Build AI, Don’t Block Access: The European Union’s Digital-Sovereignty Trap
Executive Summary
On May 27, the European Commission is expected to propose the Cloud and AI Development Act (CAIDA), the centerpiece of its Tech Sovereignty package. The proposal arrives at a pivotal moment for artificial intelligence. The gap between frontier AI systems and the next-best alternatives is widening, and access to frontier compute and model APIs increasingly determines who can train, serve, and use the most capable systems.
That makes CAIDA’s treatment of frontier AI compute the package’s most consequential issue for European users.
The political pressure on CAIDA pulls in two directions. On the categorical side, 25 European cloud CEOs coordinated by CISPE, along with France, have urged the Commission to import European Defence Fund-style ownership and “effective control” criteria into the cloud market. Their approach would reserve procurement shares for European providers and exclude providers exposed to extraterritorial law. On the risk-based side, the Commission’s pre-proposal framing, along with the Nordics, Baltics, and the Netherlands, reportedly favors risk mitigation over a strict European-only rule.
Three market facts cut against the categorical approach.
First, Europe does not lead the top tier of rentable AI-cluster providers. On SemiAnalysis’s independent benchmarking, only three EU-headquartered providers appear anywhere in the top three tiers—and one, Nebius, exists in its current form only because of the 2024 corporate split from Yandex, a Russian-origin company.
Second, the supply chains needed to change that geography are severely constrained through at least 2027. Leading-edge logic wafers, high-bandwidth memory, networking silicon, and advanced packaging cannot be produced simply because Brussels wants more of them. The relevant bottlenecks sit in TSMC cleanrooms, Samsung and SK Hynix yield curves, Nvidia allocation decisions, and long-term contracts already signed by the largest buyers.
Third, the existing rental and offtake market is already locked up. AI labs and hyperscalers have committed to multi-year deals for frontier capacity, often at scales that smaller European buyers cannot match. In that market, European users enter as price-takers.
A categorical compute-sovereignty rule would therefore impose its costs mostly on European users, not on the non-EU providers it excludes. At the frontier—base-model pretraining, frontier-scale inference, and access to proprietary frontier-model APIs—the cost of being pushed to a lower tier is measured in slower research cycles, weaker serving economics, and lost access to the highest-productivity AI tools.
Nor would the stricter version of the sovereignty claim deliver what it promises. The “immunity from non-EU law” test already embedded in EUCS High+ assumes that EU headquarters and EU-located storage can shield data from extraterritorial legal reach. King v. OVH shows otherwise. In that case, an EU-headquartered provider holding EU-located data faced a Canadian production order. Legal sovereignty is not legal immunity.
This brief argues that the EU should answer the cloud-and-AI question by building, not prohibiting. CAIDA should remain risk-based at the EU level, while preserving member-state subsidiarity for stricter public-administration rules where genuinely necessary. In general, existing tools—the GDPR, defined national-security exceptions, and proportionality rules in public procurement—already provide a better framework than provider-nationality exclusions.
The build agenda is where EU policy has real leverage: faster data-center permitting, grid expansion, power availability, corporate-law reform, deeper capital markets, and demand aggregation around capable EU-located providers. Europe should strengthen its position inside the Western capability-controls architecture, not define sovereignty as withdrawal from the only frontier-compute stack that currently exists.
I. Europe’s Sovereignty Turn Meets the Frontier-AI Bottleneck
On May 27, the European Commission is expected—after two earlier delays[1] —to propose the Cloud and AI Development Act (CAIDA),[2] the European Union’s first attempt to write a binding definition of “sovereign cloud” into law. The goal is to move cloud-sovereignty requirements from voluntary certification schemes into mandatory rules, with adoption targeted for the fourth quarter of 2027.
CAIDA sits at the center of the broader Tech Sovereignty package, a legislative bundle led by Executive Vice-President Henna Virkkunen. The package also includes a revised Chips Act (“Chips Act 2,” targeted for adoption in the second quarter of 2027), an open-source strategy, and a digitalization-and-artificial-intelligence roadmap for the energy sector.
CAIDA arrives amid a sharp shift in artificial-intelligence capability—one that makes this regulatory cycle different from earlier European debates over cloud sovereignty. Over the past year, the gap between the economic value of frontier-quality AI tokens and merely good ones has widened substantially. Tokens are the units in which model output is measured and priced—roughly, fragments of words generated by an AI model.
The AI specialist consulting firm SemiAnalysis estimates that Anthropic’s annualized revenue grew from $9 billion at the end of 2025 to more than $44 billion by spring 2026.[3] During the same period, gross margins on inference—the process by which a trained AI model produces an answer to a user prompt—rose from below 40% to more than 70%. That is why CAIDA’s treatment of frontier-AI compute and frontier-model application-programming interfaces (APIs) may matter more than any other part of the package. Compute is the processing power needed to train and run AI models. APIs are the access points through which businesses use proprietary models like Claude, GPT-5, or Gemini without building those models themselves. Who may train, who may serve, and who may buy access will determine what European users can actually do with AI.
Political pressure on CAIDA now pulls in two directions.
On one side, 25 European cloud chief executive officers, coordinated by Cloud Infrastructure Services Providers in Europe (CISPE), called in March for CAIDA to import European Defence Fund-style ownership and “effective control” requirements into the cloud market.[4] Their proposal included reserved procurement shares for European providers and the explicit exclusion of providers subject to extraterritorial legal obligations. In plain terms, they want “European cloud” to mean not just that data sits in Europe, but that non-European governments cannot reach the provider through foreign law. France has pushed in the same direction. Its 2024 Sécuriser et Réguler l’Espace Numérique (SREN) law already requires sovereign-cloud hosting for sensitive workloads.
On the other side, pre-proposal reporting suggests the Commission’s current approach would limit restrictions to sensitive public-sector data, including financial, judicial, and health information, while leaving private-sector cloud use alone.[5] Nordic and Baltic member states, along with the Netherlands, reportedly favor risk-mitigation measures over strict European-only requirements.
The drift toward a categorical sovereignty rule was already visible in last month’s Cloud Sovereignty Framework procurement.[6] The procurement—worth as much as €180 million over six years—covers fully managed cloud services, commonly known as Platform-as-a-Service (PaaS). Under a PaaS model, the provider manages the servers, storage, networking, and operating systems. The customer brings the application. It is cloud computing with most of the plumbing hidden from view.
