Digital Sovereignty: Between Billion-Dollar Investments and Strategic Autonomy

Hyperscaler Dependency

Article first published on IT-Daily.net (GER): Digitale Souveränität: Zwischen Milliardeninvestitionen und strategischer Autonomie

On December 11, 2025, Amazon Web Services (AWS) published the European Sovereign Cloud Sovereign Reference Framework (ESC-SRF). Eighteen months after the €7.8 billion investment in Brandenburg, we can now assess what has actually been achieved. The result: this is a technical implementation, not symbolic politics.

Other providers are also advancing sovereignty initiatives. NVIDIA and Deutsche Telekom are investing more than one billion euros into a sovereign Industrial AI Cloud in Munich. Workday has launched its EU Sovereign Cloud. In November 2025, Google Cloud opened its first European Sovereign Cloud Hub, a co-creation space for solutions including EU Data Boundaries, local data residency, client-side encryption, and air-gapped variants. Google is working with partners such as T-Systems and the Schwarz Group, who ensure governance and control. Between 2026 and 2029, Google plans to invest a further 5.5 billion euros.

The major providers are following clear strategies: AWS relies on fully separated infrastructure, while Google complements existing infrastructure through partners. Microsoft is also building corresponding offerings. Pressure from regulation and customer demand is increasing. Gartner expects IT spending growth of eleven per cent in 2026, reaching 1.4 trillion dollars. The sovereign cloud market is growing to 250 billion dollars.

From Data Location to Operational Autonomy

Europe is evolving from simple data location to operational sovereignty. The EU Commission is defining measurable criteria for the first time. The EU Cloud Sovereignty Framework sets out eight objectives (SOV-1 to SOV-8), that require concrete evidence of operational control.

AWS is visibly implementing these requirements. The data centre in Brandenburg is physically and logically separated, operated by EU citizens with EU residency. A European certificate infrastructure complements the model. Responsibilities are clearly divided: AWS ensures infrastructure security, while customers are responsible for encryption, key management, and access. Those who hold keys under European control achieve a high level of actual control.

Putting Dependency in Perspective

The question of European dependency on US corporations is often presented in stark terms, yet complete technological independence is not necessary. What matters is the ability to have alternatives and to use them when needed. European systems have always been based on global technologies. Sovereignty comes through the capacity to act, not through isolation.

This leads to a tiered approach to risk management. Critical workloads require maximum control and, where appropriate, European infrastructure. Standard applications can use sovereign hyperscaler offerings that combine performance and control. The models differ: AWS offers deeper technical isolation, while Google relies on partner governance. The decisive question remains how verifiable the controls are and what degree of operational autonomy actually exists.

Standards and Interoperability as Prerequisites

Open standards create interoperability and prevent lock-in. The World Economic Forum speaks of hybrid resilience. Multi-vendor architectures and portable workloads ensure flexibility. Initiatives such as Gaia-X address these goals. Meanwhile, concrete sovereign infrastructures are already emerging in Brandenburg and Munich. The question is less about Gaia-X versus hyperscalers, and more about how European standards can complement existing investments.

Geopolitics Comes to the Fore

Cloud services are becoming critical infrastructure. 61 per cent of CIOs in Western Europe view geopolitical risks as a factor influencing provider decisions. Export controls and political tensions are now part of scenario planning. At the same time, practice shows that providers like AWS legally challenge government interventions and establish strict technical separations. Nevertheless, residual risks remains, requiring diversification and redundancy.

What Europe Needs Now

Three factors are central:

Innovation Driven by Requirements

Sovereignty requirements are acting as a driver of innovation. The billions invested by hyperscalers and partners are direct response to European demand. Studies show that by 2030, three quarters of all companies will have developed their own digital sovereignty strategies. At the same time, GenAI spending in Europe is growing rapidly. Europe must now invest in its own capabilities to build alternatives in the medium term.

Shared Responsibility for Politics and Business

Policymakers have set the framework. The EU Cloud Sovereignty Framework and its anchoring in public procurement mark a strategic shift. Companies must use these requirements. This includes exit strategies, deliberate architectural decisions, and the use of regional providers where they are competitive. Gartner describes this development as a geopolitical relocation of technology decisions.

Conclusion

Digital sovereignty is a strategic risk factor, not a technical side issue. The current billion-dollar investments, quantifiable criteria, and new procurement models show that Europe is strengthening its room to manoeuvre. The combination of sovereign hyperscaler offerings for standard applications and European infrastructure for critical areas is the pragmatic path to sustainable digital autonomy.