On 3 June 2026, the European Commission adopted its proposal for the Cloud and AI Development Act - CADA - as the centerpiece of a broader European Technological Sovereignty Package, alongside a Chips Act 2.0 and an EU Open Source Strategy. Most coverage reads the package as Europe finally getting serious about digital sovereignty. It is that. But read it closely and it is something more useful: the most precise map yet of what European policy believes AI sovereignty to be. And, by omission, the most precise map of what it does not.

Sovereignty is three problems, not one

The sovereignty debate goes in circles because it conflates three separable problems.

Data - where the bits sit, under whose jurisdiction, reachable by whose courts and intelligence services.

Compute - who owns and operates the data centres, the GPUs, and the energy that runs them.

LLM IP - who trains, owns, and controls the frontier LLMs the rest of the stack exists to serve.

These are different problems with different time horizons, different capital requirements, and different owners. Progress on one does not transfer to the others. A policy package can be genuinely strong on two layers and silent on the third - which is exactly what just happened.

The three layers of AI sovereignty stacked: data and compute are addressed by the June 2026 package and shown filled; the LLM IP layer on top is shown as an empty dashed outline, marked absent. THREE LAYERS OF AI SOVEREIGNTY 03 LLM IP Frontier LLM training and ownership. No pillar in the package - absent. 02 Compute Data centres, GPUs, energy. CADA capacity targets + Chips Act 2.0. 01 Data Residency and jurisdiction. GDPR + CADA assurance levels. Two layers funded. The one above them, left out.

Layer 1 - Data: the mature layer

This is the layer Europe has worked on the longest and understands best. GDPR set the jurisdictional baseline. Data residency clauses became standard in enterprise procurement years ago. CADA now adds the missing formal piece: an EU-wide framework of four sovereignty assurance levels for assessing whether a cloud service is sufficiently protected from foreign control, aimed first at public-sector workloads. At the top of the scale, Level 3 requires providers to be owned and controlled from the EU, and Level 4 requires full transparency and control over the software supply chain with no third-country interference.

This is real progress on a real problem. The trigger is well understood: no contractual arrangement with a provider domiciled elsewhere can fully resolve jurisdictional exposure, because the provider's home law travels with it. A formal assurance scale at least makes the exposure measurable and procurable.

Call this layer largely addressed - in framework, if not yet in supply.

Layer 2 - Compute: where the money is going

This is the layer CADA actually targets with money and mechanism. The proposal aims to triple EU data centre capacity within five to seven years, obliges Member States to create data centre acceleration zones with adequate power capacity, streamlines permitting, and complements the AI gigafactories already being rolled out. Chips Act 2.0 reaches further down the stack. The ambition is real and the constraints it attacks - permitting time, energy access, financing - are the right ones.

But two honest caveats. First, the capacity being built will run overwhelmingly on hardware Europe does not manufacture. Acceleration zones do not change who makes the accelerators. Second, the assurance framework and the capacity push are in tension: the providers most able to build at this scale and speed are largely the ones the higher assurance levels are designed to screen. Level 4 exists on paper; how many providers of meaningful scale can actually meet it is the open question the next two years will answer.

Call this layer funded and in motion - with a dependency problem one level below it.

Layer 3 - LLM IP: the layer with no pillar

Now the omission. The package has a pillar for data, a pillar for compute, a pillar for chips, even a pillar for open source. It has no pillar for the frontier LLM layer.

Europe does not have a frontier lab. Mistral is the best of what exists, and the gap to the leading labs in the US and China is not closing - by most measures it is widening. The reasons are structural, not accidental: a frontier lab is a multi-billion-euro bet with concentrated capex, concentrated risk, and a tolerance for moving fast that European capital markets and policy are not built to reward. That is a choice with consequences, and the consequences arrive as a package.

The result, stated plainly: under the current strategy, European data stays in the EU, on capacity Europe is building, running LLMs Europe does not train. The sovereignty framework can certify where an LLM runs and who operates the infrastructure. It cannot certify who decides what the LLM is, how it changes, what it costs, or whether it remains available on acceptable terms.

A strategy that secures the bottom two layers and imports the third has bought resilience, not sovereignty.

That is not a small gap. The LLM layer is where capability lives. Everything below it is necessary; none of it is sufficient. And the difference between resilience and sovereignty matters most precisely in the scenarios sovereignty policy is written for - the ones where terms change and the deciding is done somewhere else.

What this means if you are building

This is not just a policy observation. If you are scoping an AI product for European B2B customers, all three layers show up in your decisions - usually uninvited.

Sovereignty requirements are about to get more specific. Procurement language will migrate from vague residency clauses toward assurance levels with defined criteria. If public-sector bodies or regulated enterprises are in your customer base, scope for this now: which level your architecture can honestly claim, and what it would cost to move up one.

LLM dependency is a supply-chain risk you cannot regulate away. No assurance level fixes the fact that your product's core capability is trained, priced, and versioned by a company outside your customer's jurisdiction - and outside yours. In Europe this makes LLM portability a first-order architecture decision, not a nice-to-have. The question is not which LLM is best today but what switching costs you when terms, pricing, or availability change.

Interrogate every sovereignty claim by layer. When a vendor, a partner, or your own roadmap says "sovereign AI," ask: which layer, exactly? Data residency is the easy claim. Compute ownership is the expensive one. LLM ownership is the one almost nobody in Europe can make. Most sovereignty marketing survives only as long as nobody asks.

The LLM layer is the one Europe cannot currently buy - and the one most product plans never price in. The legislation that arrived this month is worth taking seriously. So is the layer it left out.

Dmitry Borodin co-founded B Productive, a boutique AI product advisory helping B2B companies turn AI pilots and product bets into shipped products.