The Commission evaluated bids under its Sovereignty Effectiveness Assurance Levels (SEAL) framework, which measures legal and operational sovereignty. Three of the four winning providers achieved SEAL-3 “Digital Resilience” status, meaning the services “cannot be blocked by a non-EU third party.” The fourth awardee, operating through S3NS—a joint venture between Thales and Google Cloud—received only SEAL-2 “Data Sovereignty” status. European cloud trade associations have already criticized the arrangement as institutionalized “sovereignty washing.”[7]
At roughly the same time, a separate technical assessment of AI-cloud providers tells a very different story. SemiAnalysis’s ClusterMAX 2.1 evaluates providers not on legal sovereignty, but on the operational factors that determine whether frontier-AI work gets done: cluster reliability, networking quality, storage speed, and overall system efficiency.[8] A cluster is a large group of connected processors—usually advanced graphics-processing units (GPUs)—that work together to train or run AI models. For frontier AI, the question is not just whether a provider has chips. It is whether those chips, networks, and storage systems can reliably operate as one high-performance machine.
Of the four providers selected under the European Union’s sovereign-cloud procurement, only one appears in the top three tiers of the ClusterMAX rankings.
The gap between these two pictures—the SEAL-framework procurement and the ClusterMAX rankings—highlights what the European debate has not fully confronted. Legal sovereignty and AI capability are not the same thing. A cloud provider can check the right sovereignty boxes, while still falling short of the operational standard needed for frontier AI.
FIGURE 1: Reliable AI Compute, by Country and Tier
NOTE: Number of providers in each tier of the SemiAnalysis ClusterMAX 2.1 ranking (April 2026), grouped by country of headquarters. The European Union member-state category contains one Gold-tier provider (Nebius, the Dutch successor entity to Yandex), one Silver-tier provider in France (Scaleway), one in Luxembourg (GCORE), and all remaining providers in the “Not Recommended” category. Country classifications by the author, not SemiAnalysis.
At this point, three market realities point in the same direction.
First, the top tier of rentable AI-compute providers is not European-led. The European Union has only a small number of providers in the Platinum-through-Silver tiers.
Second, the semiconductor supply chains needed to change that reality—including advanced GPUs, memory, and packaging capacity—will remain severely constrained through at least 2027. Packaging refers to the advanced manufacturing step that connects chips, memory, and other components so they can operate at high speed. It is unglamorous, indispensable, and hard to expand quickly.
Third, the existing rental and compute-offtake market is already tied up in multi-year contracts, with buyers that have both deep pockets and little price sensitivity. Offtake contracts are long-term commitments to buy future capacity. In this market, the best capacity is not sitting on a shelf waiting for Europe’s next procurement rule.
Taken together, these constraints suggest that the categorical-sovereignty approach now visible in the CISPE position, the French policy line, and the SEAL procurement deserves another look. A provider-nationality rule that pushed European users away from non-European compute providers and frontier-model APIs would not create European capability quickly enough to matter. It would mostly make scarce capability harder for Europeans to use.
This brief uses “frontier” to refer to three related capabilities: frontier-scale base-model pretraining, frontier-scale inference, and access to proprietary frontier-model APIs. Base-model pretraining is the initial, resource-intensive process of building a general-purpose AI model from massive datasets. Inference is the later process of running that trained model to answer prompts or perform tasks. Proprietary frontier-model APIs are the paid access channels to the most capable closed models.
The analysis differs for less demanding commercial workloads, such as fine-tuning or inference using smaller open-weight models. Fine-tuning means adapting an existing model for a narrower task, while open-weight models are models whose parameters are publicly available for others to run or adapt. For those uses, the costs of sovereignty restrictions may be smaller. At the frontier, by contrast, a categorical sovereignty rule would mainly ration scarce capability away from European users.
That point carries an important corollary. The alternative to a categorical sovereignty regime is not just a narrower, workload-specific version of the same rule. It is a different policy posture altogether—one focused on building capability, rather than restricting access. The European Union has more leverage to shape cloud-and-AI markets through investment, procurement, energy policy, and capacity expansion than current sovereignty debates often acknowledge.
Given the economics of frontier AI, exclusion would impose two distinct costs on European actors.
For a European AI lab trying to compete at the frontier, a sovereignty rule that forced the lab one ClusterMAX tier lower would likely mean slower research cycles and months of lost engineering time. For a European business using Claude, GPT-5, or Gemini through an API, losing access to frontier models could mean exclusion from the highest-productivity tier of commercially available AI systems. That is not sovereignty. It is self-rationing with better branding.
This brief examines the three market constraints in turn: geography, supply chains, and booked capacity. It then evaluates the implicit costs of a categorical compute-sovereignty rule for European users, situates the issue within the broader Western export-control and capability-governance framework in which European firms already operate, and concludes by outlining a build-rather-than-prohibit alternative that existing EU policy instruments could plausibly support.
The analysis draws primarily on SemiAnalysis’s 2026 research, which currently offers the public market one of the most coherent accounts of AI-infrastructure supply, demand, and operational quality.
II. What Counts as ‘Compute,’ and Why the Frontier Is Different
Before going further, it is worth clarifying a term that policy debates often flatten: “compute.” In artificial intelligence, compute is not one thing. It can mean a single GPU running a small model, or it can mean a massive cluster of thousands of GPUs training a frontier model. A sovereignty rule would not affect those uses in the same way.
The argument that follows applies chiefly to three frontier uses.
First is frontier base-model pretraining: the tightly coordinated, multi-thousand-GPU process by which a small number of labs train genuinely new, general-purpose flagship models.
Second is frontier-scale inference: serving those flagship models at production scale. Inference is the process by which a trained model responds to prompts.
Third is access to frontier proprietary models through APIs, such as Anthropic’s Claude, OpenAI’s GPT, and Google’s Gemini. APIs are the access layer through which most European businesses and researchers encounter frontier AI. For those users, the key sovereignty constraint is not which cluster they personally run. It is whether they retain legal access to the API at all.
Much useful AI work falls outside this frontier category, and the distinction matters. Some labs publish open-weight models, meaning models whose trained parameters can be downloaded and run by others, rather than accessed only through a proprietary API. Many of the strongest such models currently come from China, including DeepSeek, Kimi, and Qwen, although Google, Meta, and Mistral also release important open-weight models.
With sufficient infrastructure—anything from an older gaming GPU to clusters costing millions of euros—open-weight models can be downloaded, fine-tuned for specific tasks, run at home or in an office, or served from European clouds at quality levels that work well for many uses. For specialized applications, or for tasks that do not require frontier-level performance, an EU location requirement may therefore impose only a modest tax.
