Europe would like digital sovereignty to be a jurisdictional problem. It would be much easier for EU bureaucrats if the path to frontier AI ran through Brussels, could be secured by certification, and depended mainly on where a given cloud provider is incorporated. Unfortunately, the binding constraints are less cooperative: GPUs, chips, memory, power, capital, and the inconvenient fact that much of the relevant capacity is already spoken for.
On May 27, after repeated delays, the European Commission is expected to unveil the Cloud and AI Development Act (CAIDA), the centerpiece of its broader “Tech Sovereignty” package. In a new International Center for Law & Economics (ICLE) issue brief published today, I argue that the stricter versions of CAIDA favored by some stakeholders would impose most of their costs on European users, businesses, and public institutions. The package’s implied objective—legal immunity from non-European Union legal systems accessing EU data—is also unlikely to be achievable in practice.
The empirical backbone of the brief comes from SemiAnalysis’ research on the artificial-intelligence infrastructure market. Their numbers, more than the political messaging surrounding the package, make the clearest case against a categorical version of CAIDA.
This post puts those numbers front and center, while pointing readers to the full brief for the legal and policy analysis that follows from them.
The Market Did Not Wait for Europe
Three market realities all point to the same uncomfortable conclusion. None is something the EU can plausibly change fast enough to matter during this regulatory cycle.
Sovereignty Is Not a Compute Cluster
First, Europe does not host the top tier of rentable artificial-intelligence compute infrastructure. SemiAnalysis’ April 2026 “ClusterMAX 2.1” ranking evaluates graphics-processing-unit (GPU) cloud providers on the operational metrics that actually matter for frontier-AI development: how reliably a cluster performs useful work, and how quickly customers can deploy large-scale training jobs.
Across the entire Platinum-through-Silver range—the only tiers where serious frontier-model work happens consistently—the EU accounts for just three providers: Scaleway (France), Gcore (Luxembourg), and Nebius. Nebius, moreover, exists in its current form only because of the 2024 corporate split from Yandex, the Russian technology company.
GPU cloud providers in each tier of SemiAnalysis ClusterMAX 2.1 (April 2026), grouped by country of headquarters. The EU band (highlighted) contains one Gold-tier provider (Nebius, the post-Yandex Dutch entity), one Silver-tier provider in France (Scaleway) and one in Luxembourg (GCORE), and the rest in “Not Recommended.” Country-of-origin classification mine, not SemiAnalysis’s.
Cross-reference those rankings with the Cloud Sovereignty Framework procurement the European Commission completed last month: €180 million over six years, evaluated under the Commission’s Security and Eligibility Assurance Levels (SEAL) framework for legal and operational sovereignty. Only one of the four winning “sovereign” providers ranks in ClusterMAX’s top three tiers.
To be fair, SEAL and ClusterMAX are measuring different things. That is precisely the problem. A provider can score highly on legal sovereignty while performing poorly on the operational metrics that determine whether advanced AI systems can actually be trained and deployed effectively.
The Bottleneck Is a Cleanroom, Not a White Paper
Second, the semiconductor and memory supply chains are already effectively locked in. SemiAnalysis’ “Great AI Silicon Shortage” analysis finds that nearly every major AI-accelerator family has converged on Taiwan Semiconductor Manufacturing Co.’s (TSMC) N3 manufacturing process. AI demand is projected to consume 86% of N3 wafer output by 2027, with effective utilization exceeding 100% in the second half of 2026.
The bottleneck is not money. It is cleanroom capacity, which takes years to build.
The memory market tells a similar story through a different mechanism. SemiAnalysis describes a “once-in-four-decades” high-bandwidth-memory (HBM) supercycle, dominated by just three suppliers worldwide: Samsung, SK Hynix, and Micron. Customers are already signing long-term agreements backed by prepayments simply to secure future allocation.
None of these constraints responds, on any meaningful timeline, to directives from Brussels or the capitals of EU member states. Industrial policy cannot conjure advanced semiconductor fabs out of thin air—at least, not before this regulatory cycle ends.
You Are Not Outbidding Anthropic
Third, the rental market is already sold out, and frontier-AI customers are not about to be outbid. SemiAnalysis’ “Great GPU Shortage” analysis reports that on-demand GPU rental capacity is exhausted across both Nvidia’s Hopper and Blackwell architectures. Capacity scheduled to come online through August and September 2026 is already fully booked.
