The Cloud and AI Development Act is meant to set rules and tools to develop and use cloud services and computing capacity for AI that are more “EU‑proof”. The explanations circulating in Brussels for the repeated postponements are various, and they likely overlap.

In recent months, a major European proposal on technology has been the talk of Brussels: the Cloud and AI Development Act, known by the acronym CAIDA. In the medium term, it is supposed to become the core of a broader legislative and industrial “package” on the Union’s technological sovereignty, but its presentation has been postponed several times and is currently scheduled, at least on paper, for 3 June.

Why all the noise? Because this law matters not only to insiders, but to anyone using digital services: from online platforms to public services, right up to health or tax data stored in the cloud. The underlying idea is simple: Europe wants to rely less on non‑European tech giants for its most sensitive digital infrastructures and to build a stronger technological base at home.

What CAIDA is, in simple terms

CAIDA is supposed to lay down rules and tools for developing and using cloud services and computing capacity for artificial intelligence that are more “Europe‑proof”. In practice, the aim is to create conditions that favour solutions capable of ensuring that the most sensitive data – for example those of governments, defence or health – are handled by operators under effective European control. Today, a large share of the European cloud market is in the hands of US‑based giants. Recent figures from industry analysts estimate that Amazon Web Services, Microsoft Azure and Google Cloud together account for around 70 percent of the European cloud infrastructure market, in a segment that has reached tens of billions of euros annually. Over the same period, the collective share of European cloud providers has fallen to around 15 percent, even though their revenues have more than tripled in absolute terms. Leading European players each hold only a few percentage points of the regional market, with the rest fragmented among smaller actors often positioned in niche or highly regulated segments. This imbalance in scale and investment capacity is precisely the backdrop against which the debate on digital and cloud sovereignty – and, by extension, on CAIDA – has emerged in Europe.

CAIDA, at least in intent, would like to rebalance this situation (also with regard to software production more broadly, including AI) and encourage governments and businesses to use more European technologies, without however closing the door to the rest of the world.

Why the Commission keeps postponing

The question many are asking is: if this law is so important, why is the European Union struggling to bring it forward? The explanations circulating in Brussels are three, and they probably intertwine.

The first concerns a possible deadlock on the text itself: CAIDA is a highly complex document, running to hundreds of pages that have to reconcile public procurement law, competition rules, the internal market and international agreements. Before taking a political stance, the Commission is understandably keen to avoid errors that could be challenged in court or create conflicts between Member States.

The second reason involves the relationship with the United States: some parts of the project seem designed to nudge public administrations towards preferring European providers for the most sensitive data. In Washington this approach will likely be read as a hostile signal towards US tech giants, not least at a time when the two sides are managing delicate transatlantic trade talks.

Finally, internal tensions in Brussels cannot be ruled out: as often happens with the most strategic files, not all directorates‑general and not all Commissioners’ political offices see things the same way. Some push for very ambitious solutions in terms of digital sovereignty, while others fear negative consequences for competition, innovation and external relations. The postponements are often a symptom of this internal tug‑of‑war.

Digital sovereignty: slogan or concrete choices?

In recent years, “digital sovereignty” has become one of the buzzwords of European politics. But between words and deeds lies the hard work of turning this concept into concrete rules and investments. CAIDA is one of those tests that show how difficult it is to move from slogans to operational decisions. Defining what really makes a cloud service “sovereign” – the company’s registered office, control over data, applicable jurisdiction, ownership structure – means setting priorities, disappointing some stakeholders and even creating international frictions.

What all this means for citizens and businesses

For ordinary citizens, the most natural question is: “In practice, what changes for me?” In the short term, probably very little: the digital services we use every day will not be revolutionised overnight. In the medium term, however, the way Europe regulates cloud and AI may affect several aspects of daily life: the security and confidentiality of data we entrust to public and private services; the competitiveness of European companies, which may face new opportunities or new constraints; and the EU’s ability to negotiate on an equal footing with the United States and China on digital issues.

In other words, if the law is born weak or riddled with exemptions, digital sovereignty risks remaining just a slogan. If, on the contrary, it is too rigid or protectionist, it could slow down innovation and investment, without necessarily delivering the much‑desired security and autonomy.

Why CAIDA is worth following

Behind a slightly opaque acronym and a legislative process that may seem remote, CAIDA touches on a very concrete question: who controls the digital infrastructures on which our economies and our democracies rest. This is why the debates currently taking place in Brussels do not concern only experts but, indirectly, all of us.

In the coming months we will see whether the Commission is ready to present a text capable of holding together security, openness and competitiveness. To a large extent, Europe’s credibility when it claims it wants to be not only a “regulator” but also a genuine industrial player in the digital world will depend on that balance.