“Enlightenment is the process by which humans leave behind their self-imposed immaturity.” In 1784, Immanuel Kant formulated this famous sentence, defining the core idea of the European Enlightenment. Today, more than two centuries later, Europe finds itself in a paradoxical situation: politically and economically, the continent plays a leading role, but in the digital sphere, it has maneuvered itself into a form of “self-imposed immaturity”—a profound technological dependence on American technology companies that fundamentally jeopardizes Europe’s digital sovereignty.

The current figures paint a worrying picture: 96 percent of German companies import digital technologies from abroad, with 87 percent of these technologies coming from the US. Ninety percent of these companies consider themselves “highly” or “somewhat dependent” on their foreign partners. According to a recent Bitkom study, this dependency is likely to increase in the coming years – 60 percent of the companies surveyed expect a further increase. Bitkom (2025): Study report “Digital Sovereignty 2025”.

While Europe is making progress in terms of regulation—further stages of the groundbreaking EU AI Act have been in force since August 2, 2025—it is lagging technologically. This discrepancy can be associated with Kant’s dilemma between knowledge and action: we are aware of our dependence, but we still lack the necessary determination to act. However, a self-determined digital future for Europe is unthinkable without comprehensive digital literacy among all stakeholders, even if there is progressive regulation.

 

The anatomy of European dependence

Europe’s current technological dependence is particularly evident in cloud infrastructure, which can be considered the nervous system of the modern economy. The three US technology companies AWS, Microsoft, and Google control 72 percent of the European market. European providers hold only 15 percent—a significant decline from 27 percent in 2017.

In June 2025, the consequences of this dependence became clear when Anton Carniaux, chief legal officer of Microsoft France, had to admit under oath in a hearing before the French Senate: “There is no guarantee that data belonging to French or European citizens stored in EU data centers will not be transferred to US authorities.” This statement shows that Microsoft’s advertised “EU Data Boundary” does not have the legal substance that critics feared.

The US CLOUD Act (Clarifying Lawful Overseas Use of Data Act) of 2018 is the basis for this powerlessness. It allows US authorities to access data from American companies, regardless of where the data is located. For European companies and authorities that rely on US cloud services, this means that even data stored in Frankfurt or Paris can potentially fall under US jurisdiction.

The reactions to this revelation were immediate. The Danish Ministry of Digital Affairs announced a significant measure: the complete abandonment of Microsoft products in favor of Linux and LibreOffice. As Minister Caroline Stage announced, the entire ministry will be “free” of Microsoft by fall 2025. This is a significant signal that Europe is beginning to conclude its self-inflicted digital immaturity. The fact that the Danish Ministry of Digital Affairs continues to use Windows as its operating system and will only switch to LibreOffice illustrates the difficulties associated with this step.

 

The nuanced picture of the European AI landscape

In the field of artificial intelligence, the picture is more nuanced than in cloud infrastructure. While the major generative AI base models originate primarily from the US (OpenAI/Microsoft, Google, Anthropic) or China, Europe has developed competitive solutions in specific areas of application.

1. Mistral AI: The French start-up has established itself as a European pioneer. Particularly noteworthy is the data protection-compliant alternative to US services provided by the chatbot “Le Chat.” The company’s open-source philosophy ensures transparent use. Mistral has positioned itself as a serious competitor in the AI market with its high-performance models.
2. Black Forest Labs: The company has made a name for itself with its image generation model “Flux.” Flux is characterized by its high performance and is used for image generation by leading AI providers such as Elon Musk’s Grok and Mistral’s Le Chat. The version “Flux.1 Context,” released in May 2025, enables innovative image-text interactions that challenge existing US models.
3. NXAI/xLSTM: Austrian start-up NXAI, led by AI pioneer Sepp Hochreiter, has developed an innovative architecture for language models called xLSTM. This alternative to the Transformer architecture outperforms pure Transformer models and is significantly more efficient, as benchmarks show. The xLSTM 7B model has proven particularly promising in the field of robotics and industrial applications.
4. Swiss AI Initiative: A consortium consisting of ETH Zurich, EPFL, and the Swiss AI Center is developing domain-specific AI models for areas such as healthcare, financial services, and manufacturing. These so-called “Swiss ChatGPTs” are specifically tailored to Switzerland’s multilingual requirements and are being developed in strict compliance with European data protection standards. The new Swiss LLM is scheduled for release in late summer 2025 under the Apache 2.0 license.