The argument is not that Europe should have no compute strategy, nor that every European AI workload depends on non-European infrastructure. It is narrower: at the frontier (in base-model training, frontier-scale inference, and access to the best proprietary APIs), compute access matters most, and the cost of exclusion compounds fastest.
If EU persons faced severe limits on frontier-pretraining infrastructure, no European frontier model could be built without working around the rule. Mistral and any successors would either train on non-EU compute, defeating the sovereignty objective, or train at smaller scale and lower quality, falling further behind the frontier each cycle. That is especially costly in a market where the gap between the best models and the next tier has widened, rather than narrowed.
If EU persons faced severe limits on frontier-scale inference infrastructure, no European platform could serve frontier-quality models at competitive economics. Frontier serving would consolidate further around the U.S. providers that already dominate it.
And if EU persons faced severe limits on access to frontier proprietary-model APIs, European businesses and researchers would lose access to the productivity gains they now get from Claude, GPT, and Gemini. On SemiAnalysis’s accounting, those gains can run five to 10 times the cost of the underlying tokens.[9] Their non-European competitors would keep the same tools.
The cost of frontier exclusion, in other words, is not the loss of “AI” in some general sense. It is the loss of the specific capability tier where the economic gap between the best option and the next-best alternative is unusually large, and continuing to widen.
A note on method: This brief uses provider headquarters as the first-pass proxy for “European” or “non-European” because that is the proxy the European sovereignty debate itself uses. The SEAL framework,[10] SecNumCloud,[11] the European Cybersecurity Certification Scheme for Cloud Services (EUCS) High+ debate, and the recent CISPE objection to S3NS being recognized as “sovereign” all rest on headquarters-and-ownership criteria.
Moreover, the Commission’s SEAL framework and SemiAnalysis’s ClusterMAX do not measure the same thing. That is precisely why both matter.
SEAL grades legal and operational sovereignty: whether a service can be blocked by a non-EU third party, whether the provider is incorporated and controlled in the EU, and whether the supply chain runs through the EU from end to end.
ClusterMAX grades operational AI-compute capability: whether a cluster can reliably produce useful work at frontier scale, how well its interconnect performs, and how quickly customers can get a large training job running. An interconnect is the high-speed networking fabric that lets thousands of processors act less like separate machines and more like one large system.
The two rankings answer different questions about different layers of the same stack. A provider can be SEAL-3 and still fail to appear anywhere on ClusterMAX’s serious-tier list. One recurring claim of this brief is that European policy debates often treat legal sovereignty and technical capability as substitutes. They are not.
The April ClusterMAX 2.1 rankings (Figure 1) make the capability gap plain. SemiAnalysis grades providers from Platinum at the top through Gold, Silver, Bronze, and “Not Recommended.” Higher tiers correspond to better measured cluster reliability, networking, storage, and customer experience.
Exactly one provider (CoreWeave, headquartered in New Jersey) holds the Platinum rating. Of the five Gold-tier providers, three (Oracle, Microsoft Azure, and Crusoe) are headquartered in the United States. The fourth (Nebius) is incorporated in Amsterdam, although its origin as the renamed Yandex N.V. is likely to matter to any sovereignty-minded reader. The top tiers are U.S.-dominated, not EU-led, with the Dutch entry carrying the Yandex provenance discussed below.
The Silver tier improves the European picture only slightly. Of the providers SemiAnalysis grades at Silver, exactly two are headquartered in the EU: Scaleway (a subsidiary of the French Iliad Group) and GCORE (headquartered in Luxembourg). The remaining Silver-tier providers include eight U.S. firms (Together AI, Lambda, Google Cloud, Amazon Web Services, Cirrascale, Vultr, Voltage Park, and TensorWave); one Australian firm with Singaporean origins (Firmus); and one Japanese firm (GMO). Across the entire Platinum-through-Silver range—the only tiers where serious frontier work is reliably done—the EU contributes Scaleway, GCORE, and the Yandex-descended Nebius.
The contrast sharpens when one looks at the providers a European policymaker might most naturally cite. Mistral AI, OVHcloud, Sesterce, and Mithril are all ranked “Not Recommended” in the SemiAnalysis assessment. So are Hetzner and dstack in Germany, Clore.AI in the Czech Republic, Tatra SuperCompute in Slovakia, and Telenor in Norway.
SemiAnalysis distinguishes within “Not Recommended” between “Underperforming” providers, where hands-on testing identified specific operational gaps, and “Unavailable” providers, where capacity either could not be tested in the relevant way or was not available for third-party rental. Mistral, Tatra SuperCompute, and Telenor fall in the “Unavailable” bucket. OVHcloud, Sesterce, Mithril, Hetzner, dstack, and Clore.AI fall in “Underperforming.”
Nebius deserves its own parenthetical. The highest-rated EU-located provider exists in its current form only because of the 2024 corporate split from Yandex N.V., undertaken to separate the international business from the Russian one.[12] That complicates any story in which “EU-headquartered” suffices as a proxy for sovereignty. Whatever else one says about the European cloud landscape, its highest-tier EU entry is neither a longstanding European champion nor an organic European startup.
The picture is sharper still one layer up the stack, where frontier-scale inference is served. Artificial Analysis, an independent benchmarking firm, tracks performance across more than 500 inference endpoints from more than 20 API providers, using metrics that include intelligence, output speed, and price.[13] Its provider universe overlaps substantially with ClusterMAX, but it is not identical, because serving inference is a different business from running training clusters. On the inference side, the EU contributes two names to the serious-inference universe: Scaleway and Nebius. The rest of the cohort is essentially American.
A European user serving a small open-weight model from a single eight-GPU node on commodity infrastructure is not meaningfully dependent on this list. A European platform trying to serve frontier-quality output at competitive economics is.
That kind of platform must run large, sharded model architectures, such as mixture-of-experts models, in which only part of the model activates for any given token. It also must use advanced serving techniques that depend heavily on cluster quality and scale. For those workloads, the EU’s position comes down to two providers—Scaleway and Nebius—one of which is the post-Yandex Dutch entity already discussed.
This is why tiers matter. SemiAnalysis’s Cluster TCO and Goodput methodology shows that, even when GPU-hour pricing is held constant across providers, a Silver-tier cluster has roughly 15% higher total cost of ownership (TCO) than a Gold-tier cluster for a representative large-language-model (LLM) pretraining workload.[14] Hyperscalers—the large cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud—have about 10% higher TCO.
