Explosive leak: US diplomats on the “new” AI front against EU data sovereignty – Washington’s war for the world’s data

Secret document revealed: Trump's merciless attack on European data protection

A leaked internal memo from US Secretary of State Marco Rubio is causing a major stir and marks a historic turning point in transatlantic politics: The Trump administration is urging US diplomats worldwide to actively oppose European efforts to achieve data sovereignty. What is officially declared a diplomatic "Action Request" reveals itself upon closer inspection as an open declaration of war against the European General Data Protection Regulation (GDPR) and the EU's attempt to free itself from its toxic dependence on American tech giants. In a digital world order where data is the most valuable asset of the 21st century, Washington is drastically escalating its rhetoric. A new power struggle is raging between American hegemony, the controversial US CLOUD Act, and Europe's desperate search for its own cloud alternatives, a struggle that will significantly shape our digital – and economic – future.

Related to this:

• USA | Secret BMI (Federal Ministry of the Interior) report reveals the illusion of digital sovereignty

When diplomacy becomes a tool of tech companies and why the US is now targeting Europe's digital sovereignty

On February 18, 2026, the Trump administration circulated an internal US State Department circular, signed by Secretary of State Marco Rubio, instructing US diplomats worldwide to actively oppose other states' efforts to achieve data sovereignty. What at first glance appears to be a routine foreign policy maneuver, upon closer examination reveals itself as a systematic offensive to secure American data hegemony in a world where data has long since become the most valuable commodity of the 21st century. The document marks a dramatic escalation in the geopolitical struggle for control of global data infrastructure and raises fundamental questions about the future of European digital self-determination.

The Anatomy of the Rubio Telegram: A Look Behind the Diplomatic Scenes

The State Department's telegram, classified as an Action Request, represents the clearest formulation to date of a more aggressive international data policy under President Trump. In the document, the US government argues that data sovereignty and data localization laws would disrupt global data flows, increase costs and cybersecurity risks, restrict artificial intelligence and cloud services, and expand government control in ways that undermine civil liberties and enable censorship. This line of reasoning warrants nuanced analysis, as it conflates legitimate economic concerns with strategic self-interest in a way that obscures the core of the transatlantic data conflict.

The telegram specifically instructs US diplomats to monitor the development of proposals to restrict cross-border data flows and to actively oppose them. To this end, diplomatic missions were provided with discussion guides promoting the Global Cross-Border Privacy Rules Forum, a body established in 2022 by the United States together with Mexico, Canada, Australia, Japan, and other countries to promote the free flow of data. This forum officially launched its international certifications in June 2025 and now boasts approximately 100 certified companies with over 2,000 individual units. It is no coincidence that the US is positioning this forum as a counter-model to the stricter European data protection regulations. The message is clear: Washington intends to define the rules of the global data economy according to American principles.

Particularly explosive is the fact that Rubio explicitly cites the European General Data Protection Regulation (GDPR) in the letter as an example of unnecessarily burdensome data protection regulations and cross-border data flow obligations. With this, the US government directly challenges the very core of European data protection law. The telegram also mentions China, which it claims combines attractive technology infrastructure projects with restrictive data policies to expand its global influence and gain access to international data for surveillance and strategic advantages. This parallel between European data protection regulations and Chinese surveillance policies is a rhetorical device that constructs a false equivalence to delegitimize the legitimate data protection interests of European citizens.

More information here:

• Reuters | Exclusive: US orders diplomats to fight data sovereignty initiatives

The economic dimension: Why data is the new oil

To understand the implications of this diplomatic initiative, it is essential to examine the economic realities of the global cloud and data industry. The worldwide cloud infrastructure market reached a revenue volume of $99 billion per quarter in the second quarter of 2025 and is growing at an annual rate of approximately 25 percent. For the full year 2025, Gartner estimates the global cloud computing market at around $750 billion, with a projected average annual growth rate of 18 percent through 2028. This enormous market is dominated by a handful of American companies: Amazon Web Services holds a 30 percent global market share, followed by Microsoft Azure with 20 percent and Google Cloud with 13 percent. Together, these three US corporations control approximately 63 percent of the global cloud market.

