Skip to content
Artificial Intelligence Digital Privacy Explainers 12 min read

The $80 Billion Sovereignty Rush: Why Nations Are Building Their Own Cloud Infrastructure

Global spending on sovereign cloud systems is projected to reach $80 billion in 2026 as the US trade report identifies more than 30 countries with cloud, localization, or cross-border data restrictions.

Modern data center representing sovereign cloud infrastructure
Reading mode

Global spending on sovereign cloud infrastructure is projected to hit $80 billion in 2026, a 35.6% surge driven by governments and organizations trying to retain control over data and AI systems.[s] The numbers reflect a tectonic shift in how nations view digital infrastructure: not as a commodity service but as critical national security apparatus, on par with power grids and telecommunications networks.

Why Sovereign Cloud Infrastructure Matters Now

The math is stark. In 2025, Amazon, Microsoft, and Google controlled roughly 63% of the global cloud infrastructure market: AWS at 30%, Azure at 20%, and Google Cloud at 13%.[s] For Europe, the dependency runs deeper: competition economist Cristina Caffarra estimates that 90% of European digital infrastructure, including cloud, compute, and software, is controlled by non-European, predominantly American companies.[s]

This concentration of global cloud infrastructure creates what critics call infrastructure chokepoints: single points of failure that foreign powers or corporations could exploit during geopolitical disputes. The concern is not theoretical. When the International Criminal Court’s chief prosecutor Karim Khan was temporarily locked out of his Microsoft Outlook account amid US political pressure, the institution moved to replace its Microsoft office software with European alternatives.[s]

The legal framework compounds the risk. The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to hand over data regardless of where that data is physically stored. Any private contract between a European customer and a US cloud provider is subordinate to US federal law.[s]

The Scale of the Sovereignty Rush

McKinsey estimates that 30 to 40 percent of all AI spending could be influenced by sovereignty requirements, representing a market of $500 billion to $600 billion globally by 2030.[s] The sovereign cloud infrastructure push has alarmed Washington. The 2026 US National Trade Estimate Report on Foreign Trade Barriers identifies more than 30 countries that restrict cross-border data access, while references to cloud and data localization increased by roughly 50% from the 2025 report.[s]

The number of data localization laws worldwide has more than doubled since 2017.[s] Yet the infrastructure remains concentrated: only 32 countries worldwide host AI-specific data centers, leaving around 160 nations dependent on foreign systems.[s]

Europe’s Concrete Steps

Germany’s Schleswig-Holstein state is migrating 30,000 civil servants off Microsoft products to open-source alternatives. The state began in March 2024 and has already transitioned 24,000 employees to LibreOffice, Nextcloud, Open Xchange, and Thunderbird.[s] Austria’s Federal Ministry for Economy completed a migration of 1,200 employees to Nextcloud, deliberately choosing not to adopt American cloud services.

At the European level, EURO-3C was announced at Mobile World Congress in March 2026: a Telefonica-announced federation of more than 70 organizations building a sovereign cloud infrastructure network. Rather than constructing a hyperscaler from scratch, described by project leaders as “very difficult” for Europe to achieve, the project connects existing national infrastructure nodes into a federated system.[s]

Caffarra argues that the earlier Gaia-X initiative, launched with similar ambitions, failed because American hyperscalers were allowed inside the project: “Once Microsoft, Google, and AWS were inside Gaia-X, the initiative lost its purpose.”[s] The lesson has shaped how European leaders now approach vendor lock-in: any provider subject to US extraterritorial law cannot be considered sovereign for European purposes.

National AI Infrastructure Programs

France says AI-related public, private, and international commitments total €109 billion, while the France 2030 plan includes targeted AI research and development funding; the country is targeting 1.2 million GPUs by 2030.[s] President Emmanuel Macron framed the effort explicitly as sovereignty: “This is our fight for sovereignty, for strategic autonomy. We want our cloud, we want our data centres, we want our computing capacities.”[s]

NVIDIA announced what it called the largest AI infrastructure rollout in the United Kingdom’s history: 120,000 NVIDIA Blackwell Ultra GPUs and up to £11 billion for local data centers by the end of 2026.[s] Nscale CEO Josh Payne captured the rationale: “Sovereign AI infrastructure is key to national resilience, economic growth and strategic autonomy.”[s]

Forrester predicts that half of G20 nations will mandate domestically tuned AI models for public sector services.[s] The shift applies to enterprise AI deployment as well: organizations increasingly find that existing cloud infrastructure cannot provide the assurances required for sensitive or regulated workloads.

