Europe Unveils New Cloud and Chip Strategy to Reduce Dependence on Foreign Technology Providers

The European Commission has unveiled a pair of sweeping initiatives designed to strengthen Europe's digital independence, targeting two of the most strategically important technology sectors powering artificial intelligence and modern economies: cloud infrastructure and semiconductors.

Announced today, the proposed Cloud and AI Development Act (CADA) and Chips Act 2.0 represent the latest phase of the European Union's effort to reduce reliance on foreign technology providers while accelerating domestic innovation in cloud computing, artificial intelligence, and semiconductor manufacturing.

The Cloud and AI Development Act aims to address concerns surrounding Europe's dependence on cloud services operated by companies headquartered outside the EU. The proposal focuses on strengthening digital resilience, improving interoperability, and reducing the risks associated with vendor lock-in as organizations increasingly rely on cloud platforms to support AI workloads and critical business operations.

Alongside CADA, the European Commission introduced Chips Act 2.0, a follow-on initiative intended to expand Europe's semiconductor ecosystem through additional funding, investment incentives, demand-generation programs, and streamlined regulatory approvals.

The proposal seeks to increase semiconductor design and manufacturing capacity across Europe while supporting the growing infrastructure demands created by artificial intelligence technologies.

The twin initiatives arrive amid growing geopolitical competition over access to advanced computing resources, AI infrastructure, and semiconductor supply chains. Governments around the world have increasingly viewed cloud services and chip production as strategic national assets, particularly as AI adoption accelerates across both public and private sectors.

Cybersecurity experts say the success of Europe's sovereignty agenda will depend on how policymakers balance resilience objectives with the need for continued collaboration across global technology ecosystems.

"Europe's push for technological sovereignty is both necessary and timely, but it will only improve security if it remains risk-based, proportionate and open to trusted partners," said Mike Maddison, CEO of NCC Group.

Maddison emphasized that security outcomes should be measured by operational control and resilience rather than geography alone.

"The real test isn't where a provider is based, but whether organizations retain control, continuity and assurance over the systems they rely on. Done right, this agenda can strengthen resilience; done poorly, it risks creating new barriers that limit access to the trusted expertise Europe depends on."

NCC Group also cautioned that policymakers should ensure sovereignty requirements do not become overly restrictive as the legislative process moves forward. The company noted that commitments to openness and cross-border collaboration will be essential to maintaining innovation while strengthening digital resilience.

According to NCC Group, the package appropriately highlights key cybersecurity priorities including supply chain security, operational resilience, interoperability, and reducing dependence on single providers. However, the firm warned that excessive restrictions within cloud and AI regulations could inadvertently reduce competition and slow technological advancement.

The debate surrounding Europe's latest technology strategy reflects a broader challenge facing governments worldwide. As nations seek greater control over critical digital infrastructure, policymakers must navigate the tension between technological self-sufficiency and the benefits of globally interconnected technology ecosystems.

For cybersecurity leaders, the proposals underscore a growing shift in how governments view digital infrastructure risk. Cloud platforms, AI systems, and semiconductor supply chains are no longer seen solely as commercial technologies. They are increasingly regarded as strategic assets that influence economic competitiveness, national resilience, and long-term security.

As lawmakers begin evaluating the proposals, the outcome could shape Europe's cloud computing, artificial intelligence, and semiconductor landscape for years to come, while potentially influencing similar sovereignty-focused technology policies emerging in other regions around the world.