Skip to content

EU Commission launches targeted consultation on safeguarding EU’s data sovereignty

The European Commission recently launched a targeted consultation on safeguarding the EU’s data sovereignty.  This consultation is closely connected to the European Tech Sovereignty Package which was published on 3 June 2026 (as previously discussed here).  Stakeholders in the data value chain across different sectors have until 8 September 2026 to provide their views.  The consultation seeks to understand data-related dependencies affecting European organisations, including barriers to accessing or using data in third countries, obstacles to transferring data into the EU and risks linked to third-country access to sensitive data.

Background

In November 2025, the European Commission launched the European Data Union Strategy, which addresses the need for high-quality data in Europe, and aims to ensure that suitable data is available to fuel AI development in Europe.  The strategy identified three priority areas:

  1. scaling up access to data for AI to ensure our businesses have access to high-quality data needed for innovation;
  2. streamlining data rules to give legal certainty to businesses and reduce compliance costs; and
  3. safeguarding the EU’s data sovereignty to strengthen our global position on international data flows.

The impact of this European Data Union Strategy has already been seen with the publication of the draft EU Digital Omnibus Regulations (which were published alongside the strategy) (previously discussed here), and the more recent publication of the Cloud and AI Development Act (“CADA”) on 3 June 2026.  This targeted consultation is the latest step towards achieving the aims set out in the European Data Union Strategy.

Targeted consultation

The targeted consultation seeks to recognise that data is essential for Europe’s competitiveness, particular in the context of AI.  In its press release, the European Commission notes that “unjust data localisation requirements, discriminatory rules, and data leakage to third countries threaten to undermine [data] sovereignty” within the EU.

The European Commission is specifically seeking views from organisations of all sizes, across all sectors as to whether:

  • organisations have encountered barriers, restrictions or risks when accessing, using, sharing or transferring data with a third country;
  • organisations have been required to provide access to non-personal but sensitive data to public authorities in a third country as a condition for market access or necessary approval;
  • organisations have encountered barriers, restrictions, risks or other issues as regards data transfers between a third country and the EU; and
  • organisations have found that EU companies face less favourable conditions in third countries in terms of data-related markets.

Organisations are also being provided with the opportunity to make suggestions as to measures that EU institutions may take in order to address the difficulties that they have faced in terms of data sovereignty.  This may also include practical examples which align with the problem identified and the measures being requested.

Next steps

Once the consultation is closed, the European Commission will use the responses to assess whether further action is needed to address practical challenges currently faced by EU organisations.  Organisations are invited to provide their input before 8 September 2026.  The consultation has particular importance for organisations which rely on data from third countries, who are currently facing greater restrictions than organisations based outside of the EU.

Contact us

For more information please contact a member of the Technology and Innovation Group or your usual Matheson contact.

© 2026 Matheson LLP | All Rights Reserved