Across Europe, conversations are taking place about reducing dependence on US tech and moving towards European technology solutions. In a world which at times feels like it has shifted on its axis, it’s becoming clear that this movement is about more than just technology. The shift away from US tech is about reducing reliance and protecting infrastructure, but also about protecting the fundamental principles that define us as a society. Europe’s focus on data privacy, transparency, and democratic values can often feel in direct conflict with the US approach. In this article, we look at what’s at stake and what Europe is doing about it.
What is the actual problem?
Democratic decline
Recent reports warn that the United States is no longer considered a full liberal democracy. There are alarming declines in electoral integrity, media freedom, and the rule of law. This erosion of democratic norms in the US is unprecedented in modern history — and when this backsliding coincides with America’s dominance over global tech infrastructure, the risks for Europe become impossible to ignore. Politically, economically, and socially, Europe’s reliance on US-controlled platforms now poses a direct threat to its own democratic values and digital autonomy.
If the US decides to “turn off the lights” on its IT platforms for strategic or political reasons, Europe could be left in the dark. As Inga Strümke noted in Aftenposten, Norway’s reliance on US tech means that a single geopolitical decision could plunge critical infrastructure — from government communications to healthcare systems — into chaos. This isn’t hypothetical. It’s a wake-up call for Europe to secure its digital independence before it’s too late.
When critical digital infrastructure is controlled by foreign corporations subject to US political whims and US laws (like the CLOUD Act), Europe risks losing control over its own data — and by extension, its democratic processes. Europe’s reliance on US tech is more than a question of privacy — it’s a sovereignty crisis.
Read: Democracy: Why Our Shared Values Matter More Than Ever
Surveillance capitalism
At the heart of US tech dominance lies surveillance capitalism — a business model that treats personal data as a commodity to be extracted, analyzed, and monetized. Your emails, searches, and online activity aren’t just processed; they’re harvested, packaged, and sold, often without your knowledge or consent.
The contrast is stark. While European societies prioritize citizens’ rights, transparency, and democratic accountability, US tech giants prioritize economic growth and commercial gains. Any accountability happens through lawsuits or public backlash. Their influence is vast: from Google Chromebooks shaping education in schools to Meta’s algorithms dictating what we see and believe, and from Microsoft managing the data of European governments to Amazon controlling the cloud infrastructure of public institutions.
The reach into education is particularly concerning. Google and Microsoft have embedded themselves into European classrooms through Chromebooks and Office 365 for Education — often for free or at very low cost — normalizing data collection from an early age and creating brand loyalty before children are old enough to question it.
The issue runs deeper than just infrastructure. Most of us have embraced social media as a tool for sharing and accessing information — whether as individuals, corporations, organizations, and even governments. In doing so, we’ve given up control over the flow of information to entities that prioritize profit over public good. This leads to an erosion of social cohesion and a decrease of trust in democratic institutions — all for monetary gain.
A report by a Danish expert panel looking into the influence of tech giants stated that tech should empower individuals, not exploit them for financial gain:
“No one should be forced to use the services of tech giants to get information and participate in social, cultural, and democratic communities.”
Read: The Power of Big Tech
Recent incidents, such as Copilot’s ability to bypass administrative controls and access confidential emails, have made it clear that privacy cannot be trusted to companies whose profits depend on data exploitation.
Read: Are AI Tools such as Gemini Reading Your Emails?
Your data, American rules
Europe has some of the strongest data protection laws in the world. The General Data Protection Regulation (GDPR) was built on a clear principle: your data belongs to you, and anyone handling it has to answer for how they use it. But there’s a fundamental problem — when your data is handled by a US owned company, it is subject to US law. No matter where the data lives.
When you use Gmail, scroll through Facebook, or search on Google, your data is being handled by US companies and is subject to US law such as the CLOUD Act. It doesn’t matter that you’re sitting in Oslo or Copenhagen — the moment your data touches their systems, it’s within reach of US authorities.
Read: Is your email safe? Why storing data in the US is becoming riskier
If a European hospital stores patient records on Microsoft Azure cloud services, or a government ministry runs its communications through Google’s infrastructure, GDPR compliance on paper doesn’t mean much in practice. Even if your data is sitting on servers physically located in Frankfurt or Amsterdam, if those servers are owned by a US company, the data is still reachable by US authorities. The CLOUD Act allows American authorities to demand access to data held by US companies anywhere in the world.
