EU unveils sovereignty package for chips, cloud and AI

The European Commission in Brussels presented a technological sovereignty package that includes a revised Chips Act, a Cloud and AI Development Act (CADA), an Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy. The measures aim to increase production, investment and domestic software options for semiconductors, cloud services and artificial intelligence.

President Ursula von der Leyen said Europe must be able to choose and secure the technologies that support hospitals, energy grids and public services. The package sets out legislative and non-legislative actions to attract investment in chip manufacturing, expand cloud infrastructure and support open source projects.

Chips Act 2.0 focuses on expanding semiconductor production in the EU and on incentives to draw manufacturing investment that the Commission links to the bloc’s AI ambitions. The proposal targets capacity building across the supply chain, from research and development to fabrication and packaging.

The Cloud and AI Development Act aims to increase funding for R&D and to simplify rules that currently slow the construction of data centres. CADA also introduces a single EU framework to assess the “sovereignty credentials” of cloud and AI providers used by public bodies. The Commission proposed four trust levels for public sector cloud services: Level 1 requires data be processed and stored in the EU; Level 2 adds requirements on independence from third countries and software supply chain transparency; Level 3 requires EU ownership and control and further criteria such as restrictions on staff nationality; and Level 4 requires full transparency and assurance of no interference from non-EU states.

Public sector organisations would have to use services meeting at least Level 1. Uses judged sensitive for defence, national security or law enforcement would be restricted to higher trust levels. The Commission said it may recognise third-country providers if they meet the criteria and operate infrastructure in the EU.

The Open Source Strategy aims to scale European open source projects for cloud, AI and cybersecurity and to increase public administration use through procurement guidance, standards and interoperability work. Amanda Brock, chief executive of an open source industry body, welcomed the emphasis and warned that policy frameworks must support the work that contributors already do, describing open source as “the cornerstone of sovereignty.”

Industry responses were mixed. Jaap Templeman, head of digital business practice at Simmons & Simmons in Amsterdam, described the package as “a welcome and necessary boost” to reduce long-term dependence on major non-EU vendors. The Computer & Communications Industry Association expressed concern that the trust tiers could limit market access for non-EU firms and called parts of the framework impractical for international providers.

The proposals must now be negotiated by the European Parliament and member states before any measures can be adopted into law.