On May 27, 2026, the European Commission unveiled its Tech Sovereignty Package, anchored by the Cloud and AI Development Act (CADA). The goal: triple the EU's computing capacity by 2030 and cut dependence on non-EU providers. A strong move — but 2030 is an eternity for the mid-market.
Brussels, May 27, 2026: Sovereignty Gets a Law
On May 27, 2026, the European Commission presented its Tech Sovereignty Package — perhaps the clearest sign yet that digital sovereignty in Europe has moved from a conference talking point to concrete industrial policy. The flagship of the package is the Cloud and AI Development Act, or CADA, formally adopted on June 3, 2026.
The stated goals are ambitious. The EU wants to triple its computing capacity by 2030 and meaningfully reduce its strategic dependence on providers outside the EU. CADA is flanked by a revised Chips Act, by investment provisions for open source, and by accelerated permitting for data centers.
The trigger is plainly measurable. European cloud providers hold less than 13 percent of their own home market. The large majority is split, essentially, among three US hyperscalers. Anyone buying cloud and AI infrastructure in Europe today is, with overwhelming probability, buying from a non-European provider — with all the consequences for data sovereignty, pricing power, and availability that this implies.
Klingt interessant?
The Right Diagnosis — and a Long Treatment Plan
There's little to argue with in the direction. That Europe needs its own computing capacity, that data-center permitting takes too long, that open source is a strategic lever and not just a niche topic — all of that is correctly diagnosed. CADA is not a symbolic act. It's a serious attempt at industrial policy to correct a structural dependence.
My reservation isn't about the what; it's about the when. "Triple computing capacity by 2030" is a statement about the end of the decade. Data centers don't appear overnight: land, power, permits, hardware supply chains, operating staff — these are multi-year undertakings, not quarterly ones. Even with accelerated procedures, building out European hyperscale capacity remains a long-horizon project.
For policymakers, that horizon is legitimate. Industrial policy thinks in decades. The only problem is this: mid-market companies don't think in decades. They make architecture decisions today, they ship products today, they commit to providers today. Anyone waiting for "2030" will, by then, either have fallen behind or have entrenched themselves more deeply in exactly the dependencies the package is meant to unwind.
What This Means for CTOs and Tech Leads
The central lesson from the EU package is not that you should wait for EU infrastructure. It's that sovereignty is a question of architecture — not a question of location alone.
First: sovereignty comes from optionality, not availability. Even if European computing capacity is abundant in 2030, it helps nothing if your systems are hard-wired to a single, non-European provider. The decisive property isn't where a model runs, but how easily you can swap it out.
Second: the policy timeline is not your timeline. A funding program that takes effect in 2030 does nothing for an operational risk that exists in 2026. If you need data sovereignty, predictable pricing, and resilience, you need them now — not as a political promise, but as a property of your own stack.
Third: sovereignty-by-architecture beats sovereignty-by-subsidy. Subsidies shift the market equilibrium slowly. Architecture is effective immediately. A system that doesn't know which specific provider it's using, and that can route workloads to European infrastructure when needed, is more sovereign today than any single location you've bound yourself to.
Put differently: CADA addresses the supply side. But the demand side — that is, you — can't wait for supply to catch up. You have to build sovereignty into your architecture before European capacity delivers it to you from the outside.
This Is Exactly Where nopex Comes In
The EU tech package confirms our position, but frames it as a goal for the year 2030. We deliver the same principle as a property a DACH company can use today.
nopex runs agentic software development on European data centers and combines it with provider-agnostic model routing: the application logic never knows which vendor is behind it. Open models where possible, proprietary frontier models where they add real value — but none of it is hard-wired. That is precisely the optionality that constitutes sovereignty.
The point is the timeline. A DACH company building with nopex gets the sovereignty benefit today — not in 2030, once EU computing capacity has tripled. Data sovereignty on European infrastructure, no single-vendor lock-in, the freedom to switch models when price, availability, or the political situation shifts. While CADA builds the conditions for the next decade, the architectural answer to the sovereignty problem is already available.
Brussels is right about the diagnosis. The only open question is whether you wait until 2030 — or whether you build sovereignty into your next architecture decision now.

