The Silicon Blind Spot: Europe’s Sovereign Clouds Are Still Running on American Hardware
Table of Contents
The Billion-Euro Perimeter
Europe is currently in the midst of a massive architectural pivot. Driven by a desire to decouple from the legal reach of the United States, the EU is pouring more than €2 billion into sovereign cloud initiatives. Through programs like the IPCEI-CIS, the bloc is building infrastructure designed to ensure that European data stays under European jurisdiction. In France, the SecNumCloud framework has set a gold standard, imposing nearly 1,200 technical requirements to guarantee “immunity from extraterritorial laws.”
On paper, the strategy is sound. By shifting data to local operators and indigenous infrastructure, Europe believes it can shield itself from the long arm of the US government. However, a critical vulnerability remains: the silicon. While the clouds are European, the processors powering them are almost exclusively American.
The Computer Beneath the Computer
Most modern data centers rely on Intel and AMD hardware. Tucked deep inside these chips is a layer of firmware that operates entirely outside the view of the operating system—and the cloud operator. On Intel chips, it is the Management Engine (ME), or more accurately, the Converged Security and Management Engine (CSME). On AMD hardware, it is the Platform Security Processor (PSP).
Security researchers refer to this as “Ring -3.” In the traditional hierarchy of computer permissions, the operating system sits at Ring 0. A hypervisor might sit below that. But the ME and PSP operate at a level so deep that the host system cannot see or log their activity. It is, for all intents and purposes, a second computer living inside the primary processor.
“It’s a computer inside your computer,” says John Goodacre, Professor of Computer Architectures and former director of the UK’s £200 million Digital Security by Design program. According to Goodacre, this secondary system has its own memory, its own clock, and its own network stack. Because it can share the host’s MAC and IP addresses, any traffic the ME generates is virtually indistinguishable from normal system traffic to a network firewall.
Features as Backdoors
For IT administrators, these tools are useful. Intel’s Active Management Technology (AMT), for instance, allows for remote keyboard-video-mouse redirection and power control across vast fleets of devices. But this utility creates a massive attack surface. Intel’s AMT exposes several TCP ports (16992 through 16995) that can be leveraged if credentials are compromised.
This isn’t theoretical. In 2017, Microsoft documented a nation-state actor known as PLATINUM using Intel’s Serial-over-LAN (SOL) as a covert exfiltration channel. Because the SOL traffic transits the Management Engine and the NIC sideband path before the host’s TCP/IP stack even runs, the host firewall and endpoint detection software saw absolutely nothing. In many cases, the attackers didn’t even need a complex exploit; they simply used factory default credentials.
The risk extends to the supply chain. Goodacre notes that on modern devices, a “powered off” state is often a misnomer. Through “Modern Standby,” SoC components—including those running the Management Engine—remain in low-power states. A laptop that appears off in a bag could, in theory, associate with a hostile network if the firmware was tampered with during transit, all while the user remains oblivious.
The Sovereignty Paradox
This hardware reality creates a paradox for Europe’s digital sovereignty. Under the US Reforming Intelligence and Securing America Act (RISAA) 2024, hardware manufacturers are classified as “electronic communications service providers,” making them subject to secret government orders. If the US government can compel a chipmaker to implement or maintain a capability within the ME or PSP, no amount of European software certification can stop it.
Professor Aurélien Francillon of EURECOM, who previously demonstrated how hard disk drive firmware could be used for silent data exfiltration, views this as an inherent risk of the current hardware ecosystem. “The NSA were already doing it,” Francillon says, referring to the Snowden disclosures that mirrored his own research into firmware backdoors. While he argues that operational controls can mitigate some risks, the fundamental architecture remains a black box.
AMD is not immune to these concerns. On April 14, 2026, researchers demonstrated the “Fabricked” attack against AMD’s SEV-SNP confidential computing technology, achieving a 100 percent success rate with a software-only exploit. The Platform Security Processor, designed to be the root of trust, proved vulnerable to the same class of compromise.
As Europe continues to certify its clouds, the industry is left with a sobering realization: you cannot have true digital sovereignty if you do not control the silicon.
