Cloud computing Archives | Digital Watch Observatory

Europe’s digital crossroads: Key takeaways from CPDP 2026

The Computers, Privacy and Data Protection (CPDP) conference is an annual gathering that brings together academics, policymakers, industry representatives, civil society, students, and EU institutions to discuss emerging digital policy challenges. This year’s theme was ‘Competing Visions, Shared Futures’, the 19^th in the series, and it hosted approximately 150 panels over the span of 3 days in Brussels.

What is CPDP?

CPDP’s value lies in its multidisciplinary approach. With academics presenting their work or debating topical issues, as well as with industry and policy experts bringing their expertise to the table, the event creates a space for honest conversations among participants.

The conference is sponsored by organisations such as Google, TikTok, Apple, as well as the European Data Protection Supervisor (EDPS), European Union Agency for Fundamental Rights (FRA) and VBU. Google even presented its Banana AI model in a photo booth, allowing participants to modify photos they took in the booth.

Alongside panels, CPDP hosts an array of workshops, short films, artwork, radio programming, promotion booths, dedicated DPO, youth, finance and IT tracks, book launches, and pop-up exhibitions. The event always closes the day in style with an open bar and a party to chat and network at.

CPDP is not a typical conference with just panels, attendees, moderators, and lengthy speeches. The conference inspires creativity and gives the freedom to achieve it. This was proven by the diverse topics showcased in the event’s schedule over the three days.

From a fireside chat with the artist, Simon Denny, behind the conference’s art, who uses AI as a medium in some of his work, to typical discussions about the Digital Omnibus or tracking period apps, all the way to an exiled journalist talking about Russian internet censorship. There was something for everyone.

What was presented?

The breadth of topics discussed at CPDP offers insight into the issues currently shaping Europe’s digital policy agenda. There were approximately 150 panels in total, with data protection, AI, the Digital Omnibus and the topics of digital sovereignty receiving the most attention. Data protection received the most attention overall, as 33 panels were dedicated to the topic. This was followed by 26 panels on AI, 12 on the Digital Omnibus, 10 on digital sovereignty, and 7 on child-related protection.

The distribution of panels reflects the growing prominence of AI in digital policy discussions. However, data protection topics, including privacy and the GDPR, are still the frontrunners in terms of topic relevance. Newer and emerging topics reveal what is topical in the digital world.

Growing concerns over US tech reliance have intensified discussions about EU digital sovereignty. Alongside this, another heavily debated and sensitive topic is child protection in the online context and its generative AI implications, which raises questions about how to better protect children online.

People, Person, Crowd, Adult, Female, Woman, Electrical Device, Microphone, Accessories, Bag, Handbag, Audience, Jewelry, Necklace, Electronics, Speaker, Male, Man, Clothing, Footwear, Shoe, Indoors, Speech, Carrie Vaughn, Vian Dakhil

Emerging topics at CPDP

Digital sovereignty is a challenging topic as it encompasses a lot and has yet to be defined, meaning that taking action can look different for a wide variety of actors. Several discussions framed digital sovereignty as a pathway towards greater digital independence and reduced reliance on external technology providers. In order to try to achieve digital sovereignty, public procurement should be steered away from non-EU actors and towards EU businesses to develop a European stack.

Yes, private partnerships are important, but public ones set the tone. Several participants argued that public procurement choices will play an important role in determining whether EU can strengthen domestic digital capabilities and reduce strategic dependencies. Digital sovereignty needs to come from all corners of the market and society; that is the challenge.

A very interesting panel on data protection and AI, the GDPR, and privacy occurred. In Academic Session I, Stephanie von Maltzan presented findings about her groundbreaking research on LLM unlearning. The larger the LLM, the more data points it will be trained on and the more complex its ‘web’ will be.

Removing data points is not a common practice, given how data points interact with each other, meaning that complexity overrides certain fundamental rights. For example, when data subjects invoke their right to erasure under Article 17 of the GDPR, they may request that certain data be deleted in an LLM, yet this request is difficult to carry out in practice.

