I guess there are two types of "sovereignty" people talk about here.
First is "data sovereignty", which is what the current (data) migrations are all about. As long as the data remains in place where it cannot be suddenly locked away by the US government, people don't care if the CPU was purchased from the US, as the government cannot suddenly disable those (as far as we know at least).
Second is "hardware sovereignty", which is what this article talks about, about the geographical locations where the hardware is designed and built. This is obviously much harder, but also less important at this very moment. That's why you're not seeing people suddenly rushing to fund EU fabs for silicon, there are more important things to focus on right now, with real implications.
The article kind of does everyone a disservice by mixing the two and not clearly separating which ones it's actually talking about. But to be fair, if they did that, then they've wouldn't have been able to publish this whole "Look how they aren't actually sovereign after all" article if they did so, here we are...
The actual risk is that US spooks can use these hardware features to infiltrate European clouds. It's not just a theoretical concern about hardware sovereignty.
> The actual risk is that US spooks can use these hardware features to infiltrate European clouds.
If your threat model is clandestine government actors then I think it would be a rather odd decision to host on ANY cloud !
The main risk for most people is being subject to US CLOUD Act, US PATRIOT Act etc. etc. Which, despite what the sales-droids will tell you, still applies in the fake-EU clouds operated by the US providers.
If you are serious about EU data sovereignty then you absolutely want an EU OpCo that has nothing whatsoever to do with any US company. If OpCo has ties to a US company or IS a US company such as AWS or Microsoft, then you've lost the EU jurisdiction.
The concern over "digital sovereignty" is motivated by the US wielding sanctions as a political tool against Europe.
It's impossible to fully eliminate any exposure to US sanctions. If the EU wants to fully shield itself, it should aggressively counter-sanction American entities. If the US government knows that every time it sanctions some EU entity, an American entity will get sanctioned just as hard, it will think twice.
For some reason, the EU has been unwilling to go down this obvious path.
The problem is that European (in the EU and outside) countries do not have the same ability to sanction the US as the US has to sanction them.
If the US imposed sanctions that blocked access to cloud services a lot of the government and the private sector would just shut down.
Take what happened to the French ICC judge and imagine that happening across a whole country and far more pervasively (because a lot of people he deals with will not follow US sanctions, but would have their own services cut off if his country was sanctioned): https://www.euronews.com/my-europe/2026/02/18/us-sanctions-t...
> If the US imposed sanctions that blocked access to cloud services a lot of the government and the private sector would just shut down.
You don't think they'd rather maybe find alternatives rather than shutting down? Sure, it'd be sucky probably for a long-time, but it's not like we don't have IT professionals who can stand up physical servers, email servers and what not, plenty of local municipalities do so already, so somewhere there is expertise already.
People generally don't just give up and throw their hands in the air in the face of difficulties, even less so when the governance of their country depends on it.
I think you are underestimating the supply chain problem. You can't stand up extra servers you don't already have in extra data center capacity you don't already have. The whole point of the cloud is that you don't have these assets.
While you can acquire these assets the lead times would be several months at a minimum, and probably years if everyone is trying to do it at the same time. It isn't an issue of knowhow, the required physical infrastructure doesn't exist.
Say Microsoft/Google/whatever my local municipality is using right now, gets blocked tonight, and tomorrow everything US-related is offline. It won't (and can't) take months for them to get one server up and running for them to continue with their administration. As mentioned, other municipalities in the country already are 100% independent, running everything themselves, either they're willing to help out the rest of us, or at least provide expertise enough so we can. Then the country is filled with FOSS nerds like myself, who wouldn't shy away from stepping in to help either.
Probably the larger cities would take longer to solve, but I don't think "We cannot get server hardware from the US" will be the biggest problem, it'll be around national organization until the biggest fires been put out. Putting one server in each ajuntament would basically be enough to get 80% of the local municipalities up and running again.
It wouldn't only affect local governments, it'd also trash all the businesses, banks, national governments, etc. Google on its own getting blocked breaks the entire internet because so many websites rely on the free services they host. Remember there are no European search engines of any quality and only Mistral as a European AI provider, so even just findings things would be difficult.
You underestimate how resilient and effective people can be when needed. Yes, as mentioned earlier, it'd suck for a while, but we'd come up with solutions pretty quickly, as the entire country would rely on that.
Pretty much exactly a year ago, I was about leave home to go buy something, when the power was cut, garage door didn't open. Fine, jump into a taxi, and both of us notice that seemingly the entire town is without power. Once we arrive at the store in another town, same thing.
Turns out, the entire country had lost power, and would be without power for pretty much the rest of the day, and same thing in neigboring Portugal. We were literally without power, internet and cell-phone service for pretty much the entire day.
Did the entire of society pretty much was put on hold for a day? Yeah, but still we managed to go on with our day. I owed the taxi driver until the next time I saw him, the store accepted the same thing so we could buy some stuff, they noted down everything on paper, and so on.
We did survive, and thanks to humans being humans, we all could pretty much survive even that day.
Loosing Microsoft/Google/AWS would indeed be pretty much on a smaller scale, mostly impacting IT and everything related to IT, which is large swaths, but just like every other problem, it'll be worked around both temporarily and permanently, it's just in human nature to do.
Again, I'm not saying it wouldn't suck, nor that it wouldn't be difficult, but also, it wouldn't take a year before emails are being sent between companies again either.
The EU could absolutely find ways to hurt the US economy just as much as vice versa. It doesn't have to use the same tools as the US. Just ban major US companies from doing business in the EU. Impose massive fines. Get creative.
The EU economy is on par with the US economy. The EU has plenty of ability to hurt the US economy.
The reason this doesn't happen is because the EU isn't a country. It doesn't have a unified central government. It's 27 different sovereign states, each with their own completely different foreign policy. The type of policy I'm describing requires a unified political leadership willing to play for high stakes.
This is why China has been so much more effective than the EU in the trade war with the US. It's not that China theoretically has better cards to play. It just has a central government.
EU economy is not on par with the US economy. This is a dangerously old belief. That was maybe true in 2000 but not in 2026. EU GDP per capita is ~$48k and US GDP per capita is ~$94k. US economy is nearly twice as big. Quarter of a century of higher growth will do that.
EU does run a trade surplus with the USA. In a big fight the USA would, strictly speaking, have to replace more stuff than the EU would. However that ignores the makeup of the things being traded. EU exports to the US is dominated by pharma products that the US could make generics of, misc machinery that can often be replaced by Chinese competitors now, and luxury goods the US doesn't strictly need. US exports to EU are critical for the functioning of the economy (assuming you count tech services as exports).
It would be catastrophic for the world if there was a serious trade war between US and EU but if it involved major disruptions to tech services the EU would fold within days. There are no home grown replacements for most US software and no ability to make them anytime soon (especially as any broad spectrum sanctions would include frontier AI models).
> EU economy is not on par with the US economy. This is a dangerously old belief. That was maybe true in 2000 but not in 2026. EU GDP per capita is ~$48k and US GDP per capita is ~$94k. US economy is nearly twice as big. Quarter of a century of higher growth will do that.
I think per capita is not a useful measure here? The populations are unequal.
By nominal exchange rates, the US economy is estimated to be $31.856T this year; the EU's $23T; by purchasing power parity exchange rates, the EU is $30.678T.
Exchange rates matter for what actually gets traded, but they're also easily shifted by interest rate policies. But even with this, any simplification of economics sufficient to fit in a comment is going to be very misleading about questions of who is more or less dependent on global free trade, the US or the EU. Even the complexity you list: I suspect there's an office or five in various EU nations filled with economists trying to work out exactly what would go down if there was an EU-US trade war and how to remove the critical points of failure.
> US exports to EU are critical for the functioning of the economy (assuming you count tech services as exports).
> It would be catastrophic for the world if there was a serious trade war between US and EU but if it involved major disruptions to tech services the EU would fold within days.
Yes, but this is kinda the point of all the digital sovereignty stuff.
It was already weird to me, as an iPhone app developer in Germany making apps for Germans living in Germany where sometimes the only language option was German, that I had to tick a box while uploading apps confirming that any encryption in the app would be in compliance with US export laws*; now, it's unacceptable.
> the EU has been unwilling to go down this obvious path
Well, the EU in general tends to favour the "lets sit down in a room and talk like grown-ups" approach to finding solutions to problems.
Wielding sanctions as a first/second choice option is a very US thing, even more so with the present administration.
In theory the EU does have a lot of options available to it beyond sanctions, such as making life difficult getting Schengen visas for all those US citizens you constantly read about on the CNN website who are flocking to Europe .... but that sort of action would be very un-European[1][2]
> such as making life difficult getting Schengen visas for all those US citizens you constantly read about on the CNN website who are flocking to Europe
Trashing your own tourism sector is a very European defense mechanism.
The truth is there is one and only one way Europe can try reclaiming sovereignty, and it’s the one that’s most painful—rebuilding its own military.
> Trashing your own tourism sector is a very European defense mechanism.
Please re-read my post .... in particular the first two words "IN THEORY".
