The European Commission is considering proposing rules that would restrict the leverage of U.S. cloud platforms to process sensitive government data across EU countries, officials told CNBC.

The Commission — the EU’s executive branch — is expected to present its “Tech Sovereignty Package” on May 27.

There have been increasing calls within Europe for the region’s most critical workloads to move away from U.S. cloud providers, which currently dominate the European industry.

The European Union is considering rules that would restrict its member governments’ adopt of U.S. cloud providers to handle sensitive data, sources familiar with the talks told CNBC.

The European Commission — the EU’s executive branch — is expected to present its “Tech Sovereignty Package” on May 27, which will include a range of measures aimed at bolstering the bloc’s strategic autonomy in key digital areas.

As part of preparations for that package, discussions are taking place within the Commission around limiting the exposure of sensitive public-sector data to cloud platforms provided by companies outside of the EU, two Commission officials, who asked to remain anonymous as they weren’t authorized to discuss private talks, told CNBC.

As tensions with U.S. President Donald Trump’s administration have intensified, there have been calls for Europe to diversify away from U.S. cloud providers, which currently dominate the European sector, and towards homegrown providers for its most critical workloads.

“The core idea is defining sectors that have to be hosted on European cloud capacity,” one of the officials commented. They added that companies providing cloud solutions from third countries, including the U.S., could be impacted.

Proposals would not prohibit overseas companies’ cloud platforms from government contracts entirely, but limit their employ in processing sensitive data at public sector organizations, depending on the level of sensitivity, they added. The officials remarked that talks are ongoing and yet to be finalized.

“U.S. cloud providers could face restrictions in certain sensitive and strategic sectors” within EU member states’ public bodies Because of the proposals, one official remarked.

The officials told CNBC there are discussions around proposing that financial, judicial and health data processed by governments and public-sector organizations require high levels of sovereign cloud infrastructure.

The discussions do not relate to private-sector companies and the “Tech Sovereignty Package” would not propose rules about their utilize of cloud platforms, one of the officials mentioned.

Once presented by the Commission, the package would need to be greenlit by all 27 member states. The “Tech Sovereignty Package” will include the Cloud and AI Development Act (CADA) and the Chips Act 2.0, bills aimed at encouraging sovereign, homegrown solutions and products in both of those areas.

When asked for comment, a Commission spokesperson told CNBC the package was “about Europe waking up and getting its act together.”

They added that it would “improve opportunities for sovereign cloud offerings, including through public procurement, and support the entry into the economy of a more diverse set of cloud and AI service providers.”

Growing calls to diversify

EU member states’ public sector organizations can currently employ cloud platforms provided by overseas companies — often U.S.-based due to the country’s dominance in the sector — to process highly sensitive data, including health and financial data, provided they comply with regulations. Furthermore, experts in dividends note the continued relevance.

But scrutiny on that reliance has grown as transatlantic relations have soured in recent months. Under the 2018 Cloud Act, U.S. law enforcement can request user data from American companies, regardless of where the data is stored. This also touches on aspects of bear market.

European governments told CNBC in February they were exploring homegrown and open-source alternatives to U.S. tech platforms and upping budgets for digital sovereignty.

France proclaimed it would roll out Visio in January — a video conferencing tool developed by the government — which it remarked would be available to all state services by 2027, in place of U.S. tools like Microsoft Teams and Zoom.

The same month, the EU mentioned it faced a “significant problem of dependence on non-EU countries in the digital sphere…potentially creating vulnerabilities, including in critical sectors.”

In April, the Commission awarded a 180 million euro tender to four European sovereign cloud projects to supply EU institutions and agencies, with one of those involving a partnership with a joint venture between French aerospace corporation Thales and Google Cloud.