Google Cloud urges EU to revise Cloud and AI Development Act

The European Commission’s Tech Sovereignty Package has sparked debate over how to balance digital autonomy with global collaboration. Google Cloud, a major provider of hyperscale infrastructure, has responded with a detailed critique of the proposed Cloud and AI Development Act (CADA), warning that its current design could undermine Europe’s goals of openness and competitiveness.

Google Cloud’s position centers on three key areas: sovereign certification, interoperability, and infrastructure investment. The company argues that the EU’s approach should prioritize technical control and flexibility over rigid geographic criteria, enabling global providers to contribute to Europe’s digital ecosystem without sacrificing security or compliance.

Sovereign certification and global partnerships

The CADA proposal introduces Union Assurance Levels (UALs), a tiered certification system intended to standardize sovereignty requirements across EU member states. Google Cloud contends that the current criteria for these levels could exclude global providers, even those offering robust security mitigations. The company highlights its existing sovereign cloud solutions, such as the S3NS offering in France, which has achieved SecNumCloud 3.2 certification, Europe’s highest regulatory standard for sovereignty.

Google Cloud’s suite of tools, including the Cloud External Key Manager (EKM), allows customers to retain control of encryption keys outside Google’s infrastructure, creating a technical barrier to unauthorized access. The company argues that such capabilities demonstrate that sovereignty can be achieved without isolating the European market. It points to the proposed Industrial Accelerator Act as a more balanced model, one that presumes trusted non-EU partners can operate under EU rules while maintaining global trade relationships.

Interoperability and vendor lock-in

A core objective of the Tech Sovereignty Package is to foster an open, interoperable cloud ecosystem. Google Cloud supports this goal but warns that restrictive licensing practices and proprietary ecosystems undermine it. The company advocates for reforms to ensure software licenses can be moved freely between cloud providers, legacy software is priced fairly, and applications perform consistently across platforms.

Google Cloud’s own approach emphasizes open infrastructure, including no data transfer exit fees and support for open AI models like Gemma. The company argues that such measures are essential to prevent vendor lock-in and reduce costs for European enterprises. Without these changes, it claims, the benefits of an open ecosystem will remain limited.

Infrastructure investment and regulatory alignment

The EU’s ambitions for digital sovereignty extend to physical infrastructure, including the Chips Act 2.0, which allocates €30 billion for semiconductor research and development. Google Cloud supports these investments but urges policymakers to create regulatory conditions that attract large-scale compute infrastructure projects. The company operates 13 cloud regions in Europe and has recently expanded in Germany, Belgium, and Sweden.

To accelerate data center deployment, Google Cloud backs the introduction of "special project" status for designated zones, which would streamline permitting, grid access, and power purchase agreements (PPAs). However, it cautions against geographic restrictions, arguing that supportive measures should extend to viable data centers outside these zones. The company also calls for alignment of national sustainability criteria with the upcoming EU-wide rating scheme to avoid penalizing energy-efficient technologies like water cooling.

What’s next for European digital policy

As EU ministers prepare for an upcoming Council Summit, Google Cloud’s position paper underscores the tension between sovereignty and global collaboration. The company frames its recommendations as a way to achieve Europe’s goals without disrupting supply chains or stifling innovation. It emphasizes its long-standing partnerships with European firms, such as Thales, T-Systems, and Telefónica, as evidence that global providers can meet sovereignty requirements while contributing to local economic growth.

The outcome of these discussions will shape Europe’s digital landscape for years to come, influencing everything from cloud procurement to AI development. For now, the debate hinges on whether the EU will adopt a more inclusive approach to sovereignty or prioritize geographic and regulatory isolation.