At last month’s Gaia-X Summit in Porto, European tech and policy leaders delivered a message that will land awkwardly in Seattle and Silicon Valley. US hyperscalers are welcome partners in Europe's cloud and data economy — but they are unable to deliver the kind of digital sovereignty Europe now wants for its most sensitive workloads.
Gaia-X CEO Ulrich Ahle explained that for a high percentage of the market, it's fine to build European data spaces on U.S. or Chinese cloud platforms. But not all of it.
"The highest level of sovereignty for European end customers can only be provided by providers having their headquarters in Europe," he said. Services from US providers, even when "operated in Europe, data stored in Europe are still under American legislation, under the Cloud Act."
Trust questions loom
Gaia-X is a European initiative launched in 2020 to create a federated, interoperable framework for cloud and data infrastructure. Rather than operating its own cloud, Gaia-X defines rules, standards and trust mechanisms that allow organizations to share and use data securely across borders while retaining control.
Ahle estimates that "90% of the market can fully be provided by the hyperscalers." However, the highest level of sovereignty within the Gaia-X framework, which accounts for roughly 10% of use cases and covers critical infrastructure, defense, and similar scenarios, is reserved for EU-headquartered providers such as OVHcloud and StackIT.
That's a direct challenge to the sovereign cloud offerings U.S. hyperscalers are now rolling out across Europe.
And for channel partners selling U.S. hyperscaler products and capabilities into Europe, the sovereignty gap noted by Ahle means they may need to rethink both their positioning and their portfolio. U.S. hyperscaler branding may not help partners access the more lucrative, regulated segments.
Chair of the Gaia-X Board and EVP digital at Airbus, Catherine Jestin, was careful not to vilify U.S. players. But she was blunt on limits.
"I really love to work with AWS, with Google and Microsoft. I have no problem with them. I'm using those services, but not for the most critical applications and services that Airbus is doing," she said.
Under the Cloud Act, American authorities can demand access to data held by companies under American jurisdiction, even if stored outside the U.S. Jestin pointed out that U.S. tech vendors may be instructed to hand over data, regardless of previous assurances.
Even if those providers publish transparency reports showing few or no government data requests, "the fact you have not done it in the past doesn't guarantee that you will do it in the future," she said. "So, you cannot trust. You cannot say it will not happen, even if it does not happen in the past."
When asked whether trust in U.S. providers had deteriorated under Donald Trump's second term in office, Jestin responded with, "It hasn't helped."
Building an alternative stack
The message from the Summit was that most enterprise data will continue to sit on U.S. clouds. But a meaningful, regulated slice will not.
For that segment, Gaia-X is building an alternative stack. Ahle announced the first version of a Gaia-X service catalog listing 600 services from 15 providers, with a target of 1,000 by year-end. Buyers can filter by geography, service type and security level, including the Level 3 Gaia-X label that hyperscalers can't attain.
Jestin stressed that this isn't just a control issue; it's an economic one. Data spaces — shared, rule-based environments for sectors such as automotive, energy or healthcare — incur real costs. "You need infrastructure. You need to maintain and support the connectors… identity and access management… the catalog… the contracts." Without clear value and a willingness to pay for higher-assurance services, "your data space will not be successful in the future," she said.
Gaia-X said hyperscalers will continue to play a significant role in Europe's cloud landscape. But it will be within defined compliance tiers that reflect regional sovereignty requirements. The coming year, officials said, will focus on translating those rules into broader adoption as more data spaces move from pilot to production.
