From Common Worries to Digital Commons
How Europe Can Stop Renting Clouds and Build Its Own
- Europe's dependence on a small number of foreign cloud providers creates a geopolitical vulnerability.
- American cloud providers are developing "sovereign clouds" offerings, which fail to address core concerns in Europe on data confidentiality and service continuity.
- There are three viable sovereignty pathways with varying degrees of control, combining different ownership and open-source principles.
- Some European organisations are already implementing their own sovereignty-oriented models. A broader transition can be enabled through a strategic shift in policy, procurement rules and culture.
Europe’s dependence on a handful of foreign cloud and software providers constitutes a geopolitical vulnerability, particularly for data confidentiality and service continuity. In response, American hyperscalers are promoting “sovereign cloud” offerings. This report argues that these products do not resolve Europe’s structural dependency. Instead, they adapt existing business models to European political sensitivities while leaving fundamental risks intact — amounting to digital sovereignty washing.
Europe’s response should centre on strengthening its own technological ecosystem, prioritising open-source and locally governed infrastructure. This would enhance jurisdictional control, transparency and interoperability, while reducing vulnerability to potential US government coercion.
The report identifies three alternative models with varying degrees of sovereignty (illustrated in the figure below):
- maximum sovereignty through open-source, on-premise solutions;
- “sovereignty with an exit option” via European providers offering managed open-source services or under partial government control; and
- “sovereignty for now” through European closed-source providers that reduce but do not eliminate dependency.
After outlining six institutional, economic and cultural barriers to open-source adoption, the authors call for two strategic shifts: treating digital infrastructure as a strategic asset rather than a commodity, and recognising open source as public infrastructure and a policy tool for sovereignty.
Several European organisations — including Dutch ATKM, UNL/SURF and several municipalities — that are pioneering practical models of sovereign digital infrastructure. Sustaining this momentum will require political ambition, procurement reform, stronger cross-border coordination and sustained investment in European digital commons.