As far as I am aware, the option I mentioned has never, ever been mooted as a possibility. It was something I invented as a random example of a non-sanction possibility.
> rebuilding its own military
Aah yes, because a strong military has been so awesome for the US in the US–Iran war where IIRC the Iranians managed to destroy lots of very expensive US military radars[1] and other expensive assets[2][3] in the region despite your president having claimed to have "destroyed 100% of Iran's military capability".
It doesn’t work in theory. America reversing the move and banning its own citizens from traveling to Europe would bankrupt multiple EU members [1].
> because a strong military has been so awesome for the US in the US–Iran war
Uh, the Iran war was an exercise of American sovereignty. Rules be damned.
> where IIRC the Iranians managed to destroy lots of very expensive US military radars
And they didn’t do it with soft power!
Europe has a good deal. America guarantees its security. It gives up sovereignty in exchange.
“In theory” discussions about self immolation through tourism bans and money giveaways on strategically-useless “sovereign clouds” are finger paint on turds. Messaging exercises. They afford Europe zero marginal sovereignty vis-à-vis the U.S.
Europe is not going to be sovereign unless it commits to an independent security posture. And the simple truth is that isn’t politically possible right now.
> America reversing the move and banning its own citizens ...
You sit there lecturing me on "in theory" discussions and you come up with that line.
I think you will find many European countries would celebrate yanks being told they can't visit Europe. Nobody will miss the loud Karens who make no effort in relation to the local culture.
It might have escaped your notice but the present US administration has not exactly done much to encourage Europeans to welcome yanks what with threatening to invade a European country and all that.
Get your own house in order before lecturing others.
> You sit there lecturing me on "in theory" discussions and you come up with that line
“In theory” requires it work in theory. I’m pointing out that your proposed “retaliation,” banning American tourists from Europe, hurts Europe more than it does America to the point that it would be a potential (albeit over the top) tactic the U.S. would itself deploy.
> the present US administration has not exactly done much to encourage Europeans to welcome yank
Correct. I agree with the notion of European sovereignty. I’m saying “sovereign cloud” BS is performative nonsense. So long as Europe is dependent on American F-35 parts, LNG and banking rails, Washington has a de facto veto on European policy.
Like, what policy position could Europe take with a sovereign cloud but with the above dependencies that it can’t take today? I’m not thinking of anything. In contrast: if Europe decoupled from American LNG, what geopolitical options open up?
> Get your own house in order before lecturing others
I vote in America and Switzerland. I’m talking about my own houses.
> Trashing your own tourism sector is a very European defense mechanism.
Yeah, virtually unheard of in a certain North American country, where every tourist with a certain skin color never been very worried about being extra-judicially sent to an internment camp.
No state in America is as dependent on European tourism the way Southern Europe is on American tourism. (And yes, the temporary blip in Canadian tourism sent a message.)
> as dependent on European tourism the way Southern Europe is on American tourism.
We're mostly dependent on other Europeans, the US is not the single highest tourist/visitor in any of the Southern Europe countries. Italy is the country with the highest percentage of American tourists, but even they have more German visitors. Most southern countries have most tourists from the UK, Germany and France, kind of as expected.
If you think about it for a second that makes a ton of sense too, considering the distances involved here, and how cheap flights inside Europe are.
> We're mostly dependent on other Europeans, the US is not the single highest tourist/visitor in any of the Southern Europe countries
Oh totally agree. But removing American tourism would require stabilizing policy interventions on the European side. It would not on the American side. That’s why threatening to cut off American tourists to Europe as a mooted retaliation measure is dumb. (I can also absolutely see Brussels doing it instead of any of the hard stuff.)
> If the EU wants to fully shield itself, it should aggressively counter-sanction American entities
This isn’t a realistic option without an independent security posture. Washington could bankrupt Europe overnight right now with targeted tourism, technical and financial sanctions. (And increasingly, energy.) All of that before considering kneecapping Europe’s NATO-integrated kit.
> Washington could bankrupt Europe overnight right now with targeted tourism, technical and financial sanctions.
Yet again the American exceptionalism bleeds through and shows why the hegemony is currently dying. Maybe with a slight bit of humbleness it could have survived but no, the exceptionalism is so well encoded that it seems short of impossible to stop the decline at this point.
Seemingly this was the idea with Iran too, which based on the current goings, isn't going so well. How do you expect that to be true for the second/third largest economy in the world, when the US can't even do so with Iran, one of the already most sanctioned countries in the world?
None of this requires America be better at anything. It just requires the current finance and trade flows to be what they are.
> Seemingly this was the idea with Iran too
The analogy doesn’t work. American sanctions and adversarialism with Iran have famously granted us few grabholds on their system. Tehran is sovereign.
To the extent there is an analogy here, it’s in European reliance on America being its Hormuz. The obvious vulnerability that gives America asymmetric capability over Europe is the financial, security, energy and trade reliance. Unlike the Hormuz, those aren’t geographic features. But if Brussels is content with mincing around with their own special pile of AMD chips (or tourism bans or whatnot), it might as well be carved into rock.
The Iranian economy is in a state of total collapse! That's not something to aspire to.
It's not good to be in denial about this. Even small amounts of US pressure would create chaos in Europe at this point. Multiple European countries are heading towards a major financial crisis entirely on their own, even without any US involvement at all. See e.g. the UK, whose debt is now much too large for even an IMF bailout to work. Only massive austerity of the type that makes 2008 look like splashing around in warm water will be enough to turn that around.
Europe is not independent. Even ignoring basics like oil and gas, the choices of the EU ruling elites in Brussels have, over a period of many years, broken any ability to create a competitive domestic tech industry (something very difficult even with China-style global cutoffs). Even if it was all fixed tomorrow it's far too late. Building a competitive domestic office suite is far beyond what the EU can achieve, let alone everything else required.
That’s a risk, but for most cases likely not the most material up front risk - there’s a million ways for the spooks to enter the building.
TBH, all of these entities are likely actively penetrated by US, Israeli and Russian human assets. You don’t need esoteric knowledge of CPU flaws or whatever if the dude holding the keys works for you.
You can prevent that by making sure these people have a lot to lose. Which means you start by paying them enough money.
Wait, European you said? Never mind. Only politicians and the very rich deserve money is the law here.
The owners of European clouds are people who were very, very wealthy before they ever started doing cloud (Xavier Niel, the Klaba Family in France, Hetzner (is also a German family name), Deutsche Telecom/Swisscom/A1 Telecom) and none of them have a reputation of decently paying anyone, whether we're talking software developers, system administrators, SREs, security guards, managers, ... and, of those, only Xavier Niel was not swimming in money when he was born (he was still very comfortable at a time when that was not at all common)
As are most politicians. For example, Ursula von der Leyen is a member of a wealthy German family that was part of the aristocracy in Germany. Her family's money survived WW2 in Germany (everyone in Germany and North West Europe knows what that means, and it's nothing good). Her ancestors belonged to the nobility of the Free Imperial city of Bremen, allied to the Holy Roman Empire. Nobody in her family has ever lacked for money for 20 generations.
The point is that, like everyone else at the helm of the European commission, she and her family going back a LONG way, are part of the very, very rich. She has a coat of arms, for example. And she's not even the only one in the European commission.
Oh, and actually her family has been rich for over 400 years for sure, and probably double that.
One thing I always found a big positive on America is that a lot of the "American elite" was born, perhaps not poor, but also not rich, and they are never part of a dynasty that has been rich since the dark ages. Trump's grandfather was at best middle class. Biden's parents were broke when Joe Biden was little. Obama comes from what is probably a broken home. The contrast with Europe is enormous. By contrast, it often looks, in Europe, that the only possible way to become rich is to marry into a rich family.
Is this an actual risk? If I buy a Intel/AMD CPU today and chuck it into this "European cloud" I'm running, how exactly will that be used to infiltrate this cloud?
AFAIK, there is absolutely zero evidence either Intel or AMD CPUs are compromised, even less so that they're somehow remotely accessible by the US government...
> AFAIK, there is absolutely zero evidence either Intel or AMD CPUs are compromised, even less so that they're somehow remotely accessible by the US government...
The concerns are similar to US supplied fighters having the kill switch or remotely damaging centrifuges in Iran using software virus.
No one knows whether CPUs are compromised similar to no one knew beepers with explosives in Lebanon were compromised by Israel, allegedly during manufacturing. CPUs don't need to be accessed remotely, any compromised person locally will be enough.
These are fascinating cases to show how far state actors will go and how long the compromise can stay dormant.
> The concerns are similar to US supplied fighters.
I doubt that they actually do, just cutting off software support substantially cripples the F-35 in multiple ways and without spares they aren't going to fly very long (on the timescales of fighter programs).
The risk isn't worth the payoff because if anyone found that killswitch, US arms sales would crater.
All that said I don't think my country should be buying US systems if European equivalents or near equivalents exist anyway for geopolitical reasons.
