Skip to content
You can now search across every topic, entity and event.What's new
European Tech Sovereignty
13APR

EU sovereignty law slips a third time

4 min read
17:09UTC

The Cloud and AI Development Act did not reach the College of Commissioners on Wednesday 27 May, the date Brussels itself had locked, and the US ambassador supplied the reason: a trade-framework red line.

TechnologyDeveloping
Key takeaway

A package Brussels calendar-locked for today was pre-defeated diplomatically before it was ever formally proposed.

The Cloud and AI Development Act (CAIDA, the EU law that would bar US cloud giants from hosting sensitive public-sector data) did not reach the College of Commissioners on Wednesday 27 May 2026, the date the Commission itself had locked for adoption . The package slipped a third time, to a tentative 3 June, extending a sequence that now reads 25 March, 15 April, 27 May . Andrew Puzder, the US Ambassador to the EU, gave the proximate reason this time, and it was not industrial: he warned the package "crosses a red line" and is inconsistent with the EU-US trade framework 1. Politico, separately, reported the 400-page text was simply not ready 2.

For readers arriving cold: CAIDA is the centrepiece of the Tech Sovereignty Package, bundled with a revamped Chips Act II that would hand Brussels direct equity authority in semiconductor fabs. Alexandra Geese, a German Green MEP, put the trade link on the public record: the EU kept digital rules out of last August's framework, but Washington has kept pressing on the Digital Services Act (DSA, the EU's platform-accountability law) ever since 3.

For five updates the binding constraint on European sovereignty was an implementation gap: the right diagnosis, the right prescriptions, and an 11.2% delivery rate against the recommendations in Mario Draghi's 2024 competitiveness report . That constraint has changed character. Europe's problem is no longer only that it cannot build; it is that it cannot legislate sovereignty without tripping the trade framework, and the veto runs through Berlin. France favours the protectionist line. Germany, exposed to a threatened US tariff package on its automotive and luxury exports worth up to $200bn, does not 4.

The charitable reading deserves a hearing: reconciling procurement law, competition rules and international agreements across hundreds of pages is genuinely slow, and reading a US veto into a routine delay over-reaches. It does not survive the calendar. A third slip on a date The Commission locked, coinciding with a named ambassadorial red line and a documented Paris-Berlin split, means the package lacks the consensus to ship whatever the proximate cause. The instrument built to escape US dependence was pre-defeated diplomatically before a word of it reached the College.

Deep Analysis

In plain English

The European Commission wants to pass a law called CAIDA (the Cloud and AI Development Act) that would stop American tech giants like Microsoft, Amazon, and Google from handling sensitive government data in Europe. Think of it as a 'European data only' rule for public services. This was supposed to be approved on 27 May 2026, but it has now been delayed three times in a row. The latest holdup comes from two directions. First, the US ambassador to the EU publicly warned that the law would break trade rules agreed between Europe and America. Second, Germany is quietly reluctant because the United States has threatened up to $200 billion in tariffs on European cars, and Berlin does not want to provoke Washington further over a digital rule that does not directly affect the car industry.

Deep Analysis
Root Causes

Germany's automotive sector exported €84bn in vehicles and parts to the United States in 2024, representing approximately 27% of total German goods exports to the US. A $200bn threatened tariff package on EU automotive and luxury goods would fall disproportionately on German industry, not French or other member-state industry.

Berlin's CAIDA calculus is therefore not primarily about digital policy; it is about managing a trade-off between cloud procurement rules affecting German public-sector institutions and tariff exposure affecting the German private sector at roughly two orders of magnitude greater economic scale.

The Commission's public rationale for each successive slip has been procedural: finalising legal text, coordinating College positions. The structural cause is that CAIDA requires a qualified majority of member states, and Germany's silence functions as a blocking mechanism inside the College consensus model. Puzder's public intervention on 25 May crystallised what was already known internally: the US had communicated its position bilaterally before the ambassador went public.

What could happen next?
  • Risk

    A fourth slip beyond 3 June would push CAIDA past the summer recess, making October 2026 the earliest plausible adoption and extending US hyperscaler public-sector contract eligibility by another quarter.

    Short term · Assessed
  • Consequence

    Germany's automotive tariff calculus sets a precedent: any EU digital sovereignty instrument that conflicts with a US trade threat can be slowed by member-state export exposure, regardless of the instrument's merits.

    Medium term · Assessed
  • Precedent

    Puzder's public red-line warning, if unrebutted by the Commission, establishes that bilateral US pressure can visibly influence Commission adoption calendars on non-trade legislation.

    Long term · Assessed
First Reported In

Update #6 · Brussels slips sovereignty law a third time

BankInfoSecurity· 27 May 2026
Read original
Different Perspectives
United States (Google/Alphabet)
United States (Google/Alphabet)
Alphabet lost its final Android appeal on 2 July with no further court to hear it, a result its Computer and Communications Industry Association allies frame as precedent, not deterrence, since the €4.1bn fine changed nothing about Google's Play Store terms across eight years of litigation.
UK Department for Science, Innovation and Technology
UK Department for Science, Innovation and Technology
DSIT opened its £96m second Sovereign AI wave on 3 July, switching from April's equity stakes to fixed-price contracts because Britain has no domestic hyperscaler or Bpifrance-style lender to fund capacity another way. It is betting on buying outcomes it controls alone rather than joining an EU-wide framework.
German federal government
German federal government
Berlin backed both German deliverables this week, Infineon's fab and Aleph Alpha's merger, but is finding one far harder to close than the other. It wants enforceable protective rights inside Cohere's cap table before the merger closes, a legal instrument the Bundeskartellamt has no filing to review yet.
European Commission
European Commission
The Commission banked a clean CJEU win on the eight-year Android case on 2 July, removing Google's last comparator argument before President von der Leyen rules on the far larger DMA self-preferencing fine due 27 July. Brussels treats Infineon's early Dresden delivery as proof the Chips Act mechanism works, at the node Europe already led.
Bruegel (EU industry sceptics)
Bruegel (EU industry sceptics)
Bruegel economist Mario Mariniello argued the EU sovereignty package mimics US and Chinese strategy while EU cloud providers hold roughly 15% of their home market; using nationality as a proxy for security without fixing the underlying capital and energy gaps that drive the dependency creates €86bn of migration cost without the security benefit it is sold as delivering.
France
France
France published a joint sovereignty definition with Germany at VivaTech and mobilised €13bn under Tibi Phase 3, placing SAP's partnership with Mistral as the working proof that a German enterprise-software giant running a French sovereign model inside public administration is what digital sovereignty looks like in practice.