Europe's Technology Sovereignty Package: What Do the Cloud & AI Development Act and Chips Act II Mean for UK Tech?

Today, 3 June 2026, the European Commission unveiled its European Technological Sovereignty Package, a broad set of initiatives designed to strengthen Europe's position across semiconductors, artificial intelligence, cloud computing, open source technologies and digital infrastructure.

At the heart of the package are two major legislative proposals: the Cloud and AI Development Act and a revised European Chips Act. Alongside these sit a new Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy.

For much of the past decade, European digital policy has been associated primarily with regulation. The GDPR, Digital Markets Act, Digital Services Act, Data Act and AI Act all focused on establishing rules for digital markets and technologies.

This latest package signals a shift. The Commission is increasingly focused on building technological capacity. The objective is to support European capabilities across semiconductors, cloud infrastructure, artificial intelligence and digital services.

From Regulation to Industrial Strategy

The common thread running through the package is concern about Europe's position in critical technologies.

European policymakers increasingly view advanced semiconductors, cloud infrastructure, computing capacity and AI capabilities as strategic assets with implications for competitiveness, resilience, economic security and technological sovereignty.

The Commission is therefore seeking to address a series of perceived vulnerabilities:

The response is a package that combines industrial policy, infrastructure investment, procurement reform, innovation funding and digital sovereignty measures.

The political context is equally important. Recent geopolitical tensions have reinforced concerns within Europe about dependencies on foreign technologies and providers. Increasingly, policymakers are asking not only whether technologies are secure, but whether critical digital services would remain available during periods of geopolitical tension, diplomatic disputes or wider international instability.

As a result, technology policy is becoming increasingly intertwined with economic security policy. What distinguishes this package from earlier initiatives is its focus on building ecosystems rather than regulating individual technologies. The Commission increasingly views semiconductors, cloud infrastructure, AI, open source software, digital networks and energy systems as interconnected components of Europe's future competitiveness and resilience.

The Cloud and AI Development Act: Building Europe's Digital Infrastructure

The Commission's starting point is that Europe faces two related challenges: a shortage of cloud and data center capacity needed to support AI development and deployment, and a continued reliance on a small number of largely non-European cloud providers.

The Commission has set itself an ambitious objective of tripling Europe's data center capacity over the next five to seven years while simultaneously supporting wider AI deployment across the economy.

For companies involved in cloud infrastructure, semiconductors, data centers, AI computing, energy systems and digital infrastructure, the proposal could create significant new opportunities over the coming decade.

Perhaps most importantly, the proposal recognises that AI competitiveness depends not only on algorithms and talent, but also on access to large-scale computing resources. As governments around the world race to secure AI leadership, compute capacity is increasingly being viewed as a strategic asset in its own right.

Sovereignty Moves to the Centre of the Debate

The most politically significant element of the Cloud and AI Development Act is the introduction of a new EU cloud sovereignty framework.

The Commission proposes four levels of "Union assurance" designed to assess cloud services against a range of sovereignty-related criteria. These assessments would go beyond traditional cybersecurity requirements and consider broader issues relating to operational autonomy, control, resilience and exposure to third-country jurisdictions.

Member States would be required to conduct sovereignty risk assessments and determine which categories of public sector activity require higher levels of protection.

Public authorities procuring cloud services would need to procure services meeting at least a baseline level of assurance, while more sensitive activities could require higher levels.

Rather than focusing solely on data protection or cybersecurity, the Commission is seeking to address broader concerns around strategic dependence, operational continuity and resilience. The debate is no longer solely about where data is stored, but whether critical digital services could continue operating if access to key technologies or providers were disrupted.

For businesses, the practical implications will depend heavily on how the sovereignty levels are ultimately defined, how they interact with existing cybersecurity certification frameworks, and how widely Member States choose to apply them.

At the same time, it is important not to overstate the immediate impact. The Commission has indicated that only a relatively small proportion of public sector workloads may ultimately require the strictest sovereignty requirements. The practical consequences for market access will therefore depend significantly on implementation and how Member States conduct their sovereignty risk assessments.

Chips Act II: Creating Demand, Not Just Supply

Alongside the Cloud and AI Development Act, the Commission also announced measures that will form part of a revised European Chips Act.

The original 2023 Chips Act was largely designed in response to pandemic-era semiconductor shortages and focused heavily on manufacturing capacity and supply chain resilience.

European policymakers increasingly recognise that manufacturing capacity alone is not sufficient. If Europe wishes to attract investment in advanced semiconductor production, it must also create demand for those chips within Europe.

The revised approach therefore places greater emphasis on stimulating demand through AI deployment, cloud infrastructure, advanced manufacturing, telecommunications, automotive technologies and defence applications.

The Commission has also proposed a new category of cross-border strategic projects designed to accelerate advanced chip design and manufacturing through coordinated public and private investment, streamlined permitting and targeted support. Projects relating to advanced semiconductor manufacturing would receive the highest strategic priority.