In Europe, the dominance is even more pronounced. Amazon Web Services leads the European cloud market with a 32 percent market share, followed by Microsoft Azure with 23 percent and Google Cloud with 10 percent. Combined, these three US hyperscalers control 65 percent of the European cloud market, while European providers hold only around 13 to 15 percent – ​​a dramatic decline of 27 percent in 2017. According to an estimate by Devilink Consulting, US providers control as much as 92 percent of European cloud infrastructure. The United States also hosts approximately 51 percent of all data centers worldwide and controls an estimated 74 percent of global high-performance AI computing capacity.

Investments by major technology companies in data centers and AI infrastructure reached unprecedented levels in 2025. Microsoft, Alphabet, Meta, and Amazon together planned capital expenditures of around $370 billion for 2025 alone, with Microsoft being the largest single investor at nearly $35 billion per quarter, equivalent to 45 percent of its total revenue. AI-related stocks contributed 75 percent of the S&P 500's returns last year and accounted for 80 percent of the index's earnings growth. Generative AI cloud services saw explosive growth of 140 to 180 percent in the second quarter of 2025. These figures illustrate why Washington is so vehemently opposed to any regulation that could restrict the free flow of data to American companies: It is about nothing less than the United States' economic dominance in the digital age.

The legal minefield: CLOUD Act versus GDPR

The core of the transatlantic data conflict lies in a fundamental contradiction between American and European law. The US CLOUD Act (Clarifying Lawful Overseas Use of Data Act), passed in 2018, grants American law enforcement agencies the right to demand the release of data from US companies, regardless of where that data is physically stored. An American company can therefore be compelled to hand over data located on servers in Frankfurt, Amsterdam, or Dublin. This extraterritorial principle directly contradicts the European General Data Protection Regulation (GDPR), which prescribes strict rules for the transfer of personal data to third countries.

The European Court of Justice has clarified the consequences of this conflict in two landmark rulings. In the 2015 Schrems I ruling, the Safe Harbor agreement was declared insufficient, with the Court, citing the Snowden revelations, finding that data transfers to the US could infringe upon the fundamental privacy rights of European citizens. The subsequently negotiated Privacy Shield agreement was also declared invalid in the 2020 Schrems II ruling, as the US failed to provide adequate safeguards against excessive surveillance. The Court explicitly referred to Section 702 of the Foreign Intelligence Surveillance Act and Executive Order 12333, which grant extensive surveillance powers against foreign nationals.

The EU-US Data Privacy Framework, introduced in 2023, was intended to close this gap, but many data protection experts consider it just as vulnerable as its predecessors. Austrian data protection activist Max Schrems has already announced his intention to challenge this framework in court. The current US offensive against data sovereignty initiatives significantly exacerbates this problem, as it signals that Washington has no interest in a genuine compromise. Instead, the US government intends to use its negotiating power to prevent other countries from enacting any data protection regulations at all.

That the conflict is by no means theoretical is demonstrated by a concrete example: Microsoft admitted before a French court that it cannot guarantee the protection of European data from access by American authorities. This fact undermines all the promises made by US hyperscalers regarding data localization and regional sovereignty. Even if data is physically stored in Europe, it is de facto subject to the jurisdiction of the United States as long as it is managed by a US company.

Washington's systematic offensive against European digital regulation

The Rubio telegram on data sovereignty is not an isolated incident, but rather part of a broad campaign by the Trump administration against European regulatory efforts in the digital sphere. As early as August 2025, Rubio ordered US diplomats in Europe to launch a lobbying campaign against the EU's Digital Services Act (DSA). In the telegram dated August 4, the State Department described the DSA as an excessive restriction of free speech and urged diplomats to lobby EU governments and national regulators to repeal or amend the law. The DSA requires large social media platforms to remove illegal content such as extremist material or depictions of child sexual abuse—a measure the Trump administration interprets as censorship of conservative voices.

