Europe did not vote to lock the American cloud out of its most sensitive data. It published a proposal, and the real barrier is a US law, not a European ballot.
The EU's Cloud and AI Development Act (June 3, a draft, not law until 2027 at the earliest) grades public-sector data across four sovereignty levels.
- Roughly 70 percent of public-sector workloads sit at Level 1, which US hyperscalers already meet through their European data centers.
- Only about 1 percent, the strict Level 4 tier, effectively shuts a foreign company out.
- The reason is the US CLOUD Act of 2018: a US-incorporated firm can be forced to hand over data wherever the server physically sits.
Ask where your provider is incorporated, not where the server lives. That is the question the whole fight turns on.






