EDITION № 36 WED · JUL 1 · 2026
ON AIR#india — india#fintech — fintech#startups — startups#india-startups — india-startups#future-of-work — future-of-workON AIR#india — india#fintech — fintech#startups — startups#india-startups — india-startups#future-of-work — future-of-work
Subscribe →
zoho.social
Independent coverage of AI, social media, marketing, startups, business and automation.
Opinion & Analysis

Europe Doesn’t Want a ‘Kill Switch’ Over Its Tech. Should India Worry Too?

Brussels has launched its boldest bid yet to cut dependence on American and Chinese tech. The ambition is real, the trade-offs are steep, and India should be taking notes.

zoho.social

For two decades, Europe outsourced its digital backbone to American hyperscalers and Asian chip fabs, then spent the next decade discovering it had no easy way to take it back. The European Commission’s new technological-sovereignty package is the moment that quiet anxiety became policy. According to CNBC’s reporting on the proposals, an EU executive vice-president framed the entire effort around a single, vivid fear: that no foreign provider running Europe’s critical workloads should be able to hold a ‘kill switch’ over them. It is a striking phrase for a bureaucracy not known for them, and it tells you everything about the mood in Brussels.

What follows is an attempt to read the package fairly, neither as Euro-protectionist panic nor as a triumphant declaration of independence, but as a calculated gamble with real costs. And because India is wrestling with a strikingly similar set of questions, it is also a chance to ask what New Delhi should copy, and what it should avoid.

What the package does

The Commission has bundled several instruments together rather than shipping one law. The centrepiece is a Cloud and AI Development Act, or CADA, which introduces the idea of sovereignty ‘tiers’ for cloud workloads. The logic is that not all data is equal: a citizen’s social-media cache and a defence ministry’s intelligence systems should not sit under the same legal and operational regime. The highest tier would be reserved for the most sensitive workloads, and crucially, it sets requirements that go beyond where the data physically lives.

Alongside CADA sits a Chips Act 2.0, the successor to the bloc’s first, somewhat underwhelming attempt to subsidise semiconductor manufacturing on European soil. The second iteration is explicitly more ambitious about advanced capacity, prioritising an advanced semiconductor foundry within the bloc rather than just incremental packaging and legacy nodes. As Innovation News Network reports, the package also envisions a dramatic expansion of European data-centre capacity, on the order of tripling it, betting that compute is now strategic infrastructure on par with energy grids.

The third strand is the most politically charged: moves to restrict US cloud providers from handling sensitive government data, at least at the top sovereignty tier. This is where the rhetoric meets the balance sheet, because the firms most affected, Amazon, Microsoft, and Google, currently run a large share of European public-sector cloud. The Commission is not banning them outright; it is drawing a line around the workloads it considers too important to expose.

The 'kill switch' fear
The 'kill switch' fear

The ‘kill switch’ fear

To understand why data residency alone does not satisfy Brussels, you have to understand the US Cloud Act. The law allows American authorities to compel US-headquartered companies to hand over data they control, regardless of where in the world that data is stored. A European citizen’s records sitting in a data centre in Frankfurt offer no automatic protection if the company operating it is ultimately subject to American jurisdiction. The CNBC account notes the EU’s own assessment that the Cloud Act makes it genuinely difficult for US firms to reach the highest sovereignty tiers, no matter how many European flags fly over their facilities.

This is the conceptual leap in the package. The relevant questions are no longer just ‘where does the data live?’ but ‘who owns the company, who controls the operations, and how transparent is the supply chain?’ A truly sovereign cloud, in this framing, must be owned, operated, and legally accountable within Europe, or at minimum insulated from foreign legal reach. The ‘kill switch’ metaphor captures the worst case: a geopolitical rupture in which access to critical systems could be throttled, conditioned, or surveilled by a foreign government acting through a private vendor.

Whether that scenario is likely is debatable. Whether it is plausible enough to plan around is harder to dismiss, especially after several years in which trade wars, export controls, and the casual weaponisation of supply chains have moved from think-tank seminars to front pages. Sovereignty advocates are not arguing that Washington will pull the plug tomorrow; they are arguing that no serious state should let the possibility exist.