In February 2026, it was also announced that the United States planned to establish an online portal to help Europeans and others circumvent censorship of content, including alleged hate speech and terrorist propaganda. This measure represents an unprecedented encroachment on the regulatory authority of sovereign states and reflects a fundamental shift in American foreign policy toward its European allies.

Dutch cloud computing expert Bert Hubert, a former member of the supervisory board for the Dutch intelligence services, offers a pragmatic assessment of this change of course: While the previous US administration tried to woo European customers, the current one demands that Europeans disregard their own data protection regulations insofar as they might hinder American business. This assessment succinctly captures the paradigm shift: from cooperative diplomacy to overt exertion of pressure.

Members of the European Parliament have taken note of the campaign against the DSA with sharp criticism. In a parliamentary inquiry in August 2025, the European Commission was asked to comment on the American lobbying activities. The fact that even some MEPs welcomed the US intervention as a welcome aid against perceived European censorship demonstrates the ideological divide that Washington is deliberately exploiting.

Europe's counter-offensive: Between strategic awakening and structural weakness

The increasing aggressiveness of American data policy has triggered a countermovement in Europe, which, however, is struggling with significant structural deficits. The EU Cloud and AI Development Act, announced for the first quarter of 2026, aims to strengthen Europe's autonomy over its cloud infrastructure and data, reduce its strategic dependence on non-EU providers, and give users more control over their data. European Executive Vice-President Henna Virkkunen has touted the law as a tool for improving cloud services and expanding Europe's high-performance computing capacity.

At the political level, France and Germany agreed on concrete measures at a summit on European digital sovereignty in Berlin in November 2025, with over 900 participants from politics, industry, and civil society. The two largest EU economies are calling on the European Commission to define the highest protection standards for the most sensitive data, including appropriate safeguards against the impact of extraterritorial legislation from non-EU states. France and Germany have also established a joint task force for European digital sovereignty, tasked with developing sovereignty indicators for key sectors such as cloud services, artificial intelligence, and cybersecurity. The results of this work are to be presented at the Franco-German Ministerial Council in 2026.

The European initiative Gaia-X, launched in 2020, has now entered an implementation phase and comprises more than 180 data spaces. Christoph Strnadl, Chief Technology Officer of Gaia-X, states the core message unequivocally: No US company can guarantee that the US government will never access the data. Therefore, a US company will never be used for critical data. Sovereignty means having strategic options, not trying to do everything yourself. Gaia-X pursues the approach of a federated cloud ecosystem that connects providers, users, and platforms under a common framework of trust, transparency, and interoperability.

However, reality lags significantly behind political ambitions. According to the International Data Corporation, the share of sovereign cloud services in global Infrastructure-as-a-Service revenue will grow by 9 percent annually until 2028, but from a very low starting point. The European cloud industry has long since lost touch with the economies of scale of the US hyperscalers, and it is questionable whether political measures can take effect quickly enough to reduce this structural dependency within a reasonable timeframe.

Industry focus areas: B2B, digitalization (from AI to XR), mechanical engineering, logistics, renewable energies and industry

More information here:

• Expert Business Hub

A thematic hub offering insights and expertise:

• Knowledge platform covering global and regional economies, innovation and industry-specific trends
• A collection of analyses, insights, and background information from our key areas of focus
• A place for expertise and information on current developments in business and technology
• A hub for companies seeking information on markets, digitalization, and industry innovations

The Airbus case: A blueprint for European industrial policy

The most prominent example of the practical consequences of the data sovereignty debate is Europe's largest aerospace company. Airbus is preparing a massive migration of its most sensitive systems to protect critical data, ranging from aircraft designs to internal technological know-how, from the reach of the American CLOUD Act. The tender, which was scheduled to launch in early January 2026, has an estimated volume of over €50 million and a contract duration of up to ten years.

