Who controls Europe’s data? Why digital sovereignty is more than just a buzzword

In this article, you will read

• why control over European data is at risk,
• which legal gray areas exist with non-European clouds,
• and how the Open Telekom Cloud strengthens digital sovereignty in Europe.

What if a short phone call were all it took for U.S. authorities to access sensitive business information and personal data — even if the data is stored in Europe? This isn’t a hypothetical scenario; it’s something that is already possible today.

Legal uncertainties in using non-European clouds pose serious risks for companies. The U.S. Cloud Act, for example, gives U.S. authorities the right to access data from U.S. providers—even if that data is stored in European data centers. Simply hosting information on EU soil does not guarantee comprehensive protection with U.S. hyperscalers, since U.S. law takes precedence over European regulations. Recent developments underline this concern: Since March 2025, the French Senate has been investigating how public-sector IT procurement affects Europe’s digital sovereignty. The inquiry was triggered by a 2019 contract to host sensitive health data with a U.S. cloud provider. In a recent hearing, a company employee confirmed that French data — even when stored in Europe — can be requested by U.S. authorities.

Examples like this make one thing clear: organizations that rely on non-European cloud services accept significant risks — from data protection violations to the loss of business control. Many companies are beginning to recognize this, as shown in the “Cloud Report 2025” from the digital association Bitkom. According to the report, one in two companies using cloud computing now feels compelled to reconsider its cloud strategy due to current U.S. policies. About eight out of ten companies see Germany as too dependent on US cloud providers and wish for strong providers from Germany or Europe that can compete with the international hyperscalers.

Although the EU’s data protection framework sets global standards, European countries still risk losing control over their digital infrastructure. To secure long-term sovereignty over data and digital processes, sovereign cloud solutions are urgently needed. That is why, in July, Germany, France, the Netherlands, and Italy jointly applied to the European Commission to establish the “European Digital Infrastructure Consortium for Digital Commons” (DC-EDIC). The goal is to create an independent European infrastructure that reduces reliance on non-EU technology corporations. Central to this effort are open source technologies, open standards, and shared data infrastructures. Initiatives such as Gaia-X also reflect these principles. Since 2019, Gaia-X has worked toward building a secure, transparent, and interconnected European data infrastructure—grounded in shared values and standards. However, this initiative for a collaborative European solution has yet to be fully implemented.

The backbone of digital sovereignty is a strong foundation of European cloud offerings. With solutions such as the Open Telekom Cloud, companies can maintain digital independence and self-determination. Sovereign clouds stand apart from non-European providers by consistently applying European data protection and security standards. Digital sovereignty is built on three pillars:

• Data Sovereignty: Complete control and protection of company data, with no third-party access—not even the cloud provider itself can view the information.
• Operational Sovereignty: Full control over operations, maintenance, location, and access rights—for example, through Bring Your Own Key (BYOK) and the elimination of provider emergency accounts.
• Technological Sovereignty: Freedom from dependencies, supported by open standards and interoperability—for example, through OpenStack and multi-cloud strategies.

The study Sovereign Cloud 2024 by Foundry shows that sovereign solutions also hold up in practice. According to the study, a quarter of respondents are already actively using a sovereign cloud solution, and 88 percent of them are (very) satisfied with it.

Since its launch in 2016, the Open Telekom Cloud has embodied the “European Way”: a sovereign cloud alternative that unites innovation with European values and strict data protection standards. It enables companies to drive digital transformation while staying fully aligned with European data protection regulations—without a “sovereignty surcharge.” In other words, all services and solutions are built on the principle of “Sovereignty by Design.” By operating exclusively in Europe with data centers in Germany and the Netherlands, the Open Telekom Cloud ensures full GDPR compliance. In addition, strict certification standards—such as the BSI’s C5 catalog and ISO/IEC 27001—ensure maximum data protection and security. Transparent processes, detailed logging of data access, and regular security audits are complemented by end-to-end encryption and multi-factor authentication. Through intuitive dashboards and APIs, users retain complete visibility and control at all times.

Sovereign clouds rely on open standards and interoperability to prevent vendor lock-in. Proprietary technologies and interfaces—such as those used by U.S. hyperscalers—make switching providers difficult and lock companies into long-term dependencies. Open source solutions, by contrast, give organizations the flexibility to shape their cloud strategies without being tied to a single provider.  

The Open Telekom Cloud is built on the open source platform OpenStack, ensuring full interoperability. It offers a wide range of open-source–based applications and services, including database solutions, container orchestration, and development platforms. This enables companies to benefit from a dynamic, customizable cloud environment that supports independence and true digital sovereignty. 

With the Open Telekom Cloud, companies can already take practical steps toward digital sovereignty. A pragmatic approach is essential since complete digital independence is not yet achievable—many hardware and software components still originate outside the EU. BSI President Claudia Plattner has also underscored this reality, noting that Germany will not overcome its reliance on AI models and other foreign technologies in the short term.  

In today’s globalized world, the challenge is to strike a deliberate balance between autonomy and international cooperation. Yet when it comes to the core of IT—the cloud—companies should prioritize independence and control. By adopting the Open Telekom Cloud, businesses are already making a significant move toward digital sovereignty.