On 2 June 2026, the European Commission revealed its Tech Sovereignty Package – a set of legislative initiatives explicitly designed to reduce Europe’s dependence on US and Asian technology companies. Commission President Ursula von der Leyen framed the rationale plainly, saying the EU “cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable and our services secure.”
The package has four components: Chips Act 2.0, which refreshes the 2023 semiconductor legislation and creates an excellence label for European chip manufacturing regions; the Cloud and AI Development Act (CADA), which aims to triple EU data centre capacity within five to seven years and establishes a sovereignty framework for cloud and AI in public sector workloads; a new Open Source Strategy scaling up European alternatives in AI and cybersecurity; and a Strategic Roadmap for Digitalisation and AI in Energy, which promotes AI “trained on European data and developed by European companies.”
For UK founders selling into European markets, timing is key. The package is moving through the Commission while the UK-EU relationship is still settling post-Brexit, and the regulatory distance between the two is growing rather than shrinking.
What The Package Actually Does
At the heart of the initiative is CADA. It highlights the EU’s struggle to compete in the cloud, holding less than 13% of the global market while US giants – AWS, Microsoft Azure and Google Cloud – secure the vast majority. CADA sets out to address that directly, with a binding target of 50% sovereign cloud adoption across EU public sector workloads by 2030. It also creates a formal sovereignty assessment framework, meaning EU governments will need to evaluate cloud and AI providers against defined sovereignty criteria before procurement.
Chips Act 2.0 builds on the original legislation’s goal of reaching 20% of global semiconductor production by 2030, adding an excellence label for European chip regions and measures to bring manufacturing physically closer to major customers including data centres and cloud providers. The Open Source Strategy is the least prescriptive of the four components but signals EU intent to invest in home-grown AI and cybersecurity tooling as a deliberate alternative to US-built incumbents.
The full package requires endorsement from all 27 member states and European Parliament approval before any of it becomes binding. Implementation timelines remain unclear, and the package will face lobbying from US technology companies with significant European operations. However, the trajectory is clear: the EU is building a framework that systematically preferences European providers for public sector technology contracts.
More from Business
- Citations Over Rankings – What SEO Specialists Say Actually Works In 2026
- Here’s How Meta Just Turned WhatsApp Into A 24/7 AI Sales Agent
- AI Is Running Your Paid Media Now – Here’s What The Experts Actually Think About That
- Exploring Why More Tech Teams Are Moving Back Into Shared Physical Spaces
- Why Is Your Website Ranking But Nobody Is Clicking?
- Banks Know Their AI Puts Vulnerable Customers At Risk – So Why Are Firms Still Rushing To Use It?
- Have “Purpose-Driven” Business Ideas Become Harder To Fund?
- Are The Increasing Cyber Attacks Creating A Sense Of Apathy Among Businesses?
The Brexit Complication
Since Brexit took the UK out of the Single Market, British companies don’t automatically count as ‘European’ under the EU’s sovereignty rules – that has two practical consequences. First, UK founders using US cloud infrastructure – AWS, Azure, GCP – for EU customers, particularly public sector ones, may face compliance hurdles as the sovereignty requirements come into force. Second, as EU procurement actively preferences sovereign-certified European providers, UK businesses competing for those contracts will face a disadvantage they didn’t have before.
UK founders selling into Europe already carry a dual regulatory burden: EU AI Act compliance on one side, the UK’s own pro-innovation framework on the other. The Tech Sovereignty Package adds a third layer – sovereignty certification for cloud and AI – that UK businesses will need to manage from outside the bloc. The UK government has indicated it’s engaging with the European Commission to assess CADA’s impact ahead of the upcoming UK-EU Summit, but no formal position has been announced.
Is The UK Aligned, Diverging Or At Risk Of Being Left Behind
The UK and EU are taking distinctly different approaches to AI and digital infrastructure, and the divide is growing.
The UK’s strategy is pro-innovation and market-led: light-touch regulation, sector-based oversight and an ambition to become a global AI leader through private investment rather than state-driven industrial policy. The EU approach is the opposite – comprehensive risk-based regulation combined with a state-backed infrastructure buildout designed to create European alternatives to US technology.
According to analysis by Forrester, UK firms are expected to accelerate past EU counterparts in production AI deployment, partly because lower regulation and no language gap make adoption faster. France is already replacing Zoom and Teams with domestically developed alternatives. If EU member states move toward sovereign cloud and open-source AI at scale, UK businesses selling those markets will need European partnerships or European infrastructure to remain competitive for public sector contracts.
For UK startups and scaleups with European ambitions, the practical checklist is short: audit which cloud infrastructure you’re using for EU customers, monitor EU procurement rules as CADA moves through the legislative process, and consider whether a partnership with an EU-based provider makes sense ahead of the sovereignty mandates coming into force.
The package still has a long road through Brussels before it becomes binding – but the direction has been set and the time to prepare is before the requirements land.