> The concerns are similar to US supplied fighters having the kill switch
This is very different though, first they're huge, expensive machines, requiring infrastructure, maintenance and crew, there are huge surface areas to hide things like kill-switches. With CPU packages, not so much, and also fairly established how exactly you can clear the entire CPU, good luck doing that with the complexity-machines known as fighter jets.
> No one knows whether CPUs are compromised
Right, but what we do know, is that any US company (or any EU subsidiary with US owner, like "AWS European Sovereign Cloud") can and will be used to hold our data hostage when needed by the US government, as proven by recent actions.
So, based on what we know and what we don't know, "data sovereignty" remains a priority, and until proven, "hardware sovereignty" remains less important, for now.
With the advent of LLMs, data sovereignty is being bypassed. All three Service, Data, and Hardware sovereignty are important and should be the focus. It is not about prioritizing one over the other.
The article talks about the management engines built into these chips. Parallel software stacks that can be reached over the network that can control the main OS.
The article does provide real world examples, as well as credible hypotheticals from academics. The 'compromise' is the built in features of the chips being discussed.
I don't think they "forgot" about processors. It was out of scope. Creating the pipeline to end up with a fully "sovereign" system end-to-end is a decades long process and hundreds of billions of euros. As others have pointed out, in this context "sovereign" meant data processing. This is also a fairly paranoid take. Not to say hardware isn't targeted, but there are other methods. So spending hundreds of billions and several decades to build the fabs to gain assurance... it's a waste of time.
Exactly, it was out of scope. You cannot in one go have a full-blown scope. It won't work.
This is a sensationalist headline (CBA to RTFA). It isn't a case of all or nothing, it is about becoming less dependent. A country like China follows the same industry, and besides, in a globalist economy like ours we are dependant on each other. So, for example, a lot of hardware components come from China, and assembly happens there as well. That counts for EU (DE, FR, ...), US, CA, RU, UA, CN, IN, etc. But as the talk on 39c3 has shown [1]: we can DIY.
France's Scaleway already offers RISC-V bare metal servers.
It's a first step that brings most of the value with close to no cost, as RISC-V is cheap nowadays
This cloud provider is a for profit company, not a research institute, so they can see short term commercial value if they do it
I'm surprised that nobody ever tells about Loongson
China already produces government and business computers with their homemade LoongArch architecture. The run on homemade Linux as well. Their point was not only to not be worried as much about backdoors and sanctions, but also to get a platform that their own universities and engineers can maintain and develop
This brand used to coproduce with the French, open source and Java apps work, it's under US sanctions for supplying the chinese government and military, export was restricted so that none land in Russia.
It took decades to make, commercial value is uncertain, but they did master the entire computing stack now
The author is a Dutch journalist with no technology background. I wouldn't jump to get my information from this source. As a person who works in the UK semiconductor industry, I noticed 4 or 5 glaring holes in the article in just the first couple of paragraphs.
I'd also argue that while Softbank has capital ownership of the company, the leadership structure and how that capital is allocated is still done within the UK with standard board oversight. I know a few of the leadership team personally, and they have a wide remit, almost more so than a public company might do.
Actually there are more if you count the ones which are not at the cutting edge but your point still stands, most high-end silicon companies only do design.
ARM has the exact same problem via TrustZone. Different technical implementation, slightly different known capabilities, but fundamentally, still an unauditable, unremovable ring -3 subsystem that cannot be controlled by the legitimate, lawful owner of the hardware.
As far as cloud service servers are concerned, I don't think ARM CPUs have any meaningful marketshare, right?
You could start running things on ARM, but, almost certainly, that comes with a lot of extra friction. (Not saying that isn't a bad idea, it'd probably improve the ecosystem as a whole and flush out architecture-specific assumptions in server software. But it's not someting trivial to do.)
AWS runs a lot of ARM server and they are pushed heavily since they are cheaper and faster. And with Apple running ARM it is just easier to fully transition now.
If the processor is mostly idle or running minimally optimized software, which is most software, then ARM offers better performance per watt. If the processor is running highly optimized code at max throughput all the time then x86 offers better performance per watt.
This is an intrinsic tradeoff. To make low-utilization workloads more power efficient you have to make high-utilization workloads less power efficient and vice versa. ARM and x86 differentiate themselves by taking opposite ends of that tradeoff spectrum.
Arm has been growing fast for years, recent stories claim ARM is at 50% for hyperscalers (google, amazon and microsoft are making their own designs) and 25% for general servers according to stories from this year, and the share is growing fast.
x86/64 is looking more and more like the next Alpha or MIPS in many ways.
More than 50 % of new CPU capacity on AWS is arm. Most of their own stuff uses it, nitro co processors are also arm. Anyone caring about cost of AWS has or is transitioning.
Even if Europe could replace the dependence of Intel and AMD processor, for example with home grown RISC-V processor, where in Europe could such processor be manufacture in a secure and somehow cost effective way? Then there are other chips and components like memory chips, network components. How about secure European network routers which for networks and datacenters in Europe?
In general, in Europe there is research infrastructure that I think could be used at a medium scale for important applications (but I am not a professional).
There is the NanoIC research line at imec (2nm), CEA-Leti incomming 7nm FD-SOI pilot lines, and in terms of full production lines, Global Foundries Dresden (12 nm), ESMC (12 nm, in construction), and the various FeRAM/FMC projects I can't keep track of (Neumonda for example).
I would be more worried about designs, because outside of ARM (and Imagination Tech, both in the UK), I don't know any competitive European designs. (about routers NXP already makes router chips with accelerators on top of ARM cores, used for example in the Mono Gateway, but they are fabbed on old TSMC nodes)
As a European, enjoying the environmental quality of life our regulations provide, I'm ashamed to admit it might be impossible to make chips here, as it's probably a dirty industry that Europe prefers to keep offshore.
And you are wrong to think that in my opinion, chip manufacturing in Europe was huge 25-30 years ago (there was high-end memory chips manufacturers, high-end GPU manufacturing and cutting edge nodes in Europe at the time).
The other day, I saw a clone of OpenRouter pitched as a "superior" alternative simply because they were "European" only to find out their entire stack was dependent on Cloudflare. That's why I'm always sceptical of providers who claim superiority just because they want to "escape" US control because that's rarely the case.
My company is involved in research and production of RISC-V-based chips in Barcelona, with partners. There is or was a partnership with Intel at some point, and I think NVIDIA collaborated in some tasks in one of the projects. But the idea that I heard from the presentations is to produce chips in EU with little dependency on US, China, etc.
I think there is a partition in our supercomputing facility for these new types of technologies, but since my work is running climate models, I only hear news from other teams like our AI factory, the quantum computer, or people involved with these new chips and some emulators (that I think work together).
> Europe is pouring more than €2 billion into sovereign cloud initiatives designed to reduce exposure to US legal reach.
(not Europe, the EU)
this is just sad. the US clouds did not happen because US poured billions into them. they happened because the financial/whatever situation was such that these businesses could happen.
now the EU, instead of making it easy for companies to innovate, spends billion on trying to catch up to the US. not even catching up. getting to where the US clouds are today.
the "skating to where the puck is going to be, not where it's been" quote comes to mind.
The clouds are not really american, but they are subject to american laws. The money and ownership needn't be american, anybody all around the world can buy stock in america companies. And the work to build these clouds was not done exclusively by americans, as all these companies have offices in europe to hire european engineers (to say nothing of the foreigners they pay to come live in america). From the perspective of the market, the clouds being american is an irrelevant detail, since they can reap whatever benefits they like of the world outside the US, as well as whatever benefits they want within the US.
I think this is an important thing to note in all these discussions of "why can't europe innovate": europeans in europe can and do innovate, but the processes to commercialize that innovation have been set up in the US, and have no market incentive to relocate or diversify. They can always take advantage of innovation wherever it lies.
To make the market care about something it is otherwise indifferent to, you have to pay it. Whereas capital markets ordinarily don't care if a company serving europeans is domiciled in the US, if you pay them a couple billion suddenly they will. It may be expensive, but it's the only solution to the problem at hand.
> now the EU, instead of making it easy for companies to innovate, spends billion on trying to catch up to the US. not even catching up. getting to where the US clouds are today.
What's your alternative? The US has behemoths with trillions of dollars in market cap, more than GDPs of most countries in EU. What kind of innovation in context of cloud do you think would allow anyone to compete with them? Who would risk their own money and pour billions into challenging them?
Isn't this essentially the Apple playbook typically? Don't innovate, let others find what works or not, then once you have something, catch up with the rest, try to out-compete? Apple is almost never "first" with something, but once they release something, it's a good iteration on that thing, I don't think Apple would be the only ones able to pull something like that off.
> Goodacre told The Register he tested awareness of the Management Engine with various attendees at the CyberUK conference in April 2026. "Almost no one" knew about it, he reports.
That's surprising. I would've expected most people at a cybersecurity conference to have heard of it, for over a decade.
Is this conference not for people who understand the technology at all, but rather for purely management-track people who oversee the people who understand the technology?
Part of what got Microsoft into this position in the first place is that they built and sold software.
