
Europe's €180M Cloud Bet Is a Rounding Error. Now What?
€180 Million Sounds Like a Lot Until You Do the Math
The EU Commission is handing €180 million to four European cloud providers this week and calling it a sovereignty strategy. Let me put that number in context. AWS alone is spending roughly $100 billion this year on capital expenditure. That is not a typo. The EU's entire sovereign cloud bet is 0.18% of what one American company spends annually on infrastructure. If you're a CTO reading this and feeling reassured by EU policy, stop. This is not a strategy. This is a press release.
I run HEIMLANDR.IO out of Jönköping, Sweden. We build custom SaaS development projects, AI solutions, and blockchain development for clients who need things that work in the real world. Not things that satisfy a compliance checkbox. From where I sit, the EU sovereign cloud conversation is almost entirely disconnected from what builders actually need. And if Swedish companies follow this playbook without thinking, they're going to end up running two stacks at twice the cost with half the capability.
What Actually Happened This Week
Here's the full picture, because the headlines are only giving you a slice of it.
The EU Commission awards this €180M contract. Simultaneously, it delays its broader tech sovereignty legislative package for the third time. It is also weighing new restrictions on US cloud providers for sensitive government data. Meanwhile, Berlin publishes a new sovereign cloud checklist that quietly excludes most European providers too. And Microsoft responds by expanding its "sovereign cloud features," offering to be both the jailer and the locksmith.
Read that sequence again. The EU is funding a small cluster of providers, failing to pass its own sovereignty laws, and the largest US cloud vendors are already co-opting the language of sovereignty to sell the same product with a European flag on it. This is not strategy. This is theater.
Proton's 2026 survey says Nordic demand for EU cloud alternatives sits at 85%. That number is real. The desire is real. But desire without execution is just frustration, and that is exactly where most Nordic CTOs find themselves right now.
The Dual-Stack Tax Is Already Here
Let me describe what this looks like in practice for a Swedish company.
You have production workloads on AWS or Azure because that is where the tooling, the talent pool, and the scale economics are. Your compliance team tells you that certain data categories need to live on EU-sovereign infrastructure because of GDPR, the upcoming Data Act, and whatever your industry regulator said last quarter. So now you're running a second stack. Maybe it's on a European provider. Maybe it's on-prem. Either way, you now have two sets of ops, two sets of monitoring, two CI/CD pipelines, and your engineering team is split across both.
The cost isn't just financial. It's cognitive. Your best engineers are spending cycles on infrastructure plumbing instead of building the thing that makes your company money. I see this pattern constantly in the fullstack development work we do at HEIMLANDR. Companies come to us with ambitious product roadmaps and then lose months to compliance-driven infrastructure decisions that add zero customer value.
This dual-stack reality is not going away. It's getting worse. And the EU's €180M is not going to fix it because the problem was never "we don't have enough European data centers." The problem is that sovereignty was framed as an infrastructure question when it's actually a data question.
Sovereignty Lives at the Data Layer, Not the Rack
Here is my actual position, and I'll say it plainly: you will not out-build AWS. No European consortium will. Not with €180 million, not with €18 billion. The hyperscalers have a decade head start, recursive investment loops, and a talent density that no government program can replicate on any relevant timeline.
But you don't need to out-build AWS to have sovereignty. You need to own your data layer.
What does that mean concretely? It means encryption you control. Key management that never touches a third-party jurisdiction. Data architectures where the compute can happen anywhere but the data residency and access controls are yours. It means smart contract development for audit trails that no single entity can rewrite. It means treating data sovereignty as a software problem, not a hardware problem.
The irony is that the open-source ecosystem is already building this. Projects like awesome-selfhosted (293k+ stars on GitHub and growing) represent a massive catalog of self-hostable services that give you sovereignty at the application layer regardless of where your VMs run. Traefik as a cloud-native proxy lets you control ingress and routing across hybrid environments. n8n gives you self-hosted workflow automation with AI capabilities, so your process orchestration doesn't depend on a SaaS vendor in a foreign jurisdiction.
None of this required €180 million in government funding. It required engineers who care about the right problem.
Sweden and the Nordics: Getting Some Things Right, Missing Others
I have complicated feelings about Sweden's position here.
On the positive side, the Nordics have a genuine engineering culture. Stockholm is a legitimate tech hub. We have strong digital infrastructure, high broadband penetration, and a population that's comfortable with digital services. Swedish companies like Mullvad and Proton (ok, Proton is Swiss, but the Nordic user base is massive) have built real privacy-first products that people actually use.
Sweden also has something the US doesn't: a functioning regulatory environment that, when it works, creates trust. The Swedish IMY (Integritetsskyddsmyndigheten) has been more active and coherent than many of its EU counterparts on data protection enforcement. That matters.
Where Sweden is falling short: we are not investing in the software layer of sovereignty. The conversation in Swedish enterprise is still dominated by "which cloud provider should we pick" rather than "how do we architect so the provider doesn't matter." This is a failure of imagination, and it's a failure that the consulting establishment perpetuates because multi-cloud migrations are very profitable for the Big Four.
