A Response to CERRE on “European Preference”
A new CERRE issue paper – The Role of ‘European Preference’ in Europe’s Economic Strategy (April 2026) – argues that Europe’s current slide towards “European preferences” as part of its new industrial policy toolkit is dangerous and outright harmful for Europe. The posture is ostensibly avuncular advice on “how to get it right” and avoid the pitfalls, but a profound ideological hostility is apparent in all the straw men that form the substance of the paper, and the banality of much of the “advice”. If “getting it right” was really a matter of following many of these generic prescriptions (“policy makers should consider the best tool for the job”) and the neoliberal economic ideology that underpins them, then we can just hope nostalgia for Europe’s “historical model of openness and non-discrimination” will see us through. No one is upending that model, by the way. No one is truly arguing for a wholesale “shift away from open markets”. But we are responding to new geopolitical realities in which free-trade and globalization are recognised to be over, and Europe needs to hold its own – including by muscling up its industrial policy.
The paper is not specific to the digital sector but is about what it sees as the dangers of a “European preference” adopted broadly across sectors – from heavy industry to green transition (in essence, EVP Séjourné “Industrial Acceleration Act” proposal) to digital procurement. While it mentions Europe’s dire economic predicament in places, and Draghi’s plea for robust industrial policies in key sectors, it reads very much like a traditional neoclassical economist tasked to write a general essay on “why industrial policy generally fails, and all the downsides I can potentially think of”. So yes, if things are “poorly designed” there will be no benefit and there can be negative effects. And yes, if one does no better than imposing mindless “blanket rules” it will go wrong somewhere. Raising generic flags tells us nothing about real risks. Things could go wrong? Not exactly news. Let’s make them right.
We focus here only on digital procurement as germane to EuroStack. The overarching comment is that the paper misrepresents much of the purpose and motivation for a European preference in digital procurement. The assumption is that the main motivation is “security and resilience”, which are described as overblown concerns – in part because (it asserts) there are likely sufficient protections in the law to our data, and in part because it will simply be too hard and too costly for Europeans to achieve “foreign law immunity” – as indeed our dependencies are too extensive and we cannot sterilize suppliers fully from application of “extraterritorial foreign laws”. Precisely.
But there’s more for us at EuroStack: of course we care about dependency but we think of it also very much in terms of boosting our threatened asset and capabilities’ base, and our sluggish productivity growth that directly reflects 20 years of low investment per worker in tech. Operating an entire economy on an infrastructure that is not “ours” is a major problem because it means we fail to capture value across the production chain, and we do not create incentives and opportunities for investing in European tech assets and capabilities. THIS is EuroStack’s main “competitiveness” motive.
The CERRE paper instead very narrowly interprets the “competitiveness and growth” motive for a European preference just as “a lever to bolster European innovation”. It recognises in this spirit that, as we are not going to achieve a single market any time soon, “public support for innovation” can fill the gap temporarily. However, it immediately defaults to negative: “such interventions inevitably involve constraints on competition, … may limit the take up of global technologies that could be more effective at boosting productivity and economic growth (emphasis added)”. What a collection of assumptions! The argument boils down to: it is inevitable that the effect will be to just discriminate against better/cheaper (US) products and reduce competition. It is hard to think of a more wrong-headed, biased analysis.
The purpose of a European preference is to drive demand to existing European alternatives, which are themselves typically better/cheaper (there are countless comparative analyses with actual numbers absolutely showing exactly this, not just assertions – see for instance here and here), thereby preserving revenue and profits and investment in Europe, and increasing competition.
What better evidence than the Commission’s award, for the first time two weeks ago, of a €180m cloud contract to four consortia of European companies (OVH, Scaleway, Clever Cloud, TP, Stackit – with Google in bed with Thales the only fly in the ointment). This would have been unthinkable a year ago when the Commission was solidly only buying AWS and Microsoft. And in addition to the ones selected, we know multiple other European cloud companies participated in the tender. And so actually did Microsoft and AWS – they were not selected. This prior reality on the ground was very different, as everyone knows: until now, most public tenders had been formulated in a way that de facto favoured hyperscalers. They were the equivalent of “get me Microsoft”. For the first time, competition for this contract just increased massively. Prices and quality were competitive, as the Commission itself declares in the press release. Now imagine that multiplied hundreds of times across public procurement decisions all over Europe. Last year €264bn in cloud revenues were estimated to have been syphoned out of Europe to the US in hyperscalers’ contracts (see below). If even a portion of that stayed in Europe, it would be a shot in the arm to European current builders and vendors who have perfectly suitable products for most user cases.