The cost differences come from “goodput” losses. Goodput is the share of paid computing time that actually produces useful work. Failures, slow detection, slow replacement, long setup times, weaker storage performance, and ongoing debugging all reduce goodput. Network-performance tuning can take “weeks to months” on a hyperscaler’s Elastic Fabric Adapter (EFA)—AWS’ proprietary high-throughput cluster networking system—compared with near-zero on Gold-tier InfiniBand or RoCE systems, which are open-standard networking technologies used for high-performance clusters. Weaker storage also lengthens job-initialization times after every interruption. In frontier AI, downtime is not merely annoying. It is expensive at industrial scale.
A European user effectively limited to EU-headquartered providers is therefore choosing from a very short list. A sovereignty advocate may reasonably answer that Europe should not accept this distribution, but change it—by building more reliable European clouds.
The next two sections explain why that path is unlikely to change the frontier-compute geography quickly enough to matter for the current regulatory cycle.
III. The Supply Chain Will Not Move on Brussels’ Timeline
The natural response to the geographic picture is that geography is itself a policy variable. Build more European clouds, the argument goes, and the ClusterMAX distribution will look different in three years.
That argument deserves a serious answer. It is sincerely held, and in the abstract, not obviously wrong. The problem is timing. In 2026, the inputs needed to build any large AI cloud—European or otherwise—are severely constrained by global supply chains. Those constraints sit upstream of both capital and political will.
The first bottleneck is access to leading-edge logic wafers, especially Taiwan Semiconductor Manufacturing Co.’s (TSMC) N3 family. “N3” refers to TSMC’s 3-nanometer generation, the most advanced chip-manufacturing process currently in volume production. These are the manufacturing lines used to produce many of the most capable AI accelerators—the specialized chips that train and run frontier models.
SemiAnalysis’s “Great AI Silicon Shortage” analysis shows that nearly all major AI-accelerator families have converged on N3, including Nvidia Rubin, AMD MI400, Google TPU v7 and v8, AWS Trainium3, and Meta MTIA.[15] On SemiAnalysis’s modeling, AI demand accounts for roughly 60% of N3 wafer output in 2026 and is projected to reach 86% in 2027, even as TSMC adds capacity. Effective N3 utilization is expected to exceed 100% in the second half of 2026, meaning TSMC will be pushing existing lines beyond their nominal capacity to serve buyers with multi-year demand visibility and few alternatives.
Why can TSMC not simply add more N3 capacity? Because the binding constraint is not just money. It is cleanroom space: the specialized facilities that must be built before lithography tools can be installed and new wafer starts brought online. Construction timelines run in years, not months. Even if European industrial policy could produce unlimited capital tomorrow, the cleanroom calendar would still move on its own schedule. For practical purposes, N3 capacity for 2026 and 2027 is already spoken for.
Memory is the next constraint, and arguably the more dramatic one. SemiAnalysis describes the current dynamic as a “once-in-four-decades” memory supercycle.[16] High-bandwidth memory (HBM) is specialized stacked dynamic random-access memory (DRAM) packaged directly with AI accelerators. The latest generation, HBM4, is central to frontier-AI systems because these models need enormous amounts of data to move quickly between memory and processors.
HBM is also expensive in capacity terms. It consumes roughly three times as much wafer capacity per bit as commodity DRAM, rising to nearly four times as much with HBM4. Every additional HBM bit therefore crowds out commodity memory. Prices in some memory segments have risen roughly sixfold year over year, while the number of major DRAM suppliers has fallen from more than 20 in the mid-1990s to three or four today: Samsung, SK Hynix, Micron, and a much smaller fringe.
The constraint here is not whether Brussels is willing to invest. It is the HBM4 yield curve at SK Hynix and Samsung, Micron’s much-discussed lag at higher pin speeds, and the long-term agreements that customers now use to lock in HBM allocation.[17] Nvidia, in particular, has reportedly secured substantial HBM supply across multiple generations of its rack-scale GPU systems.
The bottleneck extends beyond logic and memory. Networking silicon—the Ethernet switches and network-interface cards that connect modern AI clusters—is part of the same supply chain and follows the same priority queue. Advanced packaging—the process that integrates logic chips, memory, and other components into high-performance systems—remains tight, although it is easing in part because TSMC has aligned packaging investment with front-end wafer constraints, rather than overshooting them.
There are workarounds at the margins, including Intel’s Embedded Multi-Die Interconnect Bridge (EMIB) packaging technique and outsourced semiconductor assembly-and-test providers such as ASE/SPIL and Amkor. But none changes the basic picture. The marginal AI cluster, European or otherwise, is competing for scarce inputs in a global queue.
This point corrects a recurring misconception in the European policy debate. At the frontier, compute supply is not simply a function of capital and political will. It depends on TSMC’s cleanroom calendar, Samsung and SK Hynix’s HBM yield curves, and the long-term agreements that major U.S. AI labs and hyperscalers have already signed with foundries, memory suppliers, and original equipment manufacturers (OEMs). These are not levers the European Commission or member-state governments can pull on a useful timetable.
That matters because the European Union’s standard response to a structural disadvantage—investment, regulation, and certification—runs into a wall those tools were not designed to move. European policy can affect electricity supply, permitting, demand aggregation, procurement, and EU-located capacity. Those are real levers. But they cannot, on the current horizon, conjure TSMC cleanroom space, HBM4 yield, Nvidia allocation, or uncontracted GB300 fleets at the scale needed to erase the frontier-compute gap.
That leaves a third question: Even if Europe cannot rebuild the frontier-compute stack quickly, can it rent enough existing capacity in the meantime?
IV. Renting the Frontier Is Not Much Easier
SemiAnalysis’s “Great GPU Shortage” analysis reports that on-demand graphics-processing-unit (GPU) rental capacity is sold out across Nvidia’s previous and current AI-chip generations: Hopper and Blackwell.[18] “All capacity coming online until August to September 2026 has already been booked,” and lead times for new Blackwell deployments now stretch into June or July. Renting a cluster, one observer remarked, is starting to look less like booking the last seat on a crowded flight and more like trying to buy a controlled substance.
Pricing tells the same story. SemiAnalysis’s H100 1-year contract-price index, now publicly available, shows prices rising from $1.70 per GPU-hour in October 2025 to $2.35 per GPU-hour by March—a 40% jump in five months for a two-generation-old chip.[19] Hopper contracts that were supposed to expire this year are being renewed at their original rates from two or three years ago and, in some cases, extended through 2028. This is what tight markets do: They ration access through price and long commitments, with the remaining flexibility going to buyers that can lock up capacity the longest.
