On June 3, the European Commission published its Tech Sovereignty Package, a set of legislative and policy initiatives designed to address what the Commission characterizes as Europe’s technological dependencies on non-European suppliers. The Package marks a further step in the evolution of the EU’s technology policy, with initiatives spanning the full tech stack—from chips and infrastructure to software, cloud, and artificial intelligence. Through this “ecosystem” approach, the Commission seeks to reduce supply-side dependencies by strengthening domestic capabilities in Europe and stimulating demand in downstream sectors.

The Package comprises four components: two legislative proposals—(i) the Cloud and AI Development Act (CADA), and (ii) the Chips Act 2.0—as well as two non-legislative initiatives—(iii) the EU Open Source Strategy and (iv) a Strategic Roadmap for Digitalisation and AI in Energy.

This blog post provides an initial, high-level overview of the four initiatives through which the Commission seeks to advance a “European way” to tech sovereignty, with potential implications for industrial ecosystems in Europe and beyond, including cloud, telecoms, automotive, aeronautics, and defense sectors.

Link to CADA: A Proposed Regulation to Build Capacity While Defining “Sovereign” Cloud Services CADA: A Proposed Regulation to Build Capacity While Defining “Sovereign” Cloud Services

At the core of the Package is the proposed Cloud and AI Development Act (CADA), which seeks to scale EU-based cloud and AI infrastructure. It is therefore likely to be of particular importance to cloud computing providers, data center operators, AI developers, public sector customers of these services, and companies relying on critical digital infrastructure in Europe.

The proposal aims to triple EU data center capacity over the next five to seven years and ensure that the Union has the capacity it needs by 2035. To that end, CADA creates a framework for the “Cloud and AI Leadership Initiatives”, intended to promote research, innovation, and large-scale capacity across the EU cloud and AI ecosystem. As set out in the proposal, these Initiatives cover a broad range of objectives, including (i) more energy- and resource-efficient data center technologies; (ii) greater autonomy across the cloud stack; (iii) the development of frontier, physical, and industrial AI; (iv) the use of AI in the public sector; and (v) broader adoption and skills development. Member States would also be required to adopt national cloud and AI strategies aligned with these objectives.

CADA also introduces a EU Cloud Sovereignty Framework, which establishes four “assurance levels” for cloud computing services. These levels are based on criteria such as control over the service, control over the supply chain, treatment of data, infrastructure location, and cybersecurity. Member States and Union entities would each be required to carry out individual sovereignty risk assessments to determine the appropriate level of assurance for different public-sector use cases. Accordingly, the proposal leaves room for national “à la carte” variation in the application of the EU Cloud Sovereignty Framework, instead of a harmonized approach. According to the draft, the Commission would have the power to adopt implementing acts requiring private companies in sectors regulated by the EU’s horizontal cybersecurity law—the revised Network and Information Systems Directive (NIS2)—to carry out similar assessments. It would also have the power to adopt implementing acts identifying third countries whose cloud providers may be subject to audit against the EU Cloud Sovereignty Framework.

CADA combines sovereignty-related requirements with industrial policy tools. It includes mechanisms for strategic projects, data center acceleration zones, and public procurement measures, while also promoting the development of open and secure European cloud and AI solutions.

Link to Chips Act 2.0: An Updated EU Semiconductor Ecosystem Strategy Chips Act 2.0: An Updated EU Semiconductor Ecosystem Strategy

The Chips Act 2.0 reflects a renewed Commission effort to foster advanced semiconductor manufacturing in Europe. The proposal pursues two objectives: (i) reducing EU dependence on third countries for semiconductor design and manufacturing; and (ii) improving crisis preparedness to better ensure the EU’s security of supply.

While the original Chips Act focused primarily on supply-side measures, the proposed Chips Act 2.0 places greater emphasis on demand-side tools. It aims to stimulate demand for high-performance AI chips by leveraging AI infrastructure initiatives, including AI Factories and Gigafactories, as well as the broader build-out of data centers and cloud infrastructure across the Union. To help generate that demand, the Commission proposes instruments such as public innovation procurement, “Demand Accelerators”, and a dedicated forum to promote the uptake of EU-designed and EU-made chips.

On the supply side, the proposal introduces the concept of “Strategic Projects” across the semiconductor value chain. These projects would be eligible for facilitated access to public investment, fast-track permitting, and support measures designed to accelerate deployment. The explanatory memorandum to the draft Regulation also points to a potential, first-ever EU semiconductor facility for advanced manufacturing, including AI chips and other advanced technologies, with pilot production envisaged in the 2030-2033 period.

Under the reinforced “Chips for Europe Initiative 2.0,” the proposal also places renewed emphasis on the industrialization of pilot lines for testing and experimentation and on strengthening the wider semiconductor ecosystem, including through support for photonics and photonic integrated circuits, competence centers, and a “Chips Fund” for start-ups, scale-ups, and SMEs.

In parallel, the Commission seeks to improve crisis preparedness through a “Business-to-Business Semiconductor Supply Chain Platform”, which would allow companies to share non-commercially sensitive information in aggregated form to support risk identification and resilience planning. The Commission also plans to develop an EU Blueprint for semiconductor crisis management by the second quarter of 2027.

Link to The EU Open Source Strategy as a Sovereignty Tool The EU Open Source Strategy as a Sovereignty Tool

The Package’s third pillar is the EU Open Source Strategy, which seeks to mitigate vendor lock-in risks, strengthen European digital autonomy, and promote interoperable digital infrastructure across both the private and public sectors. The Strategy treats open source not merely as a software-development model, but as a broader governance and industrial policy tool that, according to the Commission, can help Europe lower technology costs, accelerate innovation, and reduce dependence on foreign providers.

The Strategy is built around four main objectives: (i) leveraging open source for tech sovereignty through deployment and uptake; (ii) strengthening and promoting a “vibrant open source ecosystem”; (iii) promoting open and interoperable digital ecosystems for public administrations; and (iv) reinforcing digital standards and international outreach. It combines supply-side measures—intended to help communities and companies develop, scale, maintain, and secure open source solutions—with demand-side measures intended to increase public- and private-sector uptake.

The Open Source Strategy emphasizes the need to promote open digital public infrastructure and aligns this ambition with procurement and public-administration reform. The Strategy indicates that the CADA proposal introduces an “open source-first” principle for public purchases of cloud and AI software, while also promoting a “public money, public code” logic for software developed or procured by public administrations. 

Link to Strategic Roadmap for Digitalisation and AI in Energy Strategic Roadmap for Digitalisation and AI in Energy

The fourth component of the Package connects the tech sovereignty agenda with the Union’s climate and energy objectives. The Strategic Roadmap for Digitalisation and AI in Energy is intended to support the deployment of EU digital and AI solutions in energy-relevant sectors and use cases, including electrification, grid optimization, system integration, demand-side flexibility, and energy efficiency in buildings and industry.

With respect to data centers, the Roadmap indicates that the Commission will adopt a Data Centre Energy Efficiency Package, which would include (i) a report on improving the energy efficiency of data centers; (ii) a Delegated Act establishing an EU rating scheme for the sustainability of data centers; and (iii) the launch of a public consultation on minimum performance standards for new and existing data centers in the EU. The rating scheme would cover, among other things, energy efficiency, water efficiency, clean energy use, waste heat reuse, and flexibility. According to the Roadmap, the rating scheme is to be adopted in 2026, with the first labels in 2027, while the needs assessment for minimum EU energy performance standards is due by 2027.

Link to Strategic Considerations Strategic Considerations

Taken together, the Package represents a notable effort by the Commission to move beyond an approach focused on requiring EU operators to maintain strong resilience against external threats, and to take a more proactive approach to building internal capacity for critical technologies.

Semiconductor companies, cloud providers, data center operators, AI developers, software vendors, open-source businesses, public-sector suppliers, and energy-tech stakeholders may need to assess how the proposed and accompanying initiatives could affect market access, funding opportunities, project permitting, procurement conditions, cybersecurity expectations, and sustainability requirements.

*             *             *

Covington is closely monitoring the development of the EU Tech Sovereignty Package and related initiatives across semiconductors, cloud and AI, digital infrastructure, public procurement, cybersecurity, and sustainability regulation. We are well placed to advise on these policy developments and engagement with relevant decision-makers. We help gather intelligence, analyze legislative initiatives, navigate complex regulatory requirements, and design and execute strategy at the EU and across Member State capitals.

Tags: AI
Photo of Jadzia Pierce Jadzia Pierce

Jadzia Pierce advises clients developing and deploying technology on a range of regulatory matters, including the intersection of AI governance and data protection. Jadzia draws on her experience in senior in house leadership roles and extensive, hands on engagement with regulators worldwide. Prior…

Jadzia Pierce advises clients developing and deploying technology on a range of regulatory matters, including the intersection of AI governance and data protection. Jadzia draws on her experience in senior in house leadership roles and extensive, hands on engagement with regulators worldwide. Prior to rejoining Covington in 2026, Jadzia served as Global Data Protection Officer at Microsoft, where she oversaw and advised on the company’s GDPR/UK GDPR program and acted as a primary point of contact for supervisory authorities on matters including AI, children’s data, advertising, and data subject rights.

Jadzia previously was Director of Microsoft’s Global Privacy Policy function and served as Associate General Counsel for Cybersecurity at McKinsey & Company. She began her career at Covington, advising Fortune 100 companies on privacy, cybersecurity, incident preparedness and response, investigations, and data driven transactions.

At Covington, Jadzia helps clients operationalize defensible, scalable approaches to AI enabled products and services, aligning privacy and security obligations with rapidly evolving regulatory frameworks across jurisdictions—with a particular focus on anticipating enforcement trends and navigating inter regulator dynamics.

Read more about Jadzia PierceEmail
Show more Show less
Photo of Dita Charanzová Dita Charanzová

Dita Charanzová advises on European policymaking and international regulatory strategy, drawing on more than two decades of experience in EU institutions and diplomacy. She served as a Member of the European Parliament from July 2014 to July 2024 and as Vice President from…

Dita Charanzová advises on European policymaking and international regulatory strategy, drawing on more than two decades of experience in EU institutions and diplomacy. She served as a Member of the European Parliament from July 2014 to July 2024 and as Vice President from July 2019 to July 2024, with responsibilities including cybersecurity and institutional relations, including relations with national parliaments, and parliamentary relations with North and South America. Her work has focused on the digital agenda, consumer protection, the internal market, and international trade.

In her advisory work, Dita, a non-lawyer, helps organizations anticipate and navigate EU policy and legislative developments—particularly at the intersection of digital regulation, internal market rules, consumer protection, and trade. She brings senior‑level insight into how priorities are shaped within the EU institutions and in particular in the European Parliament. Her experience includes high‑visibility leadership roles in the European Parliament and work on major EU digital and internal market files, including the Digital Services Act, the European Electronic Communications Code, the General Product Safety Regulation, and the Web Accessibility Directive. Dita served as a Vice-president of the Alliance of Liberals and Democrats for Europe Party from 2018 to 2023. She also previously served in the Czech diplomatic service, including a posting to the Permanent Representation to the EU, and chaired the Trade Policy Committee of the Council of the European Union during the Czech EU presidency in 2009.

Read more about Dita CharanzováEmail
Show more Show less
Photo of Paul Maynard Paul Maynard

Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online…

Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online platforms. He also advises clients on how to respond to law enforcement demands, particularly where such demands are made across borders.

Paul advises emerging and established companies in various sectors, including online retail, software and education technology. His practice covers advice on new legislative proposals, for example on e-privacy and cross-border law enforcement access to data; advice on existing but rapidly-changing rules, such the GDPR and cross-border data transfer rules; and on regulatory investigations in cases of alleged non-compliance, including in relation to online advertising and cybersecurity.

Read more about Paul MaynardEmail
Show more Show less
Photo of Anna Sophia Oberschelp de Meneses Anna Sophia Oberschelp de Meneses

Anna Sophia Oberschelp de Meneses advises on EU data protection, cybersecurity, and consumer law. Her practice covers the full range of Europe’s digital regulatory framework, including GDPR, ePrivacy, NIS2, the Cyber Resilience Act, the AI Act, the Digital Services Act, the Data Act…

Anna Sophia Oberschelp de Meneses advises on EU data protection, cybersecurity, and consumer law. Her practice covers the full range of Europe’s digital regulatory framework, including GDPR, ePrivacy, NIS2, the Cyber Resilience Act, the AI Act, the Digital Services Act, the Data Act, the European Health Data Space, and EU consumer protection law, including product safety, product liability, and consumer rights legislation. She focuses on the operational side of compliance — helping clients design policies and processes, draft documentation, and build the internal frameworks needed to meet regulatory requirements in practice.

She also advises on contentious matters, drawing on experience managing investigations before national regulators and proceedings before national courts and the Court of Justice of the European Union. She works closely with Covington’s disputes teams on matters at the intersection of regulatory compliance and litigation.

Read more about Anna Sophia Oberschelp de MenesesEmailAnna Sophia's Linkedin Profile
Show more Show less
Photo of Wolfgang Maschek Wolfgang Maschek

Wolfgang A. Maschek is the Head of the European Public Policy Practice based in the Brussels office. Wolfgang’s practice includes representing both private and public sector clients at EU and national level across various regulated industries and policy matters. With over two decades…

Wolfgang A. Maschek is the Head of the European Public Policy Practice based in the Brussels office. Wolfgang’s practice includes representing both private and public sector clients at EU and national level across various regulated industries and policy matters. With over two decades of experience leading public policy teams across various regulated industries, Wolfgang connects with clients by leveraging his extensive legal and regulatory expertise to overcome complex challenges and seize business opportunities in Europe. His experience includes areas such as international trade, foreign direct investment, technology and AI, financial services, healthcare, and environmental and chemicals policy.