Compare this to what's happening in Asia. Countries like Singapore and Japan are building sovereign data exchange protocols. India's Data Empowerment and Protection Architecture (DEPA) is creating programmatic consent layers. These are software-first sovereignty approaches. Europe is still thinking in terms of which company gets the government contract.
From Jönköping, I watch Stockholm and Brussels with equal frustration. The talent is here. The will is sort of here. The strategic clarity is not.
Where This Goes: 2027 and Beyond
Let me sketch the trajectory I see playing out over the next two to five years.
The compliance tax grows
As the EU Data Act takes full effect, as the AI Act enforcement ramps up, and as sector-specific regulations layer on top, every company operating in Europe will face growing pressure to demonstrate data residency, algorithmic transparency, and supply chain sovereignty. The dual-stack tax I described above becomes a triple-stack tax. Companies that didn't architect for this from the beginning will spend more on compliance than on product development.
Hyperscalers absorb "sovereignty" as a feature
Microsoft is already doing this. AWS will follow. Google will follow. Within two years, every major cloud provider will offer a "sovereign mode" that technically complies with EU requirements while changing nothing about the underlying power dynamics. The EU providers funded by this €180M will struggle to compete with sovereign-branded hyperscaler products that are integrated into toolchains everyone already uses. This is the most predictable outcome in enterprise tech.
The real sovereignty stack emerges from open source and crypto-native architectures
This is the part I'm genuinely optimistic about. Between self-sovereign identity, zero-knowledge proofs, end-to-end encrypted compute environments, and the maturation of on-chain audit mechanisms, we're going to see a new stack emerge. It won't be branded "EU sovereign cloud." It will be a set of architectural patterns and open-source tools that make jurisdiction almost irrelevant because the math protects you, not the policy.
At HEIMLANDR, this is exactly the intersection we work in. Our blockchain development and AI agents work converges on this thesis: software systems that are sovereign by design, not sovereign by government decree.
AGI changes the equation entirely
Here's the part almost nobody in the sovereign cloud conversation is thinking about. If we reach AGI or near-AGI capability in the next five years (and the trajectory suggests we might), the compute requirements will be astronomical. No European sovereign cloud initiative can provide AGI-scale compute. Full stop. The only way European companies access that capability is through the hyperscalers or through novel architectures (federated compute, edge inference, specialized accelerator networks) that don't exist yet at scale.
This means the sovereignty question in an AGI world is entirely about the data and model layer. Who controls the training data? Who owns the fine-tuned weights? Who has the encryption keys? The rack in Frankfurt is irrelevant if the model trained on your data is controlled by an entity in Redmond.
If you're a CTO thinking about 2028 and beyond, this is the frame. Don't think about where the server is. Think about who controls the intelligence.
What to Look At
Enough theory. Here are concrete things worth your time this week.
awesome-selfhosted. If you haven't reviewed this repository recently, do it. It's a comprehensive catalog of every self-hostable application category you can think of. Use it as a checklist for your sovereignty audit. For every SaaS dependency you have, ask: could we self-host this if we needed to? You don't have to self-host everything. But you should know that you could.
n8n. Self-hosted workflow automation with native AI capabilities. 188k stars and growing fast. If your business process orchestration currently depends on Zapier or Make, n8n gives you the same power without the jurisdictional dependency. We've been using it in several client projects and the self-hosted option with AI integrations is production-ready.
Traefik. Cloud-native application proxy. If you're running a hybrid or multi-cloud setup (and if you're in Europe, you probably are or will be), Traefik handles the routing complexity cleanly. 63k stars. Mature project. Battle-tested.
Your own encryption key management. This isn't a repo, it's a practice. If you don't have a clear answer to "who holds our encryption keys and under what jurisdiction," that's your Monday morning task. Everything else is secondary.
The Bottom Line
€180 million is not a cloud sovereignty strategy. It's a rounding error dressed up as policy. Everyone involved knows this. The EU knows it. The funded providers know it. The hyperscalers know it and they're already building the co-option playbook.
But here's the thing. Sovereignty is real and it matters. It just doesn't live where Brussels thinks it does. It lives in your encryption architecture. It lives in your data contracts. It lives in open-source tools that give you optionality. It lives in smart contract audit trails that no single actor can alter. It lives in the decisions your engineering team makes this quarter about how to structure your stack.
From Jönköping, I see a Europe that has the engineering talent, the regulatory motivation, and the market demand to build genuinely sovereign systems. What it lacks is the strategic clarity to invest at the right layer. Stop buying racks. Start owning data.
That's your briefing for today. Go build something that actually gives you control.
Fredrik Brunnberg is the CEO of HEIMLANDR.IO, building AI and software solutions from Jönköping, Sweden. This is the daily HEIMLANDR briefing. If you found this valuable, share it with someone who builds things.
CEO & Writer
CEO of HEIMLANDR.IO. Punk rock tech from Jönköping, Sweden. Building AI systems, blockchain infrastructure, and writing about where this industry is actually heading — no echo chamber, no hype.