Your AI Is Running in Frankfurt. The EU Just Said That's Not Enough

On June 3, 2026, the European Commission published the EU Tech Sovereignty Package, a set of four linked initiatives covering semiconductors, open-source software, energy infrastructure, and cloud. The headline piece for regulated industries is the Cloud and AI Development Act (CADA). It's a proposed regulation, not yet law, but it does something no previous piece of EU legislation has done. it defines digital sovereignty in law and ties that definition to a legal obligation on how public-sector bodies must buy and deploy AI infrastructure. The definition it uses makes most of what the hyperscalers are selling irrelevant for sensitive workloads.

Here's why.

The problem isn't where your server sits. It's who owns it.

The US CLOUD Act of 2018 gives US law enforcement the power to compel any US-headquartered company to produce data regardless of where that data physically sits. Not in a US data center. Anywhere in the world.

So AWS Frankfurt, Azure Germany, Google Cloud Belgium, all of them. The server is in Europe. The parent company is in the US. A US court issues a CLOUD Act warrant to the US parent, and the EU data center becomes irrelevant. This isn't theoretical. Microsoft's own French subsidiary confirmed it under oath at a French Senate hearing in 2025: they cannot guarantee data sovereignty against US authorities, even for data stored in France under a French-marketed sovereign product.

CADA is built around this gap: data residency (where data physically sits) versus data sovereignty (which jurisdiction legally controls access to it). The EU has now written that distinction into a four-tier framework:

• Level 1 — data in the EU. Open to everyone, including US hyperscalers with EU data centers.

• Level 2 — Level 1 plus: provider must prove independence from third-country legal systems and supply chain transparency.

• Level 3 — Level 2 plus: provider must be EU-owned, EU-headquartered, and EU-controlled.

• Level 4 — Level 3 plus: full supply chain control, verified immunity from third-country law. Zero foreign data extraction pathways.

EVP Virkkunen said it plainly when the package was announced: US firms will struggle to attain the highest sovereignty certification levels because of the CLOUD Act. Standard hyperscaler deployments, including their "sovereign" branded offerings, max out at Level 1 for anything that matters. Level 2 onwards requires structural legal separation from non-EU parent companies. Level 3 and 4 require EU ownership, full stop.

What this means if you're in the public sector

The CADA adoption mechanism is written for public-sector bodies: government ministries, agencies, public hospitals, courts, municipalities. Once it becomes law (Parliament and Council negotiations are expected to finalize in 2027) these organisations will be legally required to assess every AI and cloud workload, classify it by data sensitivity, and procure from providers that meet the corresponding tier.

For sensitive workloads (citizen health records, judicial decisions, benefit eligibility systems, law enforcement tools, national security)  the required tier will be Level 3 or Level 4. That's not a preference. That's a procurement restriction.

The European Commission didn't wait for the law to pass before acting on its own principles. In April 2026, it awarded a €180 million sovereign cloud contract exclusively to European provider groups. The Commission said explicitly it was leading by example and that the framework would serve as a reusable template for all 27 member states.

CADA also isn't the only thing in play. The EU AI Act already classifies most public-sector AI use cases as high-risk: benefit eligibility systems, border control, law enforcement tools, judicial AI, election systems. These require risk management frameworks, human oversight mechanisms, and full technical documentation before deployment. The AI Act tells you how to govern your AI. CADA will tell you where it's allowed to run.

What this means if you're in regulated private industry

CADA doesn't regulate private banks, insurers, or private hospitals directly. A Commission official confirmed this ahead of publication, worth being precise about, because it's easy to overstate.

That said, DORA already does regulate financial institutions, and it's already in force. The Digital Operational Resilience Act requires rigorous ICT third-party risk management and concentration risk assessment on cloud providers. CADA hands regulators a formal classification framework to point at when they ask whether your cloud strategy adequately manages jurisdictional exposure. Your next audit cycle will feel this, whether or not CADA technically applies to you.

The market isn't waiting for a mandate either. European sovereign cloud spending is growing 83% year-over-year in 2026, according to Gartner. The total European sovereign cloud market is projected to grow from €20 billion today to €100 billion by 2031. 60% of CIOs in Western Europe already say they want to increase use of local cloud providers. These aren't organisations responding to regulation. They've looked at the geopolitical situation and made a bet.

A note on Virtual Private Clouds

Zylon can be deployed two ways: on-premise (and air gapped), or on a Virtual Private Cloud. The VPC option is only as sovereign as whoever is running the infrastructure underneath it.

On an EU-owned provider (Leaseweb, STACKIT, Hidora, Exoscale, Nebula, etc.) you're on infrastructure subject only to EU law. Depending on the provider's own certification under the Commission's framework, that can qualify for Level 2 or Level 3 workloads.

On AWS, Azure, or GCP, even with every EU data boundary control enabled,  you're still subject to the CLOUD Act at the parent company level. Level 1 maximum. The "sovereign" branding on the product page doesn't change the legal chain, and neither does the Frankfurt postcode on the server.

On-premise is the cleanest position. When a customer runs Zylon on their own hardware, there is no cloud provider in the chain. Nothing to compel. No control plane sitting in a jurisdiction they don't control. Under CADA's logic, this is what Level 4 recognizes: full supply chain control, verified immunity from third-country law, achieved by architecture rather than contractual promise.

The window is now

CADA isn't law yet. The final text could shift in Parliament. Some member states are pushing back on the strictest ownership requirements.

But the Commission has already spent €180 million on sovereign procurement. The Dutch government blocked a US acquisition of their national digital identity provider on sovereignty grounds,  the first time the Dutch Investment Screening Bureau has ever prohibited a US acquisition. Germany and France are pushing for strict EU-ownership requirements at Level 3 and above. The direction is fixed, even if the timeline isn't.

Audit your AI infrastructure now. Map your workloads to the CADA tier framework. Find where US-cloud exposure creates legal risk and start building toward compliance before enforcement arrives. The organisations that do this in 2026 will have a straightforward answer when their regulator asks. The ones that wait will be scrambling on someone else's schedule, with a more expensive migration and less time to do it.

Data residency was the compliance story of 2020. Data sovereignty is the compliance story of 2027. The gap between those two things is now a regulation.

Author: Paul Tholens

Published: June 2026

Paul works on private AI on-premise deployments for regulated industries including finance, government, defense and healthcare.