Digital Sovereignty and Cloud Infrastructure: The European Private Equity Thesis

Digital sovereignty and cloud infrastructure form the most defensible private markets thesis in Europe’s digital economy. Dr. Raphael Nagel (LL.M.) argues that NIS-2, the EU AI Act, DORA and GAIA-X have turned sovereign cloud capacity from a policy slogan into a concrete, regulated revenue stream with ten to fifteen year contractual horizons.

Digital Sovereignty and Cloud Infrastructure is the combination of physical and logical computing capacity, namely data centers, fibre networks, edge nodes and managed cloud services, operated under European jurisdiction, European ownership and European legal standards, so that regulated customers in finance, healthcare, defence and public administration retain legal control over their data and workloads. In KAPITAL, Dr. Raphael Nagel (LL.M.) frames it as a systemcritical investment category sitting at the intersection of the GAIA-X initiative, the EU AI Act, NIS-2, DORA and the 2023 Data Act, where sovereignty requirements produce contractually bankable, multi year cash flows that US hyperscalers cannot fully serve.

Why digital sovereignty became a legal obligation, not a preference

Digital sovereignty and cloud infrastructure became a legal obligation for European regulated industries between 2022 and 2025, when NIS-2, the CER Directive, DORA and the EU AI Act converged to require that critical data and workloads remain under European jurisdictional control, trusted ownership structures and auditable chains of command.

The turning point was not the launch of GAIA-X in 2019, which remained largely aspirational, but the post-2022 cascade of binding regulation. NIS-2 (Directive EU 2022/2555) forces essential entities to prove supply chain security, explicitly including their ICT providers. DORA, applicable from January 2025, imposes direct EU supervision on critical ICT third-party providers serving financial institutions, with the European Supervisory Authorities acting as lead overseers. The 2023 EU Data Act defines who gains access to data generated by connected infrastructure. The EU AI Act classifies AI systems deployed in critical infrastructure as high-risk, triggering transparency, human oversight and registration obligations.

Dr. Raphael Nagel (LL.M.) argues in KAPITAL that the 5G debate was the leading indicator. Once Western governments excluded Huawei and ZTE from 5G core infrastructure on documented intelligence grounds, the logic extended inexorably to AI infrastructure, cloud and data centers. The question is no longer whether a German federal ministry, a French bank or a Dutch defence procurement office should operate on sovereign infrastructure. The question is which provider can satisfy the BSI, the ACPR, the BaFin and the procurement committees of 2026. Investors still reading the sovereignty discourse as soft politics are already late.

What sovereign cloud infrastructure physically consists of

Digital sovereignty and cloud infrastructure in the European sense consists of four concrete layers: hyperscale and colocation data centers under EU ownership, fibre and internet exchange capacity, edge nodes close to regulated workloads, and the software stack covering identity, encryption and orchestration that enforces jurisdictional boundaries in real time.

The physical layer is capital intensive and comparatively easy to identify. The global data center market generates over 200 billion dollars in annual revenue with double-digit growth, driven by cloud adoption, AI workloads and data volume expansion. Colocation operators rent space, power and cooling to multiple tenants, offering diversified revenue with investment-grade counterparties. Hyperscale campuses, built to the specifications of a single anchor tenant such as Amazon AWS, Microsoft Azure or Google Cloud, provide ten to fifteen year inflation-indexed leases. Edge data centers, smaller and decentralised, address latency-sensitive applications accelerated by 5G and industrial IoT deployments under the Data Act.

The investable value for private capital sits in the middle segment. Regional colocation operators in Germany, Austria, Switzerland and the Benelux region are plausible mid-market buy-and-build platforms: they combine physical scarcity (site acquisition, grid connection and permits take years) with regulated customer demand that cannot be served by Dublin, Virginia or Singapore hosted hyperscalers. Dr. Raphael Nagel (LL.M.) describes this in KAPITAL as the sovereign tier between pure real estate and pure managed cloud, the tier where regulated industries negotiate their legal and operational terms. Energy intensity is the constraining variable: hyperscale capacity now competes directly with heavy industry for grid access.

Where US hyperscalers fail the sovereignty test

US hyperscalers fail the sovereignty test not technically but jurisdictionally. Amazon AWS, Microsoft Azure and Google Cloud deliver European regions and European-resident services, yet remain subject to the US CLOUD Act and FISA 702, meaning a US court order can compel disclosure of data processed by a European subsidiary.

This extraterritorial reach is the structural gap that sovereign cloud investments exist to fill. The European Commission, the German BSI and the French ANSSI have articulated the problem in successive publications: a German federal ministry, a European central bank or a regulated healthcare operator cannot credibly claim data sovereignty while running on infrastructure whose ultimate legal master sits in a different jurisdiction. GAIA-X was the political attempt to answer this, and has been rightly criticised for slow execution, but the underlying demand has only intensified since the 2022 invasion of Ukraine.