The Economic Counterargument

Not everyone views the sovereignty rush as wise. The Center for Strategic and International Studies warns that if nationalistic sovereign clouds become isolated “splinter clouds,” it brings huge economic costs and fragments the open, global technology system.[s]

Sovereign controls bring measurable penalties: higher costs, slower growth, and less innovation, making the economies that use them less competitive. CSIS notes that sovereign infrastructure has a poor track record of success and often becomes stranded investment.[s] Similar supply chain vulnerabilities exist in other sectors where the economics of scale favor concentration.

McKinsey data shows sovereign AI migrations typically take three to four years, driven not by technology limitations but by the organizational work required to move regulated workloads.[s] Most enterprises list sovereign AI on their 2026 roadmaps but lack detailed strategy, budgets, or workload tiering.

The US Response

Washington treats data sovereignty as a trade barrier. The 2026 National Trade Estimate Report makes no distinction between legitimate security concerns and protectionism, placing Canada’s sovereign cloud initiative alongside Turkey’s blanket ban on public-sector cloud computing.[s]

The strategy is two-pronged: the CLOUD Act asserts legal access to data wherever it sits, while trade policy pressures countries that try to move data beyond that reach. El Salvador’s decision to permit cloud-based storage of credit history data following US engagement is cited in the report as a model outcome.[s]

What Happens Next

The structural risk remains: if a country outsources its ability to manage its own computing infrastructure, a foreign country or company could shut down key capabilities in the future.[s] With over 80% of all data centers located in developed countries and China, and Africa hosting less than 1%, the sovereignty gap mirrors existing economic divides.[s]

Gartner projects organizations will shift 20% of existing workloads from global public clouds to local providers.[s] The question is whether sovereignty initiatives can avoid the fragmentation that makes them counterproductive, or whether the $80 billion annual investment becomes another form of stranded capital in a rapidly evolving technology stack.

The Technical Architecture of Sovereign Cloud Infrastructure

Sovereignty operates across four distinct dimensions that determine actual control over AI and data systems: territorial (where data and compute physically reside), operational (who manages and secures infrastructure), technological (who owns the underlying stack and intellectual property), and legal (which jurisdiction governs access and compliance).[s]

Most sovereign cloud infrastructure offerings from US hyperscalers address only the territorial dimension: data centers located on European soil. Critics call this “sovereignty washing” because the parent company remains subject to the CLOUD Act. As Caffarra puts it: “A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe. That simply doesn’t work.”[s]

True sovereign cloud infrastructure requires addressing all four layers. France’s SecNumCloud 3.2 certification mandates that cloud providers handling sensitive government data be at least 61% EU-owned and immune from non-EU laws. US hyperscalers cannot achieve this certification without establishing joint ventures with local partners.[s]

Market Concentration and Infrastructure Chokepoints

The broader infrastructure cloud market shows extreme concentration. In 2025, Amazon AWS commanded 30% market share, Microsoft Azure 20%, and Google Cloud 13%.[s] European cloud service providers’ share of the European infrastructure cloud market fell from 22% in 2017 to 15% in 2024.[s]

This concentration creates infrastructure chokepoints analogous to supply chain vulnerabilities in semiconductor manufacturing. Only 32 countries worldwide host AI-specific data centers, leaving approximately 160 nations dependent on foreign infrastructure for AI compute.[s] The US and China together control more than 90% of global AI data center capacity.

The implications extend to model training. Enterprise AI deployment requires access to high-density GPU clusters, subsea cable connectivity, and low-latency networks. Without those pieces, a country struggles to compete in frontier AI development.

