Skip to content
Briefings are running a touch slower this week while we rebuild the foundations.See roadmap
European Tech Sovereignty
3JUN

EU sovereignty law slips a third time

4 min read
10:43UTC

The Cloud and AI Development Act did not reach the College of Commissioners on Wednesday 27 May, the date Brussels itself had locked, and the US ambassador supplied the reason: a trade-framework red line.

← Back to Sovereignty arrives, minus BrusselsJump to analysis ↓
TechnologyDeveloping
Key takeaway

A package Brussels calendar-locked for today was pre-defeated diplomatically before it was ever formally proposed.

The Cloud and AI Development Act (CAIDA, the EU law that would bar US cloud giants from hosting sensitive public-sector data) did not reach the College of Commissioners on Wednesday 27 May 2026, the date the Commission itself had locked for adoption . The package slipped a third time, to a tentative 3 June, extending a sequence that now reads 25 March, 15 April, 27 May . Andrew Puzder, the US Ambassador to the EU, gave the proximate reason this time, and it was not industrial: he warned the package "crosses a red line" and is inconsistent with the EU-US trade framework 1. Politico, separately, reported the 400-page text was simply not ready 2.

For readers arriving cold: CAIDA is the centrepiece of the Tech Sovereignty Package, bundled with a revamped Chips Act II that would hand Brussels direct equity authority in semiconductor fabs. Alexandra Geese, a German Green MEP, put the trade link on the public record: the EU kept digital rules out of last August's framework, but Washington has kept pressing on the Digital Services Act (DSA, the EU's platform-accountability law) ever since 3.

For five updates the binding constraint on European sovereignty was an implementation gap: the right diagnosis, the right prescriptions, and an 11.2% delivery rate against the recommendations in Mario Draghi's 2024 competitiveness report . That constraint has changed character. Europe's problem is no longer only that it cannot build; it is that it cannot legislate sovereignty without tripping the trade framework, and the veto runs through Berlin. France favours the protectionist line. Germany, exposed to a threatened US tariff package on its automotive and luxury exports worth up to $200bn, does not 4.

The charitable reading deserves a hearing: reconciling procurement law, competition rules and international agreements across hundreds of pages is genuinely slow, and reading a US veto into a routine delay over-reaches. It does not survive the calendar. A third slip on a date the Commission locked, coinciding with a named ambassadorial red line and a documented Paris-Berlin split, means the package lacks the consensus to ship whatever the proximate cause. The instrument built to escape US dependence was pre-defeated diplomatically before a word of it reached the College.

Deep Analysis

In plain English

The European Commission wants to pass a law called CAIDA (the Cloud and AI Development Act) that would stop American tech giants like Microsoft, Amazon, and Google from handling sensitive government data in Europe. Think of it as a 'European data only' rule for public services. This was supposed to be approved on 27 May 2026, but it has now been delayed three times in a row. The latest holdup comes from two directions. First, the US ambassador to the EU publicly warned that the law would break trade rules agreed between Europe and America. Second, Germany is quietly reluctant because the United States has threatened up to $200 billion in tariffs on European cars, and Berlin does not want to provoke Washington further over a digital rule that does not directly affect the car industry.

Deep Analysis
Root Causes

Germany's automotive sector exported €84bn in vehicles and parts to the United States in 2024, representing approximately 27% of total German goods exports to the US. A $200bn threatened tariff package on EU automotive and luxury goods would fall disproportionately on German industry, not French or other member-state industry.

Berlin's CAIDA calculus is therefore not primarily about digital policy; it is about managing a trade-off between cloud procurement rules affecting German public-sector institutions and tariff exposure affecting the German private sector at roughly two orders of magnitude greater economic scale.

The Commission's public rationale for each successive slip has been procedural: finalising legal text, coordinating College positions. The structural cause is that CAIDA requires a qualified majority of member states, and Germany's silence functions as a blocking mechanism inside the College consensus model. Puzder's public intervention on 25 May crystallised what was already known internally: the US had communicated its position bilaterally before the ambassador went public.

What could happen next?
  • Risk

    A fourth slip beyond 3 June would push CAIDA past the summer recess, making October 2026 the earliest plausible adoption and extending US hyperscaler public-sector contract eligibility by another quarter.

    Short term · Assessed
  • Consequence

    Germany's automotive tariff calculus sets a precedent: any EU digital sovereignty instrument that conflicts with a US trade threat can be slowed by member-state export exposure, regardless of the instrument's merits.