The research highlights one of the emerging challenges at the intersection of AI governance and data protection. She presents a two tier model in which the actively deployed LLM is accompanied by a parallel ‘shadow’ model.

After receiving a valied erasure request, the ‘shadow model’ would undergo the necessary unlearning processes to remove the relevant data. In the second tier, in a scheduled update, the ‘shadow’ model, which had undergone unlearning, would replace the initial LLM, thereby upholding data subject requests.

MIT researchers propose fix for LLM catastrophic forgetting.

Apart from these insightful exchanges of knowledge on AI, digital sovereignty and data protection, the conference offered practical workshops on how to brainstorm re-writing the proposed Article 88b of the Omnibus, data protection officer and cybersecurity crisis scenarios, as well as open conversations about how to protect children in online environments.

Remaining questions

The conference also highlighted several unresolved policy questions that continue to shape European digital governance debates.

Regarding the Digital Omnibus, would companies scale up overnight if we removed regulations?
Does digital sovereignty need/have a definition, or should it be left to the meaning of ‘digital independence’?
Open markets vs data protection, where is the balance?
Regarding digital sovereignty, which clouds should be used in the EU?
Should simplification mean using the once-used definition of personal data by the CJEU, or sticking to the definition relied on in law, cases, and practice?
In order to protect EU sovereignty, should parts of the stack be a public utility?

Why does it matter?

CPDP 2026 demonstrated that while privacy and data protection remain central pillars of European digital policy, debates around AI governance, digital sovereignty and online child protection are rapidly gaining prominence.

The discussions highlighted the growing challenge of balancing innovation, competitiveness, fundamental rights and strategic autonomy as Europe defines its digital future.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NGI Commons outlines expectations for the EU Tech Sovereignty Package

NGI Commons has outlined expectations for the European Union’s forthcoming Tech Sovereignty Package, a policy initiative aimed at strengthening Europe’s control over critical digital technologies and reducing reliance on non-European providers.

The initiative is expected to focus on semiconductors, cloud computing, AI and open-source software. According to NGI Commons, the package aims to align and simplify existing policies rather than introduce a new layer of regulation.

The framework builds on recommendations from Mario Draghi’s report on European competitiveness and seeks to support innovation, competitiveness and the EU’s broader objective of open strategic autonomy. A central element of the proposal is the recognition of open technologies as digital commons that underpin Europe’s digital ecosystem.

The analysis argues that open-source software should be treated as strategic infrastructure and supported through long-term funding, coordinated development efforts and greater public-sector adoption to strengthen digital resilience and security.

The report notes that challenges remain, including securing long-term funding, managing the growing energy demands of AI infrastructure and attracting investment, as policymakers seek to balance technological sovereignty with competitiveness.

Why does it matter?

The Tech Sovereignty Package is expected to shape how Europe approaches critical technologies such as semiconductors, cloud services, AI and open-source software in the coming years.

By treating open technologies as strategic infrastructure, policymakers could strengthen digital resilience, reduce external dependencies and support the EU’s broader goal of technological sovereignty while maintaining competitiveness in the global digital economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NVIDIA expands global AI Cloud network to support sovereign and agentic AI

NVIDIA has announced a major expansion of its AI Cloud ecosystem, supporting the rapid global deployment of AI factory infrastructure designed to meet growing demand for agentic AI, physical AI, sovereign AI and large-scale inference workloads.

The initiative aims to expand access to high-performance computing resources for enterprises, startups, governments, researchers and AI developers worldwide.

According to NVIDIA, the ecosystem now spans six continents, with new partners expanding AI Cloud infrastructure across multiple regions. The company said the expansion is intended to bring AI computing resources closer to users, industries and national AI initiatives while supporting regional and sovereign AI requirements.

Several cloud providers are expanding infrastructure to support advanced AI applications, including model training, fine-tuning, inference and AI agent development. Companies including CoreWeave, Firmus, Nebius and others are deploying new AI factories capable of supporting model training, fine-tuning, inference and AI agent development.

The expansion also includes support for emerging physical AI and robotics workloads through platforms such as NVIDIA Cosmos and Isaac.