This isn’t speculation — it has already been tested in court. Europe tried to create a framework to ensure that US companies handling European data would meet GDPR standards, with the EU-US Privacy Shield. But it was struck down in 2020 by the Schrems II ruling, because US government surveillance programs made genuine protection impossible to guarantee.
When Microsoft is building new data centers in Germany, all data stored there still falls under US jurisdiction. Just because the data lives in Europe does not mean it is protected by GDPR. In spite of their “digital resilience” and EU Boundary commitment, Microsoft remains a US company subject to US laws.
And AI makes this more urgent. Microsoft’s Copilot is now embedded by default in Office 365 — software still used by governments, hospitals, and schools across Europe. That means AI tools can actively process sensitive European data within US-owned infrastructure, often without users fully understanding what is being accessed or retained.
Read: Runbox vs. the CLOUD Act
The tide is turning
Europe isn’t just talking about digital sovereignty anymore — it’s building infrastructure to support it. Across the continent, governments, institutions, and private investors are putting real money and political will behind alternatives to US tech dominance.
At the institutional level, the European Commission is developing new regulations to shield critical infrastructure and government data from foreign jurisdiction. The European Central Bank has already made a pointed move, stepping away from Amazon Web Services in favor of a European cloud provider — a signal that even the continent’s most consequential financial institutions are treating this as a strategic priority, not just a compliance checkbox.
Private capital is following too. European cloud providers like STACKIT, Hetzner, and OVHcloud are growing fast, and not just because governments are shifting procurement. Organizations across Europe are actively looking for alternatives — because the legal and reputational risk of keeping data on US-owned infrastructure has become too hard to ignore.
This isn’t just organic market growth — it’s being backed by serious investment. The EU’s Gaia-X initiative is working to build a federated European cloud infrastructure, and the European Commission has committed billions through programs like the Digital Europe Programme and Horizon Europe to fund sovereign tech development. The goal is straightforward: ensure that the infrastructure supporting European society is owned, operated, and governed by Europeans.
The Netherlands recently struck a deal with STACKIT after Dutch regulators sounded the alarm on government infrastructure vulnerability. Last year, reports surfaced that Microsoft had blocked access to the email account of the International Criminal Court’s chief prosecutor, as part of US sanctions policy. The move was seen by some in The Hague that digital infrastructure can be used as geopolitical leverage.
If we do nothing, we are asking for trouble.
– Barbara Kathmann, MP, in Dutchnews.nl
The Netherlands is not alone. Denmark’s Ministry of Digitalisation, along with cities like Copenhagen and Aarhus, has already begun phasing out Microsoft Office 365, Windows, and cloud services in favor of open-source alternatives like LibreOffice and Linux. Norway’s Socialist Left Party is exploring similar measures. This is driven by economics as well as principle — Microsoft costs for Copenhagen rose 72% between 2018 and 2023.
If we only use their solutions, it makes our society extremely vulnerable in a world that is changing with pressure from great powers, geopolitical tensions, and a technology race. That is why we must develop our own solutions.
– Morten Bodskov, Denmark’s Minister for Industry, Business and Financial Affairs
Being part of the shift
None of this is easy. Legacy infrastructure, retraining costs, and the convenience of US platforms are real obstacles. But the building blocks are being put in place — at the institutional level, at the municipal level, and in the market. The infrastructure is being built. The question is whether it can happen fast enough.
For individuals and organizations, the good news is that you don’t have to wait for governments to act. Every time you choose a European provider over a US one, you’re not just protecting your own data and making a principled choice — you’re helping make European alternatives viable. As AI tools like Copilot and Gemini become more embedded in everyday software, the risks of data exposure will only grow, and the cost of doing nothing will too.
At Runbox, we’ve spent over two decades proving that email can be private, secure, and independent. As a Norwegian company, we operate under some of the world’s strongest data protection laws. Your emails are never scanned, mined or sold. Your data stays in Europe — because that’s where it belongs.
Read: Meet Runbox