European Commission Tables Cloud and AI Development Act, Ring-Fencing Defence Procurement
Brussels, 3 June 2026
Key points
- The European Commission presented the Cloud and AI Development Act on 3 June as the centrepiece of its European Technological Sovereignty Package, alongside a revised European Chips Act easing direct EU investment in cross-border semiconductor projects
- The act defines four cloud/AI sovereignty assurance levels for public-sector procurement — from EU-located infrastructure (level 1) through demonstrated third-country independence (level 2) and EU ownership, control and personnel criteria (level 3) to full supply-chain transparency and control with no third-country interference (level 4)
- The most critical tier — including defence, roughly 1% of the public-procurement market per the Financial Times — would effectively require EU-made hardware and software, excluding non-European firms; vendors elsewhere are scored on the 'EU value' they add
- The Commission pairs the framework with a target of at least tripling EU data-centre capacity within five to seven years
The European Commission presented its Cloud and AI Development Act on 3 June — a four-level sovereignty framework for public-sector cloud and AI procurement whose most critical tier, covering defence, would effectively be reserved for suppliers with EU-made and EU-controlled hardware and software, presented within a Technological Sovereignty Package that also revises the Chips Act.
The framework obliges governments to run sovereignty risk assessments of their cloud and AI providers against four assurance levels. Level 1 requires data processed and stored on EU-located infrastructure; level 2 adds demonstrated independence from third countries and software supply-chain transparency; level 3 requires EU ownership and control plus criteria such as personnel citizenship, with Commission discretion to recognise third-country providers; level 4 — the tier into which defence falls — requires full transparency and control over the software supply chain and no third-country interference. Non-EU vendors are scored on the 'EU value' they contribute to innovation and supply-chain resilience.
The defence tier is small by procurement value — about 1% of the public market, per the Financial Times — and that calibration is the act's political design: Brussels ring-fences the most sensitive workloads while avoiding the broad 'Buy European' mandate that would invite confrontation with Washington and the US hyperscalers. The accompanying Chips Act revision eases direct EU investment in cross-border projects, and the Commission targets at least a tripling of EU data-centre capacity within five to seven years.
The structural read. The act is the regulatory counterpart to decisions European defence institutions have already been taking case by case — the Bundeswehr's rejection of Palantir for its military cloud-AI project in favour of European alternatives anticipated level-4 logic before the framework existed. The proposal now enters the Parliament–Council legislature, where the hyperscaler lobby will work the level definitions; what survives in the level-3 recognition clause for third-country providers is the variable to watch. Tabled the same day as the wider sovereignty package, tracked in Signal No. 74.
Related · European sovereign military cloud and AI
Bundeswehr will not use Palantir for military cloud and AI project; European alternatives examined (28 April 2026)
Sources: European Commission, Financial Times.
First reported in Signal No. 74, 3 June 2026.