Catherine Jestin, Executive Vice President Digital at Airbus, explains the move by citing the extreme sensitivity of the information from both a national and European perspective and the desire to ensure that this information remains under European control. Airbus currently uses Google Workspace and Microsoft tools for financial operations, while some data classified as military is still stored outside the cloud on its own infrastructure.

The Airbus case, however, also reveals the Achilles' heel of European digital policy: The company internally estimates the probability of finding a technically suitable European cloud provider at only 80 percent. This assessment is an alarming indicator that Europe's IT infrastructure is lagging behind the requirements of its own industry. Particularly precarious is the fact that software providers like SAP are increasingly delivering new functionalities exclusively via cloud platforms, forcing companies to migrate without adequate European alternatives being available.

That these concerns are by no means theoretical is illustrated by another example: The chief prosecutor of the International Criminal Court, Karim Khan, reportedly lost access to his Microsoft email account after Trump imposed sanctions on him for criticizing Prime Minister Netanyahu. While Microsoft denies suspending services for the ICC, the incident demonstrates how quickly access to American technology services can become a tool for geopolitical pressure.

Related to this:

• Protection from the CLOUD Act – Moving away from US clouds: Airbus plans to withdraw and pulls the plug on sensitive data

European alternatives: The ecosystem between new beginnings and disillusionment

Efforts to achieve digital sovereignty at both the private and institutional levels are supported by a growing ecosystem of European technology providers. In the area of ​​cloud infrastructure, OVHcloud from France is positioning itself as one of the largest European providers, along with the German company Hetzner, offering competitive hosting under clear German data protection standards, and Scaleway from France, which is increasingly serving AI workloads. In the area of ​​communication and collaboration, the German-developed open-source platform Nextcloud offers a comprehensive solution for file synchronization, calendars, contacts, and office tasks, capable of completely replacing Google Drive, Dropbox, Microsoft OneDrive, and Google Calendar. The Swiss provider Tresorit offers end-to-end encrypted cloud storage, while Wire from Switzerland and the open standard Matrix/Element provide secure communication solutions.

At the public administration level, concrete migrations are already underway. Lyon, France's third-largest city, has initiated a comprehensive migration from Microsoft Windows and Office to open-source alternatives such as Linux, OnlyOffice, Nextcloud, and PostgreSQL. The German state of Schleswig-Holstein has taken similar steps, and Denmark's public sector has announced plans to phase out Microsoft Teams in favor of European-managed collaboration tools. Several German states have migrated from Microsoft cloud services to sovereign alternatives, using STACKIT and Open Telekom Cloud for GDPR compliance and digital sovereignty.

France and Germany jointly developed the open-source product suites LaSuite and OpenDesk and committed to expanding the use of open-source tools in their public administrations. Lyon developed its collaboration platform project Territoire Numérique Ouvert in collaboration with local digital organizations and operates it in regional data centers. These initiatives demonstrate that the transition is technically feasible, even if it requires significant investment and organizational effort.

Nevertheless, the question of scalability remains the central problem. US hyperscalers have decades of development head start, massive economies of scale, and an ecosystem of thousands of integrated services that no European provider can replicate in the foreseeable future. The European cloud industry holds only a fraction of the global market, and even within Europe, its share has fallen to around 13 to 15 percent. For mission-critical applications requiring maximum availability, global presence, and deep integration with AI services, there is often currently no fully viable European alternative.

Related to this:

• European design expertise instead of technological dependence – The French cloud model as an economic strategy

The geostrategic perspective: Data as a weapon in the new Cold War

The struggle for data sovereignty cannot be understood in isolation from broader geopolitical shifts. The world is in a phase of accelerated technological decoupling, in which control over data, computing power, and AI infrastructure has become a central dimension of national power. The US and China have entered a new phase of strategic competition over artificial intelligence, which some observers are already calling a digital Cold War.

Washington is pursuing a strategy that operates in two directions simultaneously. With regard to China, the US is pursuing aggressive technological decoupling through export controls on semiconductors and AI hardware, which were tightened to such an extent by mid-2025 that even AI chips specifically developed for the Chinese market would fall under the ban. With regard to Europe and other allies, however, Washington is pushing for maximum openness of data markets, which in plain terms means: unhindered access for American technology companies to the data of European citizens and businesses.

