The European Commission has proposed Chips Act 2.0, a new framework intended to strengthen Europe’s semiconductor ecosystem and build on the original European Chips Act.
The proposal aims to boost the EU’s competitiveness, technological sovereignty, and resilience while improving crisis preparedness in semiconductor supply chains. It forms part of the Commission’s wider European Technological Sovereignty Package, alongside the Cloud and AI Development Act, an Open Source Strategy, and a roadmap for digitalisation and AI in the energy sector.
The Commission says the EU remains structurally dependent on third countries for semiconductor design and manufacturing, including advanced and leading-edge chips needed for AI. It also points to gaps in crisis preparedness, noting that existing mechanisms rely heavily on voluntary information sharing outside crises and do not provide sufficient, timely supply-chain intelligence.
Chips Act 2.0 would support both mainstream and advanced semiconductors, including AI chips. Measures are expected to include stronger research and innovation support, faster permitting, supply-chain information tools, Semiconductor Regions of Excellence, skills investment, strategic projects, and innovation procurement.
The proposal also places greater emphasis on demand-side measures, including support for public procurement and industrial uptake of European semiconductor technologies. The Commission argues that stronger local demand can reinforce local supply, shorten supply chains, and better align European production capacity with the needs of strategic sectors.
The initiative complements the EU’s broader technological sovereignty agenda. The Commission says Chips Act 2.0 should help reduce strategic dependencies, improve security of supply, support industrial scale-up, and strengthen Europe’s role in semiconductor technologies needed for AI, cloud, defence, automotive, energy, and other critical sectors.
Why does it matter?
The Chips Act 2.0 shows how the EU is shifting from an emergency response to the global chip shortage to a broader semiconductor industrial strategy. The proposal links chip policy directly to AI competitiveness, cloud infrastructure, defence, energy, automotive supply chains, and technological sovereignty. Its emphasis on demand-side measures also matters: Europe is not only trying to attract semiconductor production, but also to create stronger domestic markets for European chip technologies.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The package includes two legislative proposals, the Chips Act 2.0 and the Cloud and AI Development Act, alongside an Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy.
The Commission said the measures are designed to support Europe’s ambition to become an AI continent, strengthen digital autonomy, build a more sustainable digital future, and widen choice in core technologies for businesses, citizens, and public administrations.
Rising global demand for computing capacity, driven by the spread of AI, has intensified concerns over Europe’s dependence on non-EU suppliers for core digital technologies. The Commission said the package is intended to reduce structural dependencies and ensure Europe can develop, deploy, and secure the technologies it relies on.
The proposed Chips Act 2.0 aims to strengthen Europe’s semiconductor capabilities, while the Cloud and AI Development Act focuses on expanding cloud and AI infrastructure. The Open Source Strategy is intended to support Europe’s software ecosystem, and the energy roadmap links digitalisation and AI to a more sustainable energy system.
Commission President Ursula von der Leyen said Europe cannot afford to depend on others for technologies that keep hospitals running, energy grids stable, and services secure. She said the package is about protecting citizens, defending European interests, and making independent technological choices.
Why does it matter?
The package brings several major EU technology priorities under one sovereignty agenda. By linking chips, cloud, AI infrastructure, open source, and energy digitalisation, the Commission is trying to reduce structural dependencies while strengthening Europe’s capacity to build, deploy, and secure critical technologies. The key test will be whether legislative proposals and strategies translate into investment, infrastructure, and industrial scale.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
The proposal is intended to support broader deployment and adoption of AI by expanding cloud and data centre capacity across Europe. The Commission said the ongoing deployment of AI factories and AI gigafactories is designed to provide European businesses and researchers with access to high-capacity, next-generation computing resources.
The Cloud and AI Development Act is intended to complement those efforts by supporting the wider diffusion of AI through expanded cloud and data centre infrastructure. It will also complement the Apply AI strategy, which aims to boost AI and cloud adoption across Europe.