NVIDIA also highlighted growing adoption of its DSX platform, which is designed to help cloud providers deploy and manage AI factories more efficiently. The company said AI infrastructure is increasingly being assessed using metrics such as cost per token, energy efficiency and infrastructure utilisation, rather than raw computing capacity alone.

Why does it matter?

The expansion highlights the growing importance of AI infrastructure as governments and companies compete to secure the computing resources needed for advanced AI systems. Access to large-scale computing capacity is increasingly viewed as a strategic asset, particularly as countries pursue sovereign AI initiatives and seek greater control over critical digital infrastructure.

The announcement also reflects a broader shift in the AI industry, where demand is expanding beyond model training to include inference, autonomous agents and robotics applications, placing new emphasis on infrastructure efficiency, energy use and geographic distribution of computing resources.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Digital Networks Act debate heads to Florence

A conference at the European University Institute in Florence will examine the proposed Digital Networks Act and its implications for the EU regulatory framework for electronic communications.

The event, titled ‘Digital Networks Act for a competitive and secure Europe’, will take place on 28 and 29 May 2026 at the EUI campus and online. It will bring together policymakers, regulators, industry representatives, and academics to assess how the proposal could reshape digital network governance in Europe.

The conference will focus on the Digital Networks Act as a shift from the existing directive-based telecom regime to a directly applicable regulation. Discussions will examine how the proposal could constrain national discretion, centralise selected decisions at the EU level, reduce implementation delays, and address regulatory fragmentation affecting the digital single market.

The proposed Act would repeal and consolidate several core EU telecom instruments, including the European Electronic Communications Code, the BEREC Regulation, the Radio Spectrum Policy Programme, and selected provisions of the Open Internet Regulation and the ePrivacy Directive.

The event will place the proposal in the context of the Commission’s 2023 exploratory consultation on the future of the electronic communications sector, the 2024 White Paper on Europe’s digital infrastructure needs, the 2025 Call for Evidence, and wider debates on competitiveness, resilience, scale, and Europe’s digital economy.

Speakers will also discuss delays in transposing the European Electronic Communications Code, which was due by December 2020 but was fully transposed across all the EU member states only in 2024. The delays are presented as an example of the limits of a directive-based approach, particularly for spectrum assignment, 5G deployment, and convergence with cloud, edge, and AI-enabled infrastructure.

Across keynote addresses and thematic panels, participants will examine access regulation, symmetric and asymmetric remedies, copper switch-off, spectrum and satellite governance, market structure and consolidation, and resilience in digital networks.

Why does it matter?

The conference reflects the growing importance of the Digital Networks Act debate for Europe’s connectivity and digital infrastructure agenda. Moving from a directive-based telecom framework to a directly applicable regulation could shift more decisions to the EU level, reduce national divergence, and reshape how Europe governs spectrum, access regulation, network resilience, satellite connectivity, and future infrastructure linked to cloud, edge, and AI.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

CrowdStrike disrupts Glassworm botnet targeting software developers worldwide

CrowdStrike has announced the coordinated disruption of the Glassworm botnet, a cyber operation targeting software developers through open-source software supply chains.

Working with Google and the Shadowserver Foundation, the cybersecurity company said it simultaneously disabled four command-and-control channels used by the malware infrastructure.

According to CrowdStrike, Glassworm targeted developers through trojanised VSCode extensions, malicious npm and Python packages, and compromised GitHub repositories containing poisoned code. The campaign affected Windows, macOS, and Linux systems and targeted the theft of developer credentials and the maintenance of persistent access to development environments.

CrowdStrike said the botnet had compromised hundreds of GitHub repositories using stolen developer credentials, posing risks to downstream software supply chains. The company warned that attackers are increasingly targeting developers because compromising a single workstation, repository, or package can spread malicious code across many organisations, services, and users.

The company also highlighted the growing resilience of cybercriminal infrastructure. It said Glassworm combined blockchain technology, peer-to-peer systems, legitimate online services, and traditional servers to make takedown attempts more difficult.

The disruption cuts off the botnet’s known command-and-control channels, but CrowdStrike said organisations should continue checking for compromised developer environments, malicious packages, and exposed credentials.

