EU Weighs Restricting US Cloud Use for Sensitive Gov Data

The European Union is reportedly considering new regulations to limit member governments' reliance on U.S. cloud providers for processing sensitive public data. These discussions are part of preparations for a broader 'Tech Sovereignty Package' expected from the European Commission.

Proposed Restrictions on US Cloud Platforms

Sources familiar with the talks indicate that the European Commission is discussing measures to restrict the use of non-EU cloud platforms for handling sensitive public-sector data. These proposals are aimed at bolstering the bloc's digital strategic autonomy.

• Scope: The focus is specifically on public-sector organizations and government data, not private companies.
• Impact: U.S. cloud providers could face limitations in processing certain types of sensitive and strategic data within EU member states' public bodies.

Sensitive Data Requiring Sovereign Hosting

Discussions are reportedly centering on mandating that certain critical datasets be hosted on sovereign European cloud infrastructure. These sectors include:

• Financial data
• Judicial data
• Health data

Officials noted that the proposals would not outright ban overseas cloud platforms from government contracts, but rather limit their use based on the data's sensitivity level.

Context and Next Steps

These discussions follow increased calls within Europe to diversify away from U.S. cloud providers, which currently dominate the European market, especially amid geopolitical tensions. The Commission is expected to present its comprehensive "Tech Sovereignty Package" on May 27th, which will detail these measures.

It is important to note that the officials speaking to CNBC confirmed that these talks are ongoing and the proposals have not been finalized.