Skip to content
Briefings are running a touch slower this week while we rebuild the foundations.See roadmap
European Tech Sovereignty
17MAY

Brussels' 27 May package, two days before G7

4 min read
14:28UTC

Europe's tech sovereignty machine enters a 10-day delivery window. On 27 May the Commission adopts the Cloud and AI Development Act alongside a revamped Chips Act. On 29 May France chairs the G7 Digital Ministerial at Bercy. The 7 May AI Omnibus deal has already split the AI Act enforcement clock in two.

TechnologyFelix RedaAura Salla
Key takeaway

Brussels is building sovereignty instruments around gaps US law creates, not around a coherent European technology stack.

This briefing mapped
Loading map…
Regulatory
Legal
Infrastructure
Competitive
Diplomatic
Economic

The European Commission has fixed Wednesday 27 May 2026 for adoption of its long-trailed Tech Sovereignty Package, combining the Cloud and AI Development Act with a revamped Chips Act II. The file slipped twice before the date hardened.

Deep dive into this story →

The European Commission confirmed 27 May 2026 as the adoption date for its Tech Sovereignty Package, combining CAIDA and Chips Act II. The package had missed two earlier deadlines and its confirmation matters because the two laws together address the structural gaps that let the Magdeburg and Crolles projects collapse.

For EU citizens and businesses, 27 May is the legal starting gun: CAIDA's public-sector cloud restrictions and Chips Act II's direct-investment authority both need formal adoption before any enforcement or spending can begin. 

1 Bloomberg2 gHacks3 European Council4 Sovereign Tech Agency5 Euronews6 Mistral AI7 ASML8 Hogan Lovells9 Sovereign Tech Agency10 TechCrunch11 Sovereign Tech Agency
Briefing analysis

The Chips Act II direct-investment provision is a structural response to two failures. Intel's cancelled Magdeburg fab in early 2026 (ID:2325) and GlobalFoundries' suspended Crolles project (ID:2326) together stripped €37.5bn from the original Chips Act delivery plan. Both files relied on member-state aid (Germany for Magdeburg, France for Crolles) to leverage private investment commitments that never materialised. By taking equity-stake authority directly, Brussels skips the state-aid layer that proved insufficient at both sites. The constraint that remains is operator demand, which the new instrument does not address. Italy's €211m photonic-chips state aid in April (ID:2623), routed through the Commission rather than Rome, is the template: small, application-specific, and at the trailing edge of the semiconductor stack rather than at leading-edge logic.

Bloomberg reported on Thursday 30 April 2026 that the Chips Act II revamp will grant the European Commission direct equity-stake authority in semiconductor fabs, removing the member-state intermediary that proved insufficient at Magdeburg and Crolles.

Sources profile:This story draws on centre-left-leaning sources from United States
United States
Deep dive into this story →

Chips Act II will let the European Commission take direct equity stakes in semiconductor factories, removing the member-state middlemen who proved unable to secure private investment at Magdeburg and Crolles. Bloomberg reported the provision on 30 April 2026, alongside confirmation that €37.5bn in cancelled commitments had been stripped from the original Chips Act.

Direct equity authority changes the EU's role from subsidy administrator to co-investor, which alters the risk-sharing calculus for chipmakers considering European facilities. 

Sources:Bloomberg
1 Bloomberg

CNBC reported on Thursday 7 May 2026, and gHacks confirmed on Tuesday 12 May, that CAIDA's leaked scope bars Microsoft, AWS and Google Cloud from processing financial, judicial and health data on behalf of EU public-sector clients. Private-sector procurement is excluded entirely.

Sources profile:This story draws on neutral-leaning sources
Deep dive into this story →

A leaked CAIDA draft, reported by CNBC on 7 May and confirmed by gHacks on 12 May, bars US cloud providers from holding EU public-sector financial, judicial, and health data. The private enterprise market, which accounts for about 70 per cent of EU cloud revenue, is left untouched.

The public-sector carve-out means Microsoft, Amazon, and Google lose access to a symbolically important but financially limited slice of the EU market; while keeping the bulk of their European revenue unaffected. 

Sources:gHacks
1 gHacks

The Council of the EU and the European Parliament struck a provisional agreement on the Digital Omnibus on AI on Thursday 7 May 2026, moving the Annex III high-risk compliance deadline from 2 August 2026 to 2 December 2027 while leaving GPAI enforcement unchanged at 2 August 2026.

Sources profile:This story draws on neutral-leaning sources
Deep dive into this story →

The Council of the EU and the European Parliament agreed an AI Omnibus deal on 7 May 2026, pushing the compliance deadline for high-risk AI systems from 2 August 2026 to 2 December 2027. General-purpose AI providers such as OpenAI, Google, and Anthropic keep the original August 2026 deadline.

