ARTICLE 19 urges EU to rethink its Cloud and AI Development Act

ARTICLE 19 has urged the European Commission to shift the focus of its proposed Cloud and AI Development Act, warning that building more data centres will not, by itself, reduce Europe’s dependence on major US cloud providers.

The organisation submitted its position in response to the Commission’s call for evidence on the planned legislation. The Act is intended to strengthen Europe’s cloud and AI infrastructure.

Cloud computing allows organisations to rent computing power, storage, databases, and software over the internet instead of operating all of these systems themselves. Much of this market is controlled by three companies: Amazon Web Services, Microsoft Azure, and Google Cloud. These companies are often called hyperscalers because they operate very large global cloud networks.

ARTICLE 19 argues that the Commission is treating Europe’s cloud challenge mainly as a shortage of physical infrastructure. According to the submission, Europe already has significant capacity in basic services such as servers, storage, and networking.

The larger problem, it says, is at the software and platform level. Organisations may be able to move their data to another provider, but changing the software, databases, identity systems, and the work processes built around a single cloud platform can require rebuilding much of their operations.

This is known as vendor lock-in. It means that an organisation becomes so dependent on one provider’s systems that switching becomes expensive, slow, or technically difficult.

ARTICLE 19 divides cloud services into three broad levels. Infrastructure as a Service covers basic servers, storage, and networking. Platform as a Service includes managed databases, web hosting, and file storage. Software as a Service includes complete products such as productivity tools, identity systems, and AI services.

The submission argues that Europe is relatively competitive at the basic infrastructure level but has fewer alternatives at the platform and software levels. This is where the largest cloud companies have built integrated systems that are difficult to replace.

ARTICLE 19 also raises concerns about possible artificial scarcity. It cites research suggesting that large cloud providers may reserve data centre capacity even when they do not immediately need it. The organisation argues that this can restrict competitors’ access, raise prices, and create the impression that Europe needs more data centres.

The submission recommends requiring cloud companies to publish information about available capacity, location, use, and pricing. It also proposes a European Digital Resources Exchange, a public marketplace where customers could compare cloud capacity, prices, and contract terms from different providers.

ARTICLE 19 further calls for EU investment in open-source cloud services. It argues that Europe already has strong open-source projects, but many lack the billing systems, compliance tools, support, and integrations needed by large organisations.

The submission links cloud concentration to risks for public institutions, media organisations, universities, and civil society groups. A major outage at one provider can disrupt many services at the same time. A cloud company may also be able to remove an entire platform from its infrastructure, affecting access to information without a transparent public process.

ARTICLE 19 also warns of what it calls ‘cloud drift’. This can happen when a public institution gradually shifts its work to align with the commercial priorities and technical constraints of its cloud provider. Over time, it may lose internal expertise and become less able to make independent decisions.

The organisation recommends changing public procurement rules so that authorities can consider resilience, human rights, and the ability to leave a provider, rather than focusing mainly on price and performance. It also calls for essential service providers to map their cloud dependencies, avoid relying on a single company, and maintain practical exit plans.