The proposal focuses on three objectives. The first is research, development, and innovation, supporting the next generation of cutting-edge and sustainable cloud and AI technologies. The second is capacity, accelerating the deployment of data centres across the EU, with a focus on facilities that enhance essential public sector functions.
The third objective is autonomy. The proposal would introduce a single EU-wide assessment framework for cloud and AI sovereignty, accompanied by a public-sector adoption mechanism.
The Commission said the Cloud and AI Development Act complements other initiatives, including Chips Act 2.0 and the EU Open Source Strategy, as part of efforts to build a more competitive, secure, and resilient European digital economy.
Why does it matter?
The proposal shows how the EU is treating cloud and data centre capacity as core infrastructure for AI competitiveness and digital sovereignty. AI factories and gigafactories may provide high-capacity computing resources, but wider AI adoption also depends on cloud infrastructure, sustainable data centres, and public-sector access to trusted services. The sovereignty assessment framework is especially important because it points to a more structured EU approach to assessing dependence, control, and trust in cloud and AI infrastructure.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The Computers, Privacy and Data Protection (CPDP) conference is an annual gathering that brings together academics, policymakers, industry representatives, civil society, students, and EU institutions to discuss emerging digital policy challenges. This year’s theme was ‘Competing Visions, Shared Futures’, the 19th in the series, and it hosted approximately 150 panels over the span of 3 days in Brussels.
What is CPDP?
CPDP’s value lies in its multidisciplinary approach. With academics presenting their work or debating topical issues, as well as with industry and policy experts bringing their expertise to the table, the event creates a space for honest conversations among participants.
The conference is sponsored by organisations such as Google, TikTok, Apple, as well as the European Data Protection Supervisor (EDPS), European Union Agency for Fundamental Rights (FRA) and VBU. Google even presented its Banana AI model in a photo booth, allowing participants to modify photos they took in the booth.
Alongside panels, CPDP hosts an array of workshops, short films, artwork, radio programming, promotion booths, dedicated DPO, youth, finance and IT tracks, book launches, and pop-up exhibitions. The event always closes the day in style with an open bar and a party to chat and network at.
CPDP is not a typical conference with just panels, attendees, moderators, and lengthy speeches. The conference inspires creativity and gives the freedom to achieve it. This was proven by the diverse topics showcased in the event’s schedule over the three days.
From a fireside chat with the artist, Simon Denny, behind the conference’s art, who uses AI as a medium in some of his work, to typical discussions about the Digital Omnibus or tracking period apps, all the way to an exiled journalist talking about Russian internet censorship. There was something for everyone.
Image via Magnific
What was presented?
The breadth of topics discussed at CPDP offers insight into the issues currently shaping Europe’s digital policy agenda. There were approximately 150 panels in total, with data protection, AI, the Digital Omnibus and the topics of digital sovereignty receiving the most attention. Data protection received the most attention overall, as 33 panels were dedicated to the topic. This was followed by 26 panels on AI, 12 on the Digital Omnibus, 10 on digital sovereignty, and 7 on child-related protection.
The distribution of panels reflects the growing prominence of AI in digital policy discussions. However, data protection topics, including privacy and the GDPR, are still the frontrunners in terms of topic relevance. Newer and emerging topics reveal what is topical in the digital world.
Growing concerns over US tech reliance have intensified discussions about EU digital sovereignty. Alongside this, another heavily debated and sensitive topic is child protection in the online context and its generative AI implications, which raises questions about how to better protect children online.
Emerging topics at CPDP
Digital sovereignty is a challenging topic as it encompasses a lot and has yet to be defined, meaning that taking action can look different for a wide variety of actors. Several discussions framed digital sovereignty as a pathway towards greater digital independence and reduced reliance on external technology providers. In order to try to achieve digital sovereignty, public procurement should be steered away from non-EU actors and towards EU businesses to develop a European stack.
Yes, private partnerships are important, but public ones set the tone. Several participants argued that public procurement choices will play an important role in determining whether EU can strengthen domestic digital capabilities and reduce strategic dependencies. Digital sovereignty needs to come from all corners of the market and society; that is the challenge.
