If you scroll through your LinkedIn feed the past few weeks, you’ll see European cloud providers popping champagne over winning the EU's new €180 million Sovereign Cloud contract. Everyone is extremely proud of the selection.
But almost nobody is looking at the actual math, which on paper, looks like bringing a pocketknife to a thermonuclear war.
The European Commission recently awarded a €180 million framework contract—part of the Cloud III Dynamic Purchasing System (DPS) [1] to four native European cloud providers and consortiums. The mandate? To provide a strictly sovereign cloud infrastructure for EU institutions over the next six years.
If you look purely at the balance sheets, the math is almost comical.
Let’s put in perspective that €180 million figure.
According to recent Q1 data from the Synergy Research Group (SRG) [2], the global cloud market just hit a staggering $500 billion annual revenue run rate. Meanwhile, the CapEx spending of US hyperscalers (AWS, Azure, Google Cloud) is projected to brush against $700 billion this year alone.
Now look at the EU contract:
In a purely theoretical, even split, that equates to roughly €7.5 million per player, per year. Furthermore, this is a framework contract — meaning it’s a maximum spending ceiling, not guaranteed revenue. The EU only pays when specific services are ordered.
The global market generates the EU's entire six-year budget in a matter of hours. So, is the EU's push for "digital sovereignty" doomed to fail? Are they throwing pennies at an insurmountable wall?
Only if you misunderstand what digital sovereignty actually means.
Striving for digital sovereignty is a noble political goal, but as we often discuss here at ape factory, it cannot come at the detriment of performance, reality, or architectural soundness. You don't choose a cloud provider just to wave a flag; you choose the best technology for the task at hand.
Everyone in the tech sphere has their own definition of digital sovereignty. Politicians talk about geographic borders. Lawyers talk about shielding data from extraterritorial legislation like the US CLOUD Act or FISA.
But from an architectural and engineering standpoint, the definition is much simpler:
True sovereignty is your cloud exit strategy.
How fast can you move from one provider to the next? How easily can you migrate not just your infrastructure, but primarily your data?
If it takes your engineering teams years to refactor workloads, and it costs your FinOps department millions in extortionate egress fees to extract your own data, you are not sovereign. You are a hostage to vendor lock-in.
The EU didn’t just hand this €180M contract to local players out of blind patriotism; they used it as the proving ground for their newly drafted Cloud Sovereignty Framework [3].
This is critical context. The European Commission is currently pushing for massive, EU-wide regulatory shifts, most notably through ENISA’s upcoming European Cybersecurity Certification Scheme for Cloud Services (EUCS). To test these waters, the EU applied a strict new scoring system for this procurement, known as SEAL (Sovereignty Effectiveness Assurance Levels).
To even be considered, providers had to achieve a minimum of SEAL-2 (Data Sovereignty), guaranteeing that data is protected from foreign laws without the customer needing to add their own technical patches. Most of the winning native European consortiums achieved SEAL-3 (Digital Resilience), proving that their technological supply chain cannot be disrupted or blocked by non-EU third parties.
This proves the EU is moving past vague political definitions. They are codifying sovereignty into strict, measurable architectural requirements—and testing it on themselves first.
This is why the EU's approach is highly strategic. To meet these strict SEAL requirements, they didn't just pick a single winner to build an isolated "AWS Killer." Instead, they selected four distinct approaches to foster competition and guarantee portability:
You cannot have an exit strategy if your architecture is tangled in proprietary hyperscaler services. If your infrastructure relies heavily on closed-loop tools—like AWS Lambda, Azure Cosmos DB, or Google’s proprietary orchestration—you are locked in, no matter what a legal contract says.
This is where the opensource angle of this €180M framework becomes the real weapon. Providers like OVHcloud, Scaleway, and Clever Cloud have built their ecosystems heavily on open-source foundations and open standards (like OpenStack, Kubernetes, and PostgreSQL.
By funneling capital into these players, the EU is making a definitive statement: true sovereignty requires open standards. Open source is the engine that makes portability possible. It guarantees that workloads can be containerized, shifted, and spun up elsewhere without having to rewrite years of code.
The €180M isn't hopefully just buying cloud instances; it's funding the open-source interoperability that keeps Goliath out.
By utilizing an open purchasing framework across these four diverse options, the EU is making a conscious architectural choice. They aren't just buying compute and storage. They are investing in portability.
Whether they spin up open-source infrastructure with Scaleway, leverage STACKIT's enterprise standards, or utilize tightly regulated hybrid tech via Proximus, the EU is proving that complex governance can be handled without relying on proprietary, sticky tech that makes leaving impossible.
Digital sovereignty isn't about building the biggest data center. It's about maintaining absolute control over your data's mobility. If your architecture doesn't have an exit strategy built-in from day one, you aren't building a sovereign platform—you're just building a very comfortable cage.
NDLR: While the European Commission published its Cloud Sovereignity framework back in October 2025, the EuroStack Initiative [4] and Sovereign Cloud Stack [5] have their own definition. This can be confusing at first, but the good news they complement each other more or less.
----
[3] https://commission.europa.eu/document/09579818-64a6-4dd5-9577-446ab6219113_en
[4] https://euro-stack.com/blog/2025/10/cloud-sovereignty-framework-comparison
[5] https://sovereigncloudstack.org/en/the-european-commissions-cloud-sovereignty-framework/