Is Europe ready for its own AI infrastructure? What a room full of builders, politicians, and investors actually think

Panels about AI sovereignty tend to follow a predictable arc. Someone invokes GDPR. Someone else mentions hyperscalers. A politician says something optimistic. Everyone applauds and goes home.

Last week's Gcore AI panel in Luxembourg didn't go that way.

We had Christos Floros — founder of Monnett, former political candidate, and one of the more honest voices I've heard on the intersection of technology and governance — alongside Clara Ulken from our own team. The audience was full of founders, investors, and operators who are actually building things. And the conversation got uncomfortable in all the right ways.

Here's what I actually took away — not the polished version, but the substance.

First, who controls AI today? (Nobody in this room)

We opened with a live audience poll: who controls AI today — US hyperscalers, governments, or private enterprises?

The result was essentially: US hyperscalers, and also private enterprises, and those two categories overlap almost completely. Nobody selected governments. The response to that option landed somewhere between a polite laugh and a collective wince.

It's worth sitting with that for a moment. We're building policy frameworks, funding initiatives, running regulatory consultations — and the people in the room, the practitioners, don't believe governments are meaningfully in control of the technology those policies are meant to govern. That's not cynicism. That's an accurate read of the current state.

The follow-up question — is China a factor? — got a more nuanced answer. The US dominates, clearly. But writing off China as irrelevant would be a mistake. Christos noted that Mistral remains one of Europe's few genuine bright spots in foundation models, and the audience felt the fragility of that position without anyone needing to say it directly.

What is sovereignty, actually?

Before you can have a serious conversation about sovereign AI, you need a working definition of sovereignty. It sounds obvious. It isn't.

Christos gave what I thought was the most honest framing of the evening. He invoked the Greek revolutionary motto — Eleftheria i Thanatos, freedom or death — not as theatre, but as a genuine philosophical anchor. Sovereignty is the freedom to self-govern. The freedom to decide what kind of society you want to be. The freedom to shape, rather than merely consume, the tools that increasingly make decisions on your behalf.

"If we're not able to shape the very tools that are shaping our decision-making," he said, "then we're not free."

That's a harder standard than most AI sovereignty discussions apply. Most conversations focus on data residency and regulatory jurisdiction. Those matter — but they're the floor, not the ceiling. The deeper question is whether Europe is building the capacity to shape the direction of AI development, not just the conditions under which foreign-built AI gets deployed here.

Clara brought it back to the operational: sovereignty for AI means controlling where your data lives, how it's accessed, and who has legal authority to compel its disclosure. That last point is the one that actually changes business decisions. Under the US CLOUD Act, American cloud providers are required to produce customer data when served with a valid US legal order — regardless of where the data is physically stored. A German company's files on AWS servers in Frankfurt are not protected from that obligation by their European location. European providers operating under EU law face no equivalent compulsion from US authorities.

That distinction is increasingly driving real infrastructure decisions. It's not abstract sovereignty. It's a concrete legal risk that procurement teams are starting to model.

Sovereignty is not isolation — and the distinction matters

One of the more productive moments came when Leo, our moderator, floated an analogy: is sovereignty like an island, where everything made inside stays inside?

Both panelists pushed back, and I think they were right to.

Christos: "Being interdependent just means being self-sufficient enough to act as a global player — to trade with others, to exchange goods and services — without being absolutely dependent. The moment you become dependent, you're no longer sovereign."

Clara: "When we talk about European sovereign AI, we're not talking about an isolated European sovereign AI. It's about Europe being sovereign — having the ability to control its own narrative — while also supplying those services to the world. There are plenty of US companies that don't want to be beholden to the Cloud Act and would therefore like to store their data in Europe."

This is an important distinction for how Gcore thinks about our role. We're not building infrastructure for Europe to retreat behind. We're building infrastructure that allows European companies — and global companies that value European standards — to operate without being structurally dependent on providers subject to foreign legal authority. The goal is competitive participation in the global market, not withdrawal from it.

Europe is already in the game — further than the narrative suggests

A recurring frustration I have with public discourse on this topic is the framing of European AI infrastructure as a future ambition rather than a present reality.

It isn't.

Gcore operates tens of thousands of GPUs across data centers in Europe and globally. We were among the European companies highlighted at Nvidia's GTC conference in San Jose this year — alongside Nebius, which recently announced a 310 megawatt AI factory project in Finland. These are not pilot programs or announcements about future capacity. This is infrastructure that exists and is serving real demand right now.