The Rubio telegram explicitly mentions China as an actor that combines technology infrastructure projects with restrictive data policies to expand its global influence. This warning about China is clearly being used as leverage to discourage European partners from implementing their own data protection measures: if you localize your data, you're playing into China's hands, is the implicit message. But this logic is deceptive. While China's data policy is indeed aimed at state control and surveillance, European data protection rules pursue a diametrically opposed goal: the protection of fundamental individual rights from state and private surveillance.

Europe's allies are increasingly finding themselves in a dilemma, caught between opposing sides and pressured to choose between siding with one another or disrupting their supply chains. Most have, to some extent, aligned themselves with US export restrictions against China, but few are comfortable with a complete break, given China's role as a market and supplier. The data sovereignty debate adds another dimension to this tension: Europe must now navigate between American pressure and its own values, not only in the semiconductor sector but also in data policy.

The illusion of sovereign US clouds: Euro-washing as a business model

American hyperscalers have long recognized the European sovereignty debate as a business opportunity and are responding with offerings that promise sovereignty without actually guaranteeing it. Amazon Web Services recently launched its European Sovereign Cloud, claiming it is located entirely within the EU and physically and logically separated from other AWS regions, operated independently by EU residents, and secured by strong technical controls and legal safeguards.

Many European companies and industry representatives are not convinced by this Euro-washing. The European cloud industry association CISPE (Cloud Infrastructure Service Providers in Europe) accuses the EU Cloud Sovereignty Framework of being designed in such a way as to favor the established American hyperscalers. Former European Commission advisor Cristina Caffarra has described Europe's over 90 percent dependence on US cloud infrastructure as a security nightmare just waiting for a single shock event to shake the EU's digital stability.

The core problem remains: as long as a company is subject to US jurisdiction, all sovereign promises can be overridden by a single court ruling or executive order. Airbus Chief Digital Officer Catherine Jestin is therefore awaiting clarification from European regulators as to whether a company like Airbus would indeed be immune from extraterritorial laws and whether services could be disrupted. The answer to this question will be pivotal not only for Airbus but for the entire European industry.

The Costs of Dependence: An Economic Risk Analysis

Europe's dependence on US cloud services carries risks that extend far beyond data protection. Structurally, the concentration on three American providers creates massive vulnerability to political decisions in Washington. Trade conflicts, sanctions, or unilateral regulatory changes can jeopardize access to critical infrastructure at any time. Vendor lock-in through proprietary interfaces and services makes switching providers technically complex and economically costly.

From a regulatory perspective, European companies face the paradoxical situation that using US cloud services potentially puts them in conflict with their own legislation. GDPR violations during data transfers to the US, compliance issues with the new NIS2 and DORA regulations, and potential fines of up to four percent of annual turnover create a risk profile that can be existential for many companies. The fact that European companies can simultaneously be penalized by their own regulators for using US services and are pressured by the US government not to seek alternatives underscores the dilemma facing European businesses.

The sovereign cloud market is growing, but from a modest starting point. According to estimates by the International Data Corporation, the share of sovereign cloud services in global IaaS revenue will increase by 9 percent annually until 2028. This growth is driven by increasing regulatory tightening in Europe and geopolitical tensions, but it will take years before European providers even come close to matching the economies of scale and service offerings of the US hyperscalers.

Strategic Asymmetry: Why Europe is Structurally Disadvantaged

The fundamental asymmetry in transatlantic data policy lies in the fact that the US simultaneously provides the dominant technology and possesses the foreign policy power to suppress regulatory attempts by other states. This dual role as market leader and political hegemon creates a dynamic that cannot be broken by traditional market mechanisms. Europe produces neither the dominant cloud platforms nor the leading AI models and is therefore in a position of structural dependency that cannot be corrected by normal market processes.

