Tim Bradley
Manager, Europe, U.S. Chamber of Commerce
Published
June 15, 2026
Last week, the European Commission unveiled its expected Tech Sovereignty Package, the latest and most consequential step in Europe's evolving digital agenda. At the center of the package sits the proposed Cloud and AI Development Act (CADA), alongside other measures including a second-generation Chips Act, an EU Open Source Strategy, and a Strategic Roadmap for Digitalization in the AI and Energy Sectors.
CADA reflects a deliberate effort to reshape Europe's digital landscape around the principle of strategic autonomy. While digital resilience is an important policy objective, that goal can be pursued through either good or bad policy choices, and CADA, as currently structured, risks the latter.
Tech sovereignty is not a unique European preoccupation. Governments around the world are grappling with questions of digital dependence, supply chain integrity, and control over critical infrastructure. Yet, if you ask policymakers to define tech sovereignty, you will get different answers. For some, it means diversifying vendors; for others, it means building domestic capacity. The shared intent across all governments is to ensure that they have control over the cloud-enabled, data-filled ecosystems that are most critical to national and economic security and resilience. Yet how governments define tech sovereignty ultimately matters enormously, because the policy decisions that follow are not interchangeable—and in the case of Europe, could result in damaging restrictions barring American companies from participating in EU public procurement.
American firms are not merely outside actors seeking market access to Europe. They are embedded, long-term partners investing trillions in the European economy and employing tens of thousands of Europeans. They are deeply integrated into Europe’s digital infrastructure and committed to the security and reliability of the services they provide. U.S. companies' strengths in open standards, interoperability, and cybersecurity are precisely what enable European governments and businesses to maintain meaningful control over their data and systems, without locking themselves into rigid single-source architectures or cutting themselves off from global innovation. Nationality-based procurement preferences would sacrifice those advantages, undermining competitiveness in the name of sovereignty. The real-world costs, including higher prices for governments, slower innovation, and weakened competitiveness for European industry, are not hypothetical.
The CADA proposal introduces sovereignty-based procurement requirements for public sector cloud and AI services that would restrict market access to U.S. providers. The Commission’s underlying assumption is that technological dependence leads to geopolitical vulnerability. Yet the proposed framework risks conflating the need to identify responsible vendors that can provide control over the systems procured with where the company is headquartered. CADA effectively ring-fences EU public procurement around provider nationality, turning any legitimate digital sovereignty objective into good old-fashioned industrial policy to benefit national champions.
There is a better approach. Tech sovereignty and transatlantic partnership should never be oppositional. The EU can strengthen its digital resilience through risk-based, technology-neutral, and non-discriminatory frameworks. EU and Member State institutions can maintain control over their digital architectures and retain access to the world's most advanced and trusted technologies. Europe's growing interest in open-source collaboration fits naturally within this model and deserves encouragement. What does not fit is market-distorting subsidies or procurement rules designed to crowd out long-time trusted partners.
How Europe ultimately shapes CADA will be a defining test of whether Europe can pursue digital sovereignty and maintain transatlantic partnerships. Europe's digital future will be more secure, more innovative, and more resilient if it is built with trusted allies. Close transatlantic coordination and meaningful industry consultation, from the outset and not as an afterthought, are essential to getting this right. The alternative is a more fragmented, more expensive, and ultimately less sovereign digital Europe—an outcome that serves no one's interests.
About the authors
Jordan G. Heiber
Jordan Heiber leads the Chamber’s international privacy and data flow policy portfolio and manages a team responsible for the full suite of digital policy issues, including cybersecurity, artificial intelligence, and more.
Abel Torres
Abel Torres serves as Executive Director in the Center for Global Regulatory Cooperation (GRC) at the U.S. Chamber of Commerce.
Tim Bradley
Tim Bradley is a Manager for the Europe Program, U.S. Chamber of Commerce.
