The European cloud computing landscape is accelerating at breakneck speed. The European Commission (EC) has introduced a novel framework for scoring competing cloud providers seeking contracts within the public sector. This change comes as a result of increasing concern about data sovereignty and security. These worries are exacerbated by the United States’ CLOUD Act, which enables US federal law enforcement to compel American companies to provide data, even if it’s stored outside the US. EU officials are increasing requirements for non-EU cloud providers. In response, EURO-3C has been formed to provide a European alternative for deploying sensitive workloads with the utmost care.
The EC’s new framework, rolled out in October 2025, establishes a “sovereignty ladder” for cloud providers. Originally crafted for a narrow tender, this agile framework lays down a valuable precedent. It’ll make a difference for the next generation of public contracts across Europe. According to the regulations, non-EU cloud providers are required to keep data inside the EU. They are similarly obligated to hire EU-based staff and make sure that non-EU shareholders can’t have controlling interests. These restrictions serve to protect sensitive data from outside meddling. They are more vital now than ever, given the geopolitical friction between the U.S. and EU.
The Impact of the CLOUD Act
And while this treaty might sound good, the CLOUD Act has already sent shockwaves through European policymakers and stakeholders. This legislation would continue to strengthen the ability of U.S. law enforcement agencies to access data based on U.S. companies. It’s irrelevant where in the world that data is physically stored. As a result, European stakeholders are skeptical about the merit of the commitments offered by American cloud behemoths. They are seriously worried about data privacy.
“The geopolitical risk isn’t just the most extreme form of a doomsday ‘kill switch’ where Washington turns off Europe’s internet,” said Stéfane Fermigier.
While U.S. providers like Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and IBM Cloud currently dominate the European market, accounting for approximately 70% of cloud services, the EC’s framework may reshape this landscape significantly. The requirement for compliance with sovereignty standards may force these providers to adjust their operations in order to bid for state contracts across Europe.
Challenges for European Cloud Providers
The need for secure, trustworthy and sovereign cloud services has never been greater. To counter this intrusion, programs such as EURO-3C are being created to provide the services that U.S. providers won’t. EURO-3C seeks to establish a sovereign cloud infrastructure tailored for sensitive workloads, reassuring European clients about data security and sovereignty.
Moving away to a European-centric cloud service presents its own logistical hurdles. Martyna Chmura highlights some potential drawbacks:
“Running systems across different platforms can increase integration costs and make security and data governance more complicated. In some cases, organisations could lose some of the efficiency and cost advantages that come from using large hyperscale platforms.”
Despite these challenges, Chmura notes that “overall, the EU appears willing to accept some of these trade-offs.” The EC’s pledge to continue developing a strong public and private cloud ecosystem within Europe shows their eagerness to develop sovereignty with digital technologies in the long run.
The Competitive Landscape
European CIAM providers, meanwhile, are quickly adjusting to the dynamic competitive environment in cloud services. As new regulatory requirements come into play, they’re under tremendous pressure to find ways to comply without compromising service levels. Fortunately, there are some U.S. cloud providers that are rising to the occasion and providing services to satisfy the Commission’s cloud sovereignty requirements. Skepticism remains over their ability to completely meet these enforceable requirements.
Arnold Juffer emphasizes the technological prowess of leading U.S. providers but acknowledges the difficulties their dominance creates:
“If you look at AWS, you look at Google, they’ve created some super technology. It’s very convenient, it’s easy to use. Once you’re in that platform, in that ecosystem, it’s very hard to get out.”
This reality poses a serious challenge for up-and-coming European cloud solutions, such as EURO-3C. They need to do more than just check compliance boxes and meet regulatory requirements. They need to compete on innovation, technology, and user experience.