GAIA-X is Europe’s values-based answer to US digital dominance. But can the EU build cloud infrastructure that reflects its principles and truly stand up to Big Tech?
The European Union is increasingly aware of its reliance on US cloud providers like Amazon, Microsoft, and Google, which control around 70% of the European market. This reliance threatens not only data privacy but also Europe’s autonomy in an increasingly unstable geopolitical climate. In response, the EU launched GAIA-X – an initiative to build a secure, interoperable cloud infrastructure based on European values. Positioned as Europe’s answer to US tech dominance, the question arises: does GAIA-X truly offer a counterweight to Big Tech, or is it merely a symbolic gesture in the struggle for digital sovereignty?
A values-based project
GAIA-X is not a cloud provider, but a European framework that connects existing services using shared rules and open standards. It aims to create a value-driven data ecosystem where companies can exchange data without depending on foreign tech giants. Values such as privacy, transparency, and non-discrimination are central to the EU’s identity as a global rule-maker, yet they often clash with the practices of US tech companies. For example, anti-discrimination safeguards in the EU’s AI Act were reportedly weakened due to lobbying by Big Tech. Members of the European Parliament argue that rather than bending its values to fit foreign technology, Europe should build its own infrastructure aligned with European standards.
The urgency is heightened by the lack of homegrown cloud providers, leaving critical data subject to extraterritorial legislation such as the U.S. CLOUD Act. In Brussels, calls for “digital sovereignty” have moved from the margins to the mainstream: in December 2024, the Commission appointed its first Executive Vice-President for Tech Sovereignty, Security, and Democracy.
The normative foundations of digital sovereignty
Digital sovereignty is central to GAIA-X but remains a vague and contested concept. Some scholars argue that it is not a fixed legal norm but a space of competing ideas. Within the EU, it is used to pursue different – and conflicting – goals: security, economic autonomy, and fundamental rights.
This ambiguity shapes how legal instruments like the General Data Protection Regulation and the Digital Markets Act are developed and interpreted. Since the late 2010s, legislation has grown more restrictive in response to rising digital threats, such as mass surveillance and disinformation. Today’s sovereignty claims go beyond privacy. They reflect a deeper concern with foreign interference, geopolitical instability, and dependence on US infrastructure.
A geopolitical digital agenda
That dependency is particularly fraught. The presence of tech CEOs like Jeff Bezos and Mark Zuckerberg at Trump’s inauguration illustrated how tightly the US private sector is woven into global digital infrastructure. But it’s not just about business. The Chair of the US Federal Trade Commission called the Digital Markets Act ‘a tax on American tech companies’ and warned against laws ‘written to get at American firms abroad’, highlighting growing geopolitical friction around tech regulation.
In this context, the EU’s Digital Agenda 2020–2030 aims to create secure digital spaces balancing innovation, protection, and autonomy. Yet a fragmented understanding of what digital sovereignty means continues to hinder policymaking. Is the goal to store data within EU borders? To empower European providers? Without clear objectives, digital sovereignty risks becoming an empty slogan.
At the recent D9+ summit in Amsterdam, ministers from 13 digitally advanced Member States defined sovereignty ‘in an open manner’ as the ability to act autonomously while collaborating globally. This marked a shift from earlier calls to pause regulation. The concept of digital sovereignty, once contested, is slowly crystallizing into a shared European vision.
GAIA-X: between vision and reality
Since its founding, the GAIA-X Association has welcomed both European and non-European members. Despite progress on data spaces in sectors like health and energy, its status as a sovereignty project remains contested. The involvement of US firms, internal disputes, and the exit of key EU players have raised doubts about its coherence and independence. These challenges reflect deeper tensions about the meaning of digital sovereignty.
Still, there are encouraging developments. Catena-X, a sector-specific data infrastructure in the automotive industry involving BMW, Mercedes-Benz, and Volkswagen, shows that data sharing based on European values is feasible. The project has delivered concrete benefits in supply chain resilience and CO₂ tracking – proof that European data spaces can succeed beyond theory.
The way forward
Despite ongoing uncertainty, one thing is clear: EU regulation is more than a set of technical rules – it shapes the meaning and direction of digital sovereignty. Legal instruments give concrete form to values like privacy, security, and fairness, defining what a ‘European cloud’ could mean beyond infrastructure or market share.
GAIA-X is both a technical initiative and a political symbol. It reflects the EU’s ambition to build digital infrastructure grounded in public values and regulatory oversight. Whether this model can thrive in a fast-moving global tech landscape remains uncertain. But the real question is no longer if Europe can regulate Big Tech – but if it can build beyond it.