Co-authored by Cristina Caffarra & Anne Sohns

The battle cry of last week’s Rebuilding Europe’s Sovereignty was “Europe is a superpower, it’s on us, we are BUILDING”. Powering up Europe’s tech muscle is now the recognised imperative to improve productivity growth, leveraging defence, manufacturing, our exciting industrial AI ecosystem (plus energy and services); in addition to reducing our exposure and security risks. Having confined tech and digital policy for years to the failing realms of antitrust and digital regulation (with a smattering of subsidies to a wild array of disparate projects), we are finally getting that tech sovereignty is an industrial project. This is not to say Europeans must wait for our institutions to dream up the shape of our digital future: far from it, they have power but no entrepreneurial competences and expertise. Industry must lead, select and invest. Meeting demand’s needs as well as shaping the path of innovation. The public sector must come in support.

EVP Stéphane Séjourné, the EC Commissioner for Industrial Strategy, sent a signal in this direction this week with an oped in multiple European news outlets (here in the French version), supported by nearly 2,000 European entrepreneurs, in favour of introducing a (mild) steer towards European suppliers in public procurement. Why it matters? Because without demand, industry cannot invest and build. That simple. The initiative is broad (officially placed in the context of the forthcoming Industrial Accelerator Act) but make no mistake: tech and digital are “in scope”, fair and square. As they are “in scope” in the revision of the Public Procurement Directive, also part of EVP Séjourné’s portfolio, which is due this year.

The diagnosis that Europe is a “digital colony” of the US – and we provide an attractive market for US tech players to exploit, instead of charting our own future and building our own assets and capabilities – is by now well understood. In addition to dependencies and risk exposure, the cost to Europe of throwing in the towel has been vast: billions syphoned off in revenues and profits, foregone investment in our own solutions, failing to develop local competences, inability to nurture startups and scaleups who are eventually lost to more dynamic environments.

A flywheel that does not turn

The reality is we have amazing tech in Europe. Hardware, software, connectivity. Budding industrial AI. What stands in the way of Europe flexing that muscle and regaining a larger share of the “addressable market”?

The answer one often hears is that Europe lags behind in terms of functional parity with the US hyperscalers, who have perfected the art of offering integrated service bundles that give customers reliable “turnkey” solutions (cloud, software and AI). Across the cloud and AI stack – hardware and software layers – hyperscalers provide end-to-end solutions that major on convenience. Customers can relax into a form of “learned helplessness”, trusting that these providers will always be there to take care of everything. Of course, convenience and integration matter – and buyers continue to emphasise that this “advantage” of hyperscalers remains a major driver of their current choices (see the discussion at the “Rebuild” conference, specifically the conversations with Philippe Van Damme DDG of DIGIT, and Tim Hoffmann of Mercedes Benz – kudos to both for speaking candidly at the event in the panel on Building European Digital Assets).

Yet bundle-to-bundle competition between the three integrated giants – effectively reducing competition to a small number of fully fledged integrated solutions – is undermining the ability of European component suppliers to compete for customer demand, especially as bundle providers are highly effective at locking customers in, and preventing switching. The economic textbook answer is: “bundle up”. Why can’t component suppliers create equivalent bundles by cooperating or coordinating in multiple ways? Europe has enormous talent and capabilities. It is teeming with component suppliers. We have data centres, software for every layer of the stack, world-leading open-source expertise, and a growing number of AI start-ups across multiple verticals. Why can’t these capabilities coalesce into comparable system offerings and present themselves to customers in this way?

This is the nub of the issue. It is eminently solvable, but needs to be addressed decisively and fast. The answer cannot be “risk-tiering” (a tentative suggestion on stage at the conference): separating “less critical” from “more critical” services, and retaining large parts of the stack with hyperscalers while carving out narrowly defined sovereign niches. This would entrench the very dependency we claim to address. Scale and scope effects operate across the entire stack. Identity, collaboration, telemetry, developer tooling, AI services and forensic analytics are not neutral or modular add-ons. They generate learning effects, data gravity and cumulative lock-in. If the bulk of demand remains with hypescalers because “it is not so critical”, assertions that European solutions are “too expensive” or “not mature enough” become self-fulfilling outcomes rather than objective assessments.

