Amazon, Microsoft and Google hold 70% of the European cloud market; European providers, about 15% (Synergy Research). That dependency has become a boardroom topic: sovereign cloud spending in Europe is set to triple between 2025 and 2027, from 6.9 to 23.1 billion dollars (Gartner). In January 2026, AWS opened its sovereign European region in Brandenburg and announced a Local Zone in Belgium. For a Belgian company deploying AI, the question is no longer ideological but operational: which data, which models, with whom, and under which guarantees.
The European cloud market reached 61 billion euros in 2024, six times its 2017 level. But European providers' share shrank from 29% in 2017 to about 15% since 2022: the leading European players, SAP and Deutsche Telekom, weigh 2% each, far behind the three US hyperscalers that concentrate 70% of the market. Synergy Research estimates European cloud revenues will grow another 24% or so in 2025, driven notably by generative AI services (GPU as a service, GenAI platforms) growing at 140 to 160% per year.
Meanwhile, demand for sovereignty is surging. Gartner forecasts worldwide sovereign cloud (IaaS) spending of $80 billion in 2026, up 35.6%. Europe is the largest market: $6.9 billion in 2025, $12.6 billion expected in 2026 (+83%), then $23.1 billion in 2027. And the topic no longer concerns a minority: according to Eurostat, 52.7% of EU enterprises used paid cloud services in 2025, up from 17.8% in 2014.
The trigger is not technical but geopolitical and legal. The 2018 US CLOUD Act allows US authorities to demand data held by a provider subject to US law, wherever it is stored. Trade tensions, extraterritorial sanctions and a few highly publicised incidents have turned an expert debate into a purchasing criterion.
"Sovereign cloud" covers several distinct requirements. Confusing them leads to choices that are too expensive or too weak. Four levels stack up.
Few workloads require all four levels. A brochure website does not have the needs of a patient record, a banking system or a public register. The whole method consists in matching the sovereignty level to the sensitivity level.
The past year moved sovereign cloud from discourse to catalogue. Three families of offerings coexist.
Launched on 15 January 2026: an independent cloud, physically and logically separate, located entirely in the EU, operated exclusively by EU residents, with more than 90 services (including AI) and dedicated European governance. First region in Brandenburg, an investment of more than 7.8 billion euros, and sovereign Local Zones announced in Belgium, the Netherlands and Portugal.
Announced on 16 June 2025: Sovereign Public Cloud across all European regions (Azure, Microsoft 365, Power Platform), data processed within the EU Data Boundary and controlled by European personnel, Microsoft 365 Local for private cloud, and national partner clouds such as Bleu in France (Orange, Capgemini) and Delos Cloud in Germany (SAP).
OVHcloud, Scaleway, T-Systems, Exoscale or national players offer native legal sovereignty: entities under European law, outside the direct reach of the CLOUD Act. The trade-off is a narrower service catalogue than the hyperscalers', sometimes to be completed with open-source building blocks.
For the most sensitive workloads: dedicated infrastructure on your premises or with a Belgian host, possibly with extensions such as AWS Outposts or Azure Local. Maximum control, but costs, expertise and lead times to budget honestly.
An institutional signal: the European Commission itself launched a €180 million tender in late 2025 for sovereign cloud services for EU institutions, and the legislative package in preparation (Cloud and AI Development Act) aims to triple Europe's datacentre capacity. We analysed it in our article on the European "Sovereignty Act" and the CADA.
AI makes the question more urgent, for a simple reason: the data most useful to AI is often the most sensitive (customers, HR, finance, health, production). Three points of attention structure the choice.
Where the model runs. A US model consumed via API can be served from an EU region, but sovereignty then depends on the provider's commitments (data residency, staff, legal entity). The AWS European Sovereign Cloud ships with AI services at launch, with Mistral AI and NVIDIA among the partners; Microsoft applies its EU Data Boundary to AI processing. European or open-weight models, for their part, can be deployed with a European provider or on your own infrastructure; it is one of the arguments analysed in our article on Mistral AI and European sovereignty.
Where inference data goes. Prompts, documents injected via RAG, logs: that is where sensitive information flows, often more than in training. Contracts, encryption with keys you manage and log location matter as much as the hosting region.
Availability as a sovereign risk. A major outage in a US datacentre in October 2025 disrupted public services as far as the United Kingdom, and unilateral service suspensions have already hit international organisations. Sovereignty is also business continuity.
Sovereignty is not a binary choice between "all hyperscaler" and "all European". Gartner observes that 80% of new sovereign spending funds new solutions or modernisation, and only 20% migrations. The right approach is a portfolio.
Inventory your processing activities (including AI use cases) and classify them: public, internal, confidential, regulated. Sensitivity dictates the sovereignty level, not the other way round.
GDPR and transfers outside the EU, NIS2, DORA for finance, professional secrecy, sector rules or public procurement: each workload inherits precise obligations, to be documented.
Standard EU region for everyday workloads; a sovereign offering (hyperscaler or European) for confidential ones; private cloud or on-premise for the critical. Weigh the extra cost against the real risk.
Location of data and metadata, operating staff, external encryption keys, audit clauses, a tested exit plan. Sovereignty is proven in the contract, not in the brochure.
Start with the 10 to 20% of workloads that are truly sensitive: that is where sovereign cloud has a clear return on investment. For the rest, a classic EU region with encryption and solid clauses is often enough. A uniform requirement of maximum sovereignty doubles costs without reducing risk where it actually exists.
Belgium is moving from spectator to host: the sovereign AWS Local Zone announced in January 2026 will bring the infrastructure closer to Belgian companies, with in-country data residency and low latency. Deputy Prime Minister David Clarinval sees it as a competitiveness lever for Belgian businesses and the public sector. For an SME, it means options once reserved for large accounts (operational sovereignty, in-country data) become accessible without building a server room.
Concretely: a Brussels accounting or law firm can deploy a document AI assistant on a sovereign offering while keeping files and prompts under European jurisdiction; a Walloon manufacturer can train its maintenance models on a standard EU region while reserving the sovereign offering for sensitive production data; an institution subject to DORA or NIS2 will document its compliance more easily with a provider whose operations and governance are European.
A cloud offering designed so that data, its processing and the operation of the platform remain under European jurisdiction and control: data residency in the EU, EU-based operating staff, local governance and legal protections against extraterritorial access.
Yes. The 2018 CLOUD Act allows US authorities to require a provider subject to US law to hand over data, regardless of where it is stored, including in a European datacentre. That risk is what motivates encryption with external keys and the European governance structures of sovereign offerings.
Not necessarily. Sovereignty is decided workload by workload: according to Gartner, about 20% of new sovereign spending corresponds to migrations to local providers, and 80% to new solutions or modernisation. The hyperscalers now offer dedicated sovereign offerings, and European providers cover the most sensitive needs.
Yes. Generative-AI-specific cloud services (GPU as a service, GenAI platforms) are growing at 140 to 160% per year in Europe (Synergy Research). The AWS European Sovereign Cloud includes AI services at launch, and European or open-weight models can be deployed with European providers or on private infrastructure.
Molderez Consult helps Belgian companies classify their data and AI use cases, compare sovereign offerings and negotiate contractual guarantees: mapping, risk analysis, target architecture and migration plan.
Assess my options