Policy & Sovereignty / Policy & Regulation

The US CLOUD Act grants American authorities access to data held by US providers—regardless of where servers physically sit. Every euro spent on these platforms funds innovation abroad while starving Europe's own. We're financing our strategic subordination. For European tech leaders, this isn't a compliance checkbox. It's an architectural choice, and the path to regulatory independence starts with infrastructure independence.

How a US survey vendor uses GDPR compliance theatre to distract European universities from the real problem: the CLOUD Act. (And we are not even talking about cost yet.)

Clouds of Europe scores SEAL-2 (60%) — strong on data residency and operational independence (all infrastructure EU-based via Scaleway), but weakened by US-based OAuth providers and an unmirrored npm/container supply chain. This matters because the EU Cloud Sovereignty Framework is becoming a procurement gatekeeper, and organizations below threshold risk exclusion from public sector tenders. Top improvements: EU image mirroring, an EU-native identity provider, and sustainability documentation.

The EU has actually done something quite smart here: they've created a common Architecture Reference Framework (ARF) and an official open-source reference implementation, which member states can fork, adapt, or use as a blueprint.