Now, they don't build and sell software, they sell services. Services means you're buying access to data.
The data is the problem.
There's a certain amount of soft power you have when you can disallow access to data and services for foreign officials[0] arbitrarily.
The old world order would of course permit us to sanction new sales of things, but in the new world: this is crucially tied with current access to services.
I think the easiest way to think about it is:
Would you depend on another nation selling you the parts to build a power plant, or would you prefer to depend on them supplying you the power- in fact it's worse than that because not only are you buying power you're also giving up a lot of information on who uses it, how it's used, and enough control to cut it off for an individual person.. totally crazy.
the EU itself was designed around the idea that if you are crucially tied in this way then war becomes unthinkable. But that only works when you're equivalently sized entities. The US uses this position to bully the world.
Those integrations are needed in the long term because only through interdependence can you have peace. You need peace because the consequence of war post WW2 are too high.
The problem with the right wing authoritarian types, regardless of regime is that their thirst for power is harmful to all stakeholders. The tragedy of the Iraq War wasn’t Iraq — it was kicking off decades of inevitably escalating conflict. And doing so for nothing.
We, as in citizens of the world, need strong trade ties with China, Europe, the United States and the developing world. I don’t want my sons getting killed by some PRC drone, nor do I want them killing people in service of the dreams of fat old men.
Europe butchered two generations a century ago. Their model makes sense, and can integrate with the world.
Doesn't encryption protect against these low level network backdoors? I'd think that encryption happens in the upper layers so by the time traffic goes through the ME, it is just gibberish. Someone with expertise enlighten me, please!
People finally learned that capital has nationality. They now need to learn that code has it as well.
It doesn't matter that it's open source if most contributions and maintenance effort come from MS, Google, Oracle, Red Hat etc. These companies control these projects.
The GPU situation is even more concentrated. NVDA data center was $39B last fiscal year — roughly 90% of their total revenue. No European alternative exists for AI compute workloads.
So what is the solution? Can Europe start building the next gen fab now already? And if it can technically, and if it can politically, even at great expense, should it?
I don't think the HN crowd realize how much the whole political EU Cloud is another edition of a money grab by a group of insiders that happen every few years.
Please read about the previous initiatives like Cloudwatt involving the same actors (Thales, etc.) [0]
I have been forced to consider them about 10 years ago and realized at the time that the French telco Orange (who acquired it in 2015) just transferred all control to Huawei (datacenters in France but controlled by Huawei). So all the organisations who put their precious data in a sovereign EU cloud was now in the hand of the Chinese.
It took me a while to understand because they would hide it first and strangely the wikipedia article does not mention it.
So it was fun while the initial public money was flowing but right after that they just throw their "client" under the train.
If you want an European cloud, companies like Hetzner are good. But please do not get to excited by all the other announcements.
These articles may as well be US industry plants. Clickbait title, useless content written to discourage people and hope they throw their hands up and abandon all efforts.
Sovereign clouds are an incredibly meaningful first step. Full independence takes decades. China still uses plenty of AMD and Intel chips, does it mean the amount of independence they've achieved is meaningless? That their stacks are just as dependent on the US as those of the EU?
Of course not and even a child could know that. You start with the very end of the chain and hopefully very gradually work your way upwards. Sovereignty is a float, not a bool. If it's a bool its valye is False for all of China, the US and Italy, where in reality each has very different degrees of tech sovereignty. So you do things in order of efficiency, i.e. compare effort needed and how much it moves the sovereignty needle and pick what has the best ratio at this time. Designing and producing your own processors is far down this list.
No, that's just taking a quick win and kicking the can down the road.
Data migration and hosting is comparatively quick and easy. It can be done any time.
What takes huge lead-times is re-establishing a chip-making industry; not just the fabs but also the raw material contracts, materials processing etc
I'd argue that achieving data sovereignity first is counter-productive because we know the politicians will relax once the easy bit is done. The actual hardware hard-work will never get funded, especially after a new US President takes office in 2029. Europe will sigh in relief and go back to its wilfull ignorance of the risks of dependency'
I always snarked at clueless CEOs bent on forcing me to sign NDAs while the entire infra _and_ data was living in US from the get go. Like, what's so sensitive I'm going to disclose that wasn't voluntarily disclosed by yourself already?
Now this is a perfect time to be just a little patient. After Trump literally threw Taiwan under the incoming Chinese bus, during his recent trip in the area, the chip design and building ought to change. And not in the direction of "build in America (as in MAGA one)" direction.
Francillon seems very dismissive of the risk, citing his "castle walls", but there's a flaw in his thinking, partially described in the article. Francillon seems to anticipate adversarial traffic only flowing in, not out. Sure, he can block packets before they ever reach CSME or PSP. But there are several embedded assumptions in there which are unsupported: that the behavior of these systems is known, auditable, or understood well enough to assume that they're not sending outbound communications as a covert C2 channel, and that attackers reaching in need to send packets directly to these systems, rather than surreptitious delivery mechanisms to the main OS that CSME and PSP can observe, like a certain WLAN name broadcast from a wireless radio, or certain device firmware being present, or even a specific targeted ad being served to a browser running in the main OS. The claim that these criticisms make the entire framework he designed worthless is obviously untrue, but it's also a strawman. The true claim isn't that it makes the framework worthless, but rather, it makes the framework incomplete. This is inconvenient for Francillon because it tasks him with addressing a class of problem that may be partially possible to detect, but impossible to solve, in practice. And you can't have a conclusion that there is an unsolvable problem, even if it's true.
>Europe is pouring more than €2 billion into sovereign cloud initiatives designed to reduce exposure to US legal reach.
This is laughable, since US cloud platforms invested trillions. Also, US companies benefit from greater efficiency, know how, cheaper energy and less regulations.
If EU wants to compete with the US, they have to do what US does.
Not to mention that the UK thinks its legal reach extends beyond its borders, what with levying fines against 4chan, a US-based site with no legal requirement to obey foreign law.
I guess there are two types of "sovereignty" people talk about here.
First is "data sovereignty", which is what the current (data) migrations are all about. As long as the data remains in place where it cannot be suddenly locked away by the US government, people don't care if the CPU was purchased from the US, as the government cannot suddenly disable those (as far as we know at least).
Second is "hardware sovereignty", which is what this article talks about, about the geographical locations where the hardware is designed and built. This is obviously much harder, but also less important at this very moment. That's why you're not seeing people suddenly rushing to fund EU fabs for silicon, there are more important things to focus on right now, with real implications.
The article kind of does everyone a disservice by mixing the two and not clearly separating which ones it's actually talking about. But to be fair, if they did that, then they've wouldn't have been able to publish this whole "Look how they aren't actually sovereign after all" article if they did so, here we are...
The actual risk is that US spooks can use these hardware features to infiltrate European clouds. It's not just a theoretical concern about hardware sovereignty.
> The actual risk is that US spooks can use these hardware features to infiltrate European clouds.
If your threat model is clandestine government actors then I think it would be a rather odd decision to host on ANY cloud !
The main risk for most people is being subject to US CLOUD Act, US PATRIOT Act etc. etc. Which, despite what the sales-droids will tell you, still applies in the fake-EU clouds operated by the US providers.
If you are serious about EU data sovereignty then you absolutely want an EU OpCo that has nothing whatsoever to do with any US company. If OpCo has ties to a US company or IS a US company such as AWS or Microsoft, then you've lost the EU jurisdiction.
The concern over "digital sovereignty" is motivated by the US wielding sanctions as a political tool against Europe.
It's impossible to fully eliminate any exposure to US sanctions. If the EU wants to fully shield itself, it should aggressively counter-sanction American entities. If the US government knows that every time it sanctions some EU entity, an American entity will get sanctioned just as hard, it will think twice.
For some reason, the EU has been unwilling to go down this obvious path.
The problem is that European (in the EU and outside) countries do not have the same ability to sanction the US as the US has to sanction them.
If the US imposed sanctions that blocked access to cloud services a lot of the government and the private sector would just shut down.
Take what happened to the French ICC judge and imagine that happening across a whole country and far more pervasively (because a lot of people he deals with will not follow US sanctions, but would have their own services cut off if his country was sanctioned): https://www.euronews.com/my-europe/2026/02/18/us-sanctions-t...
> If the US imposed sanctions that blocked access to cloud services a lot of the government and the private sector would just shut down.
You don't think they'd rather maybe find alternatives rather than shutting down? Sure, it'd be sucky probably for a long-time, but it's not like we don't have IT professionals who can stand up physical servers, email servers and what not, plenty of local municipalities do so already, so somewhere there is expertise already.
People generally don't just give up and throw their hands in the air in the face of difficulties, even less so when the governance of their country depends on it.
I think you are underestimating the supply chain problem. You can't stand up extra servers you don't already have in extra data center capacity you don't already have. The whole point of the cloud is that you don't have these assets.
While you can acquire these assets the lead times would be several months at a minimum, and probably years if everyone is trying to do it at the same time. It isn't an issue of knowhow, the required physical infrastructure doesn't exist.
