Tensions between the United States and the European Union continue to escalate. Only a few weeks ago, the Biden administration threatened to invade an EU member state and it recently imposed sanctions on that country’s European Commissioner for enforcing EU legislation that the White House is fighting. This backdrop sets the stage for a sea change across Europe in the competitive arena of the cloud services market. Meanwhile, other European countries such as France are implementing strong restrictions on non-EU cloud providers. These much-needed advancements raise important questions about the future of U.S.-based hyperscalers. Along with stressing the importance of the emerging EURO-3C framework, their work aims to reinforce European cloud sovereignty.
First introduced in October 2025, the European Commission (EC) released a comprehensive framework, dubbed “Sustainable by Default.” This framework is twofold and seeks to evaluate cloud providers seeking public sector contracts. To help guide investments, the framework sets out what they’ve called a “sovereignty ladder,” laying out the criteria that bidders need to fulfill in order to qualify. This initiative comes as four U.S.-based cloud services providers continue to control the vast majority of the EU market for cloud services. Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and IBM Cloud combined dominate this market with nearly 70 percent share.
France’s Pioneering Role
France is forcing the issue on cloud sovereignty with stringent regulations. These regulations need external cloud service providers to keep the data within EU borders, employ EU-based staff members and restrict non-EU shareholders from acquiring majority shares in their organizations. These measures are an indication of the increasingly protective mood of many European nations, eager to assert their digital sovereignty, as fears mount over U.S. influence.
As mentioned by Stéfane Fermigier of EuroStack, there are geopolitical risks with an over-reliance on U.S. cloud services. He noted, “The geopolitical risk isn’t just the most extreme form of a doomsday ‘kill switch’ where Washington turns off Europe’s internet.” Indeed this much lamented perspective emphasizes the urgent need for EU member states to develop their own cloud infrastructures. These systems should function in an insulated manner, unimpeded by outside influence.
Furthermore, as other observers point out, without strong regulations in place, a promise of cloud sovereignty might be empty. The 2018 U.S. CLOUD Act allows American federal authorities to compel U.S.-based firms to provide access to data stored overseas. However, many European stakeholders are still unconvinced that U.S. providers can deliver on EU provider sovereignty requirements.
The Emergence of EURO-3C
As outlined above in the EURO-3C framework, it is necessary for a potential bidder to meet certain standards depending on what type of contract they are seeking. Fermigier explained that “prospective bidders must first meet a certain level, depending on the tender.” This more organized approach would open the doors for more participation by European companies, lessening dependence on U.S. hyperscalers.
The competitive landscape is evolving faster than ever. In anticipation, a few U.S. providers are preemptively changing their operations to comply with the EC’s calls for sovereignty in the cloud. Inertia still works in favor of these behemoths. They are the wealthiest states and have the money to pour vast amounts of money into infrastructure and services, eclipsing their European peers.
Navigating the Cloud Landscape
For European organizations, the situation has created a complicated decision-making process when choosing cloud services. Others have discovered that the more systems you try to integrate together, the more expensive it gets to secure the data and manage its governance. Martyna Chmura noted, “Running systems across different platforms can increase integration costs and make security and data governance more complicated.” Without proper regulation, this challenge could prevent organizations from making a change from long time U.S. vendors.
Arnold Juffer raised a key concern. U.S. tech superstars like AWS and Google offer the most advanced technology in the world, but as organizations become locked into these platforms’ ecosystems, it is increasingly difficult to shift away to alternatives. “If you look at AWS, you look at Google, they’ve created some super technology. It’s very convenient, it’s easy to use,” Juffer stated. This dependence makes it harder for Europe to build a more sovereign cloud ecosystem.
Despite these obstacles, the introduction of frameworks like EURO-3C signals a commitment among European nations to prioritize sovereignty in digital services. Europe also hopes to create an alternative niche in the global cloud computing market. It will do so by making sure that local providers are prioritized through implementing binding requirements and monitoring compliance with EU law.