The whole argument is classic hyperscalers’ framing: if you suggest any portion of your public sector demand should be directed at European suppliers, you are protectionist, autarchic, lawless (your own laws say discrimination is illegal!), and reduce competition: you are forcing your companies to buy worse products at higher prices!
The CERRE paper predictably recommends Europe instead relies on generic recommendations like addressing switching costs, favouring multi-homing, transparency rules and “technical safeguards” like encryption to manage the risks of interference by US law. This is all vanilla stuff which raises the question: in whose lifetime? Haven’t these very same recommendations been swirling around for years? With no impact? The reality is this discourse fits the familiar pattern of hyperscalers lobbying in Brussels and before national governments: whenever the question becomes “should Europe own its critical digital infrastructure?”, the answer is rapidly reframed as a regulatory-optimisation problem – one of “balanced openness,” competition policy, multi-homing, best-tool selection – until the original strategic question quietly disappears.
Call this what it is: dependency management with better PR.
Incidentally, CERRE’s own disclosure for this paper lists support from Amazon and Microsoft among others. An “independent” paper that recommends Europe drop foreign-law immunity, soften openness requirements, and lean on multi-homing rather than European preference is, on those three points, indistinguishable from what its two hyperscaler funders would themselves want Brussels to hear. The funding list belongs in the analysis itself.
The paper calls for a reply on almost everyone of its many straw men and fallacies. In addition to the “big picture” points above, we limit ourselves to comment here on five glaring flaws.
1. “European procurement is mostly local already” – measuring the wrong thing
The paper asserts that “only about 5% of EU public procurement contracts go to firms not registered in the country running the process,” and treats that as evidence European preference is unnecessary. But this statistic measures who signs the contract, not where the technology and the money actually go.
Two channels do the work the headline figure obscures. The smaller one – conceded in the paper itself – is foreign subsidiaries: 20–28% of nominally-domestic awards may be subsidiaries of foreign-owned companies (Microsoft Ireland, AWS Luxembourg, Google France and the rest), selling directly through local entities that count as “domestic”. The larger one, invisible to the 5% figure by design, is reseller-mediated procurement: EU-headquartered systems integrators, VARs and resellers (Atos, Capgemini, Sopra Steria, T-Systems, Bechtle, Computacenter, Atea, Crayon, Econocom and dozens of others) win prime contracts and deliver mostly US technology under them. The contract looks 100% European on paper; the licences, the software, the platform, and the dependency are not.
The empirical check is straightforward. US hyperscalers hold roughly 80% of the European cloud market, and a higher share again inside EU public administrations. Microsoft 365 – or whichever name the bundle is wearing this quarter – is the de facto productivity stack of essentially every EU institution, the Commission included. None of that is compatible with a literal reading of “5% goes to foreign firms.” What the 5% measures is the legal address on the invoice; what it conceals is the dependency and where the economic value is captured.
2. The unspoken premise: US hyperscaler quality is higher and cannot be matched
The paper leans throughout on the assumption that European cloud cannot match what the hyperscalers deliver, so a strict European preference would force buyers into worse services at higher cost. That is the standard hyperscaler talking point — and it is increasingly contradicted by the public record.
The Commission’s own April 2026 sovereign cloud tender we mentioned explicitly notes that the awarded providers (Post Telecom/OVHcloud/Clever Cloud, StackIT, Scaleway, plus the Proximus consortium) “deliver a high level of technical quality” and that “EU providers are closing the gap.” Three of those reached SEAL-3 in the EU’s Cloud Sovereignty Framework. The Proximus/S3NS offer, built on Google Cloud, capped at SEAL-2 — which is, by construction, the ceiling for any offer carrying a US-hyperscaler dependency.
The “superior service” narrative also needs to be tested against what Microsoft Azure actually looks like from the inside. Recent first-hand accounts from a former Microsoft engineer (isolveproblems.substack.com; see also ProPublica’s reporting on the “Digital Escort” programme) describe what the engineer calls “a sophisticated system perpetually on life support”:
- ~14,000 Just-In-Time access requests in two months (Aug–Oct 2024) for manual interventions on production nodes — including government cloud regions.
- WireServer, the host-side metadata service that holds VM secrets, crashing 300,000–500,000 times per month, with unencrypted client data co-mingled in shared caches in violation of basic multi-tenancy hygiene.
- “Digital escort” sessions in which $18/hour staff – sometimes based in China – execute commands relayed from senior engineers; the practice was significant enough that the US Defense Secretary publicly cited a “breakdown of trust” with Microsoft in 2025.
If this is the platform against whose alleged “superiority” European alternatives are being judged “too expensive,” the comparison deserves revisiting. An EU auditor cannot in good faith certify that Bleu or Delos could independently patch a critical bug in a system that even Microsoft’s own teams admit they no longer fully understand.