    Medium term · Assessed
  • Precedent

    Puzder's public red-line warning, if unrebutted by the Commission, establishes that bilateral US pressure can visibly influence Commission adoption calendars on non-trade legislation.

    Long term · Assessed
Sources:BankInfoSecurity·Digital Watch Observatory·European Parliament
Mentions:Chips Act II →College of Commissioners →Germany →France →Digital Services Act →Bruegel →Google →Section 301 →GDPR →Brussels →Amazon →Netherlands →Microsoft →Washington →United States →Paris →Berlin →European Commission →Alexandra Geese →Cloud and AI Development Act →Tech Sovereignty Package →USTR →Andrew Puzder →
First Reported In

Update #6 · Brussels slips sovereignty law a third time

BankInfoSecurity· 27 May 2026
Read original
Causes and effects
Caused by
Brussels locks 27 May for CAIDA and Chips II
The 27 May calendar-locked adoption date (ID:3367) is the commitment the third slip breaks; ID:3367 is the direct antecedent.
Occurred 27 May 2026
Read story →
Sovereignty package slips to 27 May
The second deadline slip (ID:3071) established the pattern; the third slip escalates it to a structural diplomatic sequencing failure.
Occurred 7 May 2026
Read story →
Three EU-US deadlines collide in 9 days
The Section 301 24 July determination (ID:3073) gives Puzder's red-line warning operational credibility and makes the Germany-France split determinative.
Occurred 7 May 2026
Read story →
This Event
EU sovereignty law slips a third time
The constraint on European tech sovereignty has shifted from an industrial implementation gap to a trade trap, with the veto running through Germany's tariff exposure.
Led to
France chairs G7 with nothing to table
The CAIDA third slip (event 0) directly caused the G7 Bercy ministerial (event 1) to proceed without an adopted package.
Occurred 29 May 2026
Read story →
CAIDA due before College, scope cut
CAIDA's public-sector-only scope is the direct legislative response to Puzder's 25 May trade-framework warning and Berlin's sustained College silence.
Occurred 3 Jun 2026
Read story →
Different Perspectives
European Central Bank
European Central Bank
The ECB's digital euro pilot drew more than 50 PSP applications and is naming 10 to 30 participants in July, advancing on its own monetary mandate without requiring a Commission act. Its trajectory this week is the inverse of CAIDA's: the sovereignty instrument that restricts no US firm is the only one keeping its published calendar.
United States (Ambassador Andrew Puzder / Steptoe LLP)
United States (Ambassador Andrew Puzder / Steptoe LLP)
Puzder named CAIDA a red line inconsistent with the EU-US trade framework on 25 May; Steptoe warns US firms spend up to USD 50bn a year on DMA and DSA compliance and that CAIDA's Buy European tilt threatens the Turnberry truce. The Google fine delay is read in Washington as evidence that Commission enforcement bends to diplomatic pressure.
France (G7 chair and Mistral AI)
France (G7 chair and Mistral AI)
France chaired the 29 May G7 Bercy ministerial and produced a communique that omitted cloud sovereignty entirely, while its national AI champion Mistral won five-year Airbus and BMW engineering contracts commercially the day before. Paris is advancing sovereignty through the market and retreating on it at every multilateral table.
Germany (federal government)
Germany (federal government)
Berlin maintained College silence that forced CAIDA's scope to public-sector tenders, protecting the automotive sector from a US Section 301 claim while simultaneously allowing BMW to contract Mistral for safety-critical crash-simulation work. German corporate procurement and German trade policy are running in opposite directions.
Netherlands (minister Willemijn Aerdts)
Netherlands (minister Willemijn Aerdts)
Aerdts blocked Kyndryl's EUR 100m Solvinity acquisition on 26 May, the first US deal ever stopped under Dutch screening, on the specific ground that the US CLOUD Act could compel disclosure of DigiD and MijnOverheid data. The decision is a direct demonstration that national screening achieves CAIDA's public-sector objective without waiting for EU law.
European Commission
European Commission
The Commission is presenting CAIDA adoption on its fourth scheduled date as a sovereignty milestone, with Henna Virkkunen due to brief the Telecom Council on 9 June. The narrowed public-sector-only scope is the concession written in to secure adoption; whether the Commission presents it as a floor or a ceiling for future revision is the open question.