At the turn of 2025, as Donald Trump began his second presidency, Vice President JD Vance’s very first address to Europe already signaled a major break with the bloc.

In what has become known as the Munich Speech, Vance spent much of his time decrying European values, chastising member states about their internal politics, and undermining the long-running transatlantic relationship, suggesting that it was conditional after all.

Policymakers panicked. The speech raised some alarming prospects: what if the unthinkable happened? Could a staunch ally for more than half a century so easily turn its back on Europe? But no one could have expected the situation to deteriorate so much further and so soon when, just one year later, Trump seemed to threaten war with Europe by insisting the US would acquire Greenland, using force if necessary.

The President’s actions elsewhere in the world, which have seen him invade Venezuela and capture its President Nicolás Maduro, and launch a bombing campaign against Iran that has now been ongoing for more than three months, have underlined the unpredictability of the regime in Washington.

Europe’s vulnerability

Though Trump rowed back on his threats to Greenland, his sabre-rattling – and the Munich speech – made crystal clear the enormous vulnerabilities inherent in relying on US tech.

Since Trump’s inauguration, the aims of Silicon Valley have seemed to line up with the US’s foreign policy goals.

Advocates for digital sovereignty – understood in Europe to mean data custody, security, and control along national lines – had been banging the drum long before Trump took power again.

They argued that Europe had put all its trust in the benevolence of American corporations and, in doing so, allowed its critical infrastructure to fall into the hands of foreign entities, with low domestic capacity of its own. The return of Trump means that what was once a fringe branch of tech policy discourse is suddenly top of the agenda.

“Everything that’s happened has accelerated existing efforts to strengthen European digital sovereignty,” says Max von Thun, director of Europe and transatlantic partnerships at the Open Markets Institute think tank.

The Greenland debacle has compelled everyone from the European Commission to MEPs and member states to be “vocal and clear on the need to move away from American tech, because it’s a security risk,” Von Thun adds.

Silicon Valley businesses dominate Europe. According to a 2025 study commissioned by the French digital industry association, Cigref, US hyperscalers account for the vast majority of cloud spending across Europe, at 80 percent.

With digital infrastructure so essential to the modern economy, the worry is that the US government could force providers to turn off the taps. There’s precedent for this, though such measures were largely directed at sanctioned countries rather than ostensible allies. When Russia invaded Ukraine, sanctions hit, and payment infrastructure was switched off overnight, crippling the Moscow metro. But last year, the International Criminal Court was forced to drop Microsoft, when the Trump admin sanctioned the ICC’s chief prosecutor, who was then locked out of his emails. Microsoft has denied that it shut off the ICC’s access.

The problem has been long in the making. Introduced by Trump in his first term, 2018’s CLOUD Act stipulates that American intelligence agencies can access any data that they like, provided that it touches US-owned infrastructure. The legislation can easily be read as a proclamation that, in the eyes of the Trump administration, any data that passes through US companies ultimately belongs to the US government.

“People were already talking about the need for digital sovereignty,” says Von Thun, “because Trump has been quite aggressive towards Europe. But the Greenland crisis has given an extra push to those who were unsure or wavering.”

The tangled digital economy

Detangling the complexities of the modern digital economy is a difficult task, with interlinking dependencies at every point up and down the stack. These range from API calls, through to operating systems, small components in the supply chain, and on into the data center.

There have been efforts to support this great untangling, even before Greenland. Initiatives such as Eurostack and Gaia-X proposed alternative home-grown tech stacks that operate according to EU “values” and laws. Every now and then, a European government agency seems to ditch US big tech: France recently scrapped Zoom and WebEx in favor of a domestic option. A municipality in Germany, meanwhile, is on the path towards eradicating Microsoft services completely – right down to the operating system. Switzerland’s government reportedly assessed using Palantir, the US-based data analytics firm backed by the CIA and others, and decided against it because the risk to data sovereignty was too great.

At the EU level, a host of packages, such as the European Chips Act, aim to reduce strategic dependence on Asian and US businesses. The implementation of the Data Act, which came into force in 2024, is currently underway. By January 2027, hyperscalers must offer their customers interoperability, along with an easy route out of long contracts, to limit vendor lock-in.

In the wake of Trump’s combative stance on Greenland, MEPs adopted a new resolution that forcefully urged Europe to reduce critical dependencies tied to foreign cloud providers. They warned that the bloc must focus on building compute capacity and improving its sovereign infrastructure. But in the capital-intensive business of building that infrastructure, the reality hasn’t quite matched the rhetoric.

Government departments in countries like France and Germany are far from unified on procurement, Von Thun says, with many continuing to extend or sign up to US hyperscalers. There seems to be a mismatch between political will and the more complicated business of taking action.