Say Microsoft/Google/whatever my local municipality is using right now, gets blocked tonight, and tomorrow everything US-related is offline. It won't (and can't) take months for them to get one server up and running for them to continue with their administration. As mentioned, other municipalities in the country already are 100% independent, running everything themselves, either they're willing to help out the rest of us, or at least provide expertise enough so we can. Then the country is filled with FOSS nerds like myself, who wouldn't shy away from stepping in to help either.
Probably the larger cities would take longer to solve, but I don't think "We cannot get server hardware from the US" will be the biggest problem, it'll be around national organization until the biggest fires been put out. Putting one server in each ajuntament would basically be enough to get 80% of the local municipalities up and running again.
It wouldn't only affect local governments, it'd also trash all the businesses, banks, national governments, etc. Google on its own getting blocked breaks the entire internet because so many websites rely on the free services they host. Remember there are no European search engines of any quality and only Mistral as a European AI provider, so even just findings things would be difficult.
You underestimate how resilient and effective people can be when needed. Yes, as mentioned earlier, it'd suck for a while, but we'd come up with solutions pretty quickly, as the entire country would rely on that.
Pretty much exactly a year ago, I was about leave home to go buy something, when the power was cut, garage door didn't open. Fine, jump into a taxi, and both of us notice that seemingly the entire town is without power. Once we arrive at the store in another town, same thing.
Turns out, the entire country had lost power, and would be without power for pretty much the rest of the day, and same thing in neigboring Portugal. We were literally without power, internet and cell-phone service for pretty much the entire day.
Did the entire of society pretty much was put on hold for a day? Yeah, but still we managed to go on with our day. I owed the taxi driver until the next time I saw him, the store accepted the same thing so we could buy some stuff, they noted down everything on paper, and so on.
We did survive, and thanks to humans being humans, we all could pretty much survive even that day.
Loosing Microsoft/Google/AWS would indeed be pretty much on a smaller scale, mostly impacting IT and everything related to IT, which is large swaths, but just like every other problem, it'll be worked around both temporarily and permanently, it's just in human nature to do.
Again, I'm not saying it wouldn't suck, nor that it wouldn't be difficult, but also, it wouldn't take a year before emails are being sent between companies again either.
The EU could absolutely find ways to hurt the US economy just as much as vice versa. It doesn't have to use the same tools as the US. Just ban major US companies from doing business in the EU. Impose massive fines. Get creative.
The EU economy is on par with the US economy. The EU has plenty of ability to hurt the US economy.
The reason this doesn't happen is because the EU isn't a country. It doesn't have a unified central government. It's 27 different sovereign states, each with their own completely different foreign policy. The type of policy I'm describing requires a unified political leadership willing to play for high stakes.
This is why China has been so much more effective than the EU in the trade war with the US. It's not that China theoretically has better cards to play. It just has a central government.
EU economy is not on par with the US economy. This is a dangerously old belief. That was maybe true in 2000 but not in 2026. EU GDP per capita is ~$48k and US GDP per capita is ~$94k. US economy is nearly twice as big. Quarter of a century of higher growth will do that.
EU does run a trade surplus with the USA. In a big fight the USA would, strictly speaking, have to replace more stuff than the EU would. However that ignores the makeup of the things being traded. EU exports to the US is dominated by pharma products that the US could make generics of, misc machinery that can often be replaced by Chinese competitors now, and luxury goods the US doesn't strictly need. US exports to EU are critical for the functioning of the economy (assuming you count tech services as exports).
It would be catastrophic for the world if there was a serious trade war between US and EU but if it involved major disruptions to tech services the EU would fold within days. There are no home grown replacements for most US software and no ability to make them anytime soon (especially as any broad spectrum sanctions would include frontier AI models).
> EU economy is not on par with the US economy. This is a dangerously old belief. That was maybe true in 2000 but not in 2026. EU GDP per capita is ~$48k and US GDP per capita is ~$94k. US economy is nearly twice as big. Quarter of a century of higher growth will do that.
I think per capita is not a useful measure here? The populations are unequal.
By nominal exchange rates, the US economy is estimated to be $31.856T this year; the EU's $23T; by purchasing power parity exchange rates, the EU is $30.678T.
Exchange rates matter for what actually gets traded, but they're also easily shifted by interest rate policies. But even with this, any simplification of economics sufficient to fit in a comment is going to be very misleading about questions of who is more or less dependent on global free trade, the US or the EU. Even the complexity you list: I suspect there's an office or five in various EU nations filled with economists trying to work out exactly what would go down if there was an EU-US trade war and how to remove the critical points of failure.
> US exports to EU are critical for the functioning of the economy (assuming you count tech services as exports).
> It would be catastrophic for the world if there was a serious trade war between US and EU but if it involved major disruptions to tech services the EU would fold within days.
Yes, but this is kinda the point of all the digital sovereignty stuff.
It was already weird to me, as an iPhone app developer in Germany making apps for Germans living in Germany where sometimes the only language option was German, that I had to tick a box while uploading apps confirming that any encryption in the app would be in compliance with US export laws*; now, it's unacceptable.
* https://developer.apple.com/help/app-store-connect/manage-ap...
(Irony, that page links to https://bis.doc.gov/index.php/policy-guidance/encryption which for me has an SSL error)
> the EU has been unwilling to go down this obvious path
Well, the EU in general tends to favour the "lets sit down in a room and talk like grown-ups" approach to finding solutions to problems.
Wielding sanctions as a first/second choice option is a very US thing, even more so with the present administration.
In theory the EU does have a lot of options available to it beyond sanctions, such as making life difficult getting Schengen visas for all those US citizens you constantly read about on the CNN website who are flocking to Europe .... but that sort of action would be very un-European[1][2]
[1] https://edition.cnn.com/travel/us-family-relocated-miami-ita... [2] https://edition.cnn.com/travel/central-eastern-europe-americ...
> such as making life difficult getting Schengen visas for all those US citizens you constantly read about on the CNN website who are flocking to Europe
Trashing your own tourism sector is a very European defense mechanism.
The truth is there is one and only one way Europe can try reclaiming sovereignty, and it’s the one that’s most painful—rebuilding its own military.
> Trashing your own tourism sector is a very European defense mechanism.
Please re-read my post .... in particular the first two words "IN THEORY".
As far as I am aware, the option I mentioned has never, ever been mooted as a possibility. It was something I invented as a random example of a non-sanction possibility.
> rebuilding its own military
Aah yes, because a strong military has been so awesome for the US in the US–Iran war where IIRC the Iranians managed to destroy lots of very expensive US military radars[1] and other expensive assets[2][3] in the region despite your president having claimed to have "destroyed 100% of Iran's military capability".
But let's not get in to politics....
[1] https://edition.cnn.com/2026/03/05/middleeast/radar-bases-us... [2] https://edition.cnn.com/2026/03/30/middleeast/us-air-force-a... [3] https://apnews.com/article/amazon-aws-data-center-uae-iran-b...
> the first two words "IN THEORY"
It doesn’t work in theory. America reversing the move and banning its own citizens from traveling to Europe would bankrupt multiple EU members [1].
> because a strong military has been so awesome for the US in the US–Iran war
Uh, the Iran war was an exercise of American sovereignty. Rules be damned.
> where IIRC the Iranians managed to destroy lots of very expensive US military radars
And they didn’t do it with soft power!
Europe has a good deal. America guarantees its security. It gives up sovereignty in exchange.
“In theory” discussions about self immolation through tourism bans and money giveaways on strategically-useless “sovereign clouds” are finger paint on turds. Messaging exercises. They afford Europe zero marginal sovereignty vis-à-vis the U.S.
Europe is not going to be sovereign unless it commits to an independent security posture. And the simple truth is that isn’t politically possible right now.
> let's not get in to politics
Exactly.
[1] https://www.wsj.com/world/europe/ europe-tourism-economy-american-tourists-f6112f78
> America reversing the move and banning its own citizens ...
You sit there lecturing me on "in theory" discussions and you come up with that line.
I think you will find many European countries would celebrate yanks being told they can't visit Europe. Nobody will miss the loud Karens who make no effort in relation to the local culture.
It might have escaped your notice but the present US administration has not exactly done much to encourage Europeans to welcome yanks what with threatening to invade a European country and all that.
Get your own house in order before lecturing others.
> You sit there lecturing me on "in theory" discussions and you come up with that line
“In theory” requires it work in theory. I’m pointing out that your proposed “retaliation,” banning American tourists from Europe, hurts Europe more than it does America to the point that it would be a potential (albeit over the top) tactic the U.S. would itself deploy.
> the present US administration has not exactly done much to encourage Europeans to welcome yank
Correct. I agree with the notion of European sovereignty. I’m saying “sovereign cloud” BS is performative nonsense. So long as Europe is dependent on American F-35 parts, LNG and banking rails, Washington has a de facto veto on European policy.
Like, what policy position could Europe take with a sovereign cloud but with the above dependencies that it can’t take today? I’m not thinking of anything. In contrast: if Europe decoupled from American LNG, what geopolitical options open up?
