1. Introduction.
At the 2026 Mobile World Congress, the European Commission announced its ambitious plans to fund the building of EURO-3C, the first Telco-Edge-Cloud federated infrastructure in the EU. In the words of the Director of Public Policy, Competition and Regulation at Telefónica, the Spanish Telco company heading the EURO-3C project consortium, the project aims to deliver «a European scale cooperative computing network that brings together telco capabilities, connectivity, Edge and Cloud, all enhanced with AI [in]a shared effort to reinforce Europe’s industrial leadership and lay the foundations for true digital sovereignty».
The initiative stems from the need to secure an adequate level of digital sovereignty within the EU. The issue of digital sovereignty, as noted in the Commission’s First policy brief on Digital Sovereignty of 2025, can be understood as the Union’s capacity to exercise strategic independence in the digital domain, while remaining open and connected to global networks. This is essential for reducing vulnerabilities across economic, security, and technological spheres and for strengthening Europe’s competitiveness. It is in fact widely known that, while the EU champions a rights-based regulatory governance in all digital fields, the Union still heavily relies on non-EU providers for key technologies such as AI and cloud infrastructure. As a consequence, the EU digital market is characterised by structural limitations in the ability to independently manage and govern data.
EURO-3C responds to the need for «securing infrastructures, data, and software» as one of the four interlinked dimensions necessary for the achievement of digital sovereignty identified by the Commission. The other three dimensions are the empowerment of people through rights and skills; the fostering of competitive and innovative digital markets; and ensuring a governance that aligns regulation with legitimacy and global influence.
To this end, the EURO-3C project would combine telecommunications networks, edge computing, cloud and AI capabilities provided by over 70 organisations across the EU into a single, integrated platform. The integration of these technologies – which provide computational infrastructure for the storage and transmission of data across the network – should make it possible for EU-based providers to offer advanced digital services and, simultaneously, reduce the digital infrastructure dependencies currently affecting the EU digital single market.
The EURO-3C project is supported by three distinctive elements, namely: (i) Federation, i.e. an interoperable architecture that connects existing capabilities of multiple operators and cloud providers under a common European framework; (ii) Pan-European industrial scale, to enable collaboration between operators, industry, technology suppliers, SMEs and research centres; and (iii) Validated Impact, based on nine high business value use cases that will demonstrate real applicability and scalability.
To sum up, EURO-3C qualifies as an infrastructure-building initiative that should leverage existing computing and network capacity at the European level, to expand and enhance them through a federative and collaborative model. Its relevance is not only industrial, as it should also mark a strategic political shift which ultimately may reinforce personal and non-personal data governance within the EU.
2. Inside EURO-3C.
In terms of the structure of the EURO-3C project, its development will occur under the auspices of a consortium bringing together telecoms operators, cloud providers, technology manufacturers, SMEs, universities, research centres and large industrial companies. As mentioned, the consortium will be led by the Spanish telecommunications company Telefónica.
EURO-3C is funded by Horizon Europe, the EU programme to fund innovation, spanning the septennium 2021-2027, presented by the Commission as the largest transnational innovation and research project in the world. The predecessor of the current Horizon Europe programme, spanning the period 2014-2020, had already proved successful, as it allocated € 900 million to the establishment of the European High Performance Computing Joint Undertaking (EuroHPC JU) in 2018, a legal and funding entity that facilitates Member States in coordinating their efforts and resources to develop a European supercomputing system. Through this initiative, 12 European supercomputers have been inaugurated, three of which – Lumi, Leonardo, and Mare Nostrum 5 – have ranked in the top ten worldwide.
However, some reservations have been raised regarding the limitations of the EURO-3C project, specifically in relation to its ability to effectively provide an alternative to dependence on US providers. These concerns are raised not only in connection with computational capacity, but also due to the current competitive edge of US providers and the switching costs deriving from changing providers (Rao, 2026). In this connection, it has been reported (Rao, 2026) that just four U.S.-based hyperscalers—AWS, Microsoft Azure, Google Cloud, and IBM Cloud—together account for some 70 percent of EU cloud services. This is despite the fact that the 2018 U.S. CLOUD Act allows U.S. federal law enforcement—at least in theory—to compel U.S.-based firms to hand over data that is stored abroad.
3. Europe’s digital sovereignty problem.
EURO-3C is designed to respond to a seriously underdeveloped computational infrastructure in Europe. This vulnerability, in turn, affects the EU innovation rate in the advanced technologies sector, consequently further increasing the GDP gap with the US. In fact, the 2024 Draghi report details the industrial policies that should be adopted to address the innovation deficit in the EU, stating that «the EU has a unique opportunity to lower the costs of AI development by increasing computational capacity» (page 36).
At the same time, European-based providers are unable to compete, meaning that Europe will continue to depend on US hyperscalers, particularly due to a low-risk investment culture, scarcity of human capital resources, and an underdeveloped Single Market.