Prices reflect that scarcity. The H100 one-year contract-price index rose from $1.70 per GPU-hour in October 2025 to $2.35 by March 2026—a roughly 40% increase in just five months for what is now effectively a previous-generation chip.
Meanwhile, Hopper contracts originally due to expire this year are being renewed at the same rates customers agreed to two or three years ago, with terms extended through 2028.
Why are buyers willing to commit at that scale? Because the economics of frontier models have detached from the rest of the market. SemiAnalysis reports that Anthropic’s annualized revenue grew from roughly $9 billion at the end of 2025 to more than $44 billion by spring 2026. During the same period, inference gross margins rose from below 40% to above 70%.
A European entrant into this market—“sovereign” or otherwise—does not arrive as a market-maker. It arrives as a price-taker.
The Price of Sovereignty Is Paid by Users
If those three facts hold, then a version of CAIDA that pushes European users away from non-EU compute providers and application-programming interfaces (APIs) would not create meaningful European capability fast enough to matter during this regulatory cycle. It would, however, raise costs and reduce the quality of the AI systems European users can actually deploy.
Those costs vary by workload, which is worth unpacking separately.
SemiAnalysis’ “Cluster Total Cost of Ownership” methodology estimates that a Silver-tier cluster carries roughly 15% higher total cost of ownership than a Gold-tier cluster for a representative large-language-model (LLM) pretraining workload, even assuming identical GPU-hour pricing.
For any European lab trying to compete at the frontier, that translates into a research-velocity penalty measured in months of engineering time.
Inference workloads—the process by which trained AI models generate outputs for users—look somewhat different. There, the same methodology places the equal-priced Gold-versus-Silver gap below 1%. As the brief explains in greater detail, frontier-model training and frontier-model access through APIs bear sovereignty-related costs differently.
For European businesses and public institutions using Claude, GPT-5, or Gemini through an API, the binding sovereignty constraint is not where a request physically lands. It is whether users retain legal access to the API at all. That is the layer at which most European users actually encounter frontier AI.
The broader problem, developed at length in the brief, is that the categorical approach does not even deliver the legal immunity it implicitly promises.
The “immunity from non-EU law” standard embedded in the European Cybersecurity Certification Scheme for Cloud Services (EUCS) High+ framework assumes that EU headquarters and EU-based data processing sufficiently shield data from the reach of foreign legal systems. Canada’s King v. OVHcloud case is the live counterexample.
In September 2024, the Ontario Court of Justice issued a production order requiring OVHcloud to disclose subscriber data stored on servers in France, the United Kingdom, and Australia. The appeal remains pending.
That the most prominent extraterritorial production order of the past 18 months targeted Europe’s flagship sovereign-cloud provider, involving EU-hosted data, should weigh more heavily in this debate than it has so far.
Digital Sovereignty Is Not Autarky
At the EU level, CAIDA should take a risk-based rather than categorical approach, while preserving member-state subsidiarity for genuinely stricter public-administration requirements, instead of turning them into a single-market default. The genuinely narrow category of residual extraterritorial-risk concerns can already be addressed through Article 9 of the General Data Protection Regulation (GDPR), tailored national-security exceptions, and the proportionality principles that govern public-sector procurement more broadly.
The “build” side of the agenda—where European policymakers actually have leverage—looks very different. It runs through corporate-law reform, financial-single-market integration, and faster, harmonized permitting for data centers and electric-grid expansion.
The European Commission’s proposed “EU Inc.” framework belongs in that conversation, although its current drafting risks dilution through excessive deference to member-state legal autonomy—the same pattern I have criticized in earlier work.
The Commission’s own Joint Research Centre captured the core point with unusual bluntness for a JRC paper: “digital sovereignty cannot be equated with autarky.”
I will return to the package, the Council negotiations, and the EUCS High+ debate as the implementing acts come into view. For now, the key point is simpler than much of the rhetoric surrounding “AI sovereignty” suggests.
Europe’s binding constraints are silicon, capital, power generation, and its own hesitation to enact the corporate-law reforms its technology sector has requested for years—not jurisdiction.
A categorical CAIDA would not change those constraints. It would mostly change who pays for them.