Yes, creating bundled solutions through collaborations for multiple user cases – including application interfaces, open-source standards and bidding consortia – involves transaction costs and non-trivial questions of value allocation: how is the price of the overall service going to be distributed across the component parts? From the customer’s perspective, further questions arise: how strong is the technical integration, and how robust is the commercial integration? Customers do not want to manage complexity; they want clarity of responsibility and accountability for service delivery.

To break the resulting doom loop, rather than talking about tiering the demand side must actively engage and be willing to experiment and sandbox. Repeatedly, CEOs, CIOs and CTOs express concern about their dependencies on extraterritorial providers, while simultaneously stating that they are “not ready to decouple from the US” and that doing so would be “too risky and too costly”. See here, an example among many. Yet no one is arguing for “decoupling” in the sense of wholesale replacement of existing US suppliers. That is neither possible nor desirable. What is untenable, however, is Europe claiming to want to strengthen its own technological capabilities while no one is creating real opportunities for those capabilities to supply deployable systems.

Architectures and solutions cannot be developed speculatively by the supply side alone. Without credible prospects of demand, no rational actor will invest in deep integration or sustained collaboration. This is where demand must step forward, engage, and co-design products and system offerings with suppliers. Recent discussions – including at the “Rebuild” conference – have brought this tension to the fore. We are now in the process of translating awareness into action, and we need effort from all actors whose engagement is essential.

A major problem is demand failing to shape systems

Europe’s debate on cloud and AI inevitably focuses on the supply side: scale, investment, fragmentation and parity gaps. What is addressed far less openly is that European demand structures actively favour ready-made integrated solutions instead of participating and fostering the integration that scaling requires. This is not a temporary coordination failure. It is a structural problem, confirmed both by discussions from EU procurement authorities and by private-sector demand.

The cloud market has evolved towards integrated system offerings because buyers behave rationally under uncertainty. Integrated stacks reduce operational, legal and personal risk: a single contractual counterparty, a unified security and compliance perimeter, integrated monitoring and incident response, one commercial framework and a clear escalation path. In such an environment, excellence at the component level is not sufficient. What matters is the ability to deliver and operate a coherent system.

European suppliers, by contrast, typically appear as high-quality but disaggregated components: advanced chipmaking lithography, processor cores, infrastructure here, middleware there, identity, security, data and AI tooling spread across multiple actors. Buyers then believe they are confronted with precisely the risks that careful procurement is designed to avoid: unclear responsibility, integration liability, fragmented SLAs and uncertain exit paths. Under these conditions, it is entirely predictable that public buyers and large incumbents default to vertically integrated stacks, even while expressing strategic discomfort with dependency.

This dynamic creates a self-reinforcing doom loop. Each procurement decision that favours an integrated non-European stack widens the perceived parity gap. That gap is then cited to justify the next decision. The result is a failure of market formation.

What is often described as a “lack of scale” on the supply side is also a lack of credible demand commitment on the buyer side. Integrated suppliers scale because demand is predictable and coordination costs are internalised within the firm. Fragmented suppliers face high transaction costs, uncertain revenue and unclear value allocation. Under these conditions, rational firms do not invest in deep integration speculatively.

The implication is uncomfortable but unavoidable: demand choices drive supply, and public procurement is not neutral. It already shapes the market by systematically rewarding integrated stacks. The choice is whether Europe continues to do so unintentionally, or whether it uses its demand (and procurement in particular) deliberately as a system-design instrument.

Credible supply does not emerge without credible demand. And credible demand does not exist where procurement structurally privileges an existing system architecture in which effective competition is distorted. Yet the answer does not lie in the traditional instruments of competition law (please no, not that path). It lies in the tools of public procurement and investment policy.

