Sovereignty
The layer Europe’s sovereignty push forgot
The 3 June package targets chips, cloud, and AI. It says almost nothing about the systems that interpret Europe’s own regulation.
New to the topic? Start with What sovereign compliance actually means.

Photo: Taylor Vick / Unsplash
On 3 June 2026 the European Commission said out loud what its own analysts had been documenting for years: Europe depends on providers outside the Union for more than 80% of its key digital technology, and that dependence is a strategic vulnerability. The Technology Sovereignty Package that followed goes after the foundations, chips, cloud capacity, and artificial intelligence, and it is a serious, overdue piece of industrial policy.
A stack secured from the bottom up
The package’s logic is sound as far as it goes. Sovereignty at the base of the stack matters, because a continent that cannot make its own chips or run its own clouds has little leverage over anything built on them. Frankfurt data centres, European model builders, and domestic silicon all belong in a credible sovereignty strategy.
The tier left off the diagram
There is one tier the package barely mentions, and it happens to sit on top of all the others: compliance. The software that reads a regulation, determines what it requires, and produces the evidence that an institution complies. A bank can run on sovereign chips, in a sovereign cloud, using a sovereign model, and still route the interpretation of its regulatory duties through American software. The foundations would be European while the reasoning remained foreign.
- Definition
- Why this layer is different
- Chips and cloud are inputs. The compliance layer is where a European institution decides what European law requires of it. Leaving that layer dependent on foreign systems undoes some of the sovereignty the lower layers were meant to secure.
Finishing the sentence the package started
The package makes an argument it does not quite complete. If dependence on foreign technology is a strategic risk at the level of chips and clouds, it is at least as serious at the level of legal interpretation, where the output is not a service but a judgment about the law. Sovereignty is not only a question of where the servers sit. It is a question of who gets to interpret the rules, and that question deserves a place in the next version of Europe’s plan.