Why does it matter?

The Glassworm campaign shows how developer tools and open-source ecosystems have become critical attack surfaces. Rather than attacking only large enterprises directly, threat actors can compromise repositories, extensions, libraries, or credentials used by developers and then move through the software supply chain. Such attacks can create cascading risks for cloud services, enterprise software, financial systems, public services, and other organisations that rely on shared code and development infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Study says AI is rewiring global trade and reshaping economic power

A new Allianz Research report argues that AI is transforming global trade, supply chains, digital infrastructure, and geopolitical influence.

The report says AI growth increasingly depends on global semiconductor production, cloud infrastructure, hyperscale data centres, and cross-border digital services. It also argues that trade is increasingly shaped by who controls AI infrastructure, data flows, and cloud capacity.

Allianz Research says exports of AI-enabling goods rose from USD 1 trillion in 2014 to USD 3.8 trillion in 2025, accounting for 15% of global trade and far outpacing overall goods trade growth. Asia dominates the supply side, accounting for 65% of global AI-related exports and seven of the top ten exporters, led by China, Taiwan, and Hong Kong.

The report also highlights the United States’ role as a centre of hyperscale AI infrastructure. It says the US has tripled its AI-related imports since 2023 and is home to 5,427 operational data centres, equivalent to 45% of the global total.

Europe faces a different challenge. According to Allianz Research, the region has less than 10GW of operational data-centre capacity, compared with 60GW in the US, while US hyperscalers already control 35% of European computing capacity and are consolidating a 70% share of the cloud market. The report points to fragmented regulation, complex permitting processes, grid connection delays, limited funding, and the absence of a domestic hyperscaler as factors that reinforce European dependence.

The study also warns that AI diffusion could widen EU-US service imbalances by requiring recurring payments to American AI providers and cloud platforms. In a high-adoption scenario, annual payments by eurozone users to US AI services providers could rise from EUR 2.7 billion to EUR 34 billion, according to the report.

Allianz Research concludes that AI governance, industrial policy, export restrictions, subsidies, and digital trade regulation are becoming central components of global economic competition. Governments are increasingly treating semiconductors, cloud infrastructure, data centres, and AI services as strategic assets linked to national security, economic resilience, and geopolitical influence.

Why does it matter?

The report frames AI as a trade and industrial policy issue, not only a technology story. Its findings suggest that control over semiconductors, cloud infrastructure, data centres, and AI services could shape which economies capture AI-driven productivity gains and which become more dependent on foreign platforms, supply chains, and infrastructure. For Europe, the key concern is a possible double dependence on US cloud and AI services and Asian hardware supply chains.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

European Union reviews platform power in third annual Digital Markets Act report

The European Commission has published its first formal review of the Digital Markets Act, assessing how the regulation is affecting large online platforms and digital market competition across the European Union.

The review says the DMA has already produced visible changes in some areas, including greater user choice through third-party app stores and prompts allowing users to select browsers or search engines. However, it also points to continuing challenges in implementation and enforcement.

Enforcement has become a central part of the assessment. In April 2025, Apple was fined €500 million for blocking developers from directing users to cheaper purchasing options, while Meta was fined €200 million over its ‘consent or pay’ model. Both companies are appealing the decisions.

The Commission also highlighted ongoing compliance and procedural difficulties. According to the review, investigations are taking around twice as long as the 12-month target, while legal procedures are being used to slow compliance.

The assessment raises broader questions about whether the DMA should eventually cover fast-growing areas such as AI tools and cloud platforms. The review presents the regulation as an evolving framework whose long-term impact will depend on consistent enforcement and adaptation to new market realities.

Why does it matter?

The review indicates that the Digital Markets Act is transitioning from establishing rules to a more challenging phase of enforcement. Initial changes suggest that the law is starting to influence the behaviour of platforms. However, delays, appeals, and uncertainties regarding AI and cloud services demonstrate that the European Union’s digital competition framework will need to continuously adapt as the power of platforms shifts into new areas of the digital economy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

EU lawmakers challenge confidentiality rules on data centre emissions data

A group of 35 Members of the European Parliament has called on the European Commission to review confidentiality rules affecting public access to environmental data from data centres. The request focused on the disclosure of information related to emissions, energy use, and water consumption.

