EU weighs cloud rules that could bar Amazon, Microsoft, Google from tenders
Brussels is drafting cloud tender rules that could shut Amazon, Microsoft and Google out of sensitive public contracts, tightening Europe’s sovereignty push.

Europe is preparing to draw a harder line on who can run the cloud systems behind banks, energy grids and hospitals, with draft procurement rules that could sideline Amazon, Microsoft and Google from some of the bloc’s most sensitive tenders.
The European Commission’s planned Cloud and AI Development Act would require non-price criteria in public procurement for highly critical state contracts, according to draft documents. Those criteria would go beyond cost to weigh whether software and hardware were developed in the EU, how data is protected, whether a provider is subject to third-country control over data and services, and how open the provider’s home market is to European rivals.
The focus is on sensitive sectors where officials want stronger sovereignty requirements for infrastructure deemed critical. Banking, energy and healthcare are specifically in view. The move also reflects concern over the U.S. Cloud Act, which can compel U.S.-based firms to hand over data even when it is stored abroad, a risk that has long unsettled European policymakers.
Henna Virkkunen, the Commission’s tech chief, is at the center of the push as Brussels tries to reduce dependence on U.S. technology and bolster domestic firms. The Commission is also considering making itself a central purchasing body for data centers, cloud services, software and artificial intelligence systems. Another possibility under discussion is a faster approval path for data centers that use European-made chips or lower their energy costs.
The Commission has already begun applying sovereignty rules in practice. In April 2026, it awarded a sovereign-cloud tender worth up to 180 million euros over six years. The contract, launched in October 2025 under the Cloud III Dynamic Purchasing System, was meant to strengthen the digital sovereignty posture of EU institutions and avoid lock-in to a single provider.
That effort rests on the Commission’s Cloud Sovereignty Framework, which draws on CIGREF’s Trusted Cloud Referential v2, Gaia-X policy rules and architecture, and the European Cybersecurity Certification Framework. It also echoes national strategies in France and Germany that have pushed for more control over public-sector cloud infrastructure.

The market backdrop shows why the policy fight matters. Synergy Research Group data puts European cloud providers at about 15% of the local market in 2024, with revenue of about 61 billion euros, or $70 billion. Amazon, Microsoft and Google together held about 70% of the European market. European providers’ share fell from roughly 29% in 2017 to about 15% in 2022, then stayed near that level.
Thirteen European cloud providers have also joined EU lawmakers and NGOs in backing the Commission’s effort to cut dependence on U.S. technology. If the proposal advances, it could reshape public procurement across the bloc, sharpen transatlantic trade tensions and determine whether Europe’s next generation of government systems is built around local suppliers or still anchored to U.S. hyperscalers.
This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.
Did this article answer your question?


