The European Commission on the 3rd (local time) announced a sweeping plan to strengthen technological sovereignty to build up capabilities in semiconductors, artificial intelligence (AI), cloud, and open source. It is an industrial security policy aimed at reducing deep dependence on U.S. and Chinese corporations in areas such as hospitals, power grids, defense, finance, and government data, where a single outage can shake the functioning of the state.
Henna Virkkunen, the European Union's senior Vice-Chairperson in charge of technological sovereignty, said at a press briefing on the 3rd that the plan is a step to build digital capabilities. A 2024 competitiveness report by former European Central Bank President Mario Draghi assessed that the EU relies on non-EU suppliers for more than 80% of its digital products, services, and infrastructure. Citing this statistic, Chairperson Virkkunen acknowledged that Europe is heavily dependent on non-EU suppliers for core digital technologies, saying, "Eighty percent of the technologies we use come from outside Europe."
The Commission set a goal to reduce this reliance on non-EU suppliers so that European society does not stop even if foreign corporations unilaterally cut services or foreign governments invoke laws to demand specific data. Commissioner Virkkunen said, "Capabilities in this area do not emerge overnight," adding, "Meaningful results will come no earlier than 2030."
The EU will require stricter data independence from public cloud providers used in sensitive areas such as defense, justice, health care, energy, and finance. The EU views as a security threat the possibility that the U.S. government could pressure its own cloud corporations to take European data or forcibly shut off services.
The basis is the U.S. CLOUD Act enacted in 2018. The law allows the U.S. government, on national security grounds, to compel its corporations to turn over data stored overseas. Experts said the EU is concerned about a "kill switch" that could shut down entire systems by external order if EU authorities refuse a data disclosure demand.
Commissioner Virkkunen predicted that, because of the CLOUD Act, U.S. corporations will find it hard to meet the technological sovereignty grade required for sensitive areas in the EU going forward. The EU plans to select providers for sensitive areas by assessing not only where data are stored but also corporate ownership structure, whether non-EU laws can be avoided, operational control, and supply chain transparency. She told CNBC, "We will make sure that the most important and sensitive data in Europe are stored in Europe." She added, however, "The EU is not choosing isolation or trying to produce everything on its own," saying, "What we want is for Europe to control sensitive services and data related to security and justice."
To keep data within Europe, the EU will at least triple data center capacity in Europe within five to seven years. It will designate separate zones for expedited environmental permits and simultaneously improve access to power, sites, water, and financing.
Semiconductor-related laws were also revised. The EU made a major shift to encourage in-region automakers, defense companies, and public institutions to prioritize purchasing chips made in Europe. The existing Chips Act enacted in 2023 focused on attracting semiconductor plants into the EU by distributing subsidies at the EU level. The EU has since drawn more than €52 billion (about 92 trillion won) in semiconductor plant investments, but it still relies heavily on the United States, Taiwan, Korea, and Japan for advanced manufacturing and design. Although it initially set a goal of raising the global semiconductor market share to 20% by 2030, Europe still accounts for only 10% of the global semiconductor market.
The new amendment shifts the center of gravity to guaranteeing solid demand for corporations that make semiconductors in Europe. The EU will directly connect manufacturers with customer corporations to arrange advance purchase commitments and reduce the risk of overproduction. Olivier d'Armont, a professor at HEC Paris, told the Financial Times (FT), "It is not realistic timewise to build a new advanced AI chip plant," but added, "If existing plants in Europe produce DRAM and memory chips that are in global short supply, there could be positive effects."
To prevent lock-in to only U.S. software, the public sector will also expand open source. Once adopted, government systems can last for decades and are costly to replace. The EU said it will make public institutions early customers of open-source programs to reduce dependence on monopoly software from particular foreign corporations. Beneficiaries are seen to include ASML, SAP, OVHcloud, and Mistral AI.
Warnings are mounting that the move could boomerang. The Computer & Communications Industry Association (CCIA), which includes Amazon and Google, criticized the plan, saying it would "exclude trusted providers and force European users to rely on more limited and lower-quality services."
Leonardo Quattrocchi, a digital policy expert at Sciences Po Paris, assessed that the EU does not have the scale to build the full AI stack domestically like the United States or China. In an interview with Bloomberg, he said, "If the criteria are too stringent, large corporations will do business in other markets, not Europe," adding, "The EU will grow distant from its trading partners, and European users will not be able to use the highest-performance tools."
The package will take effect after approval by the 27 member states and the European Parliament. Because the content is effectively disadvantageous to U.S. Big Tech, concerns are also being raised that trade friction could intensify with Donald Trump back in the White House. Jamieson Greer, the U.S. trade representative, had earlier raised the prospect of retaliatory measures aimed at Europe's continued digital regulation.