France wants to move 2.5 million government computers off Windows. The European Commission just handed €180 million in cloud contracts to local firms, snubbing Amazon. And across the continent, everyone from German bureaucrats to Italian hospitals is suddenly talking about ditching US software.
It sounds like a turning point. It isn’t. Not yet.
The reality is messier. Europe’s push for “digital sovereignty” has been accelerating for years, but the gap between political headlines and actual migration remains vast. And for any organisation trying to follow suit, the path is full of traps.
Why Now
The 2018 US CLOUD Act changed everything. It forces American tech companies to hand over data to US law enforcement, even if those servers sit in Frankfurt or Dublin. That means a French hospital storing patient records on Microsoft Azure or a German logistics firm using AWS cannot fully escape US jurisdiction.
For years, this was an abstract legal risk. No longer. With transatlantic relations deteriorating and American tech billionaires becoming increasingly vocal, European governments are finally treating sovereignty as an operational necessity.
But here is the uncomfortable truth. Most European alternatives are not ready for prime time. France’s in-house Zoom competitor, Visio, has been criticised by the country’s own auditors. Qwant, once touted as a Google killer, secretly relied on Microsoft’s Bing. Even the Commission’s shiny new sovereign cloud contracts include providers that depend on a Google joint venture.
Call it sovereignty washing. A European logo does not guarantee independence.
The French Paradox
Consider France. The same government moving millions of computers off Windows just renewed its domestic intelligence agency’s contract with Palantir, the controversial American data analytics firm. No European alternative could match its capabilities.
That is not hypocrisy. It is pragmatism. Some American tools are genuinely better, or genuinely entrenched, or simply too expensive to replace without breaking the budget. Procurement officers have fiduciary duties. They cannot choose an inferior product just to make a statement.
This is the real sticking point. For every Mistral AI winning customers as an OpenAI alternative, there are a dozen European startups that cannot scale, cannot integrate or cannot match the user experience of their US rivals. Open source software like Linux and LibreOffice offers an escape route, but it requires skilled engineers, careful migration planning and serious change management. The software may be free. The transition is not.
Private Sector, Public Ambition
The divergence between public and private sectors tells you everything. While governments announce bold decoupling targets, Lufthansa and Air France have both adopted Starlink for in-flight WiFi. Even France’s state-owned railway, SNCF, is considering it.
That is not defeatism. It is a rational response to a market where European alternatives simply do not exist at the same scale. Elon Musk was blunt when Poland criticised Starlink. “There is no substitute,” he said. European governments want to prove him wrong, but building a substitute takes years and billions of euros.
The Commission’s strategy of spreading contracts across multiple providers is smart for resilience but terrible for creating a European champion. Diversification does not produce a trillion-dollar company. And without a champion, private sector adoption will remain slow.
Where the Real Work Happens
The organisations actually succeeding in this transition are not making headlines. They are quietly auditing their dependencies, identifying their riskiest data flows and migrating the most sensitive workloads first. They are not trying to replace everything at once.
What they have discovered is that some European alternatives are genuinely better for specific use cases. That open source, properly deployed, offers not just sovereignty but lower long-term costs. That vendor lock-in is not inevitable. It is a condition that can be engineered away.
Firms like Totus Technologies specialise in this methodical approach. They begin with a discovery audit, mapping every platform, dependency and data flow. Nothing is assumed. From there, they design a phased migration tailored to the organisation’s specific risk tolerance and operational constraints.
Crucially, their mandate is to give clients full ownership of their technology stack. No new dependencies. No hidden backdoors. The goal is to transfer full code ownership and key management to internal teams. Success is measured by how quickly the client no longer needs them.
The Enforcement Gap
There is another problem. Europe has excellent regulations, the GDPR, the DMA, the Data Act. But enforcement has been weak. One open source company recently withdrew an antitrust complaint against Microsoft after four years of inaction. The agreement requiring EU consultation with the US government before enforcing laws against American firms has not helped.
This creates a circular trap. European providers struggle for market share because US incumbents are entrenched. Regulators struggle to enforce competition rules because of political constraints. Procurement officers hesitate to take risks on alternatives when the legal landscape is uncertain.
What Comes Next
The next twelve months will separate rhetoric from reality. The EU is expected to ramp up enforcement of sovereignty rules, particularly for health, energy and finance. The political temperature will remain high.
The goal is not to build a walled garden. It is to ensure that your boardroom decisions cannot be vetoed by a server in Virginia or a subpoena from California. That is not paranoia. That is just good risk management.
This article is sponsored by Totus Technologies. For a structured audit of your organisation’s digital dependencies and a phased roadmap to operational independence, visit totustechnologies.com.