The global AI infrastructure shortage is real — but it's global. US companies are struggling to find compute just as much as European ones. The narrative that Europe is uniquely behind ignores the fact that demand has simply outpaced supply everywhere. What's different about Europe is that our regulatory environment, so often framed as the obstacle, is increasingly the reason companies want to be here.

GDPR compliance used to be a compliance cost. It's increasingly a sales feature.

The 75 million euro reality check

During the panel, I referenced the Euro 3C project — a pan-European AI infrastructure initiative led by Telefónica, involving 70 organizations across Europe, currently seeking €75 million in public funding to connect AI infrastructure across the continent.

The audience reaction was immediate. Christos: "75 million doesn't sound like enough." Clara: "75 million is an astronomically small number when it comes to deploying AI infrastructure at this scale."

To put it in context: a single hyperscale data center with meaningful GPU capacity costs hundreds of millions to build and equip. A major AI training cluster can run into the billions. Microsoft alone has committed $80 billion to AI infrastructure investment in a single year. €75 million, spread across 70 organizations and multiple countries, is not a rounding error — it is structurally insufficient to change the competitive landscape.

But here's where I think the more useful conversation is: the question isn't whether €75 million is enough to build one European AI supercomputer. It's whether that's even the right model.

Clara made the point clearly: the future of European AI infrastructure is not one centrally governed supercomputer. It's a distributed architecture — national and regional projects across Spain, Luxembourg, Germany, Finland, and elsewhere — operating under a common regulatory framework with consistent data standards and governance requirements. The European Commission's AI Factories initiative points in this direction: fund distributed projects, require regulatory compliance, let the private sector execute.

That's a model that can actually work. Not because €75 million is enough, but because the right architecture doesn't require a single massive bet — it requires consistent standards applied across many funded projects.

The regulation speed problem — an honest assessment

I want to be straight about something that tends to get softened in official Gcore messaging.

Europe's regulatory process is slow. Not slow in a bureaucratic-caricature way, but slow in the specific sense that matters for technology: the world that a regulation is designed to govern often looks different by the time the regulation takes effect.

Leo used the European Green Deal as his example — a framework designed in 2019 to address energy problems from 2015-2017, that arrived just as COVID, the Russian invasion of Ukraine, and Strait of Hormuz disruptions fundamentally changed the energy calculus. By the time the policy was operational, it was partially solving a problem that no longer existed while missing new problems it hadn't been designed for.

The question for AI regulation is whether the same dynamic plays out — and the honest answer is: probably yes, to some degree. AI is moving faster than energy infrastructure ever did.

Christos was blunter than I might be in an official capacity: "We don't have the knowledge. The best, most knowledgeable people don't take the time to get invested in politics. We don't know who's voting on our regulation."

That's uncomfortable. It's also accurate. The people with the deepest understanding of large language models, GPU infrastructure, inference economics, and adversarial AI capabilities are, almost without exception, not in the rooms where EU AI regulation gets written. They're at Gcore, at Mistral, at the startups in this room, at the research labs. Getting that expertise into the regulatory process — not as lobbyists, but as genuine technical advisors — is one of the most important things that could happen for European AI governance.

That said: the instincts behind European regulation are right. The Smart Spires project in Esch that Clara described — deploying AI compute infrastructure with cameras throughout a city, where European regulation prevents any facial recognition data from ever reaching the servers — illustrates what good regulation actually looks like. It doesn't design the product. It defines what the product cannot do. Private companies build and operate the infrastructure, understanding the market. Regulation sets the hard limits. That division of labor is the model that works.

What Mistral and LetzAI tell us about sovereign identity

One of the sharper exchanges came around a question I've been turning over myself: what is the sovereign AI of Luxembourg?

Luxembourg has a strategic partnership with Mistral AI — a French company whose largest shareholder is ASML, the Dutch semiconductor equipment manufacturer. Is Mistral "Luxembourg's sovereign AI"? Or is it LetzAI — founded in Luxembourg, built on Gcore infrastructure from the start, Luxembourgish team and founder — that earns that designation?

Clara's answer: both are sovereign, and the question of which is "more" sovereign gets into semantics that may not be productive. The operative standard is whether a company operates under EU law, whether its data infrastructure is subject to EU jurisdiction, whether it complies with GDPR. Mistral meets that standard. LetzAI meets it more directly. Both are legitimate expressions of European AI capability.