Procurement is a security decision

A debate framed in terms of “digital sovereignty” invites semantic questions which are a waste of time (what does “sovereign” truly mean? etc). It is clearer to frame the issue as one of operational security. Cloud and AI infrastructure has become a strategic dependency in the same way as energy systems, telecommunications networks and defence-related industrial capacity. Modern conflict and systemic disruption no longer operate solely through military hardware or traditional defence assets. They increasingly run through the digital infrastructures that underpin state capacity and economic continuity: electricity grids, communications backbones, satellite and undersea cables, data centres, identity systems, and the software supply chains built on top of them. Cloud infrastructure provides the access, coordination and service layer through which these systems are operated and delivered.

AI may well be on the way to displacing this cloud layer, and rendering SaaS-based demand obsolete – many see this as the direction of travel. But at least for the mid-term, public (and much private) demand will continue to rely on cloud-based applications as the primary frontend for service delivery, data access and user interaction – with the additional complication that for now the strategic focus needs to include the availability and control of AI-capable compute.

Against these shifting sands, the procurement question is not whether European buyers may “prefer” European suppliers. In a macro sense, directing procurement to European suppliers matters for productivity and growth, and for our capabilities to manage and develop ourselves in these sectors. But most urgently, the immediate question is whether Europe can remain operational under stress. If public administrations, critical infrastructure operators and defence-adjacent ecosystems are structurally dependent on external system stacks, Europe is not merely purchasing IT services. It is accepting a form of strategic fragility.

We hear far too often ill-informed pushback invoking “trade rules”. In fact, EU primary law already recognises legitimate exceptions. For instance, Article 346 TFEU allows Member States to take measures necessary to protect their essential security interests and relieves them of obligations that would otherwise apply where disclosure or dependency would undermine those interests. While this provision has historically been applied narrowly to arms and defence-related production, the relevant security perimeter has entirely shifted and Europe should assert that vigorously.

Cloud infrastructure and AI-capable compute increasingly perform today functions equivalent to traditional critical infrastructure. They host sensitive state data, support command-and-control functions, enable emergency response and underpin economic continuity. Treating these systems as ordinary commercial inputs no longer reflects the threat environment Europe itself now acknowledges.

The institutional irony is clear. The same public authorities that warn about strategic dependency default to the stacks that feel safest – not in geopolitical terms, but in procurement terms. Familiar vendors, mature compliance artefacts, low friction and low personal accountability risk for decision-makers create powerful incentives. This is not irrational behaviour; it is learned helplessness embedded in procurement structures.

Invoking security-based exceptions focused on Europe as a whole in procurement is neither discrimination nor protectionism. It is a proportionate response to a structural risk that cannot be mitigated through conduct regulation alone. The question is no longer whether such an approach is legally conceivable. Procurement instruments must therefore be designed to override national industrial and political interests at the point of implementation. Without binding mechanisms that force genuinely European purchasing decisions, collective ambition will continue to be neutralised by national carve-outs precisely where scale, coherence and investment certainty are decisive.

Public procurement has to become a capability-building instrument

It is eminently feasible to develop system offerings that buyers can adopt without assuming disproportionate risk, if there is anchored demand. Without it, frameworks remain aspirational. With it, they become instruments of market formation. Procurement needs to be reframed. The unit of decision cannot be the vendor; it must be the capability. This requires procurement design to achieve three things simultaneously.

First, it must create demand certainty for integrated European system offerings – providing incentives to aggregate rather than sell isolated components. Without predictable demand, no rational supplier will invest in deep integration across layers.

Second, it must shift integration from a private transaction cost to a shared task. Today, each supplier consortium must solve integration, liability and coordination independently. This is economically wasteful and systematically favours vertically integrated incumbents.

Third, it must treat switching as an operational capability that is designed and tested at procurement stage, not as a contractual aspiration. Dependency becomes irreversible not because switching is legally impossible, but because it is operationally untested.

If these conditions are met, behaviour can and will change. Suppliers will integrate because integration becomes investable. Buyers will adopt because procurement becomes defensible. Competition will emerge because systems become contestable at the bundle level rather than at isolated component layers.