Along with the data, security, connectivity, and even business continuity risks linked to reliance on US-based ICT infrastructure providers, such risks have soared due to the sudden and dramatic reversal of the 80-year-long EU-US relations, announced as a consequence of the foreign political agenda of the second Trump administration. This brings about a tangible geopolitical risk for Europe, which exists not just in the most extreme form of a doomsday ‘kill switch’, where Washington turns off Europe’s internet, but most likely in the selective degradation of services (Rao, 2026).
4. Digital sovereignty as a European policy priority.
The EURO-3C project coincides with broader EU strategic priorities, which address the above-mentioned EU shortcomings in digital sovereignty. Specifically, strengthening the EU computing infrastructure has been clearly identified as a core strategic pillar of the EU’s Digital Decade Policy Programme 2030 with the Decision of the European Parliament and the Council (Decision (EU) 2022/2481). The Digital Decade Policy Programme sets out ambitious general digital objectives, the achievement of which is served by the EURO-3C project. Of particular relevance are the goals of (i) «ensuring the Union’s digital sovereignty in an open manner, in particular by secure and accessible digital and data infrastructures capable of efficiently storing, transmitting and processing vast volumes of data that enable other technological developments, supporting the competitiveness and sustainability of the Union’s industry and economy, in particular of SMEs, and the resilience of the Union’s value chains, as well as fostering the start-up ecosystem and the smooth functioning of the European digital innovation hubs» (art. 3, lett. c) of the Decision) and (ii) «developing a comprehensive and sustainable ecosystem of interoperable digital infrastructures, where high performance, edge, cloud, quantum computing, artificial intelligence, data management and network connectivity work in convergence, to promote their uptake by businesses in the Union, and to create opportunities for growth and jobs through research, development and innovation, and ensuring that the Union has a competitive, secure and sustainable data cloud infrastructure in place, with high security and privacy standards and complying with the Union data protection rules» (art. 3, lett. d) of the Decision).
These general objectives, at the same time, are instrumental to the attainment of the specific targets set out in article 4 of the Decision. The latter include the digital transformation of businesses – with a target rate of implementation of at least 75% of one or more of cloud computing services, big data and artificial intelligence by 2030 – and the full digitalisation of key public services.
Against the 2030 Programme objectives, the 2025 State of the Digital Decade report, on the progress made towards the digital targets, highlights, however, that connectivity infrastructure is still lagging. Additionally, the 2024 White Paper points out that the failure to develop an adequate connectivity infrastructure likely implies falling short in relation to all the 2030 digital targets, due to their interconnected nature.
In light of the urgency in achieving a robust connectivity infrastructure, the 2024 White Paper had already advanced the idea of a «transition towards interoperable cloud-based networks and the integration of telco-edge infrastructures and services», instead of the construction of a European connectivity infrastructure ex novo that would require mass investments of time and resources, thus increasing the risk of bottlenecks and dependencies in cloud infrastructure and services.
In parallel with the digital infrastructure-focused initiative, the EU is sustaining efforts to simplify the legal framework for electronic communications to support the growth of computational infrastructure in the Union. In particular, the Proposal for a Regulation for the Digital Networks Act (DNA proposal) would merge existing EU telecom legislation – namely the European Electronic Communications Code (EECC), the Body of European Regulators for Electronic Communications (BEREC) Regulation, the Radio Spectrum Policy Programme (RSPP), the Open Internet Regulation (OIR), and Directive 2002/58/EC (ePrivacy Directive) – into a single legal act. The proposal, along with the EURO-3C project, responds both to the need to achieve a single telecom market and to increase technological sovereignty (Commission announcement).
5. Implications for European data governance.
Along with the political vulnerabilities linked to the reliance on non-EU cloud providers for computational infrastructure, there are of course also significant risks concerning data protection.
The lack of digital sovereignty in Europe, and the consequent migration of data towards foreign or foreign-controlled infrastructure, has led to various claims of extraterritorial control over data by different jurisdictions (Catanzariti, 2022). In this respect, reference should be made in particular to the US CLOUD Act of 2018. The CLOUD Act, in essence, may oblige US-based digital-service providers to preserve and disclose customer information, regardless of where the information is stored. As such, it presents a large risk of extraterritorial access to data located in the Union, at least in theory. In all evidence, the dependency on US cloud service providers, coupled with their subjection to politically motivated pressures, ignites friction with the principles enshrined in the GDPR, as an instrument meant to secure effectiveness to personal data protection as a fundamental right under the European Charter.
6. Concluding remarks.
The announcement of the EURO-3C project, which would significantly advance the EU’s ambitions towards achieving digital sovereignty, may also influence the future of EU data governance. While future developments of the project will determine the magnitude of its impact, EURO-3C certainly holds the potential to determine a shift in Europe’s geopolitical position and in its policy-making approach, while strengthening guarantees for the protection of the digital identity of EU residents and beyond, given the extraterritorial reach of the GDPR.
