The election of Donald Trump and international trade tensions have brought the crucial issue of European technological sovereignty back to the forefront. A recent European Parliament report on technological sovereignty and digital infrastructure (Knafo, 2025) paints an alarming picture: Europe depends on non-European companies for its cloud services.
This dominance is reflected in the near-total control of the European market by American giants:
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform
These three players collectively control approximately 90% of the European cloud infrastructure market, relegating European providers like OVHcloud or Deutsche Telekom to just 10% market share.
The parliamentary report highlights that 90% of Western data is stored in the United States, in infrastructures owned and operated by American providers. This situation exposes Europe to several critical risks:
- Legal extraterritoriality: The US Cloud Act allows American authorities to access data hosted by US companies, even if this data is physically stored in Europe. This legislation directly conflicts with the European GDPR and our values of personal data protection.
- Infrastructure dependency: The European Union has only 10 to 15% of data hosting capacity on its own territory, making it unable to meet its growing needs independently.
- Risks to critical services: This American dominance extends to strategic infrastructures including public services, healthcare, research, and defense.
Concrete Incidents Raising Concerns
The suspension of the International Criminal Court prosecutor's Microsoft account demonstrated the reality of these risks. In response to these incidents, American giants are attempting to reassure by offering "sovereign" solutions through local partnerships, such as the Bleu initiative between Microsoft, Orange, and Capgemini.
Other incidents have occurred in recent years, though their full impact and scope remain unclear. In 2023, Microsoft was at the center of a major scandal after the theft of an OAuth cryptographic key allowed Chinese hackers to access US and European government emails. Simultaneously, critical vulnerabilities in Azure Key Vault highlighted the security limitations of its cloud services. These incidents, deemed serious by cybersecurity agencies (CSRB, CISA), have fueled growing distrust within the European Union toward GAFAM. They have strengthened digital sovereignty initiatives and secure cloud certification in Europe, accelerating efforts toward more resilient and independent infrastructures.
More recently, during a hearing of the French Senate's commission of inquiry on public procurement and digital sovereignty (Senate Inquiry Commission, 2025), suspicions were raised about a possible transfer of Outlook encryption keys to US authorities by Microsoft. Although these allegations remain unconfirmed and at the suspicion stage, they raise legitimate concerns about data confidentiality.