This is where btw the Cloud Sovereignty Framework has genuine potential. By focusing on outcomes such as control, auditability, resilience, portability, legal exposure and operational independence, it allows procurement to specify system properties without naming vendors. It is a step in the right direction.

A final word for the faint-hearted, the Brussels Bubble and the hyperscalers’ lawyers sharpening their pencils: prioritising European suppliers is neither arbitrary nor contrary to competition law. This was clearly and unequivocally stated by the Heads of the main antitrust agencies at the “Rebuild” conference (see here in particular, for Martijn Snoep’s clear statement to a general chorus of approval – try it on, you will fail). “Directing demand” is a recognised instrument for addressing structural market failures and re-building effective competition. Comparable approaches are well established, for example in spectrum allocation and telecom licensing, where licence conditions and coverage obligations are deliberately used to foster new entrants and limit long-term concentration. Strategic procurement thus operates within the logic of competition policy by shaping contestable market structures ex ante, rather than relying solely on ex post enforcement once market power is already entrenched.

Urgently activating public demand

For the public sector, what we are looking for is not another layer of regulation. It is a shift in how public demand is defined and deployed.

If Europe takes security seriously, public procurement cannot stop at the infrastructure layer in a narrow sense. The entire cloud and AI stack must be considered a security asset. There is no a priori reason why services such as email, collaboration tools or identity management should be treated as low-risk commodities. When used by public authorities, these services form part of critical state capacity and must be designed, sourced and governed accordingly.

This requires a broader interpretation of what constitutes security-relevant infrastructure in procurement, supported by an updated legal framing. Once the state begins to specify coherent service bundles, it also creates the space to co-design these offerings together with suppliers.

The role of the state in this process is to act as an anchor customer. By committing demand at scale and over time, it makes investment, cooperation and responsibility viable. Suppliers, in turn, can collaborate on open standards, form accountable industrial consortia and jointly deliver integrated solutions, without being forced into full vertical integration.

Once this process is set in motion, it does not stop at central government. Universities, research institutions and public agencies at regional and local level can follow. The process activates a flywheel as the private sector also gains a credible alternative to adopt. Demand pulls supply, supply stabilises demand, and the market begins to reorganise itself.

And private demand?

Private demand cannot be directly at the receiving end of mandates, though if we are serious about “supporting Europe” at this critical point in time, the extraordinary demand muscle of our private enterprisers cannot continue to hide behind the narrative that “it’s too risky to decouple” and “we don’t have the same equivalent” and “the job of a CIO is to procure efficiently at lowest cost”. Senior management needs to pull the cart and set the mission. We are at also in the midst of a major technological revolution with agentic AI, and it is possible this will fundamentally transform how we think of infrastructure and who operates it.

Do we need to think about incentive-based mechanisms that can alter risk–return calculations for procurement decisions (the classic industrial policy tools: targeted fiscal incentives, risk-sharing instruments or resilience-related expectations)? This is not about directing suppliers, but about reshaping the economic conditions under which private procurement choices are made. That said, come on. The geopolitical shift is so extreme and radical that we cannot continue to think along the lines of peace-time conventions.

Governments must use informal channels to get CEOs to do their part. Europe should think of itself as being at the outset of an existential war-like effort to rebuild itself – with tech and AI a critical dimension. This is no exaggeration. Europe has shown itself capable of generating fantastic surges in industrial war production effort 80 years ago, in matters of weeks and months. All gone? Are we still too comfortable in the lingering hope we’ll “go back to normal” for real planning and action? Admiral Vandier (NATO HQ) at the conference was clear, and definitive. We are not going back. We should not be just sauntering along and looking the other way, hoping for the best. Demand side, customers, come out and engage: provide RFPs, sandboxes, natural experiments. Work with the suppliers to get the integrated solutions you need. This is an existential moment for Europe. All hands on deck.

Co-authored by Cristina Caffarra & Dr. Anne Sohns