Skip to content
Briefings are running a touch slower this week while we rebuild the foundations.See roadmap
Iran Conflict 2026
1MAR

EU sovereignty law slips a third time

4 min read
08:00UTC

The Cloud and AI Development Act did not reach the College of Commissioners on Wednesday 27 May, the date Brussels itself had locked, and the US ambassador supplied the reason: a trade-framework red line.

← Back to Khamenei killed; Iran fires on 7 countriesJump to analysis ↓
ConflictDeveloping
Key takeaway

A package Brussels calendar-locked for today was pre-defeated diplomatically before it was ever formally proposed.

The Cloud and AI Development Act (CAIDA, the EU law that would bar US cloud giants from hosting sensitive public-sector data) did not reach the College of Commissioners on Wednesday 27 May 2026, the date the Commission itself had locked for adoption . The package slipped a third time, to a tentative 3 June, extending a sequence that now reads 25 March, 15 April, 27 May . Andrew Puzder, the US Ambassador to the EU, gave the proximate reason this time, and it was not industrial: he warned the package "crosses a red line" and is inconsistent with the EU-US trade framework 1. Politico, separately, reported the 400-page text was simply not ready 2.

For readers arriving cold: CAIDA is the centrepiece of the Tech Sovereignty Package, bundled with a revamped Chips Act II that would hand Brussels direct equity authority in semiconductor fabs. Alexandra Geese, a German Green MEP, put the trade link on the public record: the EU kept digital rules out of last August's framework, but Washington has kept pressing on the Digital Services Act (DSA, the EU's platform-accountability law) ever since 3.

For five updates the binding constraint on European sovereignty was an implementation gap: the right diagnosis, the right prescriptions, and an 11.2% delivery rate against the recommendations in Mario Draghi's 2024 competitiveness report . That constraint has changed character. Europe's problem is no longer only that it cannot build; it is that it cannot legislate sovereignty without tripping the trade framework, and the veto runs through Berlin. France favours the protectionist line. Germany, exposed to a threatened US tariff package on its automotive and luxury exports worth up to $200bn, does not 4.

The charitable reading deserves a hearing: reconciling procurement law, competition rules and international agreements across hundreds of pages is genuinely slow, and reading a US veto into a routine delay over-reaches. It does not survive the calendar. A third slip on a date the Commission locked, coinciding with a named ambassadorial red line and a documented Paris-Berlin split, means the package lacks the consensus to ship whatever the proximate cause. The instrument built to escape US dependence was pre-defeated diplomatically before a word of it reached the College.

Deep Analysis

In plain English

The European Commission wants to pass a law called CAIDA (the Cloud and AI Development Act) that would stop American tech giants like Microsoft, Amazon, and Google from handling sensitive government data in Europe. Think of it as a 'European data only' rule for public services. This was supposed to be approved on 27 May 2026, but it has now been delayed three times in a row. The latest holdup comes from two directions. First, the US ambassador to the EU publicly warned that the law would break trade rules agreed between Europe and America. Second, Germany is quietly reluctant because the United States has threatened up to $200 billion in tariffs on European cars, and Berlin does not want to provoke Washington further over a digital rule that does not directly affect the car industry.

Deep Analysis
Root Causes

Germany's automotive sector exported €84bn in vehicles and parts to the United States in 2024, representing approximately 27% of total German goods exports to the US. A $200bn threatened tariff package on EU automotive and luxury goods would fall disproportionately on German industry, not French or other member-state industry.

Berlin's CAIDA calculus is therefore not primarily about digital policy; it is about managing a trade-off between cloud procurement rules affecting German public-sector institutions and tariff exposure affecting the German private sector at roughly two orders of magnitude greater economic scale.

The Commission's public rationale for each successive slip has been procedural: finalising legal text, coordinating College positions. The structural cause is that CAIDA requires a qualified majority of member states, and Germany's silence functions as a blocking mechanism inside the College consensus model. Puzder's public intervention on 25 May crystallised what was already known internally: the US had communicated its position bilaterally before the ambassador went public.

What could happen next?
  • Risk

    A fourth slip beyond 3 June would push CAIDA past the summer recess, making October 2026 the earliest plausible adoption and extending US hyperscaler public-sector contract eligibility by another quarter.

