Europe wants "sovereign cloud" - but can it really protect data from US?

Published: 22 January 2026
Last updated: 23 January 2026
European Union stars on an actual cloud with speech marks.
Image by Cybernews

The sovereign cloud is Europe’s answer to digital independence, protecting data, AI, and critical systems from foreign control, regulatory conflicts, and geopolitical risks.

As a whole, a sovereign cloud is far from being about a single platform or provider. Rather, it’s a model of control over technology, data, and systems.

Traditional storage clouds are when your data is stored by a global company (like Amazon, Google, or Microsoft). While it is secure, the "storage unit" might be located in another country, and that country's government might have laws that allow it to peek inside.

ADVERTISEMENT

Whereas with a sovereign cloud, it’s like having your own safe. The data stays inside your country's borders, is managed by people from your country, and is protected strictly by your country's laws. No foreign government can legally demand to see it.

Taking back control

And as geopolitical tensions have been ratcheting up in all kinds of ways lately, there is a strong onus on us, the digital users, to take ownership (particularly in Europe) of how we use tech and how our data is stored.

For over a quarter of a century, as we have placed blind faith in Google, Microsoft, et al, Europe is now staking its claim on digital sovereignty.

Cybernews spoke to Milos Rusic, co-founder of deepset, creators of the open-source AI framework Haystack, to shed some light on what this concept means and the implications it has over rising tensions between the US and Europe.

Despite our dependence on the digital monopolies, which they’ll be determined to keep, there is a major advantage of empowerment that can be gained by changing vendors, crucially without a chasm in the works.

Sovereign cloud means an organization can operate its own technology under local laws, with the ability to change vendors, technologies, or system components without disrupting operations or critical services...

...shared Rusic.

Geopolitical shocks could include sanctions, trade restrictions, export controls on AI technology, or demands by foreign governments for access to European data. Sovereign cloud safeguards against these risks by ensuring that critical services remain under local control.

ADVERTISEMENT

As Rusic explains, “It is about risk management and control that protects against legal surprises, forced data access, and loss of operational control when regulations or geopolitics change.”

The EU flag placed on a screen full of code.
Nurphoto via Getty Images

Risk is layered

Many people assume that sovereign cloud automatically makes systems secure, but this is a misconception. Simply storing data locally does not guarantee protection. Most discussions focus on infrastructure like servers and data centers, but vulnerabilities often reside in applications, APIs, and other software layers.

There isn’t a single “sovereign cloud” product on the market – it’s a way of building cloud environments that keep data and control within Europe, in line with European laws. Big players like Amazon (AWS European Sovereign Cloud), Microsoft, Google, Oracle, and local European providers such as SAP, OVHcloud, T-Systems, Clever Cloud, and Scaleway all now offer variants of sovereign cloud services that meet different compliance and operational needs.

Sovereign cloud is designed and implemented by governments, public institutions, enterprises, and regulated sectors, not by individual users. It’s about how national infrastructure, public services, healthcare systems, defense networks, financial institutions, and large platforms store and control data.

A key thing sovereign cloud does not protect against is cyberattacks, insider threats, or system failures – it shifts risk but does not remove it.

Rusic clarifies: “Sovereign cloud doesn’t automatically make systems secure. Most discussions stop at infrastructure, but sovereignty has to extend to the application layer. Real security and resilience come from modular, well-governed applications, often built with open-source components.

London buildings old and new.
Mike Kemp via Getty Images

Architecture over branding

ADVERTISEMENT

Europe is seeking digital independence and strategic autonomy amid the ongoing US and Chinese conquest of global tech dominance. However, a simple “Make America Go Away” slogan won’t cut the mustard, especially if Europe is able to embrace the old adage that Rome wasn’t built in a day.

Sovereignty isn’t something you sign for, it’s something you build. Without vendor-neutral architecture and operational control, sovereign cloud remains a legal promise, not a system capability...

...outlined Rusic.

In a real crisis, such as trade sanctions or AI restrictions, a sovereign cloud can make a decisive difference, but only if operational control is retained. In the face of US-EU regulatory conflicts and changing user preferences, a malleable architecture would enable organizations to shift more efficiently with the times.

But how significant this buzzword becomes depends on how it's leveraged. As Rusic puts it, “It can make a decisive difference, but only if organizations retain operational control,” because “the real test is whether the architecture supports fast adaptation to different risk scenarios.”

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
DuckDuckGo AI hallucinates Trump's death after AI data poisoning campaign
Peppa Pig AI contract sparks fears over child actors signing away their voices
Microsoft increases Xbox prices again: “Never thought I'd see the day video games become an investment”
UK hospital reports itself after 40 staff accessed crocodile attack victim’s records
Microsoft extends Windows 10 update program as users refuse to upgrade
Australia tightens teen social media ban amid Reddit reports of easy bypassing
ADVERTISEMENT