> Get your own house in order before lecturing others
I vote in America and Switzerland. I’m talking about my own houses.
> It might have escaped your notice but the present US administration has not exactly done much to encourage Europeans
That's because the right wing faction hates Europe. :(
> Trashing your own tourism sector is a very European defense mechanism.
Yeah, virtually unheard of in a certain North American country, where every tourist with a certain skin color never been very worried about being extra-judicially sent to an internment camp.
No state in America is as dependent on European tourism the way Southern Europe is on American tourism. (And yes, the temporary blip in Canadian tourism sent a message.)
> as dependent on European tourism the way Southern Europe is on American tourism.
We're mostly dependent on other Europeans, the US is not the single highest tourist/visitor in any of the Southern Europe countries. Italy is the country with the highest percentage of American tourists, but even they have more German visitors. Most southern countries have most tourists from the UK, Germany and France, kind of as expected.
If you think about it for a second that makes a ton of sense too, considering the distances involved here, and how cheap flights inside Europe are.
> We're mostly dependent on other Europeans, the US is not the single highest tourist/visitor in any of the Southern Europe countries
Oh totally agree. But removing American tourism would require stabilizing policy interventions on the European side. It would not on the American side. That’s why threatening to cut off American tourists to Europe as a mooted retaliation measure is dumb. (I can also absolutely see Brussels doing it instead of any of the hard stuff.)
> If the EU wants to fully shield itself, it should aggressively counter-sanction American entities
This isn’t a realistic option without an independent security posture. Washington could bankrupt Europe overnight right now with targeted tourism, technical and financial sanctions. (And increasingly, energy.) All of that before considering kneecapping Europe’s NATO-integrated kit.
> Washington could bankrupt Europe overnight right now with targeted tourism, technical and financial sanctions.
Yet again the American exceptionalism bleeds through and shows why the hegemony is currently dying. Maybe with a slight bit of humbleness it could have survived but no, the exceptionalism is so well encoded that it seems short of impossible to stop the decline at this point.
Seemingly this was the idea with Iran too, which based on the current goings, isn't going so well. How do you expect that to be true for the second/third largest economy in the world, when the US can't even do so with Iran, one of the already most sanctioned countries in the world?
> American exceptionalism bleeds through
None of this requires America be better at anything. It just requires the current finance and trade flows to be what they are.
> Seemingly this was the idea with Iran too
The analogy doesn’t work. American sanctions and adversarialism with Iran have famously granted us few grabholds on their system. Tehran is sovereign.
To the extent there is an analogy here, it’s in European reliance on America being its Hormuz. The obvious vulnerability that gives America asymmetric capability over Europe is the financial, security, energy and trade reliance. Unlike the Hormuz, those aren’t geographic features. But if Brussels is content with mincing around with their own special pile of AMD chips (or tourism bans or whatnot), it might as well be carved into rock.
The Iranian economy is in a state of total collapse! That's not something to aspire to.
It's not good to be in denial about this. Even small amounts of US pressure would create chaos in Europe at this point. Multiple European countries are heading towards a major financial crisis entirely on their own, even without any US involvement at all. See e.g. the UK, whose debt is now much too large for even an IMF bailout to work. Only massive austerity of the type that makes 2008 look like splashing around in warm water will be enough to turn that around.
Europe is not independent. Even ignoring basics like oil and gas, the choices of the EU ruling elites in Brussels have, over a period of many years, broken any ability to create a competitive domestic tech industry (something very difficult even with China-style global cutoffs). Even if it was all fixed tomorrow it's far too late. Building a competitive domestic office suite is far beyond what the EU can achieve, let alone everything else required.
That’s a risk, but for most cases likely not the most material up front risk - there’s a million ways for the spooks to enter the building.
TBH, all of these entities are likely actively penetrated by US, Israeli and Russian human assets. You don’t need esoteric knowledge of CPU flaws or whatever if the dude holding the keys works for you.
You can prevent that by making sure these people have a lot to lose. Which means you start by paying them enough money.
Wait, European you said? Never mind. Only politicians and the very rich deserve money is the law here.
The owners of European clouds are people who were very, very wealthy before they ever started doing cloud (Xavier Niel, the Klaba Family in France, Hetzner (is also a German family name), Deutsche Telecom/Swisscom/A1 Telecom) and none of them have a reputation of decently paying anyone, whether we're talking software developers, system administrators, SREs, security guards, managers, ... and, of those, only Xavier Niel was not swimming in money when he was born (he was still very comfortable at a time when that was not at all common)
As are most politicians. For example, Ursula von der Leyen is a member of a wealthy German family that was part of the aristocracy in Germany. Her family's money survived WW2 in Germany (everyone in Germany and North West Europe knows what that means, and it's nothing good). Her ancestors belonged to the nobility of the Free Imperial city of Bremen, allied to the Holy Roman Empire. Nobody in her family has ever lacked for money for 20 generations.
> Her ancestors belonged to the nobility of the Free Imperial city of Bremen, allied to the Holy Roman Empire.
I've heard of people holding long grudges before but holy shit, that's quite a reach even for HN, that's over 200 years ago! :D
The point is that, like everyone else at the helm of the European commission, she and her family going back a LONG way, are part of the very, very rich. She has a coat of arms, for example. And she's not even the only one in the European commission.
https://en.wikipedia.org/wiki/House_of_Leyen
It's a commentary on social mobility.
Oh, and actually her family has been rich for over 400 years for sure, and probably double that.
One thing I always found a big positive on America is that a lot of the "American elite" was born, perhaps not poor, but also not rich, and they are never part of a dynasty that has been rich since the dark ages. Trump's grandfather was at best middle class. Biden's parents were broke when Joe Biden was little. Obama comes from what is probably a broken home. The contrast with Europe is enormous. By contrast, it often looks, in Europe, that the only possible way to become rich is to marry into a rich family.
A risk, but not remotely the same risk or same severity of risk as hosting data in US clouds.
It’s not. It’s a real concern.
But they are two different things.
You can’t solve all problems at once.
It’s reasonable to start by solving the problems which provide rrhe best improvement for the lowest effort and risk.
Prioritizing data sovereignty as the OP has done well naming it, seems like a good trade off to me.
Well, to be fair, then it's precisely a theoretical concern about hardware sovereignty.
Is this an actual risk? If I buy a Intel/AMD CPU today and chuck it into this "European cloud" I'm running, how exactly will that be used to infiltrate this cloud?
AFAIK, there is absolutely zero evidence either Intel or AMD CPUs are compromised, even less so that they're somehow remotely accessible by the US government...
> AFAIK, there is absolutely zero evidence either Intel or AMD CPUs are compromised, even less so that they're somehow remotely accessible by the US government...
The concerns are similar to US supplied fighters having the kill switch or remotely damaging centrifuges in Iran using software virus.
No one knows whether CPUs are compromised similar to no one knew beepers with explosives in Lebanon were compromised by Israel, allegedly during manufacturing. CPUs don't need to be accessed remotely, any compromised person locally will be enough.
These are fascinating cases to show how far state actors will go and how long the compromise can stay dormant.
> The concerns are similar to US supplied fighters.
I doubt that they actually do, just cutting off software support substantially cripples the F-35 in multiple ways and without spares they aren't going to fly very long (on the timescales of fighter programs).
The risk isn't worth the payoff because if anyone found that killswitch, US arms sales would crater.
All that said I don't think my country should be buying US systems if European equivalents or near equivalents exist anyway for geopolitical reasons.
> The concerns are similar to US supplied fighters having the kill switch
This is very different though, first they're huge, expensive machines, requiring infrastructure, maintenance and crew, there are huge surface areas to hide things like kill-switches. With CPU packages, not so much, and also fairly established how exactly you can clear the entire CPU, good luck doing that with the complexity-machines known as fighter jets.
> No one knows whether CPUs are compromised
Right, but what we do know, is that any US company (or any EU subsidiary with US owner, like "AWS European Sovereign Cloud") can and will be used to hold our data hostage when needed by the US government, as proven by recent actions.
So, based on what we know and what we don't know, "data sovereignty" remains a priority, and until proven, "hardware sovereignty" remains less important, for now.
With the advent of LLMs, data sovereignty is being bypassed. All three Service, Data, and Hardware sovereignty are important and should be the focus. It is not about prioritizing one over the other.
The article talks about the management engines built into these chips. Parallel software stacks that can be reached over the network that can control the main OS.
The article does provide real world examples, as well as credible hypotheticals from academics. The 'compromise' is the built in features of the chips being discussed.
Or any other country. It is not like you can keep that genie inside the bottle.
"data sovereignty" for Europe should use the same technology as data protection from tech. giants for both US citizens and EU citizens.
1. Use open-source and Free as in Freedom software
It's always easier to place and hide backdoor into closed source software than open source software.
2. Use decentralized and federated communications networks
Even small organizations, groups should run own servers. Don't concentrate data at few cloud service providers.
