Strasbourg Sends a Signal:

The Era of US Dominance Is Over

Yesterday, the European Parliament made a decision that goes far beyond the usual Brussels symbolic politics in its scope. With a broad, cross-party majority, the EPP, Social Democrats, Liberals, and Greens adopted a report that unmistakably names Europe’s digital reality: technological dependence on US corporations is not an operational accident, but a strategic risk. And it is no longer politically acceptable.

The report marks a change of course. For the first time, it collectively formulates the demand to understand Europe’s digital infrastructure as a sovereign task – comparable to energy supply or transport. Cloud, artificial intelligence, and software are no longer treated as neutral market products, but as power factors. Which is exactly what they have long been.

At the center is the demand for a “Cloud and AI Development Act.” This is not just a pleasant-sounding title, but an admission of political failure over recent years. Europe’s administrations, companies, and research institutions have entered deep dependencies on US hyperscalers without control over the operation, legal framework, or further development of the technologies used. We have outsourced basic digital services – and with them, decision-making power.

This realization does not come out of thin air. Parallel to the vote in Strasbourg, export controls for “critical software” are being openly discussed in the USA. What falls under this remains deliberately vague. This is precisely the problem. If digital infrastructure is defined as a national security asset, it is no longer the market that decides availability, but geopolitics. And then it suddenly becomes subject to debate whether European companies will continue to have access to tools like Microsoft 365, GitHub, Docker, or AI services like ChatGPT or Claude – or only under conditions set politically.

By now, it is clear: The cloud is not a neutral storage location. It is a political instrument. Whoever controls the infrastructure controls the rules of the game. As long as central European data and processes run on platforms subject to US law – keyword CLOUD Act – every data protection debate, every security strategy, and every industrial policy ambition remains incomplete. Sovereignty ends where foreign jurisdictions have access.

Parliament names this structural problem with unusual clarity. It calls for a strategic realignment of public procurement. Member states should be allowed to specifically prefer European providers in critical areas. Not out of protectionism, but out of self-preservation. Whoever permanently buys public IT from non-European monopolists subsidizes their market power – and weakens their own ability to act.

Particularly clear is the setting of course in favor of open source. The principle of “Public Money, Public Code” is no longer formulated as a nice ideal, but as a strategic foundation. Software developed with taxpayers’ money should belong to the public: under free licenses, interoperable, auditable. This is not ideology, but the only realistic answer to vendor lock-in, lack of transparency, and dependency.

The analysis of the Gesellschaft für Informatik (German Informatics Society) underscores that this line is necessary. It speaks openly of “digital imperialism.” The new US security strategy explicitly defines digital infrastructures as an instrument of power. Europe appears in it not as a partner, but as a sales market and space of dependency. The numbers back this up: in 2024 alone, the European service balance deficit with the USA reached 148 billion euros. This money does not finance innovation in Europe but consolidates dominance elsewhere.

Against this background, the so-called “sovereignty washing” by many US providers also appears revealing. “Sovereign clouds” that technically and legally remain under US control do not solve a problem. They only shift it rhetorically. Sovereignty is not a marketing characteristic but a question of control, transparency, and legal framework.

The resolution from Strasbourg is therefore more than a political signal. It is a reality check. Europe is beginning to understand its digital infrastructure as a public task – and no longer as a conveniently outsourceable byproduct. Whether actual capability to act arises from this now depends on the consistency of implementation: in procurement, in funding, in regulation.

One thing, however, is clear: Digital sovereignty does not begin with a law. It begins with the decision to no longer make oneself dependent – even when the short-term path appears more convenient.