First is "data sovereignty", which is what the current (data) migrations are all about. As long as the data remains in place where it cannot be suddenly locked away by the US government, people don't care if the CPU was purchased from the US, as the government cannot suddenly disable those (as far as we know at least).
Second is "hardware sovereignty", which is what this article talks about, about the geographical locations where the hardware is designed and built. This is obviously much harder, but also less important at this very moment. That's why you're not seeing people suddenly rushing to fund EU fabs for silicon, there are more important things to focus on right now, with real implications.
The article kind of does everyone a disservice by mixing the two and not clearly separating which ones it's actually talking about. But to be fair, if they did that, then they've wouldn't have been able to publish this whole "Look how they aren't actually sovereign after all" article if they did so, here we are...
If your threat model is clandestine government actors then I think it would be a rather odd decision to host on ANY cloud !
The main risk for most people is being subject to US CLOUD Act, US PATRIOT Act etc. etc. Which, despite what the sales-droids will tell you, still applies in the fake-EU clouds operated by the US providers.
If you are serious about EU data sovereignty then you absolutely want an EU OpCo that has nothing whatsoever to do with any US company. If OpCo has ties to a US company or IS a US company such as AWS or Microsoft, then you've lost the EU jurisdiction.
It's impossible to fully eliminate any exposure to US sanctions. If the EU wants to fully shield itself, it should aggressively counter-sanction American entities. If the US government knows that every time it sanctions some EU entity, an American entity will get sanctioned just as hard, it will think twice.
For some reason, the EU has been unwilling to go down this obvious path.
Well, the EU in general tends to favour the "lets sit down in a room and talk like grown-ups" approach to finding solutions to problems.
Wielding sanctions as a first/second choice option is a very US thing, even more so with the present administration.
In theory the EU does have a lot of options available to it beyond sanctions, such as making life difficult getting Schengen visas for all those US citizens you constantly read about on the CNN website who are flocking to Europe .... but that sort of action would be very un-European[1][2]
[1] https://edition.cnn.com/travel/us-family-relocated-miami-ita... [2] https://edition.cnn.com/travel/central-eastern-europe-americ...
Trashing your own tourism sector is a very European defense mechanism.
The truth is there is one and only one way Europe can try reclaiming sovereignty, and it’s the one that’s most painful—rebuilding its own military.
Please re-read my post .... in particular the first two words "IN THEORY".
As far as I am aware, the option I mentioned has never, ever been mooted as a possibility. It was something I invented as a random example of a non-sanction possibility.
> rebuilding its own military
Aah yes, because a strong military has been so awesome for the US in the US–Iran war where IIRC the Iranians managed to destroy lots of very expensive US military radars and other assets in the region despite your president having claimed to have "destroyed 100% of Iran's military capability".
But let's not get in to politics....
If the US imposed sanctions that blocked access to cloud services a lot of the government and the private sector would just shut down.
Take what happened to the French ICC judge and imagine that happening across a whole country and far more pervasively (because a lot of people he deals with will not follow US sanctions, but would have their own services cut off if his country was sanctioned): https://www.euronews.com/my-europe/2026/02/18/us-sanctions-t...
TBH, all of these entities are likely actively penetrated by US, Israeli and Russian human assets. You don’t need esoteric knowledge of CPU flaws or whatever if the dude holding the keys works for you.
Wait, European you said? Never mind. Only politicians and the very rich deserve money is the law here.
The owners of European clouds are people who were very, very wealthy before they ever started doing cloud (Xavier Niel, the Klaba Family in France, Hetzner (is also a German family name), Deutsche Telecom/Swisscom/A1 Telecom) and none of them have a reputation of decently paying anyone, whether we're talking software developers, system administrators, SREs, security guards, managers, ... and, of those, only Xavier Niel was not swimming in money when he was born (he was still very comfortable at a time when that was not at all common)
As are most politicians. For example, Ursula von der Leyen is a member of a wealthy German family that was part of the aristocracy in Germany. Her family's money survived WW2 in Germany (everyone in Germany and North West Europe knows what that means, and it's nothing good). Her ancestors belonged to the nobility of the Free Imperial city of Bremen, allied to the Holy Roman Empire. Nobody in her family has ever lacked for money for 20 generations.
But they are two different things.
You can’t solve all problems at once.
It’s reasonable to start by solving the problems which provide rrhe best improvement for the lowest effort and risk.
Prioritizing data sovereignty as the OP has done well naming it, seems like a good trade off to me.
AFAIK, there is absolutely zero evidence either Intel or AMD CPUs are compromised, even less so that they're somehow remotely accessible by the US government...