“There hasn’t necessarily been much progress on building out the infrastructure,” Von Thun says, though he adds that the European Commission has recognized the need for more domestic capacity, as have national industrial policy initiatives from member states, including France and Germany.

But “there hasn’t been a big boost at the EU level into independent European tech, partly because the EU doesn’t have that much fiscal firepower, and partly because we’re waiting for the new budget, where there’s meant to be some sort of sovereign tax fund,” Von Thun notes.

The next EU budget, the 2028–2034 Multiannual Financial Framework, could offer further support for reducing dependencies and securing open source alternatives, while industry bodies hope the upcoming Industrial Accelerator Act could serve as a test bed for revising public procurement across Europe, and even, controversially, legislate a preference for buying EU-made goods and services.

Despite the “amplification” of digital sovereignty narratives in the EU, says Thomas Le Goff, a lecturer in digital law and regulation at the Institut Polytechnique de Paris, member states are “still trying to attract hyperscalers to build data centers in their territories.”

This has led to a seemingly paradoxical situation where some policymakers shout from the rooftops about the urgent need for digital sovereignty, but in practice, says Le Goff, member states are opening their doors to what he calls a “short-termist” and “opportunistic” attempt to attract US hyperscaler investment.

There are major questions hovering over the value of these kinds of investments, he says, given that they do not necessarily boost local compute nor bring in many jobs once construction has completed.

But the demand for hyperscalers continues at the enterprise level, even if there’s a growing awareness of the sovereignty problem, Le Goff says. “Enterprises are not ready to accept short-term loss in functionality or performance to allow EU companies to scale up,” says Le Goff, who co-authored a Centre on Regulation in Europe paper, which recommends relaxing planning restrictions in order to fast-track important EU infrastructure projects. “It takes time to build cloud services at the same level as the hyperscalers,” he adds.

That means that even if the EU Data Act prevents organizations from vendor lock-in, companies just do not have alternatives that offer a comparable level of service, Le Goff says.

Yet Dario Maisto, senior analyst at Forrester, claims his clients are not too concerned about matching the level of service from the hyperscalers.

Although he believes that no European organization will complete a move out of the hyperscaler clouds in 2026 – “This is a shift that will not happen”– his clients are now investing money into sovereignty, lifting workloads to different environments as part of a “revolutionary change with evolutionary steps.”

Adds Maisto: “It’s always been public cloud first, but now my clients are telling me, for a number of reasons – price increases, one enterprise agreement after the other, and sovereignty – ‘we don’t really want the ‘best of breed’ anymore. We want a service that works, that satisfies our needs, and doesn’t give us a problem on the sovereignty layer.’”

Local players are therefore “sharpening their knives” in response, Maisto adds. Indeed, partly spurred on by awareness around digital sovereignty, some analysts forecast 24 percent growth in the European cloud market.

This shift in perception seems to have rattled the hyperscalers. AWS, Microsoft, and Google have all scrambled to stand up supposedly sovereign data centers in Europe, though these have been received with varying degrees of scepticism.

Google, for instance, has committed to a joint model in France with IT firm Thales to create a majority French-owned organization, S3NS, that gives clients access to Google Cloud via servers based in France. It has a similar arrangement in Germany with T-Systems. Whether this is enough to guarantee sovereignty, Maisto adds, is likely to be tested in court at some point, but it’s a pretty good bet. Meanwhile, AWS’s “European Sovereign Cloud” is majority-owned by Amazon, so critics have claimed the separation from the US does not go far enough, that in effect, such endeavours are not able to offer real sovereignty – once again due to the CLOUD Act.

A question of capex

An obvious hurdle to competing with the hyperscalers is the enormous capital expenditure required.

But there is also a tricky battle to win in the minds of mid-level IT managers or decision makers. Across Europe, there has for many years been a feeling that opting for Silicon Valley products is simply less risky; it’s much easier to extend an existing contract than risk one’s career by betting on a technically demanding, if appealingly sovereign, migration.

“What I [used to tell] my clients is: nobody ever got fired for choosing Microsoft,” says Forrester’s Maisto. “Nowadays, because of the transatlantic relationship being so deteriorated – and because of the perils of IT being used as a weapon – this is seen in a different light.”

And that is something citizens in the Netherlands are waking up to. US-based Kyndryl’s planned acquisition of Solvinty, the company powering the Dutch government ID service DigiD, saw poor public sentiment around US tech reach fever pitch. Such an acquisition, citizens worried, would feed the intimate details of every single person’s lives straight to US server farms and, by extension, the US government under Trump.

A petition against the acquisition received 140,000 signatories, causing politicians to debate the sale. Meanwhile, a delegation of 20 Dutch tech companies, including open source groups, data centers, and infrastructure providers were invited to the Dutch Parliament to discuss alternatives to US tech.

Richard Marx, CEO of Sendent, a Dutch company that spends much of its time securing the Microsoft productivity suite, or migrating clients to self-hosted open-source alternatives such as NextCloud, was watching with interest.

