Sovereignty 2.0: Why Europe’s €180 million cloud bet matters

Last week, World Economic Forum President Børge Brende warned of three emerging bubbles threatening financial markets: crypto, AI and government debt – now at levels not seen since 1945.

But there’s a critical dimension to this warning that wasn’t touched upon: the three bubbles all depend on next generation cloud computing power. And this is increasingly consolidated in the hands of a few geographically concentrated hyperscalers that control more than two-thirds of global cloud infrastructure spending.

When investment bubbles meet concentrated infrastructure and a fracturing geopolitical order, systemic risk multiplies. This is now a potential fourth bubble, and will be one of the top issues facing world leaders. The question for those gathering this week in Berlin for the Summit on European Digital Sovereignty, and those who will meet in Davos in January, is stark: How do you provide the technological and computing power needed for economic growth while minimizing both concentration and geopolitical risk?

Last month, the European Commission – with no home-grown hyperscalers – moved to provide an answer: a €180 million tender for sovereign cloud infrastructure to equip its institutions, noting that it “establishes a benchmark for how sovereignty is applied in practice to cloud services” for the world’s largest trading bloc, and for the first time demanding real, specific and robust quantifiable metrics for technological sovereignty based on its new Cloud Sovereignty Framework.

The timing matters. The global sovereign cloud market is projected to reach over $250 billion in just three years and 75% of enterprises outside the US are expected to have digital sovereignty strategies by 2030. Europe's approach is not an isolated experiment but the leading edge of a global shift.

The first generation of technological sovereignty – sovereignty 1.0 – emerged after the 2008 financial crisis. Cloud and data regulation largely focused on where data resided – physical location served as a proxy for sovereignty and control. While data sat in local data centres, real operational control – access protocols, encryption keys, patching cycles –remained firmly in non-European locations. It was ultimately sovereignty theatre.

An initial policy reaction was first seen in relation to Chinese providers – who once provided over 50% of 5G equipment in some EU jurisdictions – over fears of government compulsion. This has now accelerated. Russia’s invasion of Ukraine, intensifying US-China tech competition and trade wars exposed a hard truth: Dependency has become a new systemic vulnerability.

The concern is measurable: 61% of CIOs in Western Europe now say geopolitical risks will restrict their use of global cloud providers. This will force a definitive shift in policy towards sovereign infrastructure 2.0.

This focuses on operational autonomy, which involves controlling the stack end-to-end: operating services independently with resident staff, infrastructure and support, free from potential foreign compulsion. This approach is being closely evaluated by regional blocs, including ASEAN, the GCC and the African Union, across three pillars.

Europe’s ultimate objective is clear: ensure no single actor can compel actions against its interests while still having the compute and interoperability essential for AI development, supply chain automation and cross-border trade. Absolute sovereignty is neither realistic nor desirable. Ensuring no single provider or jurisdiction can dictate outcomes in times of stress is feasible.

This model allows global hyperscalers to compete, but on Europe’s operational terms: genuine autonomy, not geographic theater. The EU’s new framework – enabling local and hyper-scaler partnerships alongside robust digital-identity initiatives, cybersecurity controls and cross-member-state interoperability – embodies this balance.

The second pillar challenges the assumption that sovereignty slows innovation. The evidence is clear: constraint is driving breakthroughs – including the hyperscalers’ own multi-billion dollar investments in new sovereign capabilities.

Across the Global South, nations investing in sovereign capability are simultaneously building the next generation of AI and technology infrastructure. In Saudi Arabia, operational control is a core pillar of its new economic vision. The African Union’s Digital Transformation Strategy links data control directly to economic growth, with South Africa’s Sovereign Cloud initiative attracting both regional capital and hyperscaler partnerships under sovereign data frameworks.

The real breakthrough of the EU is via procurement mechanisms. Historically, technology purchasing and capability policy moved in parallel rather than alignment. Organizations purchased on cost while policy-makers drafted frameworks with limited enforcement. The new model bridges this divide by embedding sovereignty criteria directly into procurement scoring.

Vendors must now demonstrate operational-control mechanisms, not just data-residency claims. This aligns policy intent with actual purchasing power. It transforms the concept of sovereignty from aspiration into tangible and enforceable requirements.

These are the early stages of a necessary global dialogue on next generation digital infrastructure in a fracturing world. Three immediate actions are now required.

Crypto, AI and sovereign debt may be the bubbles capturing headlines, but they all sit on top of a deeper structural risk: global dependency on a hyper-concentrated cloud and compute infrastructure. This is a fourth bubble – quiet, technical and largely unpriced. The ultimate shape of this new infrastructure is still being contested. Whether it will be dominated by compliant hyperscalers, a federation of local champions or a hybrid of both remains to be seen.

However, Europe’s Cloud gamble is not a retreat from globalization, but a blueprint for deflating that bubble. The world does not need less cloud or less AI. It needs more resilient foundations. The question now isn’t whether digital sovereignty matters, it is whether other regional blocs will adopt a similar approach before another crisis exposes their dependencies. The frameworks exists; what remains is the will to act before a fourth bubble bursts.