The long-term market is dominated by AI labs buying at scale. Four- and five-year deals now often reach 50 to 100 megawatts, which is enough electricity to power tens of thousands of current-generation GPUs under a single contract. Hyperscalers often backstop these deals. They act as the direct offtaker, meaning the party that signs a long-term contract to buy a defined amount of compute from a neocloud, then resells that compute to an AI lab. A neocloud is a newer cloud provider built mainly around GPU capacity for AI workloads.
That matters because the marginal European cluster is not really competing with other European clusters for compute. It is competing with Anthropic, OpenAI, Google, Meta, and Microsoft, and with any hyperscaler willing to stand behind their offtake agreements.
These buyers can commit at this scale because token demand now substantially exceeds token supply. SemiAnalysis’ “AI Value Capture” analysis shows that the economics of frontier models have pulled away from the next tier, as the Anthropic revenue and margin figures discussed in Section I suggest.[20] Frontier buyers have a high—and currently price-insensitive—willingness to pay for compute. Suppliers know it.
A European actor entering this market—sovereign or otherwise—therefore enters as a price-taker in a market tilted decisively toward suppliers and the largest buyers.
V. The Cost of Sovereignty Depends on the Workload
The cost of a sovereignty rule depends on which workload it reaches. The three frontier tiers—pretraining, inference, and API access—would bear the cost differently.
The recent Cloud Sovereignty Framework procurement makes the operational stakes concrete.[21] As noted above, the Commission’s tender focused on fully managed cloud services—especially PaaS, developer experience, and automation. The Commission evaluated providers under the SEAL framework, not by frontier-AI cluster capability.
That distinction matters. A PaaS-oriented sovereign-cloud tender need not reproduce SemiAnalysis’ ClusterMAX rankings. But a sovereignty framework now being normalized in public procurement can easily be mistaken for evidence of AI-compute sovereignty. It is not. Legal sovereignty and frontier-compute capability are different things.
At the frontier-pretraining tier, a categorical preference for EU-headquartered providers would constrain the small number of European labs trying to train frontier base models. The TCO impact is workload-specific. In SemiAnalysis’s LLM pretraining scenario, Silver-tier neocloud TCO is roughly 15% higher than Gold-tier TCO at equal GPU-hour pricing.[22] The gap widens for “Not Recommended” providers that lack basic operational infrastructure.
That is the relevant comparison for large, long-running training jobs. It is not a universal inference tax. In SemiAnalysis’ modeled inference-endpoint scenario, equal-priced Gold and Silver neoclouds differ by less than 1%. For a European frontier-model effort, a sovereignty rule that pushed the lab even one ClusterMAX tier lower would likely cost months of engineering time.
At the frontier-inference tier, the cost would look different. The European platforms trying to serve frontier models at scale—chiefly Scaleway and Nebius, along with a small number of European model labs (most prominently Mistral) that operate their own infrastructure—compete against U.S. providers with the dominant inference economies of scale.
A categorical sovereignty rule would push European inference customers onto a shorter provider list, with weaker pricing power, smaller capacity reserves, and slower iteration on the advanced serving techniques that make frontier inference economical. The severity would depend on the workload. Serving a small open-weight model from a single node can work well on Silver-tier infrastructure. Serving very large mixture-of-experts models at competitive cost is a different business.
At the API tier—the layer where most European users actually encounter AI—the cost would be different again. It would be less about cluster tier than about access.
A European business, researcher, or institution using Anthropic’s Claude or OpenAI’s GPT-5 through an API consumes inference on the frontier lab’s own infrastructure stack. That stack may include internal capacity, hyperscaler partnerships, custom silicon such as Google’s Tensor Processing Units or Amazon’s Trainium chips, and rented neocloud capacity. Not all of that capacity appears directly in ClusterMAX, but it belongs to the frontier-grade class this brief addresses.
The binding sovereignty constraint at the API tier would not be which cluster the user runs on. It would be whether the user may legally use the API at all. A categorical bar on transferring personal data to non-EU controllers or processors, or on contracting with non-EU service providers even with safeguards, would in practice foreclose access to those APIs for many ordinary commercial workloads. SemiAnalysis’s analysis shows that the gap between frontier proprietary models and the next-best alternatives, including the best open-weight models, has widened rather than narrowed over the past year.[23]
The implicit cost of a categorical compute-sovereignty rule would therefore fall less on the providers it excludes than on the European users it pushes onto worse infrastructure or cuts off from better outputs. The structure is not new. The same pattern appears in critiques of the EU’s recent GDPR “fix”[24] and earlier work on industrial-policy approaches to “digital sovereignty.”[25]
The legal mechanisms that could operationalize a sovereignty preference are familiar: data-transfer rules and Schrems II-derived adequacy concerns under the GDPR; the EUCS high-assurance debates over immunity from non-EU law;[26] and procurement preferences such as the SEAL framework now being normalized at the Commission level.
Most of these instruments were not designed as compute-sovereignty tools. But policymakers may be tempted to read them as imposing categorical restrictions on non-EU compute or APIs for ordinary commercial AI workloads. That reading is not inevitable. Still, the Cloud Sovereignty Framework already builds end-to-end EU-supply-chain criteria into Commission procurement.
CAIDA, which will be proposed (along with the Chips Act 2) on May 27 as part of the Tech Sovereignty package[27] (after delays from late March and mid-April),[28] is widely expected to move sovereignty requirements from voluntary certification into binding legislation. Adoption is targeted for the fourth quarter of 2027.
Based on the most recent pre-proposal reporting,[29] the Commission’s framing emphasizes “sensitive services,” including financial, judicial, and health data processed by public-sector organizations, rather than ordinary commercial workloads. The package reportedly would not regulate private-sector cloud use. Whether that line holds through member-state negotiation—and whether the same instruments are later read more expansively in implementation—is one of the central questions facing the package.
VI. Compute Sovereignty in an Export-Controlled World
One point gets surprisingly little airtime in Europe’s sovereignty debate: The global compute market is not a neutral commodity market with national preferences layered on top. It is a strategic market that the United States and a tightening group of partners—including the Netherlands, Japan, South Korea, Taiwan, the United Kingdom, and, to varying degrees, Australia and Singapore—have spent the past three years shaping through export controls.
The result is a capability gradient. Access to frontier-AI compute depends not only on price, capacity, and contract terms, but also on alignment with rules governing who may use the technology and for what purposes.
