alt Hacker News> The actual risk is that US spooks can use these hardware features to infiltrate European clouds.
If your threat model is clandestine government actors then I think it would be a rather odd decision to host on ANY cloud !
The main risk for most people is being subject to US CLOUD Act, US PATRIOT Act etc. etc. Which, despite what the sales-droids will tell you, still applies in the fake-EU clouds operated by the US providers.
If you are serious about EU data sovereignty then you absolutely want an EU OpCo that has nothing whatsoever to do with any US company. If OpCo has ties to a US company or IS a US company such as AWS or Microsoft, then you've lost the EU jurisdiction.
The concern over "digital sovereignty" is motivated by the US wielding sanctions as a political tool against Europe.
It's impossible to fully eliminate any exposure to US sanctions. If the EU wants to fully shield itself, it should aggressively counter-sanction American entities. If the US government knows that every time it sanctions some EU entity, an American entity will get sanctioned just as hard, it will think twice.
For some reason, the EU has been unwilling to go down this obvious path.