Major economies are moving to reduce dependence on foreign-controlled technology supply chains. Australia has not yet made that shift at scale, but it is increasingly exposed to markets that have.
The European Commission announced its European Technological Sovereignty Package last week, the most recent expression of this gradual shift. The US has already legislated billions into domestic semiconductor manufacturing through the CHIPS and Science Act in 2022. China, too, has pursued domestic capabilities across hardware, cloud, and AI for many years.
Countries across Southeast Asia have implemented or strengthened data localization requirements, indicating a common pattern: technology infrastructure is now an important geopolitical asset, and control over it matters.
For Australian CIOs, cybersecurity teams, cloud architects, and technology exporters, the question is no longer whether this shift is happening, because it has already started. The question is what it means for the way Australian organizations buy, use, and sell technology, and how long they have before decisions are made for them.
The global technology architecture is being redrawn
The EU’s package gives the clearest picture yet of where sovereign technology policy is heading. It focuses on domestic semiconductor manufacturing using an advanced foundry within the bloc.
Commission President Ursula von der Leyen framed the stakes directly: “We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable, and our services secure.”
Executive Vice-President Henna Virkkunen was more pointed: “We want to be sure nobody has a kill switch.”
The numbers behind the policy tell the story. According to The Parliament, citing the Center on Regulation in Europe, foreign-owned platforms currently host more than 80% of Europe’s essential digital services. The EU spends an estimated €264 billion annually on foreign IT products.
The Commission’s own estimates put the investment needed to address semiconductor dependency at €120 billion, with a further €200 billion required by 2036 for sovereign data center capacity.
Those figures describe a structural dependency, not a preference. The same structural dependency exists in Australia, but not to the same scale as EU enforcement.
Australia’s infrastructure gap
AWS, Microsoft Azure, and Google Cloud underpin the majority of Australian enterprise workloads. Federal and state government services and operations in critical sectors such as banking, healthcare, telecommunications, and defense supply chains all rely on it.
That concentration is not unusual, as most advanced economies share it. What is changing is that several of those economies are now treating it as a problem to fix rather than a condition to manage.
Australia’s Security of Critical Infrastructure Act designates sectors like telecommunications, data storage, and financial market infrastructure as critical systems subject to government oversight. But the government’s investment posture on domestic AI compute, sovereign cloud capacity, and semiconductor capability remains limited relative to comparable Five Eyes economies.
Australian enterprises operating across banking, healthcare, defense-adjacent industries, and government technology should examine whether their infrastructure architectures are built on resilience assumptions that the rest of the world is now revisiting.
A direct commercial problem for Australian tech exporters
The global shift in sovereignty is not only a procurement question for Australian buyers. It is a market access question for Australian sellers.
The EU’s cloud sovereignty tiers will affect who can compete for European public-sector and regulated-industry contracts. American providers will struggle to meet the highest tiers in this new dispensation due to US regulations that allow US companies to send data back home regardless of where their servers are located.
Australian technology companies operating in, or planning to enter European markets, may face parallel scrutiny. These are not abstract compliance queries. They are increasingly the basis for European procurement decisions and partner due diligence.
As a result, Australian technology exporters with European or generally foreign revenue should be mapping their exposure now.
What’s hot at TechRepublic
Who owns the infrastructure that powers AI?
Underneath the cloud and procurement questions sits a more fundamental issue that Australian enterprises are only beginning to engage seriously: who controls the infrastructure that AI runs on.
Australian AI adoption has accelerated across financial services, healthcare, resources, and government. The underlying compute capacity, model infrastructure, and data processing architecture that makes that adoption possible remains concentrated in a small number of global providers.
That concentration functions efficiently in stable conditions. Its risks become apparent when geopolitical relationships shift, when regulatory requirements diverge across markets, or when infrastructure owners make decisions with significant business impacts.
The global direction is simple: Internet technology is becoming as strategically important as legacy offline assets. That means questions about ownership, resilience, and control carry more weight. Australian CIOs and infrastructure architects may not be in a position to resolve these questions unilaterally. But they are increasingly in a position where boards, regulators, and insurers will begin asking them.
The world is not waiting for a consensus. It is acting on these questions incrementally, regulation by regulation, investment by investment. Australian enterprise technology leaders who treat this as a distant geopolitical story are likely to find it on their doorstep before the next infrastructure refresh cycle is complete.