A very interesting panel on data protection and AI, the GDPR, and privacy occurred. In Academic Session I, Stephanie von Maltzan presented findings about her groundbreaking research on LLM unlearning. The larger the LLM, the more data points it will be trained on and the more complex its ‘web’ will be.
Removing data points is not a common practice, given how data points interact with each other, meaning that complexity overrides certain fundamental rights. For example, when data subjects invoke their right to erasure under Article 17 of the GDPR, they may request that certain data be deleted in an LLM, yet this request is difficult to carry out in practice.
The research highlights one of the emerging challenges at the intersection of AI governance and data protection. She presents a two tier model in which the actively deployed LLM is accompanied by a parallel ‘shadow’ model.
After receiving a valied erasure request, the ‘shadow model’ would undergo the necessary unlearning processes to remove the relevant data. In the second tier, in a scheduled update, the ‘shadow’ model, which had undergone unlearning, would replace the initial LLM, thereby upholding data subject requests.
Apart from these insightful exchanges of knowledge on AI, digital sovereignty and data protection, the conference offered practical workshops on how to brainstorm re-writing the proposed Article 88b of the Omnibus, data protection officer and cybersecurity crisis scenarios, as well as open conversations about how to protect children in online environments.
Remaining questions
The conference also highlighted several unresolved policy questions that continue to shape European digital governance debates.
Regarding the Digital Omnibus, would companies scale up overnight if we removed regulations?
Does digital sovereignty need/have a definition, or should it be left to the meaning of ‘digital independence’?
Open markets vs data protection, where is the balance?
Regarding digital sovereignty, which clouds should be used in the EU?
Should simplification mean using the once-used definition of personal data by the CJEU, or sticking to the definition relied on in law, cases, and practice?
In order to protect EU sovereignty, should parts of the stack be a public utility?
Why does it matter?
CPDP 2026 demonstrated that while privacy and data protection remain central pillars of European digital policy, debates around AI governance, digital sovereignty and online child protection are rapidly gaining prominence.
The discussions highlighted the growing challenge of balancing innovation, competitiveness, fundamental rights and strategic autonomy as Europe defines its digital future.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
NGI Commons has outlined expectations for the European Union’s forthcoming Tech Sovereignty Package, a policy initiative aimed at strengthening Europe’s control over critical digital technologies and reducing reliance on non-European providers.
The initiative is expected to focus on semiconductors, cloud computing, AI and open-source software. According to NGI Commons, the package aims to align and simplify existing policies rather than introduce a new layer of regulation.
The framework builds on recommendations from Mario Draghi’s report on European competitiveness and seeks to support innovation, competitiveness and the EU’s broader objective of open strategic autonomy. A central element of the proposal is the recognition of open technologies as digital commons that underpin Europe’s digital ecosystem.
The analysis argues that open-source software should be treated as strategic infrastructure and supported through long-term funding, coordinated development efforts and greater public-sector adoption to strengthen digital resilience and security.
The report notes that challenges remain, including securing long-term funding, managing the growing energy demands of AI infrastructure and attracting investment, as policymakers seek to balance technological sovereignty with competitiveness.
Why does it matter?
The Tech Sovereignty Package is expected to shape how Europe approaches critical technologies such as semiconductors, cloud services, AI and open-source software in the coming years.
By treating open technologies as strategic infrastructure, policymakers could strengthen digital resilience, reduce external dependencies and support the EU’s broader goal of technological sovereignty while maintaining competitiveness in the global digital economy.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
NVIDIA has announced a major expansion of its AI Cloud ecosystem, supporting the rapid global deployment of AI factory infrastructure designed to meet growing demand for agentic AI, physical AI, sovereign AI and large-scale inference workloads.
The initiative aims to expand access to high-performance computing resources for enterprises, startups, governments, researchers and AI developers worldwide.
According to NVIDIA, the ecosystem now spans six continents, with new partners expanding AI Cloud infrastructure across multiple regions. The company said the expansion is intended to bring AI computing resources closer to users, industries and national AI initiatives while supporting regional and sovereign AI requirements.