Europe's AI processing capacity operates at only a fraction of that of the US and China, and current growth trends will not close this gap. While American technology companies will invest a combined $370 billion in infrastructure by 2025, Europe lacks both the private capital and the public sector's willingness to invest on a comparable scale. Europe's traditional strength lies in regulation, but this very regulatory competence is now being systematically undermined by the American diplomatic offensive.

The European Commission has not yet issued an official statement on the Rubio telegram. This silence could be interpreted as diplomatic restraint, but it risks being perceived as weakness. In a situation where Washington is openly questioning the rules of European data policy, a clear and decisive European response would not only be appropriate, but urgently necessary.

China's third dimension: The invisible third party in the data poker game

The Rubio Telegram mentions China as an actor that combines attractive technology infrastructure projects with restrictive data policies. This portrayal serves as a threat in the US argument, but it is not without merit. In recent years, China has significantly tightened its regulations on how companies store and transfer user data. The Data Security Law and the Personal Information Protection Law create a regulatory framework that severely restricts cross-border data flows while simultaneously granting the Chinese state extensive access rights.

In response to an inquiry about the telegram, the Chinese embassy in Washington stated that Beijing has always attached great importance to cybersecurity and data security. This diplomatically worded non-response cannot disguise the fact that China's data regime is fundamentally motivated differently than its European counterpart: While Europe prioritizes the protection of individual fundamental rights, China instrumentalizes data control as a tool for exercising state power.

This presents Europe with a twofold challenge. On the one hand, its own data infrastructure must be protected from extraterritorial access by US authorities; on the other hand, it must be prevented that Chinese technology providers create a new form of dependency through attractive prices and infrastructure offers. The only consistent position for Europe is to pursue a genuinely autonomous data policy that follows neither American nor Chinese ideas, but is based on its own values ​​and interests.

The turning point in the digital space: A conclusion without illusions

The Rubio telegram of February 18, 2026, marks a turning point in transatlantic data policy. It reveals what many European policymakers have long refused to acknowledge: The United States considers unimpeded access to global data a matter of national security and is prepared to deploy its entire diplomatic apparatus to defend this access. The free-trade rhetoric of open data flows and innovation serves as a cover for tangible economic and geopolitical interests.

For Europe, the question of digital sovereignty is no longer an academic thought experiment, but a concrete political and industrial necessity. The basic technical alternatives exist, from Nextcloud to OVHcloud to Hetzner, but they need to be massively scaled and further developed. While the political framework is being established with the EU Cloud and AI Development Act and national initiatives, it must be implemented against considerable resistance from Washington. Raising public awareness, as promoted by the CCC's Digital Independence Day, is a necessary, but not sufficient, element of this transformation.

The crucial question is whether Europe possesses the political will and economic perseverance to genuinely reduce its structural dependence on American technological infrastructure, or whether the comfort of the status quo and political pressure from Washington will relegate its sovereignty ambitions back to the drawer of unfulfilled promises. The answer to this question will determine not only the future of European data protection, but also the continent's overall geopolitical capacity for action in the digital age.

☑️ Our business language is English or German

☑️ NEW: Correspondence in your native language!

 

I and my team are happy to be available to you as your personal advisor.

You can contact me by filling out the contact form here wolfenstein@xpert.digital:or simply call me at +49 7348 4088 965. My email address is

I'm looking forward to our joint project.

 

 

☑️ SME support in strategy, consulting, planning and implementation

☑️ Creation or realignment of the digital strategy and digitization

☑️ Expansion and optimization of international sales processes

☑️ Global & Digital B2B trading platforms

☑️ Pioneer Business Development / Marketing / PR / Trade Fairs

Xpert.Digital possesses in-depth knowledge across various industries. This allows us to develop tailored strategies precisely aligned with the requirements and challenges of your specific market segment. By continuously analyzing market trends and monitoring industry developments, we can act proactively and offer innovative solutions. The combination of experience and expertise generates added value and provides our clients with a decisive competitive advantage.

More information here:

• Benefit from Xpert.Digital's 5 areas of expertise in one package – starting from just €500/month