EU's Data Sovereignty Response To US AI Bans

On 3 June 2026, the European Commission presented its European Technological Sovereignty Package, a wide-ranging set of measures intended to reduce Europe’s dependence on non-EU digital infrastructure and to strengthen European control over cloud and artificial intelligence services.

The package is often described in the market as a “data sovereignty” initiative, and it carries forward themes set out in the European Data Union Strategy of November 2025, although it is broader in scope. The element of greatest immediate interest to technology and data lawyers is a proposed regulation, namely the Cloud and AI Development Act.

The timing proved instructive. Nine days after the package was unveiled, the abrupt suspension of a leading United States artificial intelligence model demonstrated, in concrete terms, the dependency that European policymakers have been warning about, and it gave the sovereignty agenda a salience that no policy communication could have manufactured.

The Cloud and AI Development Act, published as COM(2026) 502 was discussed in more detail in a recent William Fry Article.

The four assurance levels

One of the most important elements of the proposed legislation are the four assurance levels it contains, as this is where the commercial consequences lie. This is because the framework is calibrated so that the obligations a provider can realistically satisfy depend less on its engineering than on its corporate structure and home jurisdiction.

The framework requires every public body to conduct a sovereignty risk assessment before procuring cloud services, matching the workload to the level justified by the assessment. Each of the four assurance levels are graded by reference to three things:

• where data, personnel and infrastructure sit;
• who owns and controls the provider; and
• its software supply chain and the degree of exposure to non-EU jurisdiction and law.

As the levels rise, the requirements move steadily away from simple data residency and toward corporate ownership and legal insulation from foreign authority. Public bodies must meet at least the baseline (Assurance Level 1), and where an assessment concludes that an activity contributes to the preservation of public order, typically in the NIS 2 sectors such as energy, health, transport, water and banking, the higher assurance levels come into play.

Level 1: data residency. This baseline is already a substantial obligation. Providers must establish and maintain their infrastructure, assets and customer data within the EU, and a provider controlled in a third country must guarantee that it is not required to report unexploited vulnerabilities to third-country public authorities. The requirement primarily turns on residency, so it is broadly achievable for the major US hyperscalers operating in European regions. On the Commission’s working assumptions, most

existing public-sector workloads, approximately 70 per cent, would sit at this level, meaning that most routine public-sector cloud demand remains open to incumbent providers, and the near-term disruption at the bottom of the scale is limited.

Level 2: operational independence and supply-chain transparency. The second level is where the obligations begin to reach the structure of a business. It requires that all personnel, infrastructure and assets involved in operating the service be located in the EU, that the provider obtain certification under the forthcoming EU cloud certification scheme. A provider controlled in a third country must implement legal, technical, and organisational measures to guarantee service continuity, prevent third-country access to customer data, and avoid exposure to third-country sanctions and trade-control regimes. The provider must also maintain a complete software bill of materials, submit third-country software components to source-code audits, and maintain effective separation between an EU parent and any non-EU subsidiaries.

Industry regards this level as the genuine inflection point, because the duty to prevent third-country access to data and to insulate the service from foreign sanctions directly bears on the conflict with US extraterritorial law. Around a fifth of public-sector workloads are expected to fall to this level; meeting it may require a US provider to ring-fence its European operations to a significant degree.

Level 3: EU ownership and control. The third assurance level requires the provider to be owned and controlled within the EU. The only derogation is for a provider from a third country that the Commission has recognised, by secondary legislation, as meeting defined conditions. These conditions include that the country:

• holds an EU adequacy decision under the GDPR;
• it cannot compel providers to degrade or disrupt service provision, and
• it keeps its own market open to EU cloud providers.

In practice, this level is closed to a US-incorporated company acting alone, because the US CLOUD Act asserts extraterritorial reach over US companies regardless of where their data is stored; no volume of technical measures cures a control test that the company’s incorporation defeats. The realistic route for a US provider is a qualifying joint venture with an EU partner, of the kind already emerging, such as the Thales subsidiary S3NS in partnership with Google.

Level 4: full sovereign control. The strictest assurance level mirrors Level 3 in requiring that the provider not be controlled by a third country, and then removes the derogation for recognised third countries altogether. It adds:

• a requirement for a European cybersecurity certificate of at least a “high” assurance level for cloud services;
• effective provider control over all software components; and
• a demonstration that no third country, and no entity in a third country, holds or exercises effective control over the design, development, maintenance or evolution of those components.

This level is reserved for the most sensitive workloads, on the Commission’s working assumption around one per cent of the total, and it is constructed so that it is effectively unavailable to a US-controlled provider. It is intended for the small core of state functions in which the EU seeks complete insulation from foreign jurisdiction.