The concerns are similar to US supplied fighters having the kill switch or remotely damaging centrifuges in Iran using software virus.
No one knows whether CPUs are compromised similar to no one knew beepers with explosives in Lebanon were compromised by Israel, allegedly during manufacturing. CPUs don't need to be accessed remotely, any compromised person locally will be enough.
These are fascinating cases to show how far state actors will go and how long the compromise can stay dormant.
Right, but what we do know, is that any US company (or any EU subsidiary with US owner, like "AWS European Sovereign Cloud") can and will be used to hold our data hostage when needed by the US government, as proven by recent actions.
So, based on what we know and what we don't know, "data sovereignty" remains a priority, and until proven, "hardware sovereignty" remains less important, for now.
I doubt that they actually do, just cutting off software support substantially cripples the F-35 in multiple ways and without spares they aren't going to fly very long (on the timescales of fighter programs).
The risk isn't worth the payoff because if anyone found that killswitch, US arms sales would crater.
All that said I don't think my country should be buying US systems if European equivalents or near equivalents exist anyway for geopolitical reasons.
> Europe is pouring more than €2 billion into sovereign cloud initiatives designed to reduce exposure to US legal reach.
this is just sad. the US clouds did not happen because US poured billions into them. they happened because the financial/whatever situation was such that these businesses could happen.
now the EU, instead of making it easy for companies to innovate, spends billion on trying to catch up to the US. not even catching up. getting to where the US clouds are today.
the "skating to where the puck is going to be, not where it's been" quote comes to mind.
This cloud provider is a for profit company, not a research institute, so they can see short term commercial value if they do it
This is a sensationalist headline (CBA to RTFA). It isn't a case of all or nothing, it is about becoming less dependent. A country like China follows the same industry, and besides, in a globalist economy like ours we are dependant on each other. So, for example, a lot of hardware components come from China, and assembly happens there as well. That counts for EU (DE, FR, ...), US, CA, RU, UA, CN, IN, etc. But as the talk on 39c3 has shown [1]: we can DIY.
[1] https://media.ccc.de/v/39c3-in-house-electronics-manufacturi...
China already produces government and business computers with their homemade LoongArch architecture. The run on homemade Linux as well. Their point was not only to not be worried as much about backdoors and sanctions, but also to get a platform that their own universities and engineers can maintain and develop
This brand used to coproduce with the French, open source and Java apps work, it's under US sanctions for supplying the chinese government and military, export was restricted so that none land in Russia.
It took decades to make, commercial value is uncertain, but they did master the entire computing stack now
https://catalonia.com/w/barcelona-supercomputing-center-laun...
https://www.bsc.es/join-us/excellence-career-opportunities/d...
I think there is a partition in our supercomputing facility for these new types of technologies, but since my work is running climate models, I only hear news from other teams like our AI factory, the quantum computer, or people involved with these new chips and some emulators (that I think work together).
1) An ISA licensor, with no capability to create its own CPUs
and
2) Owned by Softbank in Japan, not European
I'd also argue that while Softbank has capital ownership of the company, the leadership structure and how that capital is allocated is still done within the UK with standard board oversight. I know a few of the leadership team personally, and they have a wide remit, almost more so than a public company might do.
You could start running things on ARM, but, almost certainly, that comes with a lot of extra friction. (Not saying that isn't a bad idea, it'd probably improve the ecosystem as a whole and flush out architecture-specific assumptions in server software. But it's not someting trivial to do.)
If the processor is mostly idle or running minimally optimized software, which is most software, then ARM offers better performance per watt. If the processor is running highly optimized code at max throughput all the time then x86 offers better performance per watt.
This is an intrinsic tradeoff. To make low-utilization workloads more power efficient you have to make high-utilization workloads less power efficient and vice versa. ARM and x86 differentiate themselves by taking opposite ends of that tradeoff spectrum.
It depends on the code.
x86/64 is looking more and more like the next Alpha or MIPS in many ways.
Sovereign clouds are an incredibly meaningful first step. Full independence takes decades. China still uses plenty of AMD and Intel chips, does it mean the amount of independence they've achieved is meaningless? That their stacks are just as dependent on the US as those of the EU?
Of course not and even a child could know that. You start with the very end of the chain and hopefully very gradually work your way upwards. Sovereignty is a float, not a bool. If it's a bool its valye is False for all of China, the US and Italy, where in reality each has very different degrees of tech sovereignty. So you do things in order of efficiency, i.e. compare effort needed and how much it moves the sovereignty needle and pick what has the best ratio at this time. Designing and producing your own processors is far down this list.