Significantly, the Commission is also exploring how Europe can develop capabilities in advanced chips used for AI applications. Europe currently lacks the capability to manufacture the most advanced AI chips domestically and remains heavily dependent on international suppliers and manufacturing hubs.

The revised Chips Act therefore reflects a growing recognition that semiconductors, cloud infrastructure and AI are not separate policy challenges but interconnected components of a single technological ecosystem.

For businesses operating across these sectors, the implications could be substantial. The Commission is attempting to create a self-reinforcing ecosystem in which semiconductor demand, cloud infrastructure, AI deployment and industrial adoption support one another.

Beyond Chips and Cloud

While the legislative spotlight will naturally fall on the Cloud and AI Development Act and Chips Act II, the broader package also includes a new Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy.

The Open Source Strategy aims to increase the development and adoption of European open-source solutions in areas such as cloud, AI, cybersecurity and semiconductors. Meanwhile, the energy roadmap seeks to ensure that Europe's growing digital infrastructure can be deployed sustainably and integrated efficiently into the energy system, while also accelerating the use of digital and AI technologies across the energy sector itself.

What Could This Mean for UK Businesses?

For cloud providers and companies competing directly in cloud infrastructure markets, the proposals could introduce new compliance requirements and potentially reshape public sector procurement opportunities.

For semiconductor companies, infrastructure providers and businesses involved in advanced manufacturing, the package could create new opportunities through strategic projects, increased investment and growing European demand.

For AI developers and software companies, the impact may be less direct but could still influence infrastructure choices, procurement decisions and market opportunities.

For many UK firms, one of the most important questions will be how the proposed sovereignty framework treats providers established outside the European Union.

The Cloud and AI Development Act includes provisions allowing third countries to be recognised as providing sufficient assurances for certain sovereignty requirements. While the details remain to be negotiated, this could become one of the most important aspects of the legislation for UK technology companies operating in Europe.

The UK government should therefore work closely with EU institutions and Member States throughout the legislative process to ensure it is recognised as a trusted partner under any future third-country recognition mechanism. Given the depth of UK-EU digital trade, the existing adequacy decision, close security cooperation and shared regulatory objectives across many areas of digital policy, securing such recognition should be a strategic priority for both government and industry.

Failure to do so could risk creating new barriers for UK-based cloud and technology providers seeking to participate in European public sector and other sovereignty-sensitive markets. Conversely, successful recognition could help preserve market access while supporting the broader objective of building a more resilient and trusted European digital ecosystem.

More broadly, these initiatives signal that future European technology policy is likely to place increasing emphasis on technological capability, supply chain resilience and strategic autonomy. Businesses operating in Europe may therefore find that investment decisions, procurement requirements and market opportunities are increasingly influenced by industrial policy considerations alongside traditional regulatory requirements.

What Happens Next?

The publication of the Commission proposals marks the beginning of the legislative process.

Both the Cloud and AI Development Act and the revised Chips Act will now be examined by the Council of the European Union and the European Parliament.

Within the Council, Member States will begin technical and political discussions on the proposals, with differing national perspectives likely to emerge on issues such as cloud sovereignty, industrial policy, public procurement and market openness.

In the European Parliament, committees will be assigned responsibility for the files, rapporteurs and shadow rapporteurs appointed, and amendments tabled.

Once both institutions have agreed their respective positions, negotiations between the Commission, Parliament and Council - known as trilogues - will begin. Given the strategic importance of these files, significant changes to the Commission's original proposals are likely during the legislative process.

Alongside the legislative process, the Commission has already indicated that it intends to move quickly on implementation. A call for AI Gigafactories is expected this summer, while discussions are also underway on new financing mechanisms to support Europe's technology sovereignty ambitions.

As a result, while the proposals set out the Commission's vision, the final shape of Europe's emerging technology industrial strategy remains far from settled.

techUK's View

The publication of the European Technological Sovereignty Package marks an important moment in the evolution of European technology policy.

The UK technology sector shares many of the objectives underpinning these initiatives, including strengthening resilience, expanding computing capacity, accelerating AI adoption, improving supply chain security and supporting innovation.

At the same time, it will be important that the final frameworks remain open, proportionate and internationally interoperable. Measures designed to strengthen Europe's resilience should avoid creating unnecessary barriers for trusted international partners and should preserve the benefits of open and competitive technology markets.

The key question is no longer whether Europe will pursue an industrial strategy for critical technologies, but how that strategy will be implemented and how open it will remain to trusted international partners.

As the legislative process progresses, techUK will continue engaging with policymakers and stakeholders on both sides of the Channel to ensure that measures designed to strengthen Europe's digital future support innovation, competition and collaboration while avoiding unintended barriers to trade and investment.

techUK International Policy and Trade Programme activities

techUK supports members with their international trade plans and aspirations. We help members to understand market opportunities, tackle market access barriers, and build partnerships in their target market. Visit the programme page here.