The deal splits enforcement into two speeds: US-based foundation model providers face earlier scrutiny, while European companies building on top of those models get 16 months more time to prepare. 

Sources:European Council·Document Foundation
1 European Council

France awards Health Data Hub to Scaleway

France awarded the national Health Data Hub hosting contract to Scaleway on Thursday 23 April 2026 in a multi-year migration reported at around €180m, moving millions of citizens' health records off Microsoft Azure with migration targeted for late 2026 to early 2027.

Sources profile:This story draws on centre-leaning sources from France
France
LeftRight
Deep dive into this story →

France awarded its national health data platform contract to Scaleway on 23 April 2026, in a multi-year deal worth around €180m. Millions of French citizens' health records will move off Microsoft Azure. Migration is targeted for late 2026 to early 2027, but Scaleway must first complete SecNumCloud certification from France's national cyber-security agency ANSSI.

The contract is the most significant European sovereign-cloud win since the EU awarded its institutional framework last week; and it removes Microsoft's most politically visible French public-sector reference customer. 

Sources:Euronews
1 Euronews

Mistral AI launched Le Chat Enterprise and Mistral Medium 3.5 on Wednesday 29 April 2026, a 128-billion-parameter multimodal model with a 256,000-token context window, on-premises deployment and GDPR data-residency guarantees built to compete with ChatGPT Enterprise and Claude Enterprise in EU procurement.

Sources profile:This story draws on neutral-leaning sources
Deep dive into this story →

Mistral AI launched Le Chat Enterprise and its Mistral Medium 3.5 model on 29 April 2026. The model runs 128 billion parameters with a 256,000-token context window, can be deployed on a company's own servers, and comes with GDPR data-residency guarantees. It competes directly with ChatGPT Enterprise and Claude Enterprise for EU public-sector and regulated-industry contracts.

The launch is Mistral's first product test of the €830m debt it raised in March, and it arrives six days before Arthur Mensch co-signed the seven-CEO deregulation letter to the Commission

Sources:Mistral AI
1 Mistral AI

France announced the G7 Digital Ministerial for Friday 29 May 2026 at Bercy in Paris under the French G7 presidency, chaired by Anne Le Hénanff with priorities on AI security, AI diffusion, minors online and digital resilience.

Sources profile:This story draws on neutral-leaning sources
Deep dive into this story →

France is hosting the G7 Digital Ministerial at the finance ministry in Bercy, Paris, on 29 May 2026. Anne Le Hénanff, France's Minister Delegate for AI and Digital Affairs, chairs the session, with AI security, AI diffusion, protection of minors online, and digital resilience as the stated priorities.

The ministerial lands two days after the planned Tech Sovereignty Package adoption, which means the communique will reflect whether G7 partners accept or contest Brussels' new two-speed AI enforcement calendar. 

Sources:Ministère de l'Économie, des Finances et de la Souveraineté industrielle et numérique
1 Ministère de l'Économie, des Finances et de la Souveraineté industrielle et numérique

ASML issued Q2 2026 guidance with a midpoint of €8.7bn, roughly €300m below the analyst consensus of around €9.0bn, stacked on top of a 17 percentage-point drop in Chinese revenue share from 36 per cent to 19 per cent in Q1 2026.

Sources profile:This story draws on centre-left-leaning sources from United States
United States
Deep dive into this story →

ASML's Q2 2026 revenue guidance midpoint came in at €8.7bn, about €300m below analyst consensus of €9.0bn. That miss stacks on top of a 17-percentage-point fall in Chinese revenue share, from 36 per cent to 19 per cent, recorded in the previous quarter.

For European semiconductor strategy, the numbers matter beyond ASML's own results: the company cross-subsidises the R&D costs of its leading-edge EUV machines through mature-node sales to China, and that subsidy is being compressed by US export restrictions. 

Sources:Bloomberg
1 Bloomberg

The European Commission published draft Cyber Resilience Act open-source guidance on Tuesday 3 March 2026 with consultation closing on Tuesday 31 March, confirming that responsibility for free and open-source software falls on who publishes and controls, not on contributors with commit access.

Sources profile:This story draws on neutral-leaning sources
Deep dive into this story →

The European Commission published draft guidance on the Cyber Resilience Act's (CRA) open-source provisions on 3 March 2026. The guidance draws the liability line at the publisher who controls a project, not individual contributors with commit access. It also flags that financial donations to an open-source project can trigger 'placed on market' compliance obligations.

The reporting deadline under the CRA starts 11 September 2026, whether or not final guidance is published before then. 

Sources:Sovereign Tech Agency
1 Hogan Lovells

The German Sovereign Tech Agency launched the Sovereign Tech Standards programme paying open-source maintainers €4,800 to €5,200 per month to participate in IETF, W3C and ISO standards bodies, with up to ten places from June 2026 to June 2027. Applications closed on Tuesday 19 May 2026.

