Build, don’t block — what the compute market says about EU AI sovereignty
On 27 May 2026, after delays, the European Commission is expected to propose the Cloud and AI Development Act (CAIDA), the centrepiece of its Tech Sovereignty package. In a new ICLE policy brief published this week, I argue that a strict version of CAIDA pushed by some stakeholder would impose most of its costs on European users. The implied goal of legal immunity from non-EU legal systems accessing EU data is, in any case, one that is unlikely to be realizable. The empirical backbone of my brief is SemiAnalysis‘s research on the AI-infrastructure market — it is in their numbers, more than in the political signalling around the package, that the case against a categorical CAIDA is most clearly visible.
I want to use this post to put those numbers on the table, while pointing you to the full brief for the legal and policy argument that follows from them.
Three market facts converge on the same uncomfortable conclusion. None of them is the kind of thing the EU can change quickly enough to matter for this regulatory cycle.
First, the top tier of rentable AI compute is not in Europe. SemiAnalysis’s ClusterMAX 2.1 ranking, published in April 2026, grades GPU cloud providers on the operational determinants of frontier-AI productivity — how reliably a cluster produces useful work, and how fast a customer can stand up a large training job. Across the entire Platinum-through-Silver range — the only tiers where serious frontier work is reliably done — the EU contributes three providers: Scaleway (France), GCORE (Luxembourg), and Nebius. Nebius exists in its current form only because of the 2024 corporate split from Yandex (of notable Russian origin).
GPU cloud providers in each tier of SemiAnalysis ClusterMAX 2.1 (April 2026), grouped by country of headquarters. The EU band (highlighted) contains one Gold-tier provider (Nebius, the post-Yandex Dutch entity), one Silver-tier provider in France (Scaleway) and one in Luxembourg (GCORE), and the rest in “Not Recommended.” Country-of-origin classification mine, not SemiAnalysis’s.
Cross-referenced against the Cloud Sovereignty Framework procurement that the Commission completed last month — €180 million over six years, evaluated against its own SEAL scale of legal-operational sovereignty — only one of the four awarded “sovereign” providers ranks in the top three tiers of independent operational benchmarking. The SEAL framework and ClusterMAX are not measuring the same thing, and that is precisely the point: a procurement that scores well on the first can fail badly on the second.
Second, the silicon and memory supply chains are already locked. Per SemiAnalysis’s Great AI Silicon Shortage analysis, essentially every major AI accelerator family has converged on TSMC’s N3 process. AI demand is on track to consume 86% of N3 wafer output by 2027, with effective utilisation above 100% in the second half of 2026. The binding constraint is not capital but cleanroom space, which takes years to build. Memory is the same story by a different mechanism — a “once-in-four-decades” HBM supercycle, three suppliers worldwide (Samsung, SK Hynix, Micron), and customers now signing prepayment-backed long-term agreements to lock in allocation. None of these levers responds, in any meaningful timeframe, to what Brussels or any Member State capital can do.
Third, the rental market is sold out, and frontier buyers will not be outbid. SemiAnalysis’s Great GPU Shortage analysis reports that on-demand GPU rental capacity is sold out across both Hopper and Blackwell, with all capacity coming online through August–September 2026 already booked. The H100 1-year contract price index shows pricing rising from $1.70 per GPU-hour in October 2025 to $2.35 by March 2026 — a 40% move in five months on a two-generation-old chip. Hopper contracts originally expiring this year are being renewed at the rates they were first signed at two or three years ago, and extended out to 2028. Why are buyers willing to commit at this scale? Because token economics on frontier models have decoupled from the next tier. Anthropic’s annualised revenue has grown from around $9 billion at the end of 2025 to over $44 billion by spring 2026, and inference gross margins from below 40% to over 70% in the same window. A European actor entering this market — sovereign or otherwise — does so as a price-taker.
Who pays for a categorical CAIDA?
If those three facts hold, a CAIDA that pushed European users away from non-EU compute and APIs would not create European capability quickly enough to matter for this regulatory cycle. It would, however, raise the cost and lower the quality of the AI European users can in practice deploy.
The cost is workload-specific, and worth unpacking that way.
SemiAnalysis’s Cluster TCO methodology puts a Silver-tier cluster at roughly 15% higher total cost of ownership than a Gold-tier one on a representative large-LLM pretraining workload, at equal GPU-hour pricing.
For any European lab aspiring to the frontier, that is a research-velocity penalty paid in months of engineering time. (For inference endpoints, the same methodology puts the equal-priced Gold-vs-Silver gap below 1%; the brief works through why frontier inference and frontier API access bear the cost differently.)
For the European businesses and public institutions consuming Claude, GPT-5, or Gemini through an API, the binding sovereignty constraint is not which cluster the request lands on. It is whether the user retains legal access to the API at all — and that is the layer at which the largest population of European users actually encounters frontier AI.
The further point — developed at length in the brief — is that the categorical approach does not deliver even the legal immunity it implies. The “immunity from non-EU law” test embedded in EUCS High+ presumes that EU headquarters and EU-located processing are a sufficient hedge against the reach of non-EU law into EU data. The *King v OVH*litigation is the live counterexample. In September 2024, the Ontario Court of Justice issued a production order requiring OVHcloud to disclose subscriber data held on servers in France, the United Kingdom, and Australia. The appeal has been pending since. That the most prominent extraterritorial production order of the past eighteen months runs against the canonical European sovereign-cloud champion, holding EU-located data, ought to weigh more heavily in this debate than it has so far.
What the brief argues instead
CAIDA at EU level should be risk-based rather than categorical, with Member State subsidiarity preserved for stricter public-administration measures rather than generalised into a single-market default. The genuinely narrow cases of residual extraterritorial concern can be handled by Article 9 GDPR, defined national-security exceptions, and the proportionality discipline that already applies to public-sector procurement.
The build side of the agenda — where European policy actually has direct leverage — runs through corporate-law reform (the Commission’s EU Inc. proposal sits here, though its current drafting risks dilution by deference to Member-State legal autonomy, in much the same pattern I have argued against in earlier work), financial-single-market reform, and harmonised data-centre permitting and grid build-out. The Commission’s own Joint Research Centre put the underlying point about as plainly as a JRC brief is likely to: “digital sovereignty cannot be equated with autarky.”
I will return to the package, to the Council negotiation, and to the EUCS High+ certification debate as the implementing acts come into view. For now, what I would like to stress that the binding constraint on European AI capability is silicon, capital, power, and the EU’s own reluctance to deliver the corporate-law reform its founders have been asking for — not jurisdiction. A categorical CAIDA that ignores that will be paid for, mostly, in Europe.