3. The “cost” frame, inverted
The paper presents European preference as imposing extra costs that need to be justified against growth. It is silent – as such framings tend to be – on the cost of not doing it.
A well-known Asterès/Cigref study quantifies the current annual outflow from European businesses to non-EU cloud and software providers at roughly €264 billion. It is the price European businesses already pay, every year (and growing), to remain dependent. Locking Europe deeper into that flow under the label “best value” is a price accepted without serious consideration of the alternatives.
European and Open Source alternatives for core needs — IaaS, PaaS, collaboration and productivity suites, file storage and sharing, video conferencing, messaging, identity and access management — are in many cases simply cheaper than their US counterparts on raw sticker price, and the gap widens further once data egress fees, forced bundling and exit costs are properly counted. The “European is more expensive” claim is, bluntly, a fabrication. Repeated long enough by parties with the marketing budgets to repeat it — sales decks, analyst briefings, “independent” think-tank papers, conference keynotes — it has hardened into received wisdom. It has been hardened by sheer repetition — nobody on the European side has had a comparable budget to drown it out.
4. Foreign-law immunity is neither paranoia nor unattainable
CERRE argues that foreign-law immunity is “rarely if ever plausible for EU tech firms to achieve” and recommends technical safeguards (encryption, switching, multi-homing) in its place. This downplays a risk that is no longer hypothetical and overstates the difficulty of the legal criterion.
Whether one gives credit to a “kill switch” scenario or not, there is no denying for instance that European regulation like the DMA has been on life support – go sloooow – since the Trump administration publicly threatened the EU with tariffs and export restrictions on “Highly Protected Technology and Chips” if it continued enforcing the DMA – an explicit linkage of European regulatory sovereignty to US economic coercion. What better example could there be of our vulnerability than the near death of the regulatory effort in order to appease the US Administration.
Sovereignty ultimately means not having the answer decided by another government’s executive order – regardless of which case fires next. EU-headquartered, EU-controlled providers – operating under EU law, with no parent subject to FISA 702 or the CLOUD Act – are perfectly capable of clearing a foreign-law-immunity test. The Commission’s SEAL framework operationalises exactly that, and three providers cleared SEAL-3 last month.
5. EuroStack is not “Fortress Europe” — and Gaia-X is the wrong cautionary tale
The paper leans on the familiar strawman: that anything stricter than CERRE’s preferred toolkit amounts to autarky, central planning, picking winners, a “separate European digital hemisphere”. This is a common playbook by funded think tanks in Brussels purporting to be independent (see also Bruegel here) and it is the ultimate straw man. It is also not what EuroStack proposes.
The paper also invokes Gaia-X as evidence that this kind of approach fails. The post-mortem points the other way. Gaia-X failed because European preference was kept far too loose. As soon as Palantir, Alibaba, Microsoft, AWS and Huawei were admitted as members in late 2020, the “sovereign” federation collapsed into a labelling scheme draped over a Big Tech-friendly substrate — a fact obvious to serious observers since that point, and now widely accepted post-mortem. What Gaia-X actually demonstrates is the cost of pretending you can have sovereignty while seating its opponents on the board.
The EuroStack Industry Initiative – an informal coalition of several hundred European businesses – proposed a demand-side strategy of a different shape: a clear “European supplier” test (legal HQ, R&D and voting control in the EU; immunity from extraterritorial laws); a measurable European-quota target on new procurement contracts (its 2025 white paper offers, as an illustrative time profile, 25% of new contract value rising to 50% by 2030); and mandatory open standards and interoperability in public contracts. The intent is sovereignty through openness — federating existing European assets and leveraging the global Open Source building blocks.
Open Source is the only foundation that delivers transparency, auditability, portability and long-term resilience by construction — which is precisely why CERRE’s framing of it as a constraint on viable business models gets the question backwards. The SEAL-3 results bear this out: the providers clearing the bar are the ones building on substantially open-source technology.
Regulating a world we do not own
For a generation, Europe has crafted careful rules for a digital world it does not own – and is now discovering that rules without industrial capacity are negotiable from the outside. The CERRE paper, read closely, accepts that state of affairs as a fixed constraint and recommends optimising within it. Call that what it is: the formalisation of dependency as good governance.
There is a real conversation to be had about how to build European digital capacity — which sectors, which instruments, which governance mechanisms, and how to learn from past mistakes. But the first-order question – should Europe own its critical digital infrastructure? should not keep being negotiated away. Every public euro routed to a non-EU hyperscaler is a euro that does not build the European ecosystem.
The real choice is between a dependency we just manage, and an autonomy we are trying to build. It is past time to choose the second.
The main authors of this blog are Cristina Caffarra and Stefane Fermigier.