The Commission has not concealed the consequences of this calibration. Because the US CLOUD Act permits US authorities to compel disclosure of data held by US-controlled providers, the major American hyperscalers cannot, on the framework’s own terms, satisfy the two highest assurance levels without significant corporate restructuring. Executive Vice-President of the European Commission for Technological Sovereignty, Security, and Democracy, Henna Virkkunen, acknowledged as much when she conceded that reaching the highest tiers would be very difficult for US firms while the US CLOUD Act remains in force.

The two lower assurance levels stay open to the major American hyperscalers. Since most public-sector demand sits there, the practical market closure is concentrated at the sovereign end of the spectrum rather than spread across the board.

For public procurement, there is a “Union added value” criterion. The recitals to the Cloud and AI Development Act state that this should be ancillary and not decisive, with a capped weighting of fifteen out of one hundred and twenty points in a procurement process. This edges tenders toward providers with genuine EU research, manufacturing and innovation activity.

The dependency made visible

The episode that followed illustrated why Brussels regards this as urgent. On 12 June 2026, the US Department of Commerce issued an export-control directive barring any foreign national, whether inside or outside the United States, from accessing two of Anthropic’s most capable models, Claude Fable 5 and Claude Mythos 5, including the company’s own foreign-national staff. Unable to identify users by nationality in real time, Anthropic disabled both models for every customer worldwide. A model marketed three days earlier as the most capable Anthropic had released to the public became unavailable to European users overnight. The export control directive’s precise legal basis has not been published, and the company has said the letter gave no details of the concern.

The legal merits remain contested, and Anthropic has described the matter as a misunderstanding that it expects to resolve. For European institutions, businesses and public bodies, however, the lesson required no resolution. A critical capability sourced from a single foreign-controlled provider can be withdrawn by the decision of a foreign authority, with no recourse for the European user and without notice. That is precisely the exposure the sovereignty package is designed to reduce. The reaction across European capitals, where the suspension was met with renewed calls for technological sovereignty and where the Commission itself treated the episode as vindication of its strategy, confirmed its political resonance.

What it means for Ireland

Few member states have more at stake than Ireland. Dublin is one of the five established European data-centre hubs, alongside Frankfurt, London, Amsterdam and Paris, which together account for around half of European data-centre capacity. Ireland is the European base for the largest US AI and technology firms, whose presence underpins a substantial share of corporation tax receipts and high-value employment. The package cuts in two directions for that environment.

The supply-side measures, including acceleration zones and support for strategic projects, align with Ireland’s stated infrastructure ambitions, although they sit uneasily with the grid constraints that have made data-centre electricity demand. The demand-side framework presents a more structural challenge, because what has made Ireland attractive, namely its role as the European home of US-controlled cloud and AI providers, is the feature that the sovereignty criteria are most likely to disadvantage where European public-sector and critical-infrastructure demand is concerned. The Government’s publication of a report on the economic value of data centres on the eve of the EU package underlined how alert Dublin already is to the stakes.

What it means for our clients

For organisations across technology, financial services, life sciences and critical infrastructure, the immediate task is to understand exposure before the rules harden. The Cloud and AI Development Act remains a Commission proposal It is subject to negotiation between the European Parliament and the Council, with adoption unlikely before 2027 at the earliest, and its assurance level thresholds may yet change. The direction of travel, however, is settled, and several steps merit early attention:

• Dependency mapping: Map cloud and AI dependencies and identify where a single foreign-controlled provider supports a critical or important function, prioritising public-sector-facing workloads and operations in the NIS 2 high-criticality sectors.
• Contract readiness: Review cloud, SaaS and AI contracts for jurisdiction and data-residency provisions, sovereignty representations, audit and information rights, and robust exit and portability mechanisms, the last reinforced by the switching obligations already contained in the Data Act.
• Financial services: Read the framework alongside the Digital Operational Resilience Act, under which the European Supervisory Authorities designated the first critical ICT third-party providers in November 2025. These two regimes converge on the same concentration and outsourcing concerns.
• Board governance: Treat dependence on foreign-controlled digital infrastructure as a governance question in its own right, with a defined escalation route and a documented risk-acceptance pathway.

Comment

The sovereignty package is still only a proposal that needs to undergo the EU’s legislative process. That process would leave the GDPR, the NIS 2 Directive and the EU AI Act in place, and adds a further layer that feeds into each of them, while signalling a durable reorientation of European digital policy toward control over critical infrastructure. The four assurance levels are the operative core of that reorientation, because they convert a political preference for European control into a graded procurement test that a provider’s incorporation, ownership and supply chain will determine. The Claude Fable 5 suspension supplied an unusually vivid demonstration of the risk the framework is meant to address. Organisations that begin mapping their dependencies and adjusting their contracts now will be considerably better placed when the rules take binding form, and they would be well advised to take focused legal advice on their specific exposure.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.