Table of Contents
Can Airbus really build a sovereign European cloud without relying on US tech giants?
The Initiative
Airbus is initiating a migration of its mission-critical applications to a sovereign European cloud. This project targets essential systems, including Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), and Product Lifecycle Management (PLM). The primary objective is securing sensitive European data. Airbus leadership explicitly aims to prevent this data from residing on public clouds owned by United States providers.
The Driving Forces
Two specific factors drive this decision. First, software vendors are forcing the market toward cloud-only models. Major partners like SAP now develop exclusively for cloud environments, pushing clients toward platforms like S/4HANA. On-premise solutions are becoming obsolete.
Second, geopolitical shifts necessitate strictly controlled data environments. Recent political changes in the US and evolving trade policies have accelerated the need for digital sovereignty. Catherine Jestin, Executive Vice President of Digital at Airbus, emphasizes that specific data sets require absolute European control to mitigate national security risks.
The Procurement Timeline
Airbus will launch a tender for this migration in January 2026. The contract offers significant value, estimated at over €50 million. It spans a long-term duration of up to ten years to ensure price predictability. Airbus expects to select a provider before the summer of 2026.
The Sovereignty Paradox
Finding a capable provider remains the project’s most significant hurdle. Jestin estimates the probability of finding a suitable European vendor at only 20 percent. The market reality creates a conflict between sovereign goals and technical capabilities.
US hyperscalers—Amazon Web Services (AWS), Google, and Microsoft—dominate the infrastructure landscape. Allegedly “sovereign” European solutions often rely on these US platforms for their underlying architecture. For instance, the Schwarz Group utilizes Google services, while SAP’s Delos Cloud is built upon Microsoft Azure.
Regulatory Risks and the “Fig Leaf” Certification
Legal experts warn that technical dependency on US firms negates legal sovereignty. The US Cloud Act allows American authorities to access data held by US companies, regardless of the server’s physical location.
While French authorities (ANSSI) have granted security certifications to joint ventures like Google Cloud S3NS, these measures may not withstand legal challenges. Expert opinions suggest these certifications act as a “fig leaf.” They offer the appearance of sovereignty without providing immunity from US extraterritorial jurisdiction. Consequently, a truly independent European cloud ecosystem remains theoretical rather than operational.