Operational Accountability Must Drive Europe's Sovereign Cloud Strategy, Warns Advania at EU Parliament

As European technology policy increasingly focuses on digital sovereignty, the debate must shift from conceptual ambitions to tangible, operational accountability. This was the central message delivered by Henric Skalberg, Head of Cyber Security and Compliance at Advania, during the European Internet Forum’s lunch debate at the European Parliament in Brussels.

The session convened policymakers and industry leaders to discuss the European Commission's CAIDA proposal and the necessary conditions for building a functional sovereign EU cloud ecosystem. Serving as First Respondent alongside representatives from the European Commission, Thales, CISPE, and the ITI Council, Skalberg grounded the policy discussion in the practical execution of delivering local cloud infrastructure.

He emphasized that when dealing with critical infrastructure—such as healthcare systems, energy grids, and government services—the question of who controls the infrastructure is not philosophical, but an absolute operational necessity.

"For us, sovereignty is not a concept," he says. "It's something we deliver every day. We are not discussing theory. We are operating it".

The Risk of "Sovereignty-Washing"

Skalberg warned against "sovereignty-washing"—solutions that appear compliant but lack genuine operational control and clear legal ownership underneath. He noted that the DIGIT Cloud Sovereignty Framework represents a meaningful step toward fixing this issue, but stressed that its value depends entirely on whether public procurement processes apply it consistently, rather than treating it as a simple checkbox.

He also addressed a recurring misconception that achieving sovereignty requires excluding global technology providers, pointing out that the ideal model combines global technology with local operation and clear legal ownership.

"Europe does not need to choose between global technology and sovereignty. But we do need to ensure that critical infrastructure is operated under European control, with real accountability," Skalberg stated.

Four Structural Barriers to European Cloud Sovereignty

During the debate, Skalberg outlined four specific pressure points currently holding Europe back from fully realizing its sovereign cloud ambitions:

1. Infrastructure Capacity: Europe urgently needs more data centers, but the permitting process is too slow. This bottleneck is compounded by rising energy costs, which are putting pressure on investment decisions right when acceleration is required.
2. Component Sourcing: While the EU Chips Act is a genuine achievement for supply chain resilience, the Cyber Resilience Act risks adding complexity to component sourcing, requiring continued dialogue between policymakers and operators.
3. Regulatory Compliance: The current regulatory landscape places a disproportionate burden on smaller providers, particularly when they are trying to serve large customers with complex requirements.
4. Cross-Border Consolidation: There is a structural issue where European providers are struggling to build the necessary scale to compete globally because cross-border consolidation remains unnecessarily difficult.

Aligning Policy with Operational Reality

Despite these challenges, Skalberg maintained a pragmatic outlook on the future of Europe's digital infrastructure.

"These are solvable problems," Henric says. "But they require alignment between policy ambition and operational reality".

For the sovereign cloud ecosystem to succeed, Skalberg noted that success will ultimately look like faster permitting, stable energy pricing, regulations that actively incentivize rather than only sanction, and sovereignty definitions that are applied strictly in public procurement rather than just referenced in frameworks. Europe’s digital future, he argued, will be determined by who builds the infrastructure, who operates it, and who is ultimately accountable when it matters. That is where sovereignty either becomes real or remains a label.