European Digital Sovereignty : How EuroStack and Emerging Tech Policies Protect EU Strategic Autonomy Amid US-China Tensions

As the US-China tech competition heats up, countries around the world are increasingly seeking to find new paths to secure their own interests and protect citizens’ data. Popular approaches include enhancing government and individual control over data and digital infrastructure (digital sovereignty) and requiring companies to store data collected within a geographic location in that same location (data localization). This briefing explores these developments in the European Union (EU). 

Governments are pushing for European digital sovereignty

As Europe’s tech leaders and industrial powerhouses, Germany and France are the states to follow when examining how Europe will pursue digital sovereignty and data localization. 

The new German government strongly emphasizes sovereign control over digital infrastructure in its April 2025 coalition agreement. The agreement explicitly supports the EuroStack project, a multistakeholder initiative which began in September 2024 and aims to “join and build logical and physical infrastructures to secure Europe’s role in competitive digital value chains.” Specific infrastructure goals include speeding up data center construction, improving the security of critical infrastructure, streamlining regulatory processes, and empowering the private sector. Despite vague openness to global cooperation, Germany’s announcements indicate a national and European focus when it comes to digital infrastructure. 

France has also declared its support for a EuroStack, but appears more flexible in cooperating with non-Europeans to make that happen. Recent announcements indicate digital infrastructure collaboration with other “tech middle powers,” such as the country’s plans to build a 1GW European AI Data Center with the United Arab Emirates and other investment commitments with American tech and data center companies such as Equinix, Digital Realty, and Amazon. Regulatory red tape may slow progress in some cases, such as connecting data centers to the French electrical grid, while it is proving helpful in others (for example, simplifying the location process for and limiting public opposition to data center construction). Importantly, Le Monde reported that the lion’s share of France’s €109 billion AI investment announced at the Paris AI Action Summit will be spent on data centers.

France and Germany also disagree on infrastructure-relevant issues beyond the role of international cooperation. These include what energy sources are acceptable, the relevance of climate neutrality, and how to best integrate data centers with the existing grid. Political disagreements and securing sufficient financial support will likely complicate attempts to advance a primarily European data infrastructure like the EuroStack project. This could open opportunities for non-European participants to shape regulation and digital infrastructure development.

The private sector remains pragmatic and focused on quick progress

European tech is also strongly supportive of EuroStack. In a March 2025 open letter to the European Commission signed by 95 organizations, including OVH Cloud, Airbus, and Dassault, signees worried that “reliance on non-European technologies will become almost complete in less than three years.” This letter emphasizes collaboration as key, seeking “not to exclude non-European players, but to create space where European suppliers can legitimately compete (and justify investment).” 

The letter’s aims and recommendations are pragmatic, focusing on “address[ing] basic infrastructural needs” and technological areas where Europe can already deliver. This suggests European private sector support for foreign partnerships related to digital infrastructure will depend on two factors: (1) how foreign partnerships affect European vulnerabilities, with a preference for partnerships that decrease, or have a neutral impact on, European vulnerability, and (2) whether European partners can reliably and quickly meet private sector needs. 

For example, US tech companies are increasingly sophisticated in their use of infrastructure discussions to increase overall pressure for supportive regulations. A recent report also ranked multiple American companies among the top five data center investors across Europe, giving American companies structural power over European digital infrastructure. In contrast, increased scrutiny of Chinese companies has led to less Chinese investment in critical infrastructure and complicated lobbying efforts by Chinese tech companies over the past few years. Nonetheless, commentators emphasize that Chinese lobbyists remain “increasingly active and extremely influential” in the European context.

European regulations are affecting non-European infrastructure

To date, the European Union has no domestic ownership requirements for digital infrastructure. However, non-European owners must comply with all relevant EU and national legislation. Among other impacts, this might affect data center operation (e.g., via data localization requirements), introduce reporting requirements (e.g., related to sustainability and performance), and subject non-European investors to foreign investment screening (as they do in Germany and France starting at 10% foreign ownership).

Relevant regulations directly impacting non-European infrastructure providers  include: 

• General Data Protection Regulation (GDPR; effective 05/25/2018): The GDPR regulates the process and transfer of personal data and prohibits transfer of all personal data outside the EU. See overview here. 

• EU Data Act (effective 09/12/2025): The Data Act “clarifies who can use what data and under which conditions.” Key provisions include B2B data sharing and B2C sharing, protecting small businesses from “exploitive contracts,” B2G data sharing to encourage evidence-based policymaking, and measures on cloud interoperability and switching. The Data Act gives permission for companies to transfer non-personal data outside the EU as long as that transfer does not conflict with other legal obligations. See overview here. 

• European High Performance Computing Joint Undertaking (EuroHPC): The EuroHPC set up 7 consortia to develop AI Factories in Europe in December 2024 and announced 6 more in March 2025. Countries involved include Austria, Bulgaria, Czechia, Denmark, Estonia, France, Germany, Italy, Norway, Poland, Portugal, Romania, Slovenia, Spain, and Türkiye. This creates an opportunity for data centers looking to expand to and/or operate in Europe. 

• Energy Efficiency Directive (EED; effective 10/10/2023): The EED establishes sustainability and performance indicators and transparency requirements for data centers in line with the EU’s climate neutrality goals. Data collected will be published annually on May 15 and used to establish an EU-wide rating scheme for data centers. See overview here. 

Other regulations may have an indirect impact on non-European infrastructure providers. For example, the EU’s AI Act (effective 08/01/2024) assumes a risk-based approach to regulating AI technologies and companies. The AI Act indirectly shapes non-European participation in developing European infrastructure by reaffirming the importance of norms, such as transparency and preserving human rights, but non-European providers are not directly regulated unless they also produce AI products. See overview here. 

What does this mean for companies? Strategic engagement is key

While European regulations are notoriously slow, national governments can move much faster. This will be particularly relevant should data localization become a European priority, which means companies should already be strategically thinking and engaging at the European country-level, if not also with the European Union.

As tensions between the US and China continue to reshape the global technology landscape, European nations are increasingly focused on securing their own digital sovereignty through initiatives like EuroStack, but data localization policies may become more attractive if those initiatives falter. For companies navigating this complex environment, understanding the nuanced interplay between EU-wide regulations, national priorities, and market dynamics is essential for successful engagement. 

Contact our team today at info[at]cascadeadvisory.co to discuss how Cascade can support your strategic position in Europe's rapidly evolving landscape.