The European Commission on the 3rd (local time) announced a large-scale plan to strengthen Technological Sovereignty to build up capabilities in semiconductors, artificial intelligence (AI), cloud, and open source. It is an industrial security policy aimed at reducing deep dependence on U.S. and Chinese corporations in areas where a single disruption can shake state functions, such as hospitals, power grids, defense, finance, and government data.
Henna Virkkunen, the European Union's senior vice president in charge of technological sovereignty, said at a press briefing on the 3rd that the plan is a measure to build digital capabilities. A 2024 competitiveness report by former European Central Bank President Mario Draghi diagnosed that the EU relies on extra-regional suppliers for more than 80% of its digital products, services, and infrastructure. Citing this statistic, Chairperson Virkkunen acknowledged Europe's heavy reliance on extra-regional suppliers for core digital technologies, saying, "Eighty percent of the technologies we use come from outside Europe."
The Commission set a goal to lower this dependence on extra-regional suppliers so that European society does not stop even if foreign corporations unilaterally cut services or foreign governments invoke laws to demand specific data. Commissioner Virkkunen said, "Capabilities in this field do not appear overnight," adding, "Meaningful results will come no earlier than 2030."
The EU will require stricter data independence from public cloud providers used in sensitive areas such as defense, justice, health care, energy, and finance. The EU views the possibility that the U.S. government could pressure its own cloud corporations to take European data or force a service shutdown as a security threat.
The basis is the U.S. CLOUD Act enacted in 2018. The law allows the U.S. government to compel the submission, on national security grounds, of data that U.S. corporations store overseas. Experts said the EU is concerned about a "kill switch" function that could shut down entire systems under external orders if the EU refuses data submission demands.
Commissioner Virkkunen predicted that, because of the CLOUD Act, it will be difficult for U.S. corporations to meet the technological sovereignty grade required for sensitive areas in the EU going forward. The EU plans to select providers for sensitive areas by examining not only data storage location but also corporate ownership structure, whether extra-regional laws can be avoided, operational control, and supply chain transparency. She told CNBC, "We will make sure that the most important and sensitive data in Europe is stored in Europe." However, she added, "The EU is not choosing isolation and trying to produce everything on its own," saying, "Europe will control sensitive services and data related to security and justice."
To store data within Europe, the EU will at least triple data center capacity in Europe within five to seven years. It will set aside zones for expedited environmental permitting and simultaneously improve access to power, land, water, and financing.
The EU also revised semiconductor-related legislation. It made a major shift to encourage in-region automakers, defense contractors, and public institutions to preferentially purchase chips made in Europe. The existing Chips Act enacted in 2023 focused on attracting semiconductor fabs into the bloc with EU-level subsidies. Although the EU has since drawn more than €52 billion (about 92 trillion won) in fab investments, it still heavily relies on the United States, Taiwan, Korea, and Japan for advanced manufacturing and design. While it initially set a goal of raising global semiconductor market share to 20% by 2030, Europe's share still stands at 10%.
The newly proposed amendments shift the center of gravity toward guaranteeing solid demand for corporations that manufacture semiconductors in Europe. The EU will directly connect manufacturers and buyer corporations to broker advance purchase commitments and reduce the risk of overproduction. Olivier d'Armunia of HEC Paris told the Financial Times (FT) that "building a new advanced AI chip fab is not realistic on the timeline," but he also noted, "If existing plants in Europe produce DRAM and memory chips that are in global short supply, it could have positive effects."
To prevent lock-in effects confined only to U.S. software, the public sector will also build up open source. Government systems, once introduced, can last for decades and are costly to replace. The EU said it will make public institutions early customers of open-source programs to reduce the structure of being tied to monopoly software from specific foreign corporations. Beneficiaries cited include Netherlands chip equipment maker ASML, Germany industrial software company SAP, France cloud provider OVHcloud, and AI corporation Mistral.
Warnings are mounting that the measures could boomerang. The Computer & Communications Industry Association (CCIA), which includes Amazon and Google, criticized that it would "exclude trusted providers and force European users to rely on more limited and lower-quality services."
Leonardo Quattrocchi, a digital policy expert at Sciences Po Paris, assessed that the EU does not have the scale to internalize the entire AI stack like the United States or China. In an interview with Bloomberg, he said, "If the criteria are excessively stringent, large enterprises will trade with markets outside Europe," adding, "The EU will drift away from trading partners, and European users will not be able to use the highest-performance tools."
The package will take effect after approval by the 27 member states and the European Parliament. Because the content is effectively unfavorable to U.S. Big Tech, concerns are being raised that trade frictions could intensify now that U.S. President Donald Trump has returned to the White House. Jamieson Greer, the U.S. trade representative, earlier raised the prospect of retaliatory measures targeting Europe's continued digital regulation.