Several cloud providers are expanding infrastructure to support advanced AI applications, including model training, fine-tuning, inference and AI agent development. Companies including CoreWeave, Firmus, Nebius and others are deploying new AI factories capable of supporting model training, fine-tuning, inference and AI agent development.
NVIDIA also highlighted growing adoption of its DSX platform, which is designed to help cloud providers deploy and manage AI factories more efficiently. The company said AI infrastructure is increasingly being assessed using metrics such as cost per token, energy efficiency and infrastructure utilisation, rather than raw computing capacity alone.
Why does it matter?
The expansion highlights the growing importance of AI infrastructure as governments and companies compete to secure the computing resources needed for advanced AI systems. Access to large-scale computing capacity is increasingly viewed as a strategic asset, particularly as countries pursue sovereign AI initiatives and seek greater control over critical digital infrastructure.
The announcement also reflects a broader shift in the AI industry, where demand is expanding beyond model training to include inference, autonomous agents and robotics applications, placing new emphasis on infrastructure efficiency, energy use and geographic distribution of computing resources.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A conference at the European University Institute in Florence will examine the proposed Digital Networks Act and its implications for the EU regulatory framework for electronic communications.
The event, titled ‘Digital Networks Act for a competitive and secure Europe’, will take place on 28 and 29 May 2026 at the EUI campus and online. It will bring together policymakers, regulators, industry representatives, and academics to assess how the proposal could reshape digital network governance in Europe.
The conference will focus on the Digital Networks Act as a shift from the existing directive-based telecom regime to a directly applicable regulation. Discussions will examine how the proposal could constrain national discretion, centralise selected decisions at the EU level, reduce implementation delays, and address regulatory fragmentation affecting the digital single market.
The proposed Act would repeal and consolidate several core EU telecom instruments, including the European Electronic Communications Code, the BEREC Regulation, the Radio Spectrum Policy Programme, and selected provisions of the Open Internet Regulation and the ePrivacy Directive.
The event will place the proposal in the context of the Commission’s 2023 exploratory consultation on the future of the electronic communications sector, the 2024 White Paper on Europe’s digital infrastructure needs, the 2025 Call for Evidence, and wider debates on competitiveness, resilience, scale, and Europe’s digital economy.
Speakers will also discuss delays in transposing the European Electronic Communications Code, which was due by December 2020 but was fully transposed across all the EU member states only in 2024. The delays are presented as an example of the limits of a directive-based approach, particularly for spectrum assignment, 5G deployment, and convergence with cloud, edge, and AI-enabled infrastructure.
Across keynote addresses and thematic panels, participants will examine access regulation, symmetric and asymmetric remedies, copper switch-off, spectrum and satellite governance, market structure and consolidation, and resilience in digital networks.
Why does it matter?
The conference reflects the growing importance of the Digital Networks Act debate for Europe’s connectivity and digital infrastructure agenda. Moving from a directive-based telecom framework to a directly applicable regulation could shift more decisions to the EU level, reduce national divergence, and reshape how Europe governs spectrum, access regulation, network resilience, satellite connectivity, and future infrastructure linked to cloud, edge, and AI.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
CrowdStrike has announced the coordinated disruption of the Glassworm botnet, a cyber operation targeting software developers through open-source software supply chains.
Working with Google and the Shadowserver Foundation, the cybersecurity company said it simultaneously disabled four command-and-control channels used by the malware infrastructure.
According to CrowdStrike, Glassworm targeted developers through trojanised VSCode extensions, malicious npm and Python packages, and compromised GitHub repositories containing poisoned code. The campaign affected Windows, macOS, and Linux systems and targeted the theft of developer credentials and the maintenance of persistent access to development environments.
CrowdStrike said the botnet had compromised hundreds of GitHub repositories using stolen developer credentials, posing risks to downstream software supply chains. The company warned that attackers are increasingly targeting developers because compromising a single workstation, repository, or package can spread malicious code across many organisations, services, and users.
