
A single point of contact for operators.
A strict 12-month cap on permit decisions, directly addressing one of the most significant practical barriers to large-scale infrastructure build-out.
Complementing this, the European Commission will be able to designate Strategic Projects focused on data centre innovation and launch “Cloud and AI Leadership Initiatives” to drive research and development across the Union.
On the software and procurement side, the proposals aim to facilitate open-source software and centralised procurement to promote EU tech sovereignty in cloud and AI. To that end, EU institutions and public bodies shall:
Adopt an open source-first approach, making publicly funded software available for reuse through a central EU Open-Source Solutions Catalogue, supported by a network of Open-Source Programme Offices facilitating the exchange.
Ensure that procurement is further strengthened through a common framework under which the European Commission may act as a central buyer or wholesaler, acquiring and reselling cloud and AI services on behalf of EU bodies and national contracting authorities, with oversight provided by a joint European Commission and Member State Steering Committee.
Require contracting authorities to apply mandatory Union added value award criteria when procuring cloud services and AI systems, incentivising providers that contribute to European technological sovereignty, while staying away from a full EU preference criterion.
At the cross-border and strategic coordination level, a EuroCloud Federation will enable public bodies and EU institutions to voluntarily pool and share data centre and cloud computing capacity. Each Member State will also be required to develop and publish its own national cloud and AI strategy, ensuring that domestic policy remains aligned with shared EU digital ambitions and that implementation is consistent across the Union.
Chips Act 2.0
The Chips Act 2.0 significantly expands the EU’s intervention toolkit in semiconductor markets, particularly in relation to capacity allocation and crisis-driven supply prioritisation. It follows the first Chips Act which entered into force in 2023 and focuses on reducing overdependence regarding semiconductors by increasing the competitiveness of the European semiconductor value chain.
It introduces the idea of establishing the first semiconductor facility in the Union through an open foundry. The proposal also formally recognises first-of-a-kind European Semiconductor Technology Initiatives and Strategic Projects, with fast-tracked permitting capped at 12 months from submission of a complete application, one-stop shops designated by each Member State as single points of contact, and a prohibition on requiring duplicate environmental studies, permits or authorisations.
The proposal also addresses crisis management with a blueprint specifically looking at semiconductors to be developed by the European Commission by the second quarter of 2027 with a first simulation exercise with Member States in 2026. It also aims to set up a Business-to-Business Semiconductor Supply Chain Platform where companies can share information in an aggregated form.
In terms of crisis response mechanism, the text foresees that the European Commission maps and maintains a list of early warning indicators and provides for a formal crisis stage that can be activated for up to 12 months. During such crisis, the European Commission may mandate chipmakers to accept and prioritise orders for crisis-critical products overriding existing contracts, act as a central purchasing body on behalf of Member States and require information disclosure from undertakings across the semiconductor supply chain. In practice, this creates a legal basis for far-reaching intervention in supply allocation and contract performance in defined crisis scenarios.
Strategic Roadmap for Digitalisation and AI in Energy
As one of the non-legislative proposals of the package, the roadmap sets out the key actions and milestones in the area of data and AI in Energy.
This includes a model tripartite agreement for the sustainable integration of data centres into the energy system, to be published and promoted in the second half of 2026, accompanied by a Declaration of Intent from industry stakeholders. If necessary, the European Commission will consider tabling a legislative proposal.
The European Commission will also publish a Delegated Act establishing an EU rating scheme for data centre sustainability, covering energy efficiency, water efficiency, clean energy use, waste heat reuse, and flexibility, and the launch of the process for minimum EU energy performance standards. The scheme is to be adopted later this year and first labels issued in 2027.
As of mid-2026, the European Commission will develop EU key performance indicators for smart grids and accelerate smart meter rollout through a legislative proposal within the calendar year. ACER is also expected to provide a recommendation on smart grid indicators in 2028.
As of 2026, the European Commission will assess the establishment of an EU framework for simplified cross-border energy data exchange for smart energy services and AI model training, which is then to be developed as of 2027.
It will also look at strengthening the safety of AI and the cybersecurity of critical devices, with a risk assessment of solar installations in the EU in 2026 and review of the energy security of supply framework in 2026.
Other initiatives include an Annual Energy Digitalisation Forum from 2026 onwards, alongside a structured monitoring framework with defined metrics to monitor the progress of digitalisation and AI adoption in 2027, a Better Energy Data initiative (Q4 2026), and a Fuel Observatory (2026).
Open-Source Strategy
The EU Open-Source Strategy is particularly relevant for public procurement and digital infrastructure markets, where open source is increasingly positioned as a tool of technological sovereignty and market shaping. It is structured around four objectives: (i) leveraging open source for technological sovereignty; (ii) strengthening and promoting a vibrant open-source ecosystem; (iii) promoting open and interoperable digital ecosystems for public administrations, including EU institutions; and (iv) reinforcing digital standards and international outreach.
To this end, the European Commission sets out a number of actions aimed at facilitating the uptake of existing sovereign technology solutions, fostering open source in the industrial sector, scaling up open source startups and open source business models, supporting open source stewardship, and ensuring skills training and the promotion of open source solutions for public administrations. It also proposes the international promotion of EU open source solutions and developers and the integration of open source communities into EU standardisation processes.
Next steps
The legislative proposals within the package that will be subject to the ordinary legislative procedure have good prospects, with co-legislators in the Council and Parliament showing appetite for increased technologically sovereign solutions at the European level.
An assessment will have to be made as to whether the level of ambition the European Commission has put forward corresponds to that of the co-legislators. The European Commission is also expected to launch a call for AI Gigafactories in July and is launching a consultation with the Member States, the European Investment Bank Group and other key stakeholders to set up a European equity capacity at scale to finance Europe's tech sovereignty ambitions.
Regardless of the future progression of the package within the institutions, these proposals are set to mark yet another milestone in the European Union’s path towards technological independence along the entire value chain, and might serve as a model for the introduction of sovereignty criteria that could spill over into other policy fields.
If you would like further insight into how these proposals are likely to evolve during negotiations and what they may mean for your business, please feel free to contact the co‑authoring lawyers and public affairs experts.