According to reporting by Investigate Europe, the disputed wording was linked to proposals submitted during consultations by Microsoft and DIGITALEUROPE. The clause was later incorporated into the EU Energy Efficiency Directive and limits disclosure of certain information related to individual data centres.

Critics argue that the measure may reduce transparency regarding the environmental impact of expanding digital infrastructure. Some lawmakers and advocacy groups have also raised questions about compatibility with transparency principles under the Aarhus Convention. Reports said critics believe the rules reduce scrutiny of the environmental impact linked to expanding AI and cloud infrastructure.

The lawmakers called on the European Commission to reconsider the provision and publish more detailed environmental reporting data. The issue has contributed to broader discussions in the EU regarding environmental accountability and oversight of digital infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

CMA opens Strategic Market Status investigation into Microsoft business software

The UK Competition and Markets Authority has opened a Strategic Market Status investigation into Microsoft’s business software ecosystem, marking another major step in the country’s digital competition regime.

The investigation will examine Microsoft’s position across workplace software products widely used throughout the UK economy, including productivity software, personal computer and server operating systems, database management systems, security software and its growing AI assistant ecosystem, including Copilot. The CMA said more than 15 million commercial users across the UK rely on Microsoft’s software ecosystem.

Regulators will assess whether Microsoft has Strategic Market Status in business software and whether its position may limit customer choice. The CMA said it will examine concerns linked to product bundling, interoperability limits and default settings that could make it harder for businesses and public-sector organisations to switch providers or combine Microsoft tools with competing products.

The authority will also examine how competing AI services can integrate with Microsoft’s business software as workplace tools increasingly incorporate AI and agentic AI functions. The CMA said customers should be able to access software and AI services from a range of suppliers rather than being locked into a single ecosystem.

Cloud competition concerns are also linked to the probe. An SMS designation would allow the CMA to consider targeted interventions related to Microsoft’s software licensing practices, which were previously identified as reducing competition in cloud services.

The CMA will gather evidence from Microsoft, customers, rivals, challenger technology firms and other stakeholders before deciding whether to designate Microsoft with Strategic Market Status. The regulator said the investigation does not assume wrongdoing and that any future interventions would depend on the evidence and relevant legal tests.

Why does it matter?

The investigation shows how digital competition oversight is moving deeper into enterprise software, cloud infrastructure and AI-enabled workplace tools. As products such as Copilot become embedded in systems used by businesses and public services, regulators are increasingly treating interoperability, bundling and switching costs as strategic competition issues rather than narrow technical questions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic launches Claude Platform on AWS with managed AI agent tools

Anthropic has made Claude Platform on AWS generally available, giving AWS customers access to Claude Platform features through AWS authentication, billing and infrastructure integrations.

The platform includes Claude Managed Agents, code execution, web search, web fetch, prompt caching, batch processing, citations, support for the Files API, and support for Skills and MCP connectors. Anthropic said new Claude models and beta tools will become available on AWS at the same time they launch on the native Claude API.

Authentication runs through AWS Identity and Access Management, while audit logging is handled through AWS CloudTrail and billing through a single AWS invoice. Anthropic said the service is designed for organisations seeking native Claude Platform functionality while staying within existing AWS credentials, permissions and operational workflows.

The company also clarified the distinction between Claude Platform on AWS and Claude on Amazon Bedrock. Under the new platform, Anthropic operates the service and data is processed outside the AWS boundary.

By contrast, Claude on Amazon Bedrock keeps AWS as the data processor and operates within the AWS boundary, making it more suitable for customers with strict regional data residency requirements or those needing data processed exclusively within AWS infrastructure.

Why does it matter?

The launch shows how competition between major AI providers is shifting towards enterprise deployment, cloud integration and agent-based automation. For organisations, the choice is no longer only about model performance, but also about where data is processed, how access is controlled, how audit logs are handled and whether AI agents can be deployed within existing cloud governance systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!