The CLOUD Act Mechanism

The US CLOUD Act of 2018 compels American technology companies to provide requested data regardless of where that data is physically stored. The mechanism operates through warrants that legally obligate compliance.[s]

This creates a direct collision with GDPR Article 35, which mandates Data Protection Impact Assessments before deploying technology “likely to result in a high risk to the rights and freedoms of natural persons.” When conducted for US hyperscaler services, these DPIAs flag the CLOUD Act as a significant, often unacceptable risk. The legal conflict is increasingly becoming the primary driver for public bodies seeking alternatives.

Technical mitigations like encryption depend heavily on key management. If the US provider manages encryption keys, key control can undercut contractual privacy commitments. This is why architectural sovereignty (who controls the stack) matters as much as territorial sovereignty (where data sits).

Sovereign AI Stack Components

Building sovereign cloud infrastructure and AI capability requires coordination across multiple layers: energy supply, compute hardware (GPUs and NPUs), data center infrastructure, networking (subsea cables and low-latency interconnects), cloud platforms, model training capacity, and application layers.[s]

France’s approach illustrates the full-stack strategy. The country’s AI push combines a 1.2 million-GPU target by 2030 with leverage of its 57-reactor, 61 GW nuclear infrastructure to power AI compute. A €10 billion partnership with Fluidstack is planned to deliver 500,000 next-generation AI chips, with Phase 1 operational by 2026 providing 1 GW of compute power.[s]

The UK’s 120,000 NVIDIA Blackwell Ultra GPU deployment includes Stargate UK, where OpenAI is expected to serve models, including GPT-5, from Nscale’s UK data centers by 2026.[s] This represents a hybrid approach: sovereign infrastructure hosting frontier models from US providers under local operational control.

Migration Complexity and Vendor Lock-in

Sovereign cloud migrations take three to four years on average, driven primarily by organizational rather than technical barriers.[s] The bottleneck is data readiness: classifying workloads by regulatory exposure, establishing encryption and key ownership protocols, implementing identity and access controls, and building incident response pathways.

McKinsey’s survey data shows most enterprises list sovereign AI on their 2026 roadmaps but lack detailed strategy, action plans, budgets, and workload tiering.[s] Sovereign AI offerings are perceived as 10 to 30% more expensive than global alternatives, making the business case dependent on regulatory requirements rather than performance benefits.

Caffarra’s critique of Gaia-X demonstrates how vendor lock-in can be maintained even within sovereignty initiatives. She argues that American companies lobbied to be included and that the presence of Microsoft, Google, and AWS caused the initiative to lose its purpose.[s] EURO-3C takes a different approach by emphasizing a federated European network.

Economic Trade-offs and Fragmentation Risk

CSIS analysis identifies concrete costs: sovereign controls bring higher infrastructure expenses, slower deployment timelines, and reduced access to innovation, making economies less competitive globally.[s] If nationalistic sovereign clouds become isolated “splinter clouds,” the result is fragmentation of the global technology system with economic losses exceeding any security gains.

The counterargument from sovereignty advocates: if a country outsources computing infrastructure, foreign actors could disable critical capabilities during geopolitical disputes.[s] The ICC case, where political pressure was followed by an account lockout, provides a concrete example of this risk materializing.

Gartner projects 20% of workloads will shift from global public clouds to local providers.[s] The question is whether this selective migration, focused on sensitive and regulated workloads while maintaining global infrastructure for commodity services, can capture sovereignty benefits while minimizing economic costs.

Regulatory and Trade Dynamics

The US treats data localization as a trade barrier. The 2026 National Trade Estimate Report identifies more than 30 countries with cloud, localization, or cross-border data restrictions, including Canada, France, Japan, Bolivia, Colombia, and South Korea.[s] The report makes no distinction between transparent rule-of-law procurement and opaque regulatory regimes.

The strategy combines the CLOUD Act (extraterritorial data access) with trade policy pressure (rolling back localization requirements). El Salvador’s reversal on credit data localization following US engagement is cited as a model for replicating bilateral pressure.[s]

Forrester predicts 2026 will be the year of tech nationalism: “Global digital norms will give way to tech nationalism when it comes to AI models. Amid geoeconomic fractures and AI disruption, 2026 is the year governments choose domestic-first, from model selection to hosting, rewriting AI procurement and compliance in the process.”[s] Half of G20 nations are expected to mandate domestically tuned AI models for public sector services.

How was this article?
Share this article

Spot an error? Let us know

Sources