[dead]
I don't think they "forgot" about processors. It was out of scope. Creating the pipeline to end up with a fully "sovereign" system end-to-end is a decades long process and hundreds of billions of euros. As others have pointed out, in this context "sovereign" meant data processing. This is also a fairly paranoid take. Not to say hardware isn't targeted, but there are other methods. So spending hundreds of billions and several decades to build the fabs to gain assurance... it's a waste of time.
Exactly, it was out of scope. You cannot in one go have a full-blown scope. It won't work.
This is a sensationalist headline (CBA to RTFA). It isn't a case of all or nothing, it is about becoming less dependent. A country like China follows the same industry, and besides, in a globalist economy like ours we are dependant on each other. So, for example, a lot of hardware components come from China, and assembly happens there as well. That counts for EU (DE, FR, ...), US, CA, RU, UA, CN, IN, etc. But as the talk on 39c3 has shown [1]: we can DIY.
[1] https://media.ccc.de/v/39c3-in-house-electronics-manufacturi...
France's Scaleway already offers RISC-V bare metal servers. It's a first step that brings most of the value with close to no cost, as RISC-V is cheap nowadays
This cloud provider is a for profit company, not a research institute, so they can see short term commercial value if they do it
I'm surprised that nobody ever tells about Loongson
China already produces government and business computers with their homemade LoongArch architecture. The run on homemade Linux as well. Their point was not only to not be worried as much about backdoors and sanctions, but also to get a platform that their own universities and engineers can maintain and develop
This brand used to coproduce with the French, open source and Java apps work, it's under US sanctions for supplying the chinese government and military, export was restricted so that none land in Russia.
It took decades to make, commercial value is uncertain, but they did master the entire computing stack now
Quite an odd thing for a British journal to pretend ARM doesn't exist...
The author is a Dutch journalist with no technology background. I wouldn't jump to get my information from this source. As a person who works in the UK semiconductor industry, I noticed 4 or 5 glaring holes in the article in just the first couple of paragraphs.
[dead]
ARM is:
1) An ISA licensor, with no capability to create its own CPUs
and
2) Owned by Softbank in Japan, not European
They are pivoting to become a fabless chip company as of last year (the decision happened a few years back): https://www.wired.com/story/chip-design-firm-arm-is-making-i...
I'd also argue that while Softbank has capital ownership of the company, the leadership structure and how that capital is allocated is still done within the UK with standard board oversight. I know a few of the leadership team personally, and they have a wide remit, almost more so than a public company might do.
Is 1) accurate with ARM creating their own CPUs directly? https://www.cnbc.com/amp/2026/03/24/arm-launches-its-own-cpu...
ARM design IP blocks, they can make their own CPU (and now they are making one), eevn though that means competing with your customers.
They still don‘t fab them though, AFAIK they go through TSMC.
There are literally only 2 "fabfull" processor companies (Intel and Samsung) so you're saying something completely meaningless.
Actually there are more if you count the ones which are not at the cutting edge but your point still stands, most high-end silicon companies only do design.
And where does TMSC go for the machines it uses to produce these chips?
ARM has the exact same problem via TrustZone. Different technical implementation, slightly different known capabilities, but fundamentally, still an unauditable, unremovable ring -3 subsystem that cannot be controlled by the legitimate, lawful owner of the hardware.
As far as cloud service servers are concerned, I don't think ARM CPUs have any meaningful marketshare, right?
You could start running things on ARM, but, almost certainly, that comes with a lot of extra friction. (Not saying that isn't a bad idea, it'd probably improve the ecosystem as a whole and flush out architecture-specific assumptions in server software. But it's not someting trivial to do.)
AWS runs a lot of ARM server and they are pushed heavily since they are cheaper and faster. And with Apple running ARM it is just easier to fully transition now.
AWS graviton, Google Axion? ARM has better performance per watt, which translates to better performance per $.
The reality is more complicated than this.
If the processor is mostly idle or running minimally optimized software, which is most software, then ARM offers better performance per watt. If the processor is running highly optimized code at max throughput all the time then x86 offers better performance per watt.
This is an intrinsic tradeoff. To make low-utilization workloads more power efficient you have to make high-utilization workloads less power efficient and vice versa. ARM and x86 differentiate themselves by taking opposite ends of that tradeoff spectrum.
It depends on the code.
Linux on Arm works great. I barely notice the difference except everything is a bit faster. Most SaaS companies can and should switch.
AWS Graviton has been steadily gaining share, a quick Google search says it's up to 20% now.
Arm has been growing fast for years, recent stories claim ARM is at 50% for hyperscalers (google, amazon and microsoft are making their own designs) and 25% for general servers according to stories from this year, and the share is growing fast.
x86/64 is looking more and more like the next Alpha or MIPS in many ways.
Surely having AWS Graviton in service for nearly a decade will mean it's not that much friction.
More than 50 % of new CPU capacity on AWS is arm. Most of their own stuff uses it, nitro co processors are also arm. Anyone caring about cost of AWS has or is transitioning.
Even if Europe could replace the dependence of Intel and AMD processor, for example with home grown RISC-V processor, where in Europe could such processor be manufacture in a secure and somehow cost effective way? Then there are other chips and components like memory chips, network components. How about secure European network routers which for networks and datacenters in Europe?
https://www.techspot.com/news/107073-researchers-uncover-hid...
Silicon level backdoors.
https://www.wired.com/2016/06/demonically-clever-backdoor-hi...
In general, in Europe there is research infrastructure that I think could be used at a medium scale for important applications (but I am not a professional).
There is the NanoIC research line at imec (2nm), CEA-Leti incomming 7nm FD-SOI pilot lines, and in terms of full production lines, Global Foundries Dresden (12 nm), ESMC (12 nm, in construction), and the various FeRAM/FMC projects I can't keep track of (Neumonda for example).
I would be more worried about designs, because outside of ARM (and Imagination Tech, both in the UK), I don't know any competitive European designs. (about routers NXP already makes router chips with accelerators on top of ARM cores, used for example in the Mono Gateway, but they are fabbed on old TSMC nodes)
If they can make the EUV machines I doubt it’s beyond Europe to do the manufacturing at higher levels.
And as commented elsewhere, ARM
Also Siemens/Infineon. Although that's a vastly different node size, but still, there's some expertise present
And ST (with similar considerations for node size etc.).
> If they can make the EUV machines [...]
They can't. The EUV light source is produced by Cymer, an American subsidiary of ASML.
As a European, enjoying the environmental quality of life our regulations provide, I'm ashamed to admit it might be impossible to make chips here, as it's probably a dirty industry that Europe prefers to keep offshore.
And you are wrong to think that in my opinion, chip manufacturing in Europe was huge 25-30 years ago (there was high-end memory chips manufacturers, high-end GPU manufacturing and cutting edge nodes in Europe at the time).
Ahh exporting problems then shouting mindlessly why 'everyone else don't just do what we do'
There are EU/Euro fabs. Not just cutting edge or for logic
We make lots of chips (for mostly US based companies) in Europe, so that ship has sailed.
The other day, I saw a clone of OpenRouter pitched as a "superior" alternative simply because they were "European" only to find out their entire stack was dependent on Cloudflare. That's why I'm always sceptical of providers who claim superiority just because they want to "escape" US control because that's rarely the case.
My company is involved in research and production of RISC-V-based chips in Barcelona, with partners. There is or was a partnership with Intel at some point, and I think NVIDIA collaborated in some tasks in one of the projects. But the idea that I heard from the presentations is to produce chips in EU with little dependency on US, China, etc.
https://catalonia.com/w/barcelona-supercomputing-center-laun...
https://www.bsc.es/join-us/excellence-career-opportunities/d...
I think there is a partition in our supercomputing facility for these new types of technologies, but since my work is running climate models, I only hear news from other teams like our AI factory, the quantum computer, or people involved with these new chips and some emulators (that I think work together).
Sovereignty is not necessarily about spying but about having control over their destiny.
this is just sad. the US clouds did not happen because US poured billions into them. they happened because the financial/whatever situation was such that these businesses could happen.
now the EU, instead of making it easy for companies to innovate, spends billion on trying to catch up to the US. not even catching up. getting to where the US clouds are today.
the "skating to where the puck is going to be, not where it's been" quote comes to mind.
The clouds are not really american, but they are subject to american laws. The money and ownership needn't be american, anybody all around the world can buy stock in america companies. And the work to build these clouds was not done exclusively by americans, as all these companies have offices in europe to hire european engineers (to say nothing of the foreigners they pay to come live in america). From the perspective of the market, the clouds being american is an irrelevant detail, since they can reap whatever benefits they like of the world outside the US, as well as whatever benefits they want within the US.
I think this is an important thing to note in all these discussions of "why can't europe innovate": europeans in europe can and do innovate, but the processes to commercialize that innovation have been set up in the US, and have no market incentive to relocate or diversify. They can always take advantage of innovation wherever it lies.
To make the market care about something it is otherwise indifferent to, you have to pay it. Whereas capital markets ordinarily don't care if a company serving europeans is domiciled in the US, if you pay them a couple billion suddenly they will. It may be expensive, but it's the only solution to the problem at hand.