Sources profile:This story draws on neutral-leaning sources
Deep dive into this story →

Germany's Sovereign Tech Agency launched a programme on 19 May 2026 paying open-source software maintainers €4,800 to €5,200 per month to participate in the IETF, W3C, and ISO standards bodies. Up to ten places were available for the year from June 2026 to June 2027.

This is the only programme in Europe that directly funds participation in internet and web standards bodies, filling a gap that the Commission's proposed €350m Sovereign Tech Fund has not yet closed. 

Sources:USTR
1 Sovereign Tech Agency

Handelsblatt reported on Saturday 25 April 2026 that the Cohere-Aleph Alpha merger deal structure resolved at a 90/10 equity split, with Schwarz Group anchoring €500m structured financing and dual headquarters planned in Canada and Germany; close is targeted for H2 2026 and no Bundeskartellamt filing had been submitted as of 17 May 2026.

Sources profile:This story draws on neutral-leaning sources
Deep dive into this story →

The Cohere-Aleph Alpha merger resolved at a 90/10 equity split, with Germany's Schwarz Group anchoring €500m in structured financing. The deal is targeting a close in the second half of 2026, with dual headquarters planned in Canada and Germany. As of 17 May 2026, no formal filing had been submitted to Germany's Bundeskartellamt (Federal Cartel Office).

The missing filing is the outstanding gate: without it, Berlin's sovereignty conditions cannot be translated into legally enforceable merger commitments, and the deal remains announced intent rather than a tested legal structure. 

Sources:Hogan Lovells
1 TechCrunch
Closing comments

Sideways-to-up. The immediate escalation mechanism is the USTR Section 301 final determination on 24 July 2026, which could classify CAIDA's public-sector cloud restriction as a digital trade barrier warranting retaliatory tariffs on EU goods, landing the same week as the DMA Google search-data binding decision. The G7 Bercy communique on 29 May is the early signal: if G7 partners endorse the package framing, the July window is lower risk; if the communique hedges or the US issues a formal Section 301 preliminary finding against CAIDA before adoption, the 27 May date becomes a political liability rather than a credibility marker. The mechanism that tips this upward is the S3NS SEAL-2 question at adoption: if CAIDA's text fails to carve out the Thales-Google joint venture, expect immediate US diplomatic pressure framed as treating a jointly owned product as a purely American service.

Different Perspectives
European Commission / Henna Virkkunen
European Commission / Henna Virkkunen
Commissioner Virkkunen carries both CAIDA and Chips Act II through the College of Commissioners vote on 27 May, positioning the package as a procurement framework rather than a trade barrier. The public-sector-only CAIDA scope reflects the Commission legal advisers' calculation that a private-enterprise restriction would trigger a formal US Section 301 counter-designation before adoption.
Arthur Mensch / Mistral AI
Arthur Mensch / Mistral AI
Mensch co-signed the 5 May Handelsblatt letter asking Brussels to simplify AI rules and received the 16-month Annex III extension in the 7 May Omnibus deal. Mistral occupies three positions simultaneously: sovereignty champion, enterprise competitor, and chief deregulation lobbyist, and the tension between them sharpens as Le Chat Enterprise enters EU public procurement.
CISPE / Valentina Mingorance
CISPE / Valentina Mingorance
CISPE shipped its own pass-fail sovereignty badge in April to establish an industry-auditable floor the Commission could adopt. Whether CAIDA inherits the CISPE binary or the multi-tier SEAL approach will determine whether certification is enforceable by public contracting authorities or requires Commission discretion.
US Trade Representative
US Trade Representative
The USTR Section 301 investigation into EU digital rules closes with a 24 July 2026 final determination. CAIDA's public-sector cloud restriction sits within the criteria that triggered the 2020 Section 301 action against France's digital services tax, and the US has not signalled whether the Thales-Google S3NS arrangement resolves CLOUD Act jurisdiction concerns.
German federal government
German federal government
Berlin operationalises sovereignty through procurement mandates (the ODF requirement and the Sovereign Tech Standards programme) rather than waiting for Commission legislation. The Bundeskartellamt has still not received the Cohere-Aleph Alpha merger filing, leaving Germany's flagship AI champion in structural limbo six weeks after the deal resolved.
Anne Le Henanff / French G7 Presidency
Anne Le Henanff / French G7 Presidency
Le Henanff chairs the 29 May Bercy ministerial two days after Brussels adopts the Tech Sovereignty Package, making the G7 communique the first international read of the Omnibus enforcement split and CAIDA's scope. France's Cloud au Centre doctrine is already operational via the Scaleway Health Data Hub contract.