These European success stories show that the continent can certainly be competitive in specialized areas. However, it lacks the critical mass and necessary scale to compete on equal terms with the US market leaders. Europe focuses on promoting excellence in specific areas, while the basic digital infrastructure, including chips and cloud services, is mainly controlled by American companies.

 

The EU AI Act: Regulatory leadership with an implementation gap

Since August 2, 2025, additional provisions have been in effect—Chapter III, Section 4, Chapter V, Chapter VII, and Chapter XII, as well as Article 78 of the EU AI Act. These represent a milestone in the world’s first comprehensive AI regulation. The focus is on new regulations for GPAI (general-purpose AI) models. GPAI models are versatile AI systems such as ChatGPT or Mistral that can be used for a wide variety of tasks.

Providers of such systems are now required to produce detailed technical documentation, ensure transparency about the origin of their training data, respect copyrights, and analyze and minimize the potential risks of their systems. Stricter requirements apply to particularly powerful GPAI models with “systemic risk.”

To support providers, a “GPAI Code of Practice” has been published, which offers concrete guidelines for implementation. The authorities now have the power to impose fines of up to €35 million or 7 percent of global annual turnover. However, the actual enforcement of the regulation will not begin until August 2026, giving companies a one-year transition period.

This is where the European paradox becomes clear: Europe sets the standards for AI regulation, while the technology itself is predominantly developed outside Europe. Regulation without corresponding innovative strength is like a house without a foundation – impressive in theory, but unstable in practice.

 

Regulation in a pincer grip: EU AI Act meets CLOUD Act

This is where the central dilemma lies: the EU AI Act demands security, transparency, and human oversight – while the CLOUD Act potentially allows access to data in US-hosted environments.

Take plant engineering, for example: a manufacturer uses AI for quality control and predictive maintenance. Depending on its use, the system is considered high-risk and is subject to strict protection requirements. If it runs on a US cloud – even if in Frankfurt or Paris – key management, logs, or support paths outside European jurisdiction can pose risks.

Technical countermeasures mitigate, but do not solve everything:

• BYOK / External Key Management: Only effective if the company actually has key sovereignty and support processes do not require plain text access.
• End-to-end encryption & confidential computing: Protects data at rest, in transit, and partially processed; however, metadata and operational plain text windows remain real.
• Pseudonymization: Reduces personal risks, but does not replace a legally compliant scope of application.

Consequence: Critical workloads in EU jurisdiction, clear key and support governance, contractual clauses on access by authorities – and a tested exit plan.

 

The path to digital maturity: from the bottom up

According to Article 4 of the EU AI Act, providers and users of AI systems are obliged to ensure that their staff have sufficient skills in AI technology. This “AI literacy” is more than just a compliance requirement – it is the key to digital maturity in the Kantian sense.

Experience shows that successful AI deployment cannot be achieved through top-down regulations. True digital literacy must grow from the bottom up. To this end, the broad empowerment of all employees, the creation of spaces for experimentation, the promotion of critical thinking, and a culture of collaboration between humans and machines are essential.

Companies seeking to promote AI literacy should

• develop modular training programs for different employee groups,
• offer certified basic AI training for employees, and
• implement practical projects directly related to daily work.

Only when users understand how the technology works can they critically question its results and interact with it confidently.

 

European ways out of digital dependency

Europe has recognized the signs of the times and is pursuing several parallel strategies to strengthen its digital sovereignty. These measures go far beyond regulatory steps and include substantial investments in critical infrastructure:

1. European chip offensive

The European Chips Act provides for public and private investments of €43 billion to double Europe’s share of global semiconductor production to 20 percent by 2030. Seven aid decisions for novel semiconductor facilities have already been approved, representing total investments of over €31.5 billion. The strategy aims to build up expertise in Europe in the design and manufacture of advanced, AI-optimized chips.