“The delegates were saying there’s much more available [than the hyperscalers] in the Netherlands, let alone the availability we have in Europe,” says Marx.

He believes change “has to come from a national law level to give more benefits” to European or Dutch suppliers. “I think that will be needed,” Marx says, “because when the government starts, then the enterprises will follow.”

A Chinese dilemma

European nations aren’t the only US allies that have been alienated by the Trump administration.

Mark Carney’s barnstorming speech at Davos suggested that the facade had crumbled from the US-led “rules-based international order,” and suggested an alliance of the “middle powers.” It was a proposal swiftly batted away by Keir Starmer, who preferred to describe himself as a “pragmatist.”

For a pragmatist, the UK has been remarkably quiet on digital sovereignty, unlike its neighbours across the channel. So-called sovereign AI initiatives still heavily rely on US businesses.

That might be a question of resources, with little appetite or at least financial power right now for the UK government to invest in its own path, says Spencer Lamb, the chief operating officer at data center provider Kao Data: “Does the UK Government have the appetite to go and release funding for Department for Work and Pensions to go and secure their own hardware, install it in a data center and then operate it? The answer is no.

“It’s hard enough for the research universities to go and get funding to acquire high-performance computing infrastructure. The harsh reality is, we don’t have the money, so then we are reliant upon other sources, and that’s predominantly US tech firms that are able to provide those sources.”

Yet even if the UK government appears to be paying little attention to digital sovereignty while neighbours across the channel are rousing, that is not the case for all businesses, notes Stewart Laing, the CEO of UK data center provider, Asanti.

A recent report from the Glasgow-headquartered firm found that half of decision-makers are concerned about data sovereignty, in particular due to geopolitical tensions.

“Certainly there’s a shared opinion that what Trump is doing is creating a lot of concern at this end, and from our industry perspective, possibly actually driving opportunity within the UK,” says Laing.

Though Starmer and Carney disagreed publicly on that alliance of middle powers, they share one approach, both having cultivated a closer relationship with China.

In January, Starmer flew to Beijing. He signed off on China’s new “super-embassy” in London, set up trade agreements, negotiated visa-free travel to the country, and established a UK-China ‘forum’ to lower tensions around recent cyber attacks between the powers.

Carney, meanwhile, created a new ‘strategic partnership’ with China on trade, while boosting exports to the country and significantly reducing tariffs on China-made electric vehicles, where the country is far and away the leader.

Whether that will lead to closer technical ties for the UK is up in the air, but it might be a tough sell, given the country ripped out all Huawei telecoms equipment over surveillance fears.

China is also the elephant in the room in Europe. Opinions are divided on whether Chinese technology could help reduce reliance on US tech for the bloc. It’s an emotive topic, especially given that many digital sovereignty advocates call for supporting local producers in line with EU “values,” which some claim are in opposition to those of China.

“I think this idea that, because the US is now not necessarily trustworthy as an ally, that we should go and strike trade deals with China and use their tech is a big mistake,” says Von Thun. “Those dependencies are a big problem when it comes to China. Sovereign tech has to be European.”

But, adds Maisto, there is “no reason” not to bring in Chinese tech provided European powers can ensure it’s “fully independent from the country of origin, air-gapped, disconnected, and physically and logically isolated”.

Chinese and Indian players “could aspire to a bigger chunk of the European cloud market that they could sell to for a fraction of the price,” says Maisto. “We have European clients that are already telling me, ‘well actually, we have a little bit of Tencent Cloud in Europe’.”

“I live in Naples, and I see so many Chinese cars in the streets. My assumption is, if we are so open and trust these Chinese cars with our lives, why shouldn’t we trust Chinese players on the infrastructure layer for cloud deployment?”

The genie is out of the bottle

While digital sovereignty was already gaining pace due to Trump’s aggressive posture against Europe, the administration’s extreme belligerence has only further catalysed the movement.

It seems there will be no cramming this genie back into the bottle. Even if the actions of Trump brought greater attention to over-reliance on US tech, that problem is clearly a systemic one.

Addressing that problem will take “regulation and improved incentive structures,” according to Johan Linåker, an academic who specialises in digital sovereignty at the RISE Research Institute of Sweden.

“Both should factor in the need to increase sovereignty in public tenders and into the general design, implementation, and running of Europe’s digital infrastructure,” Linåker says. There’s also a need to promote growth and investments across European ecosystems. Such measures are expected to appear in the upcoming Cloud and AI Development Act.

Decisive action is required, Linåker adds, that can “trickle down and align the national, regional and local levels of Europe”. Trump won’t be in power forever. But there’s no guarantee against other kinds of Trumps in the future. Without intervention, the vulnerabilities torn open to exposure by him will surely remain.