A New Tech Sovereignty Push Targets Public-Sector Cloud
Lawmakers are preparing a Tech Sovereignty Package that would sharply limit how U.S. hyperscale cloud providers work with public institutions. According to officials familiar with the proposal, Microsoft, Amazon, and Google could be barred from processing highly sensitive government data, including health records, financial information, and judicial documents. The package, expected to be unveiled soon, is framed as a bid to bolster digital self-reliance and reduce dependence on foreign cloud infrastructure. Crucially, the restrictions are aimed squarely at the government sector: private companies will still be free to choose any cloud platform for their own workloads. For policymakers, the move is part of a broader regulatory agenda that also includes initiatives like the Cloud and AI Development Act and an updated Chips Act. Together, they signal a strategic shift toward homegrown cloud capacity and tighter government data protection.
Government Data Protection Versus U.S. Legal Reach
The central concern driving the new cloud provider restrictions is the legal reach of U.S. authorities over data controlled by American firms. Under the U.S. CLOUD Act, law enforcement can compel access to data held by U.S.-based companies, even when those datasets physically reside in overseas data centers. For officials worried about government data protection, that extraterritorial reach is a structural risk. Microsoft counters that it rejects invalid requests, requires proper warrants for content access, and does not hand over encryption keys or provide direct government backdoors. Nonetheless, regulators see a fundamental dependency problem when critical public services rely on infrastructure governed by foreign law. The emerging rules attempt to sever that legal exposure for public-sector workloads, even as they stop short of a broader ban on American cloud providers across the private economy.
Business Shock for Microsoft, Amazon, and Google
For Microsoft, Amazon, and Google, public-sector cloud contracts have been a strategic pillar, offering recurring workloads and political credibility. The proposed Tech Sovereignty Package directly threatens that stream by excluding them from some of the most sensitive and potentially stickiest government datasets. Even if private enterprises can continue using their platforms, losing health, financial, and legal workloads from ministries, courts, and public agencies would shrink their influence in a highly regulated, high-value segment. The implications go beyond immediate contract losses. Public procurement rules are expected to be reformed to prioritise domestic or sovereign cloud offerings and to encourage more diverse supplier choices, including in AI services. That could weaken the incumbency advantages of the big three and limit their ability to cross-sell AI, analytics, and platform tools into government accounts over the long term.
Vendor Lock-In, Switching Rights, and the Data Act
The Tech Sovereignty Package builds on an evolving regulatory framework that already targets structural advantages enjoyed by major cloud providers. Competition authorities have highlighted how hyperscalers use lock-in tactics—such as high data transfer fees and proprietary licensing—to make it painful for customers to switch. In response, the Data Act requires that by 2027 customers must be able to move between cloud providers without punitive charges and via standardized APIs. For governments, these rules are especially important: they enable exit options from entrenched platforms and support a more contestable market. In combination with upcoming restrictions on foreign handling of sensitive public-sector data, the policy mix is designed to reduce dependency on any single vendor, make multi-cloud setups more realistic, and create space for regional cloud firms to compete on security, compliance, and performance rather than simply scale.
Digital Independence Meets Exploding AI Demand
The timing of these cloud provider restrictions coincides with a rapid expansion in AI-driven demand for computing power. Large language models and data-intensive analytics are pushing organisations toward hyperscale infrastructure, often run by the same U.S. giants now under scrutiny. Policymakers see a risk that, without intervention, the next generation of AI workloads—especially in government—will deepen dependence on foreign platforms and laws. The Tech Sovereignty Package aims to “bootstrap sovereign cloud offerings” by nudging public institutions toward domestic providers and by fostering a more diverse ecosystem of AI and cloud services. For enterprises, this regulatory direction signals that cloud strategy can no longer be based purely on cost and convenience. Diversification across providers, attention to jurisdictional control, and alignment with evolving tech regulation in Europe will increasingly shape how both public and private organisations design their digital infrastructure.