> now the EU, instead of making it easy for companies to innovate, spends billion on trying to catch up to the US. not even catching up. getting to where the US clouds are today.
What's your alternative? The US has behemoths with trillions of dollars in market cap, more than GDPs of most countries in EU. What kind of innovation in context of cloud do you think would allow anyone to compete with them? Who would risk their own money and pour billions into challenging them?
Isn't this essentially the Apple playbook typically? Don't innovate, let others find what works or not, then once you have something, catch up with the rest, try to out-compete? Apple is almost never "first" with something, but once they release something, it's a good iteration on that thing, I don't think Apple would be the only ones able to pull something like that off.
> now the EU, instead of making it easy for companies to innovate, spends billion on trying to catch up to the US.
Depends on what you mean by this.
Quite often this is said in the direction of eroding labor protections and allowing corporations to fuck over consumers freely.
If that's whay you mean, then no, fuck that noise.
Better to take the China route of enforcing a bunch of stuff to be home grown and making it harder or impossible for US corporations to act here.
> Goodacre told The Register he tested awareness of the Management Engine with various attendees at the CyberUK conference in April 2026. "Almost no one" knew about it, he reports.
That's surprising. I would've expected most people at a cybersecurity conference to have heard of it, for over a decade.
Is this conference not for people who understand the technology at all, but rather for purely management-track people who oversee the people who understand the technology?
I think people miss the point about sovreignity.
Part of what got Microsoft into this position in the first place is that they built and sold software.
Now, they don't build and sell software, they sell services. Services means you're buying access to data.
The data is the problem.
There's a certain amount of soft power you have when you can disallow access to data and services for foreign officials[0] arbitrarily.
The old world order would of course permit us to sanction new sales of things, but in the new world: this is crucially tied with current access to services.
I think the easiest way to think about it is:
Would you depend on another nation selling you the parts to build a power plant, or would you prefer to depend on them supplying you the power- in fact it's worse than that because not only are you buying power you're also giving up a lot of information on who uses it, how it's used, and enough control to cut it off for an individual person.. totally crazy.
the EU itself was designed around the idea that if you are crucially tied in this way then war becomes unthinkable. But that only works when you're equivalently sized entities. The US uses this position to bully the world.
EU is for example quite comfortable to be dependent on energy imports.
The biggest share of imports to EU by value is "mineral fuels, oils, distillation products". It's 17% of all imports.
https://tradingeconomics.com/european-union/imports-by-categ...
1) that gave Russia a lot of leverage over us, so, lessons should be learned.
2) Tech dominance is almost at 100% for large companies and governments across europe. Much higher than 17%
Those integrations are needed in the long term because only through interdependence can you have peace. You need peace because the consequence of war post WW2 are too high.
The problem with the right wing authoritarian types, regardless of regime is that their thirst for power is harmful to all stakeholders. The tragedy of the Iraq War wasn’t Iraq — it was kicking off decades of inevitably escalating conflict. And doing so for nothing.
We, as in citizens of the world, need strong trade ties with China, Europe, the United States and the developing world. I don’t want my sons getting killed by some PRC drone, nor do I want them killing people in service of the dreams of fat old men.
Europe butchered two generations a century ago. Their model makes sense, and can integrate with the world.
Doesn't encryption protect against these low level network backdoors? I'd think that encryption happens in the upper layers so by the time traffic goes through the ME, it is just gibberish. Someone with expertise enlighten me, please!
Programming languages and operating systems as well.
Even if open source, currently there is no European plan on how to take care of supply chain on those.
Huawei came up with a full stack, after the ties were closed, as an example. OS and languages.
If is open source, why is there a problem?
Depends if anyone actually bothers to read the code for supply chain attacks.
Also it would be great not to depend on that poor fellow in Nebraska to keep it running, and being further developed.
People finally learned that capital has nationality. They now need to learn that code has it as well.
It doesn't matter that it's open source if most contributions and maintenance effort come from MS, Google, Oracle, Red Hat etc. These companies control these projects.
The GPU situation is even more concentrated. NVDA data center was $39B last fiscal year — roughly 90% of their total revenue. No European alternative exists for AI compute workloads.
So what is the solution? Can Europe start building the next gen fab now already? And if it can technically, and if it can politically, even at great expense, should it?
I don't think the HN crowd realize how much the whole political EU Cloud is another edition of a money grab by a group of insiders that happen every few years.
Please read about the previous initiatives like Cloudwatt involving the same actors (Thales, etc.) [0]
I have been forced to consider them about 10 years ago and realized at the time that the French telco Orange (who acquired it in 2015) just transferred all control to Huawei (datacenters in France but controlled by Huawei). So all the organisations who put their precious data in a sovereign EU cloud was now in the hand of the Chinese. It took me a while to understand because they would hide it first and strangely the wikipedia article does not mention it.
So it was fun while the initial public money was flowing but right after that they just throw their "client" under the train.
If you want an European cloud, companies like Hetzner are good. But please do not get to excited by all the other announcements.
- [0] https://en.wikipedia.org/wiki/Cloudwatt
Is there anything like Elastic Beanstalk/Spanner/App Engine?
Most of what I see are Kubernetes offerings and VPS
These articles may as well be US industry plants. Clickbait title, useless content written to discourage people and hope they throw their hands up and abandon all efforts.
Sovereign clouds are an incredibly meaningful first step. Full independence takes decades. China still uses plenty of AMD and Intel chips, does it mean the amount of independence they've achieved is meaningless? That their stacks are just as dependent on the US as those of the EU?
Of course not and even a child could know that. You start with the very end of the chain and hopefully very gradually work your way upwards. Sovereignty is a float, not a bool. If it's a bool its valye is False for all of China, the US and Italy, where in reality each has very different degrees of tech sovereignty. So you do things in order of efficiency, i.e. compare effort needed and how much it moves the sovereignty needle and pick what has the best ratio at this time. Designing and producing your own processors is far down this list.
> You start with the very end of the chain
No, that's just taking a quick win and kicking the can down the road.
Data migration and hosting is comparatively quick and easy. It can be done any time.
What takes huge lead-times is re-establishing a chip-making industry; not just the fabs but also the raw material contracts, materials processing etc
I'd argue that achieving data sovereignity first is counter-productive because we know the politicians will relax once the easy bit is done. The actual hardware hard-work will never get funded, especially after a new US President takes office in 2029. Europe will sigh in relief and go back to its wilfull ignorance of the risks of dependency'
So what's being proposed here? Why bother and just use US clouds?
Don't let 'perfect' be the enemy of 'progress'.
Exactly. Why bother and own yourself?
I always snarked at clueless CEOs bent on forcing me to sign NDAs while the entire infra _and_ data was living in US from the get go. Like, what's so sensitive I'm going to disclose that wasn't voluntarily disclosed by yourself already?
People are at least as concerned with who data is disclosed to as they are with what data is disclosed.
I am sure the US government has everything from my banking records to my biometrics to my medical history.
That does not mean I would be ok with all of those things being posted on the open web (yes, some / all may already be).
Employers are generally more concerned with disclosure to competitors than they are with possible collection by US intelligence.
Now this is a perfect time to be just a little patient. After Trump literally threw Taiwan under the incoming Chinese bus, during his recent trip in the area, the chip design and building ought to change. And not in the direction of "build in America (as in MAGA one)" direction.
Francillon seems very dismissive of the risk, citing his "castle walls", but there's a flaw in his thinking, partially described in the article. Francillon seems to anticipate adversarial traffic only flowing in, not out. Sure, he can block packets before they ever reach CSME or PSP. But there are several embedded assumptions in there which are unsupported: that the behavior of these systems is known, auditable, or understood well enough to assume that they're not sending outbound communications as a covert C2 channel, and that attackers reaching in need to send packets directly to these systems, rather than surreptitious delivery mechanisms to the main OS that CSME and PSP can observe, like a certain WLAN name broadcast from a wireless radio, or certain device firmware being present, or even a specific targeted ad being served to a browser running in the main OS. The claim that these criticisms make the entire framework he designed worthless is obviously untrue, but it's also a strawman. The true claim isn't that it makes the framework worthless, but rather, it makes the framework incomplete. This is inconvenient for Francillon because it tasks him with addressing a class of problem that may be partially possible to detect, but impossible to solve, in practice. And you can't have a conclusion that there is an unsolvable problem, even if it's true.
>Europe is pouring more than €2 billion into sovereign cloud initiatives designed to reduce exposure to US legal reach.
This is laughable, since US cloud platforms invested trillions. Also, US companies benefit from greater efficiency, know how, cheaper energy and less regulations.
If EU wants to compete with the US, they have to do what US does.
Not to mention that the UK thinks its legal reach extends beyond its borders, what with levying fines against 4chan, a US-based site with no legal requirement to obey foreign law.
[dead]
[dead]
I see you are making a critique of society, and yet you participate in that society! Isn't that strange?
I am very smart.
/s