For the last decade, Wolfgang successfully led the Brussels-based public policy team at an international law firm. Earlier in his career, Wolfgang served as Senior Counsel and Head of the European Regulatory and Public Affairs department at a global financial services provider. Between 2002 and 2006, Wolfgang represented the Austrian Central Bank in Brussels, where he was responsible for liaising with European institutions and advising on European developments affecting monetary policy and financial market supervision. Wolfgang’s experience also includes working at the European Commission and at the Oesterreichische Kontrollbank.

Wolfgang has consistently been recognized by Chambers Europe and other ranking platforms as a leading lawyer in the Government and Public Affairs field.

Read more about Wolfgang MaschekEmail
Show more Show less
Photo of Bart Szewczyk Bart Szewczyk

Having served in senior advisory positions in the U.S. government, Bart Szewczyk advises on European and global public policy, particularly on technology, economic sanctions and asset seizure, trade and foreign investment, business and human rights, and environmental, social, and governance issues, as well…

Having served in senior advisory positions in the U.S. government, Bart Szewczyk advises on European and global public policy, particularly on technology, economic sanctions and asset seizure, trade and foreign investment, business and human rights, and environmental, social, and governance issues, as well as conducts international arbitration. He also teaches grand strategy as an Adjunct Professor at Sciences Po in Paris and is a Nonresident Senior Fellow at the German Marshall Fund.

Bart recently worked as Advisor on Global Affairs at the European Commission’s think-tank, where he covered a wide range of foreign policy issues, including international order, defense, geoeconomics, transatlantic relations, Russia and Eastern Europe, Middle East and North Africa, and China and Asia. Previously, between 2014 and 2017, he served as Member of Secretary John Kerry’s Policy Planning Staff at the U.S. Department of State, where he covered Europe, Eurasia, and global economic affairs. From 2016 to 2017, he also concurrently served as Senior Policy Advisor to the U.S. Ambassador to the United Nations, Samantha Power, where he worked on refugee policy. He joined the U.S. government from teaching at Columbia Law School, as one of two academics selected nationwide for the Council on Foreign Relations International Affairs Fellowship. He has also consulted for the World Bank and Rasmussen Global.

Prior to government, Bart was an Associate Research Scholar and Lecturer-in-Law at Columbia Law School, where he worked on international law and U.S. foreign relations law. Before academia, he taught international law and international organizations at George Washington University Law School, and served as a visiting fellow at the EU Institute for Security Studies. He also clerked at the International Court of Justice for Judges Peter Tomka and Christopher Greenwood and at the U.S. Court of Appeals for the Third Circuit for the late Judge Leonard Garth.

Bart holds a Ph.D. from Cambridge University where he studied as a Gates Scholar, a J.D. from Yale Law School, an M.P.A. from Princeton University, and a B.S. in economics (summa cum laude) from The Wharton School at the University of Pennsylvania. He has published in Foreign Affairs, Foreign Policy, Harvard International Law Journal, Columbia Journal of European Law, American Journal of International Law, George Washington Law Review, Survival, and elsewhere. He is the author of three books: Europe’s Grand Strategy: Navigating a New World Order (Palgrave Macmillan 2021); with David McKean, Partners of First Resort: America, Europe, and the Future of the West (Brookings Institution Press 2021); and European Sovereignty, Legitimacy, and Power (Routledge 2021).

Read more about Bart SzewczykEmail
Show more Show less
Photo of Matthieu Coget Matthieu Coget

Matthieu Coget’s practice sits at the intersection of law and policy. He advises primarily on the EU’s evolving regulatory response to geopolitical and trade tensions, including foreign investment screening, sanctions and export controls, and trade safeguards. Matthieu also advises on reputational risks arising…

Matthieu Coget’s practice sits at the intersection of law and policy. He advises primarily on the EU’s evolving regulatory response to geopolitical and trade tensions, including foreign investment screening, sanctions and export controls, and trade safeguards. Matthieu also advises on reputational risks arising from cross-border transactions involving strategic supply chains. In addition, he regularly supports clients in designing and implementing policy engagement strategies.

Read more about Matthieu CogetEmail
Show more Show less
Laura Schukraft

Laura Schukraft is a Legal Intern who attended the Faculty of Law of the University of Fribourg and the European Legal Studies Department of the College of Europe.

Email