No, that's just taking a quick win and kicking the can down the road.
Data migration and hosting is comparatively quick and easy. It can be done any time.
What takes huge lead-times is re-establishing a chip-making industry; not just the fabs but also the raw material contracts, materials processing etc
I'd argue that achieving data sovereignity first is counter-productive because we know the politicians will relax once the easy bit is done. The actual hardware hard-work will never get funded, especially after a new US President takes office in 2029. Europe will sigh in relief and go back to its wilfull ignorance of the risks of dependency'
That's surprising. I would've expected most people at a cybersecurity conference to have heard of it, for over a decade.
Is this conference not for people who understand the technology at all, but rather for purely management-track people who oversee the people who understand the technology?
https://www.techspot.com/news/107073-researchers-uncover-hid...
Silicon level backdoors.
https://www.wired.com/2016/06/demonically-clever-backdoor-hi...
There is the NanoIC research line at imec (2nm), CEA-Leti incomming 7nm FD-SOI pilot lines, and in terms of full production lines, Global Foundries Dresden (12 nm), ESMC (12 nm, in construction), and the various FeRAM/FMC projects I can't keep track of (Neumonda for example).
I would be more worried about designs, because outside of ARM (and Imagination Tech, both in the UK), I don't know any competitive European designs. (about routers NXP already makes router chips with accelerators on top of ARM cores, used for example in the Mono Gateway, but they are fabbed on old TSMC nodes)
And as commented elsewhere, ARM
Even if open source, currently there is no European plan on how to take care of supply chain on those.
Huawei came up with a full stack, after the ties were closed, as an example. OS and languages.
Part of what got Microsoft into this position in the first place is that they built and sold software.
Now, they don't build and sell software, they sell services. Services means you're buying access to data.
The data is the problem.
There's a certain amount of soft power you have when you can disallow access to data and services for foreign officials[0] arbitrarily.
The old world order would of course permit us to sanction new sales of things, but in the new world: this is crucially tied with current access to services.
I think the easiest way to think about it is:
Would you depend on another nation selling you the parts to build a power plant, or would you prefer to depend on them supplying you the power- in fact it's worse than that because not only are you buying power you're also giving up a lot of information on who uses it, how it's used, and enough control to cut it off for an individual person.. totally crazy.
the EU itself was designed around the idea that if you are crucially tied in this way then war becomes unthinkable. But that only works when you're equivalently sized entities. The US uses this position to bully the world.
The biggest share of imports to EU by value is "mineral fuels, oils, distillation products". It's 17% of all imports.
https://tradingeconomics.com/european-union/imports-by-categ...
2) Tech dominance is almost at 100% for large companies and governments across europe. Much higher than 17%
The problem with the right wing authoritarian types, regardless of regime is that their thirst for power is harmful to all stakeholders. The tragedy of the Iraq War wasn’t Iraq — it was kicking off decades of inevitably escalating conflict. And doing so for nothing.
We, as in citizens of the world, need strong trade ties with China, Europe, the United States and the developing world. I don’t want my sons getting killed by some PRC drone, nor do I want them killing people in service of the dreams of fat old men.
Europe butchered two generations a century ago. Their model makes sense, and can integrate with the world.
Please read about the previous initiatives like Cloudwatt involving the same actors (Thales, etc.) [0]
I have been forced to consider them about 10 years ago and realized at the time that the French telco Orange (who acquired it in 2015) just transferred all control to Huawei (datacenters in France but controlled by Huawei). So all the organisations who put their precious data in a sovereign EU cloud was now in the hand of the Chinese. It took me a while to understand because they would hide it first and strangely the wikipedia article does not mention it.
So it was fun while the initial public money was flowing but right after that they just throw their "client" under the train.
If you want an European cloud, companies like Hetzner are good. But please do not get to excited by all the other announcements.
I always snarked at clueless CEOs bent on forcing me to sign NDAs while the entire infra _and_ data was living in US from the get go. Like, what's so sensitive I'm going to disclose that wasn't voluntarily disclosed by yourself already?
I am sure the US government has everything from my banking records to my biometrics to my medical history.
That does not mean I would be ok with all of those things being posted on the open web (yes, some / all may already be).
Employers are generally more concerned with disclosure to competitors than they are with possible collection by US intelligence.
This is laughable, since US cloud platforms invested trillions. Also, US companies benefit from greater efficiency, know how, cheaper energy and less regulations.
If EU wants to compete with the US, they have to do what US does.