    Short term · Assessed
  • Consequence

    Germany's automotive tariff calculus sets a precedent: any EU digital sovereignty instrument that conflicts with a US trade threat can be slowed by member-state export exposure, regardless of the instrument's merits.

    Medium term · Assessed
  • Precedent

    Puzder's public red-line warning, if unrebutted by the Commission, establishes that bilateral US pressure can visibly influence Commission adoption calendars on non-trade legislation.

    Long term · Assessed
Sources:BankInfoSecurity·Digital Watch Observatory·European Parliament
Mentions:Chips Act II →College of Commissioners →Germany →France →Digital Services Act →Bruegel →Google →Section 301 →GDPR →Brussels →Amazon →Netherlands →Microsoft →Washington →United States →Paris →Berlin →European Commission →Alexandra Geese →Cloud and AI Development Act →Tech Sovereignty Package →USTR →Andrew Puzder →
First Reported In

Update #6 · Brussels slips sovereignty law a third time

BankInfoSecurity· 27 May 2026
Read original
Causes and effects
Caused by
Brussels locks 27 May for CAIDA and Chips II
The 27 May calendar-locked adoption date (ID:3367) is the commitment the third slip breaks; ID:3367 is the direct antecedent.
Occurred 27 May 2026
Read story →
Sovereignty package slips to 27 May
The second deadline slip (ID:3071) established the pattern; the third slip escalates it to a structural diplomatic sequencing failure.
Occurred 7 May 2026
Read story →
Three EU-US deadlines collide in 9 days
The Section 301 24 July determination (ID:3073) gives Puzder's red-line warning operational credibility and makes the Germany-France split determinative.
Occurred 7 May 2026
Read story →
This Event
EU sovereignty law slips a third time
The constraint on European tech sovereignty has shifted from an industrial implementation gap to a trade trap, with the veto running through Germany's tariff exposure.
Led to
France chairs G7 with nothing to table
The CAIDA third slip (event 0) directly caused the G7 Bercy ministerial (event 1) to proceed without an adopted package.
Occurred 29 May 2026
Read story →
CAIDA due before College, scope cut
CAIDA's public-sector-only scope is the direct legislative response to Puzder's 25 May trade-framework warning and Berlin's sustained College silence.
Occurred 3 Jun 2026
Read story →
Brussels adopts CADA, narrows its scope
Third slip under US trade pressure (ID:3644) forced scope narrowing that produced the adopted 1% ceiling.
Occurred 3 Jun 2026
Read story →
Different Perspectives
Markets
Markets
Brent crude rose 2.2 per cent to $96.34 on 10 June, reversing a 7 per cent weekly decline built on deal optimism, as the overnight exchange repriced the Strait of Hormuz risk premium in a single session. The move reflects transit-risk repricing rather than supply shock: Iran's exports had already collapsed to below 300,000 barrels per day.
Pakistan
Pakistan
Pakistan's Naqvi channel, the only mediation track carrying both civilian and military buy-in, was stress-tested by live ordnance within 48 hours of the 6-7 June Tehran visit. Whether Washington informed Islamabad of the imminent strike plan while Naqvi was in Tehran remains undisclosed, putting the channel's neutrality under scrutiny.
Kuwait
Kuwait
Kuwait hosted the third Iranian strike on its soil since the 3 June airport drone attack, with Ali Al Salem airbase targeted in the three-country salvo. Its recent $1.98 billion Anduril Anvil counter-drone purchase signals it is rearming rather than reconsidering its hosting posture.
Bahrain
Bahrain
Bahrain absorbed the IRGC barrage via PAC-3 intercepts with its magazine already at 87 per cent depletion and no resupply before 2027. Sounding air-raid sirens over Manama, it faced the intercept burden with the thinnest defensive stack in the Gulf coalition.
Jordan
Jordan
Jordan reported all five incoming missiles intercepted with no injuries and no damage, a clean defensive performance that strengthens Amman's case for staying in the Western coalition without escalating its own posture. It now sits on Iran's target list for the first time despite not being a party to the Abraham Accords confrontation.
Iran / IRGC
Iran / IRGC
Foreign Minister Araghchi posted on X that US forces should 'leave our region if you want to be safe' and framed the exchange as a US defeat, while the IRGC claimed 21 targets hit and an F-35 hangar destroyed. The claims serve a domestic and Arab-audience framing rather than a verified battle-damage assessment.