2. Continental AI infrastructure

The EU AI Champions Initiative, launched in February 2025 at the AI Action Summit in Paris, brings together Europe’s strengths in the field of AI. More than 60 European companies have joined forces for this purpose, including well-known heavyweights such as SAP, Siemens, Deutsche Telekom, Mercedes Benz, and the French AI company Mistral AI. It is noteworthy that 20 investors, including EQT Ventures and General Catalyst, have announced that they will actually invest €150 billion in AI-related projects across Europe over the next five years.

3. Strategic development of AI factories

As part of the InvestAI initiative, EU Commission President Ursula von der Leyen has announced a €200 billion program for AI investments, including a new €20 billion European fund for AI gigafactories. The target for the period from 2025 to 2026 is to have at least 15 AI factories operational in Europe, equipped with AI-optimized supercomputers. Of particular note: Four of the planned AI gigafactories will specialize in training the most complex AI models and will each be equipped with around 100,000 latest-generation AI chips. This is about four times more than today’s AI factories.

4. European Data Center Alliance

Europe is experiencing an unprecedented boom in the construction of new data centers:

• In France, Nvidia and Abu Dhabi’s investment fund MGX are planning a gigantic AI data center near Paris with an investment volume of 8.5 billion euros. It is set to become the largest AI data center in Europe and will drive the development of European AI models.
• In Portugal, a mega data center is being built in Sines, which was selected from over 500 possible locations across Europe. The coastal city is directly connected to international submarine cables and offers ideal conditions for an energy-efficient data center powered by renewable energies.
• Several regional AI factories are being built in Germany, including the HammerHAI site in North Rhine-Westphalia and the JAIF in Berlin.

 

5. Data sovereignty through Eurostack

The EuroStack initiative calls for investments of €300 billion to build a fully European cloud infrastructure. Background: EU countries currently import 80 percent of their technologies and applications. Eurostack is intended not only to offer an alternative to US cloud services, but also to ensure that European data remains under European control and that the GDPR is fully complied with.

6. Regulatory frameworks

Complementing these infrastructure initiatives, the Digital Markets Act (DMA), the Digital Services Act (DSA), Data Governance Act (DGA), and the Data Act (DA) create a comprehensive regulatory framework. This is intended to ensure fair competition and reduce dependence on individual tech companies.

 

Challenges on the path to digital sovereignty

Despite these remarkable initiatives, the path to digital sovereignty remains rocky. US technology companies have enormous financial resources, and China is investing hundreds of billions of dollars in increasing its technological independence. European projects often face challenges such as fragmentation and bureaucratic hurdles.

As long as European alternatives are not yet available, companies can take pragmatic steps.

• Hybrid strategies: Critical data on-premise, less sensitive data in the cloud
• Multi-cloud approaches: Reduce dependence on individual providers
• Prefer European providers: Where possible, rely on EU-based services
• Contractual protection: Agree on clear regulations for government access and liability

 

Conclusion

I refer to Kant’s call “Sapere aude!” I would like to encourage you to use your power of judgment. This should be understood as a call for digital maturity. The current situation can be aptly linked to Kant’s description of immaturity: “It is so convenient to be immature.” It is generally easier for European companies to rely on established US services than to invest in European alternatives or develop their solutions.

However, it should be noted that the price for this convenience is high. It means the loss of digital sovereignty and thus also of economic and political capacity to act. The latest Bitkom study shows that trust in the US as a partner has declined significantly since Donald Trump’s election victory. Thirty-eight percent of German companies consider their trust in the US to be significantly weakened or even destroyed.

Efforts are needed at all levels to break out of this self-imposed digital immaturity.

• Political decision-makers must promote strategic investments and regulate them consistently.
• Companies must define digital sovereignty as a strategic goal.
• Educational institutions must teach AI skills as a core competency.
• And each individual must develop the willingness to become digitally mature.

In this sense, the EU AI Act is not just a regulatory framework, but a call for digital self-determination—a “Sapere aude!” for the 21st century. The path out of self-imposed digital immaturity may be arduous, but it is essential for a European future in which technology serves people—and not the other way around.