The architecture is familiar in outline. The U.S. Bureau of Industry and Security’s October 2022 controls on advanced AI chips[30] were expanded repeatedly in 2023, 2024, and 2025. HBM controls were added in December 2024, and the short-lived AI Diffusion Framework was issued and then rescinded in early 2025.[31] The Netherlands has constrained ASML lithography exports. Japan has constrained Tokyo Electron and Nikon equipment. The United Kingdom has aligned on outbound-investment review. The design treats AI compute much as earlier regimes treated nuclear materials or strong cryptography: as a strategic input to be managed bilaterally and multilaterally, not left entirely to commodity markets.
Two features of this architecture matter for Europe.
First, export controls have not denied near-frontier AI capability to their targets. DeepSeek’s V3 and R1 models, released in early 2025, demonstrated training and inference close to—though still behind—the contemporaneous Western frontier, despite running on legally restricted hardware.[32] Subsequent reporting on chip flows through Singapore and other intermediary jurisdictions documented material leakage of nominally controlled inventory. China’s domestic ecosystem—including SMIC’s N+2 process, Huawei’s Ascend family, and CXMT in commodity DRAM—has accelerated rather than stalled on most public assessments.
The export-control regime has slowed China’s frontier without foreclosing it, while accelerating China’s push to substitute domestic alternatives. In other words, the regime is neither succeeding as advertised nor failing entirely.
Second, that same architecture defines the terms on which European users access frontier compute. The chips, clusters, model weights, and APIs discussed above all sit inside a gradient that runs from the United States and its closest partners outward. EU member states sit near the inside, but not at the center—and not uniformly. The original AI Diffusion Framework placed several member states in a capped middle group and required active diplomacy to lift those caps. The framework was rescinded, but its underlying logic survives: allies are differentially trusted, and frontier-compute access depends on that trust.
That means “sovereignty” framed as decoupling from the Western stack would choose the worst available position. The Chinese stack is sanctioned and, in any event, not legally available to European users. The Western stack is where the frontier sits, and access to it depends on alignment with the export-control regime. A European policy that defined itself as an autonomous third pole between the two would, in practice, place Europe downstream of both: unable to use the Chinese stack and less trusted within the Western one because it had defined itself in opposition to it.
The Commission’s own Joint Research Centre reached much the same conclusion earlier this month.[33] Its policy brief argued that “digital sovereignty cannot be equated with autarky, as pursuing total autonomy across the entire technology stack is both infeasible and undesirable.” It instead called for economic statecraft calibrated between “insulation and interdependence,” with autonomy pursued through “selective rebalancing rather than full-fledged decoupling.” That narrower case—for European capacity formation, foreign-direct-investment incentives, and demand aggregation around EU-located Gold and Silver providers—remains intact. The case for categorically excluding U.S. compute and APIs does not.
The most ambitious version of the categorical-exclusion approach is the “immunity from non-EU law” test already embedded in EUCS High+ and likely to appear in CAIDA or a successor sovereignty-certification scheme. The test treats EU headquarters and EU-located processing as sufficient protection against the reach of non-EU law into EU data. It would not deliver what it implies.
The Canadian case King v. OVH demonstrates why.[34] In September 2024, the Ontario Court of Justice upheld a production order requiring OVHcloud—the canonical European sovereign-cloud champion—to disclose subscriber data stored on servers in France, the United Kingdom, and Australia. The court applied a “virtual presence” doctrine and treated France’s blocking statute as presenting a low risk of prosecution. OVH’s appeal to the Ontario Superior Court has been pending since late 2024 and remains undecided as of early 2026.
That should give sovereignty maximalists pause. The most prominent live extraterritorial-production order of the past 18 months runs against an EU-headquartered provider holding EU-located data. EU headquarters and EU-located storage do not, by themselves, dissolve extraterritorial legal reach. A categorical test that promises otherwise is making a claim the law does not support.
The harder question—and the one Europe’s AI-sovereignty debate has not yet seriously engaged—is what the EU can actually influence directly. A build-not-prohibit strategy would require more than swapping one certification label for another. It would require asking where EU policy can expand real capacity, where it can reduce dependence without pretending away interdependence, and where its own reflexes toward regulation, procurement rules, and formal sovereignty tests may themselves be part of the bottleneck.
VII. Build, Do Not Prohibit
The EU’s cloud-and-AI debate has focused mostly on whether and how to restrict access to non-EU providers. The evidence in the preceding sections points the other way: At the frontier, exclusion offers little upside and imposes high costs. The better question is what the EU can actually influence. The answer is a build agenda the current debate underweights.
The first category is capacity formation. Data-center shells, grid connections, transmission, cooling, water, planning approval, and time to energize all fall within European policy’s reach. The marginal AI cluster is increasingly gated by power and permitting, not just silicon. The gap between, say, Texas and the Netherlands on time to energize is measured in years.
The AI Factories initiative,[35] planned AI Gigafactories, and the Chips Act 2’s harmonized permitting regime for semiconductor facilities all belong in this category. They are more promising than sovereignty filters because they address a real constraint. The supply-chain bottlenecks discussed earlier will still determine how quickly these initiatives translate into capability. And, as the Draghi report and subsequent commentary make clear, capacity additions will not solve Europe’s broader competitiveness problem if the surrounding regulatory environment keeps imposing compounding compliance costs.[36]
The second category is capital and legal form. European venture capital remains structurally smaller than its U.S. counterpart at every stage after Series A. The “Delaware flip”—that is, European startups reincorporating in the United States to access more predictable corporate law and deeper capital markets—continues to drain European value capture.
The Commission’s March 18 proposal for an EU Inc., or 28th-regime, corporate form responds to that problem.[37] The proposal would offer 48-hour digital registration, €1 minimum capital, and a harmonized corporate form across the single market. It followed an October 2024 grassroots petition signed by more than 22,000 European founders and investors, including Stripe’s Patrick Collison, Wise’s Taavet Hinrikus, Supercell’s Ilkka Paananen, Wolt’s Miki Kuusi, and Pigment’s Eléonore Crespo, along with Index Ventures, Sequoia, and Seedcamp.[38] The economic case is strong, and the proposal belongs squarely inside the build agenda this brief endorses.