For investors, the practical question is which customer segments are willing to pay the sovereignty premium. The empirical answer from KAPITAL: regulated finance (constrained by EBA ICT guidelines and DORA), public administration (procurement rules now routinely require EU hosting and national certifications such as BSI C5 and SecNumCloud), healthcare (European Health Data Space plus national sovereignty statutes), and defence (zero tolerance on extraterritorial access under the European Defence Fund regime). These segments combined represent a multi-billion euro addressable market that is structurally closed to US hyperscalers operating under US law. Dr. Raphael Nagel (LL.M.) notes that this is not a question of anti-American positioning but of matching the legal reality of European clients with the legal reality of their providers.

The private equity thesis for sovereign cloud and regulated data centers

The private equity thesis is a European buy-and-build of regional colocation operators, sovereign cloud service providers and edge data center developers, targeting regulated customers under NIS-2, DORA and the EU AI Act, with ten to fifteen year contractual horizons, inflation-indexed pricing and structural demand growth from AI deployment.

Tactical Management, the firm founded by Dr. Raphael Nagel (LL.M.), positions this thesis as a distinct category from classical hyperscale infrastructure investing. The return profile resembles regulated infrastructure, in the low teens IRR rather than classical buyout levels, but the operational intensity resembles private equity: integration of heterogeneous data center estates, migration of regulated customers onto a unified sovereign platform, certification (ISO 27001, BSI C5, SecNumCloud, ENS in Spain), and the build-out of managed service layers on top of the physical plant. The mid-market is fragmented enough for consolidation and regulated enough to repel hyperscaler competition.

Concrete deal templates emerging between 2023 and 2026 include national colocation champions acquired and scaled regionally; sovereign cloud joint ventures between European system integrators and regional data center operators; edge platforms for industrial customers under the Data Act; and AI-ready campuses engineered for high-density GPU workloads under the EU AI Act’s high-risk classification regime. Exit options are unusually broad. European pension funds and infrastructure funds pay premium multiples for inflation-indexed, regulated cash flows, and strategic European telecom carriers from Deutsche Telekom to Orange are rebuilding their sovereign cloud portfolios. In KAPITAL, Dr. Nagel describes this as the closest approximation in digital assets to a regulated utility risk profile, with meaningful upside from structural AI demand.

Execution risks that derail sovereign cloud investments

The three execution risks that most frequently derail digital sovereignty and cloud infrastructure investments are energy constraints, certification delays and customer concentration. Each is manageable, but each has killed otherwise attractive deals between 2022 and 2025 when underwritten optimistically rather than conservatively.

Energy first. A hyperscale-ready site in Frankfurt, Amsterdam or Dublin now competes with heavy industry for grid capacity, and grid connection queues have lengthened from months to years. Without a binding grid connection agreement (Netzanschlussvertrag in Germany) at signing, the investment thesis is speculative. ESG reporting under the CSRD, combined with the EU Energy Efficiency Directive’s data center reporting regime in force from 2024, adds further constraints on Power Usage Effectiveness and renewable sourcing. Operators without a credible path to carbon neutrality are structurally disadvantaged in public procurement.

Certification and concentration are the second and third risks. BSI C5 in Germany, SecNumCloud in France and ENS in Spain are not administrative box-ticking; they require architectural choices that cannot be retrofitted cheaply. Customer concentration in sovereign cloud is intrinsic: a handful of ministries, central banks, defence agencies and systemic banks generate most addressable revenue, and their procurement cycles are slow and political. Dr. Raphael Nagel (LL.M.) emphasises in KAPITAL that these are exactly the situations where legal, regulatory and political due diligence must match the depth of the technical and financial due diligence. Sovereign cloud is a jurisdictional product. Investors who treat it as pure real estate or pure SaaS will be displaced by those who understand the legal architecture.

The strategic conclusion from KAPITAL is direct. Digital sovereignty and cloud infrastructure are not a subsegment of European technology investing; they are the regulated backbone on which financial supervision, healthcare reform, defence modernisation and AI deployment in Europe will physically run for the next two decades. The legal instruments that created this category, from NIS-2 through DORA, the EU AI Act, the Data Act and the CER Directive, are not reversible with a change of government. They are structural features of the European legal order and they will be enforced. For investors who understand this, the next decade offers an unusually rare combination: infrastructure-grade cash flow stability, double-digit structural demand growth from AI and regulated digitalisation, and a competitive moat defined by jurisdiction rather than by technology alone. Dr. Raphael Nagel (LL.M.) and the team at Tactical Management have built their thesis around precisely this intersection, and KAPITAL articulates the framework for boards, family offices and institutional LPs who want to participate rather than merely observe. The investors who define this category over the next ten years will not be the largest hyperscalers. They will be the most jurisdictionally literate.

Claritáte in iudicio · Firmitáte in executione

For weekly analysis on capital, leadership and geopolitics: follow Dr. Raphael Nagel (LL.M.) on LinkedIn →

For weekly analysis on capital, leadership and geopolitics: follow Dr. Raphael Nagel (LL.M.) on LinkedIn →