At a glance: The EU is creating a four-tier security classification system for cloud and AI services that favours European providers and structurally disadvantages large US corporations.
The EU Commission is developing a regulatory framework with four security levels for cloud and AI services to promote European providers and strengthen digital sovereignty. According to the Commission’s assessment, US corporations will frequently be unable to meet these requirements.
The EU Commission is working on a legal framework that divides cloud and AI services into four security tiers. The aim is to position European providers competitively and make critical digital infrastructure less dependent on non-European providers. The classification system is intended to differentiate which security standards are required for different use cases and sensitivity levels.
The requirements of these security tiers are designed such that established US cloud corporations will regularly be unable to meet them, according to the Commission’s assessment. This is intentional: the EU aims to favour European providers that develop specialised solutions in the field of data protection and data sovereignty. In parallel, the EU AI Act serves as a regulatory framework that regulates AI systems on a risk-based basis and thus also creates scope for regulatory differentiation.
For Chief Data Officers and compliance officers, this creates a new dimension in the evaluation of cloud and AI services: the future security levels will be central to procurement processes and purchasing decisions. Organisations must already begin to consider which tier their data and systems require, and which European alternatives will be available under the new standards.
Source: www.golem.de · Published 3 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification via Lumi News Pipeline v1.2.9.