But the EU Inc. proposal, as drafted, appears too weak to do the job. Article 4 of COM(2026) 321 final provides that “matters that are not covered by this Regulation or by the articles of association shall be governed by national law,” with each member state designating which national legal form fills the gaps. As Luca Enriques, Casimiro A. Nigro, and Tobias H. Tröger put it, the result is “twenty-seven different versions of the EU Inc., each with its own national legal substrate.”[39]
That is a serious problem. The instrument meant to give European founders Delaware-style legal certainty risks becoming yet another optional regime layered on top of national variation. The dilution reflects the EU’s structural reluctance to override member-state legal autonomy, even where the Commission and European founders broadly agree on the goal. The pattern is not new; the same critique applied to EU industrial policy in 2022.[40]
The harder question is how the build agenda relates to the sovereignty agenda. The two are usually treated as complementary: Invest in European capacity, restrict access to non-European capacity, and the bloc will rise. The evidence above does not support that pairing.
A categorical-sovereignty interpretation of CAIDA would impose a capability tax on the very European users a build agenda is supposed to help. The EU Inc. dilution shows that the EU’s instinct to compromise with member-state autonomy is already weakening the build side, even where consensus on the destination is unusually strong.
Those two impulses—sovereignty-as-prohibition and build-side dilution—are different symptoms of the same underlying problem. The EU’s policy machinery tends to overdeliver on prohibition and underdeliver on building. A serious build agenda has to be defended against both.
In practice, “build, not prohibit” means treating the EU’s job as removing structural barriers to European AI-cloud capacity: power, permitting, capital, legal form, talent, and regulatory friction. It does not mean restricting European users’ access to the only frontier-compute stack that currently exists.
The Tech Sovereignty package that the Commission adopts on May 27, and the member-state negotiations that run through Q4 2027, will not be the last chance to make that pivot. But the posture set now will shape the next legislative cycle. On the present evidence, the prohibition side is much better resourced than the build side. The question worth pressing in the days before adoption and in the months of negotiation that follow is whether the EU is prepared to defend the build agenda not only against sovereignty-as-prohibition, but also against its own instinct to dilute the build instruments it proposes.
VIII. Conclusion: Build, Don’t Ration
Categorical exclusion of non-EU compute and APIs would impose a capability tax on the European users CAIDA is supposed to serve, without delivering the legal immunity it implies. A build-not-prohibit alternative would require a different posture from the Commission, member states, and the EU’s existing data-protection toolkit.
A. Don’t Tax the Frontier
Do not adopt EU-wide categorical sovereignty rules at any level of the AI stack. EU-level sovereignty rules should be risk-based, not categorical, across both public-sector and commercial workloads. Member states that judge stricter measures necessary for their own public-administration uses should remain free to adopt them under subsidiarity. But the EU-level instrument should not bind commercial users—or any single workload category—to provider-nationality or “effective control” tests across the bloc. The CISPE position and the French line both push in the opposite direction. The Council negotiation through Q4 2027 is where this will be settled.
Do not treat “immunity from non-EU law” as a categorical exclusion test, whether in EUCS High+, CAIDA, or any successor sovereignty-certification scheme. The OVH order requiring release of EU user data to Canadian authorities shows that EU headquarters alone does not dissolve extraterritorial legal reach. A categorical test that promises immunity it cannot deliver would impose capability costs on European users without buying the legal protection its proponents have in mind.
B. Build What Europe Lacks
Pursue the structural reforms that a build-not-prohibit posture actually requires. Two areas matter immediately.
The first is corporate law, where the 28th-regime, or EU Inc., proposal risks dilution through deference to member-state legal autonomy—recapitulating earlier patterns in EU industrial policy.
The second is the financial single market. Europe needs reforms that enable larger later-stage allocations from institutional and venture investors. Without deeper capital markets, Europe can simplify incorporation and still watch its most promising firms leave for jurisdictions with more predictable law, deeper financing, and faster scaling paths.
For genuinely sensitive workloads, rely on the instruments that already exist. Article 9 of the GDPR, defined national-security exceptions, and the proportionality discipline that applies to public-sector procurement already supply the answer for the narrow set of cases where residual extraterritorial concern is genuinely live. In those cases, the right level of protection is workload-specific and legal-procedural, not provider-nationality exclusion.
Stay inside the Western capability-controls architecture. The Commission’s own Joint Research Centre concluded earlier this month that “digital sovereignty cannot be equated with autarky” and that economic statecraft should be “a careful calibration between insulation and interdependence, in which autonomy is pursued through selective rebalancing rather than full-fledged decoupling.”[41] The current trajectory of the CISPE position and the French line risks defining the EU as an autonomous third pole, which in practice would place it downstream of both the Western and Chinese stacks. Member states supporting the package should resist that framing in Council negotiations.
C. Match Rules to Workloads
CAIDA’s definitions should distinguish between cloud services and AI services, and within AI services between frontier and downstream tiers. Frontier services should include base-model pretraining, frontier-scale inference, and access to frontier proprietary-model APIs. Downstream services should include fine-tuning, open-weight-model inference, and on-premises serving.
If any sovereignty-grade tests survive the negotiation, workload calibration will matter more than the abstract question of whether to impose such tests at all. The proposal’s definitions would benefit from explicit attention to this tier distinction.
Public-procurement frameworks should also decouple legal-sovereignty assessment from operational-capability assessment. SEAL measures the first. An independent benchmark of the ClusterMAX type, or a Commission-developed equivalent, would measure the second.
The Cloud Sovereignty Framework procurement awarded three SEAL-3 contracts and one SEAL-2 contract, but only one of the four providers ranks in the top three tiers of independent operational benchmarking. Procurement design should surface that divergence explicitly when a workload’s value depends on AI-compute capability, not legal-operational sovereignty alone.
[1] Maximilian Henning, EU’s Flagship Tech Sovereignty Package Delayed Again, Euractiv (Mar. 17, 2026), https://www.euractiv.com/news/eus-flagship-tech-sovereignty-package-delayed-again
[2] Cloud and AI Development Act, Eur. Parl. Legisl. Train Schedule (updated Apr. 20, 2026), https://www.europarl.europa.eu/legislative-train/theme-a-new-plan-for-europe-s-sustainable-prosperity-and-competitiveness/file-cloud-and-ai-development-act.
[3] Daniel Nishball et al., AI Value Capture: The Shift to Model, SemiAnalysis (Apr. 30, 2026), https://newsletter.semianalysis.com/p/ai-value-capture-the-shift-to-model.
[4] Joint Letter from European Cloud CEOs, Joint Call for a Sovereign and Resilient European Cloud Policy, Cloud Infrastructure Services Providers in Europe (CISPE) (Mar. 17, 2026), https://www.cispe.cloud/website_cispe/wp-content/uploads/2026/03/Cloud-CEOs-Joint-Letter-March-17-2026-FINAL.pdf.
[5] Kai Nicol-Schwarz, EU Mulls Restricting Use of U.S. Cloud for Sensitive Government Data: Sources, CNBC (May 7, 2026), https://www.cnbc.com/2026/05/07/eu-commission-cloud-sensitive-data.html.
[6] Eur. Comm’n, Commission Advances Cloud Sovereignty Through Strategic Procurement (Apr. 17, 2026), https://commission.europa.eu/news-and-media/news/commission-advances-cloud-sovereignty-through-strategic-procurement-2026-04-17_en.
[7] Dan Robinson, Europe Picks 4 Sovereign Cloud Providers, But One Has Google, The Register (Apr. 20, 2026), https://www.theregister.com/2026/04/20/europe_picks_4_sovereign_cloud.
[8] Jordan Nanos et al., ClusterMAX 2.1: How Much Do GPU Clusters Really Cost?, SemiAnalysis (Apr. 20, 2026), https://newsletter.semianalysis.com/p/how-much-do-gpu-clusters-really-cost.
[9] Nishball et al., supra note 3.
[10] Eur. Comm’n, SEAL Framework (Oct. 2025), https://commission.europa.eu/document/download/09579818-64a6-4dd5-9577-446ab6219113_en.
[11] Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), SecNumCloud — Référentiel Pour les Fournisseurs de Services Cloud, https://cyber.gouv.fr/secnumcloud-pour-les-fournisseurs-de-services-cloud (last visited May 14, 2026).
[12] Nebius Group, Wikipedia, https://en.wikipedia.org/wiki/Nebius_Group (last visited May 14, 2026).
[13] AI Provider Leaderboard, Artificial Analysis, https://artificialanalysis.ai/leaderboards/providers (last visited May 14, 2026).
[14] Cluster TCO and Goodput Methodology, ClusterMAX, https://www.clustermax.ai/tco (last visited May 14, 2026).
[15] Ivan Chiam et al., The Great AI Silicon Shortage, SemiAnalysis (Mar. 12, 2026), https://newsletter.semianalysis.com/p/the-great-ai-silicon-shortage.
[16] Dylan Patel et al., Memory Mania: How a Once-in-Four-Decades Supercycle Began, SemiAnalysis (Feb. 6, 2026), https://newsletter.semianalysis.com/p/memory-mania-how-a-once-in-four-decades.
[17] Nishball et al., supra note 3.
[18] Daniel Nishball et al., The Great GPU Shortage: Rental Capacity, SemiAnalysis (Apr. 2, 2026), https://newsletter.semianalysis.com/p/the-great-gpu-shortage-rental-capacity.
[19] H100 1-Year Contract Price Index, SemiAnalysis, https://semianalysis.com/gpu-pricing-index (last visited May 14, 2026).
[20] Nishball et al., supra note 3.
[21] Eur. Comm’n, Strategic Procurement, supra note 6.
[22] Cluster TCO and Goodput Methodology, supra note 14.
[23] Nishball et al., supra note 3.
[24] Miko?aj Barczentewicz, The EU’s GDPR ‘Fix’ Misses the Point Entirely, Truth on the Mkt. (June 24, 2025), https://truthonthemarket.com/2025/06/24/the-eus-gdpr-fix-misses-the-point-entirely.
[25] Kristian Stout & Miko?aj Barczentewicz, How Not to Use Industrial Policy to Promote Europe’s Digital Sovereignty, Truth on the Mkt. (Oct. 5, 2022), https://truthonthemarket.com/2022/10/05/how-not-to-use-industrial-policy-to-promote-europes-digital-sovereignty.
[26] Eur. Union Agency for Cybersecurity (ENISA), European Cybersecurity Certification Scheme for Cloud Services (EUCS) (Dec. 22, 2020), https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme.
[27] Cloud and AI Development Act, supra note 2.
[28] Henning, supra note 1.
[29] Nicol-Schwarz, supra note 5.
[30] U.S. Bureau of Indus. & Sec., Press Release, Commerce Implements New Export Controls on Advanced Computing and Semiconductor Manufacturing Items to the People’s Republic of China (Oct. 7, 2022), https://www.bis.gov/press-release/commerce-implements-new-export-controls-advanced-computing-semiconductor-manufacturing-items-peoples.
[31] Framework for Artificial Intelligence Diffusion, 90 Fed. Reg. 4543 (Jan. 15, 2025), https://www.federalregister.gov/documents/2025/01/15/2025-00636/framework-for-artificial-intelligence-diffusion.
[32] Dylan Patel et al., DeepSeek Debates, SemiAnalysis (Jan. 30, 2025), https://newsletter.semianalysis.com/p/deepseek-debates.
[33] Samuele Fratini et al., Digital Sovereignty as a Geopolitical Strategy: Navigating Dependencies, Power, and Democratic Resilience in a Changing Global Order, JRC146878, Eur. Comm’n (May 8, 2026), https://publications.jrc.ec.europa.eu/repository/handle/JRC146878.
[34] Shanzay Pervaiz, What Canada’s King vs. OVH Case Reveals, and Affirms, About Cross-Border Data Access, Privacy Across Borders (Feb. 3, 2026), https://privacyacrossborders.org/2026/02/03/what-canadas-king-vs-ovh-case-reveals-and-affirms-about-cross-border-data-access.
[35] AI Factories, Eur. Comm’n Digit. Strategy, https://digital-strategy.ec.europa.eu/en/policies/ai-factories (last visited May 14, 2026).
[36] Mario Zúñiga, Draghi Report Highlights Why to Be Wary of the ‘Brussels Effect’, Truth on the Mkt. (Sept. 26, 2024), https://truthonthemarket.com/2024/09/26/draghi-report-highlights-why-to-be-wary-of-the-brussels-effect.
[37] Eur. Comm’n, Press Release IP/26/614, Commission Presents Proposal for EU Inc.—Unlocking the Full Potential of the Single Market for Europe’s Entrepreneurs (Mar. 18, 2026), https://ec.europa.eu/commission/presscorner/detail/en/ip_26_614.
[38] EU Inc. Petition, EU-Inc.org, https://www.eu-inc.org/petition (last visited May 14, 2026).
[39] Luca Enriques, Casimiro A. Nigro & Tobias H. Tröger, Why the 28th Regime Proposal Falls Short of Europe’s Challenge, Oxford Bus. L. Blog (Mar. 2026), https://blogs.law.ox.ac.uk/oblb/blog-post/2026/03/why-28th-regime-proposal-falls-short-europes-challenge.
[40] Stout & Barczentewicz, supra note 25.
[41] Fratini et al., supra note 33.