Skip to content
You can now search across every topic, entity and event.What's new
European Tech Sovereignty
17MAY

CAIDA due before College, scope cut

4 min read
14:28UTC

The European Commission is set to put its Tech Sovereignty Package before the College of Commissioners on Wednesday 3 June, its fourth scheduled date, with cloud restrictions trimmed to public-sector tenders and the Chips Act's 20 per cent market-share target dropped.

TechnologyDeveloping
Key takeaway

The Commission is set to adopt CAIDA today after narrowing it to public-sector tenders to avoid a US trade clash.

The European Commission is due before the College of Commissioners this morning, Wednesday 3 June, to adopt its Tech Sovereignty Package, its fourth scheduled date after misses in March, April and 27 May . The package combines the Cloud and AI Development Act (CAIDA, the law meant to keep US hyperscalers out of sensitive EU public data) and a revised Chips Act II, the bloc's semiconductor investment instrument. Commission Executive Vice-President Henna Virkkunen is due to present it before the Telecom Council, the EU's gathering of national telecoms ministers, on 9 June 1. As of this hour the College had not met or published; the most recent Commission release, dated 2 June, concerns wildfire response 2. Adoption today remains scheduled rather than confirmed.

The scope has narrowed. CAIDA's cloud restrictions now cover public-sector tenders in health, finance, judicial and energy services only, with private enterprise excluded outright 3. Chips Act II has dropped its 20 per cent global market-share target, abandoned after the Magdeburg and Crolles fab cancellations, and replaced it with a EUR 120bn public-and-private investment goal to 2035 . In place of supply subsidies it brings demand aggregation, a crisis override on supply contracts, and EUR 300,000 fines for firms that withhold supply-chain data 4. A market-share target was a number trade lawyers could litigate against; an investment aspiration carries no such test.

The trimming has a single author. Germany's automotive sector faces US tariff exposure under the EU-US trade framework, and restricting private-enterprise cloud would have handed Washington a clean Section 301 claim. US Ambassador Andrew Puzder called the package a breach of that framework on 25 May . Berlin's silence in the College was the structural veto, and the public-sector-only scope is the concession written in to dodge it. The law that finally reaches the College is the version that no longer touches the export sector whose objection stalled it.

Deep Analysis

In plain English

The European Union has been trying to pass a law called CAIDA that would stop government agencies from using American cloud services like Amazon Web Services or Microsoft Azure for sensitive data such as health records and court files. The idea is that US law lets American officials demand access to data held by US companies anywhere in the world, which is a problem for European governments. The version of the law being voted on in June 2026 only covers government contracts, not private companies. It has also been delayed four times. Separately, a sister law called Chips Act II would spend EUR 120bn trying to build more computer chip factories in Europe so the continent is less reliant on Asian and American suppliers.

Deep Analysis
Root Causes

Three structural forces produced the public-sector-only scope. First, Germany's automotive sector faces up to USD 200bn in threatened US tariff exposure; Berlin calculated that a CAIDA applying to private enterprise would give Washington grounds to escalate. The College silence that structured the carve-out was a trade-political calculation dressed as legislative refinement.

Second, the Commission lacks a legal base to mandate private-sector cloud procurement without a new Treaty clause. Article 114 (internal market harmonisation) does not comfortably extend to directing private firms' IT purchasing. Article 114 (internal market harmonisation), the Commission's chosen legal base, does not extend to directing private firms' IT purchasing; the Commission's own legal service flagged this constraint before the drafting phase began.

Third, there is no European public cloud large enough to absorb a private-sector mandate today. OVHcloud, Hetzner and Scaleway combined hold roughly 4% of EU cloud revenue. A mandate without a viable domestic alternative would produce compliance chaos rather than sovereignty.

What could happen next?
  • Consequence

    A public-sector-only CAIDA creates a legal two-tier system: government data under EU cloud, corporate data still subject to US CLOUD Act compulsion.

    Medium term · Assessed
  • Risk

    If the College again delays past 3 June, the package loses its pre-summer window and faces a new European Parliament term that may reopen scope negotiations.

    Short term · Reported
  • Opportunity

    EUR 300,000 supply-chain data fines in Chips Act II give the Commission a new intelligence tool on semiconductor dependencies, usable independently of CAIDA's fate.

    Medium term · Reported
First Reported In

Update #7 · Sovereignty arrives, minus Brussels

European Parliament· 3 Jun 2026
Read original
Causes and effects
This Event
CAIDA due before College, scope cut
The EU's flagship sovereignty law is due to pass only after being narrowed enough to no longer threaten the EU-US trade truce that constrains it.
Different Perspectives
United States (Google/Alphabet)
United States (Google/Alphabet)
Alphabet lost its final Android appeal on 2 July with no further court to hear it, a result its Computer and Communications Industry Association allies frame as precedent, not deterrence, since the €4.1bn fine changed nothing about Google's Play Store terms across eight years of litigation.
UK Department for Science, Innovation and Technology
UK Department for Science, Innovation and Technology
DSIT opened its £96m second Sovereign AI wave on 3 July, switching from April's equity stakes to fixed-price contracts because Britain has no domestic hyperscaler or Bpifrance-style lender to fund capacity another way. It is betting on buying outcomes it controls alone rather than joining an EU-wide framework.
German federal government
German federal government
Berlin backed both German deliverables this week, Infineon's fab and Aleph Alpha's merger, but is finding one far harder to close than the other. It wants enforceable protective rights inside Cohere's cap table before the merger closes, a legal instrument the Bundeskartellamt has no filing to review yet.
European Commission
European Commission
The Commission banked a clean CJEU win on the eight-year Android case on 2 July, removing Google's last comparator argument before President von der Leyen rules on the far larger DMA self-preferencing fine due 27 July. Brussels treats Infineon's early Dresden delivery as proof the Chips Act mechanism works, at the node Europe already led.
Bruegel (EU industry sceptics)
Bruegel (EU industry sceptics)
Bruegel economist Mario Mariniello argued the EU sovereignty package mimics US and Chinese strategy while EU cloud providers hold roughly 15% of their home market; using nationality as a proxy for security without fixing the underlying capital and energy gaps that drive the dependency creates €86bn of migration cost without the security benefit it is sold as delivering.
France
France
France published a joint sovereignty definition with Germany at VivaTech and mobilised €13bn under Tibi Phase 3, placing SAP's partnership with Mistral as the working proof that a German enterprise-software giant running a French sovereign model inside public administration is what digital sovereignty looks like in practice.