The trade-offs
The trade-offs

The trade-offs

Here is where fairness demands honesty. The uncomfortable truth is that the best cloud and AI infrastructure in the world is largely American, and the most advanced chips are made in Taiwan with American and Dutch tooling. A Europe that walls off its most sensitive workloads risks running them on second-best technology, more slowly and more expensively, for years. Sovereignty is not free; it is a premium you pay for control, and someone has to decide the price is worth it.

There is also the risk of a ‘Europe-first’ retreat curdling into something less noble. Industrial policy has a habit of subsidising national champions that never become globally competitive, propped up by protected procurement rather than disciplined by markets. If CADA’s top tier becomes a captive contract pool for politically connected European providers, the bloc could end up with infrastructure that is sovereign, expensive, and mediocre, the worst of all worlds. AI-related chips are projected to exceed 70 percent of the global semiconductor market by 2030, per Innovation News Network, which means the cost of building uncompetitive capacity in the wrong place compounds quickly.

Then there is execution. The package requires approval by all 27 member states, a process that has historically turned bold Commission proposals into watered-down compromises. Some governments are deeply integrated with US hyperscalers and will resist disruption. Others want stronger protections than the Commission proposes. Building an advanced foundry from scratch is a decade-long, tens-of-billions undertaking that has humbled wealthier, more coordinated economies. The gap between ambition and delivery is where most sovereignty projects go to die.

The India read

For New Delhi, this should read less like distant European news and more like a mirror. India has spent years debating data localisation, and its Digital Personal Data Protection (DPDP) framework reflects the same instinct that animates Brussels: the conviction that data about citizens, and the systems that process it, are matters of national interest, not just commercial convenience. The vocabulary differs, but the underlying anxiety, dependence on foreign-controlled infrastructure, is identical.

Europe’s package offers India three lessons, and one warning.

  • Distinguish tiers, don’t blanket-localise. The smartest move in CADA is the recognition that not all data deserves the same treatment. India’s instinct has sometimes drifted toward broad localisation mandates that impose cost without proportionate security gains. A tiered approach, fierce protection for the genuinely critical, lighter touch for the rest, is more defensible and more affordable.
  • Sovereignty is about control, not just geography. Europe learned that a server in Frankfurt is not sovereign if a foreign law can reach it. India should ask the same hard questions about ownership and operational control of the cloud running its government and its national digital public infrastructure, rather than treating physical residency as the finish line.
  • Build capability without building walls. The deepest risk in any sovereignty push is isolation, cutting yourself off from the best tooling, talent, and capital in pursuit of self-sufficiency. India’s advantage is scale, an engineering base, and a thriving startup ecosystem. The goal should be sovereign capability that is globally competitive, not a protected market that produces national champions nobody outside India would choose.

The warning is about timing and humility. Europe is attempting this with deep pockets, an advanced industrial base, and it still faces a brutal climb on chips and frontier compute. India has less fiscal room and a steeper starting position on advanced manufacturing. The lesson is not to abandon sovereignty, but to be ruthlessly selective about where to invest scarce resources, and honest about what can be bought, partnered, or co-developed rather than built alone.

The EU’s bet is that the cost of dependence eventually exceeds the cost of sovereignty. That may well be right. But sovereignty pursued badly, slowly, expensively, captured by incumbents, can leave a country both poorer and no safer. The ‘kill switch’ is a real fear worth taking seriously. The harder discipline, for Brussels and New Delhi alike, is making sure the cure does not quietly become its own kind of constraint.

Written by

Amelia Scott

Opinion Contributor

9 years analyzing technology, business, innovation, and societal trends through research-backed commentary and perspectives.

The Newsletter

The Signal — one email, every Tuesday.

The stories shaping tech, AI, and the business of building — distilled for people who would rather read one sharp thing than scroll a hundred.

Free · No spam · Unsubscribe anytime