Everyone is selling sovereign cloud. Almost no one is delivering it.

As the person responsible for security and compliance across Advania's work with public sector organisations and critical infrastructure operators across Europe, Henric's frame of reference is not theoretical. Healthcare systems, energy grids, and government services. Environments where the question of who controls the infrastructure is not philosophical. It is operational.

"For us, sovereignty is not a concept," he says. "It's something we deliver every day. We are not discussing theory. We are operating it."

The risk of a label

As political momentum behind digital sovereignty builds, so does the number of providers claiming to offer it. Henric sees the danger clearly.

"Not all sovereign clouds are equal. Ownership, operational control, and jurisdiction matter. If those are not clear, then sovereignty becomes a label rather than a reality."

He calls the pattern "sovereignty-washing": solutions that appear compliant but lack genuine control underneath. The DIGIT Cloud Sovereignty Framework is a meaningful step toward fixing that. But its value depends entirely on whether procurement processes apply it consistently, rather than treat it as a checkbox.

A false choice

One of the debate's recurring misconceptions is that sovereignty requires excluding global technology providers. Henric pushes back directly.

"Europe does not need to choose between global technology and sovereignty. But we do need to ensure that critical infrastructure is operated under European control, with real accountability."

The model is straightforward in principle: global technology, local operation, clear legal ownership. The challenge is not conceptual. It is whether frameworks and procurement standards actually require it, or simply permit it.

What is holding Europe back

Henric identifies four pressure points, each solvable in his view, but only if policy ambition is matched by operational reality.

Infrastructure capacity is the most immediate constraint. Europe needs more data centres, and permitting is too slow. Rising energy costs compound this, putting pressure on investment decisions at exactly the moment acceleration is needed.

On components, he is measured. The EU Chips Act is a genuine achievement that strengthens supply chain resilience. The Cyber Resilience Act, however, risks adding complexity to component sourcing, an area where continued dialogue between policymakers and operators matters.

Regulatory compliance carries a disproportionate burden for smaller providers, particularly when serving large customers with complex requirements. And underlying all of it is a structural issue: European providers cannot build the scale needed to compete globally if cross-border consolidation remains unnecessarily difficult.

"These are solvable problems," Henric says. "But they require alignment between policy ambition and operational reality."

What success looks like

Faster permitting. Stable energy pricing. Regulations that incentivise rather than only sanction. And sovereignty definitions applied consistently in public procurement, not referenced in frameworks and ignored in practice.

Europe's ability to control its own digital infrastructure will not be determined by ambition. It will be determined by who builds it, who operates it, and who is accountable when it matters.

That is where sovereignty either becomes real or remains a label.