The company also highlighted the growing resilience of cybercriminal infrastructure. It said Glassworm combined blockchain technology, peer-to-peer systems, legitimate online services, and traditional servers to make takedown attempts more difficult.
The disruption cuts off the botnet’s known command-and-control channels, but CrowdStrike said organisations should continue checking for compromised developer environments, malicious packages, and exposed credentials.
Why does it matter?
The Glassworm campaign shows how developer tools and open-source ecosystems have become critical attack surfaces. Rather than attacking only large enterprises directly, threat actors can compromise repositories, extensions, libraries, or credentials used by developers and then move through the software supply chain. Such attacks can create cascading risks for cloud services, enterprise software, financial systems, public services, and other organisations that rely on shared code and development infrastructure.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A new Allianz Research report argues that AI is transforming global trade, supply chains, digital infrastructure, and geopolitical influence.
The report says AI growth increasingly depends on global semiconductor production, cloud infrastructure, hyperscale data centres, and cross-border digital services. It also argues that trade is increasingly shaped by who controls AI infrastructure, data flows, and cloud capacity.
Allianz Research says exports of AI-enabling goods rose from USD 1 trillion in 2014 to USD 3.8 trillion in 2025, accounting for 15% of global trade and far outpacing overall goods trade growth. Asia dominates the supply side, accounting for 65% of global AI-related exports and seven of the top ten exporters, led by China, Taiwan, and Hong Kong.
The report also highlights the United States’ role as a centre of hyperscale AI infrastructure. It says the US has tripled its AI-related imports since 2023 and is home to 5,427 operational data centres, equivalent to 45% of the global total.
Europe faces a different challenge. According to Allianz Research, the region has less than 10GW of operational data-centre capacity, compared with 60GW in the US, while US hyperscalers already control 35% of European computing capacity and are consolidating a 70% share of the cloud market. The report points to fragmented regulation, complex permitting processes, grid connection delays, limited funding, and the absence of a domestic hyperscaler as factors that reinforce European dependence.
The study also warns that AI diffusion could widen EU-US service imbalances by requiring recurring payments to American AI providers and cloud platforms. In a high-adoption scenario, annual payments by eurozone users to US AI services providers could rise from EUR 2.7 billion to EUR 34 billion, according to the report.
Allianz Research concludes that AI governance, industrial policy, export restrictions, subsidies, and digital trade regulation are becoming central components of global economic competition. Governments are increasingly treating semiconductors, cloud infrastructure, data centres, and AI services as strategic assets linked to national security, economic resilience, and geopolitical influence.
Why does it matter?
The report frames AI as a trade and industrial policy issue, not only a technology story. Its findings suggest that control over semiconductors, cloud infrastructure, data centres, and AI services could shape which economies capture AI-driven productivity gains and which become more dependent on foreign platforms, supply chains, and infrastructure. For Europe, the key concern is a possible double dependence on US cloud and AI services and Asian hardware supply chains.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The review says the DMA has already produced visible changes in some areas, including greater user choice through third-party app stores and prompts allowing users to select browsers or search engines. However, it also points to continuing challenges in implementation and enforcement.
Enforcement has become a central part of the assessment. In April 2025, Apple was fined €500 million for blocking developers from directing users to cheaper purchasing options, while Meta was fined €200 million over its ‘consent or pay’ model. Both companies are appealing the decisions.
The Commission also highlighted ongoing compliance and procedural difficulties. According to the review, investigations are taking around twice as long as the 12-month target, while legal procedures are being used to slow compliance.
The assessment raises broader questions about whether the DMA should eventually cover fast-growing areas such as AI tools and cloud platforms. The review presents the regulation as an evolving framework whose long-term impact will depend on consistent enforcement and adaptation to new market realities.
Why does it matter?
The review indicates that the Digital Markets Act is transitioning from establishing rules to a more challenging phase of enforcement. Initial changes suggest that the law is starting to influence the behaviour of platforms. However, delays, appeals, and uncertainties regarding AI and cloud services demonstrate that the European Union’s digital competition framework will need to continuously adapt as the power of platforms shifts into new areas of the digital economy.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
