• EU officials warn reliance on US tech giants threatens financial stability
• Digital sovereignty is becoming a core regulatory priority
• Central banks highlight cloud concentration and cyber risk
• Major providers like AWS and Microsoft face tighter oversight
• New EU rules aim to cut single points of failure
• Banks face rising pressure to diversify technology suppliers

European policymakers are intensifying efforts to reduce the financial system’s dependence on US-based technology giants, warning that growing geopolitical tension and cyber risk have turned digital infrastructure into a strategic vulnerability for the region’s banks and insurers.

Speaking at a financial technology regulatory conference in Brussels, Maria Luís Albuquerque said Europe must retain control over the technologies that underpin its economy, reinforcing a broader push toward what officials describe as digital sovereignty.

The concept reflects concern that reliance on foreign providers, particularly from an increasingly inward-looking United States, could expose Europe to economic disruption and security threats.

“Europe must retain control over the key technologies that underpin and drive our economies,” Albuquerque said, arguing that digital infrastructure now sits alongside energy and defense as a core strategic asset.

Her comments were echoed by senior supervisors from across the region. De Nederlandsche Bank warned that European financial institutions remain overly dependent on a narrow group of external cloud service providers, leaving them exposed to operational outages and cyberattacks.

Steven Maijoor, chair of supervision at the Dutch central bank, said concentration risk in cloud computing had become a growing fault line in the European financial system.

“It is undeniable that the fault lines in our European financial system have become far more prone to cracking in recent years,” Maijoor said, pointing to rising cyber threats and a deterioration in some long-standing global relationships.

While some institutions have begun diversifying their technology suppliers, he cautioned that progress remains uneven across the sector.

European regulators have been raising similar concerns for several years, but the urgency has increased as geopolitical tensions have intensified and cyber incidents have grown in scale and sophistication.

In November, the European Central Bank flagged geopolitical conflict and technological disruption as among the most significant risks facing the region’s banking sector, warning that operational resilience was now inseparable from financial stability.

The regulatory response has accelerated under the EU’s new digital resilience framework. Supervisors have formally designated 19 technology firms as critical third-party providers to the financial sector, subjecting them to direct oversight.

The list includes major cloud platforms such as Amazon Web Services, Google Cloud, and Microsoft, reflecting their central role in supporting core banking, payments, trading, and insurance operations across Europe.

Under the EU’s Digital Operational Resilience Act, regulators now have the power to inspect, test, and in extreme cases restrict the activities of technology providers deemed critical to the financial system.

Officials say the aim is not to exclude foreign firms, but to reduce single points of failure and ensure continuity of service during periods of stress.

Industry groups have broadly accepted the need for stronger oversight, but some banks warn that rapid moves toward digital autonomy could prove costly and complex.

Large financial institutions have spent years migrating systems to global cloud platforms to cut costs and improve scalability, and reversing those decisions may not be straightforward.

Nonetheless, regulators argue that efficiency gains cannot come at the expense of systemic resilience.

The debate also reflects a wider reassessment of Europe’s economic exposure to external powers.

From energy security to semiconductor supply chains, policymakers are increasingly seeking to rebalance globalization with strategic control.

In financial services, that shift is reshaping how regulators view technology risk, treating cloud concentration and vendor dependency as prudential issues rather than purely operational ones.

As cyber threats multiply and geopolitical uncertainty deepens, Europe’s push to assert greater control over its digital foundations is likely to remain a defining theme for banks, insurers, and their technology partners.