Christos took the federalist view: as long as European companies are operating under EU law and collaborating across borders, he's satisfied. He'd actively prefer cross-border collaboration — companies operating across multiple EU member states — because it reinforces the European project itself.

I find myself somewhere in between. There's genuine value in companies that are born sovereign — built from the ground up on European infrastructure, under European legal jurisdiction, by European teams. That's a different thing from companies that are European by compliance rather than by origin. Both matter. They serve different purposes in the ecosystem.

The capital gap is where this actually breaks down

Here's where I spend a disproportionate amount of my time as Head of EU Sovereignty, because it's where the structural gap is most concrete.

Everything about European AI infrastructure — the regulatory framework, the distributed architecture model, the genuine technical capability that exists in companies like Gcore and Nebius, and Mistral — can be undermined by one persistent problem: the availability of patient, risk-tolerant capital for European deep-tech companies.

A US startup raising a pre-seed round operates in a market where investors are familiar with deep-tech risk, comfortable with long timescales to liquidity, and operating in a single legal and regulatory jurisdiction. A European equivalent raises in a fragmented landscape, navigating different legal environments across member states, with a smaller pool of investors who have direct experience with infrastructure-scale technology bets.

Clara put it directly: "It is much easier for a US startup to get their pre-seed and first series funding than it is for a European company to do so. That's really where I hope to see change — allowing more free market, easier access to funding in Europe."

The infrastructure isn't just data centers and GPUs. It's the financial infrastructure that allows companies to build data centers and GPUs. Until the capital environment in Europe moves closer to what exists in the US, we're solving the second-order problem while the first-order problem persists.

This is where I'd push back on purely regulatory solutions. Gcore can be sovereign. Mistral can be sovereign. But if the companies that should be building the next layer of the European AI stack can't raise their Series A because there isn't enough patient capital in the ecosystem, the sovereign infrastructure they would have built doesn't exist. The talent stays, but it leaves to build in the US. That's not a regulatory failure — it's a capital markets failure, and it needs different solutions.

Choosing European: a responsibility on both sides

The panel ended with an audience member making what I thought was the most direct point of the evening: "Don't you think it's up to us? We talk about sovereignty, and then we spin up AWS instances because it's easy. Isn't it our job to choose European providers?"

Yes. With a condition that Christos stated clearly: "We need to develop better products. Gcore needs to be better than their competitors. At the end of the day, the market decides."

That's the only honest version of this argument. Sovereign infrastructure that underperforms isn't sovereign infrastructure that gets used. If European providers — including Gcore — ask companies to make a values-based choice between equivalent options, that's a reasonable ask. If we're asking companies to accept a material performance or cost disadvantage in the name of sovereignty, that's not a sustainable model and it's not one I'd endorse.

The obligation runs in both directions. The ecosystem should support European providers. European providers should earn that support by building things that are genuinely better — not just jurisdictionally preferable, but technically excellent, commercially viable, and increasingly indispensable.

That's the standard we're working toward.

Where I land after this conversation

The European AI infrastructure conversation has matured significantly in the last two years. We've moved past the stage where the main debate was whether Europe should build sovereign infrastructure. The debate now is about how — what model, what funding mechanisms, what governance structures, what timelines.

Here's my current read:

• The distributed model is right. Not one supercomputer, but many sovereign nodes operating under consistent standards. That's both the realistic path and the correct one.
• The regulatory instincts are right, but the execution needs to catch up. Getting technical expertise into the regulatory process is urgent. The people who understand the technology need to be in the rooms where decisions get made.
• The capital environment is the most underaddressed constraint. Regulatory reform that makes it easier for European investors to back European deep-tech companies would do more for AI sovereignty than almost any infrastructure initiative.
• And Europe's current position is stronger than the mainstream narrative suggests. We're not preparing to compete. We're competing. The question is whether we can sustain and accelerate that trajectory.

At Gcore, that's the problem we wake up to every day. If you're working on pieces of this — infrastructure, policy, capital formation, applications — I'd genuinely like to talk.

Dima Maslennikov is Head of EU Sovereignty at Gcore. Gcore operates global cloud, edge, and AI infrastructure with a focus on sovereign, GDPR-compliant deployment across Europe and worldwide. The views in this post are the author's own.

Watch the full video of the event here: