Digital sovereignty, the European debate and the launch of Gaia-X

Article
Lorenzo Principali
25 MSs adopted a joint declaration agreeing to work together towards a European cloud federation initiative

The EU institutions and Member States are pushing forward quickly the creation of a European Cloud Federation. Last 15 October, 25 out of 27 MSs adopted a joint declaration agreeing to work together towards a European cloud federation initiative, a project aiming at shaping a secure, efficient and interoperable cloud supply for Europe. They also agreed to cooperate on creating the EU Cloud Rulebook, a set of common technical rules and norms on the EU Cloud initiative, as well as deploying interconnected cloud capacities across MSs, including common marketplaces. The implementation of the Cloud Federation initiative will be facilitated by the Commission and then driven by the nascent European Alliance for Industrial Data and Cloud. The project also takes into consideration the national cloud initiatives that several MSs are already setting up – the Polish WIIP, the Italian Cloud for PA, the Belgian G-Cloud, Estonian Government Cloud, Greek G-Cloud, Irish G-Cloud, Austrian Ö-Cloud, the French cloud strategy for PA, the Spanish cloud strategy for the SPA, and the Portuguese National Cloud Strategy. These can all provide the basis for further cooperation.

The joint declaration also includes the key point of how the cloud initiative will be financed. Currently, according to DG Cnect estimates, Europe is facing an investment gap for cloud that, compared to the USA and China, is calculated at €11 billion annually. According to the joint declaration, the total funding in cloud and data could reach up to €10 billion, with €2 billion from programmes such as the Digital Europe Programme, Connecting Europe Facility 2 and the financial tool InvestEU, and the remainder from the Recovery and Resilience Facility (20% being marked for the digital transition) and from private investments. Acceleration on the cloud initiative is also due to the spread, also in the digital environment, of the upsurge of nationalism and protectionism across Europe. As shown by the approval of the GDPR, there are growing concerns among EU countries on the importance of controlling their own data and on the risks that may emerge from an excessive dependence on foreign technology. With the worldwide market for new digital technologies expected to reach €2.2 trillion by 2025, indicators highlight that the EU is lagging behind in the global race for new technologies, digital services and AI, with the geographical distribution of major high-tech platforms showing a significant concentration in the US and Asian (mainly Chinese) markets.

Control over personal data, and the profit deriving from it, have made the provision of cloud services the main issue of the debate on “digital sovereignty”. According to the German EU Council Presidency, “Europe must rely on the strength of its broad research base and foster its growing digital infrastructure and economy, while making sure the continent’s core democratic values also apply in the digital age”. Besides the concerns over cloud users’ ability to maintain control over strategic and sensitive personal and non-personal data, commercial practices and a lack of interoperability between cloud providers create risks of vendor lock-in, undermining user trust and cloud uptake. Indeed, in the current situation, the benefits of the cloud remain largely untapped by EU businesses and the public sector. In terms of money, the market for cloud storage has been in continuous expansion since 2015 and is forecasted to produce more than $50 billion in revenues by 2025. Therefore, EU policy-makers have begun developing digital autonomy strategies to counter the current trend whereby European businesses and public administrations are highly dependent on services imported from US or Chinese operators.

The first European response to this situation, led by Germany and France and their most important high-tech firms, involves the launch of “Gaia X”, a project to facilitate a secure pan-European data collection, data processing and data sharing mechanism. While the persisting gaps in European experiences and investments (R&D) have guaranteed that the US providers hold a better quality in services, speed, usability, as well as lower costs due to the global scale of their investments, the Gaia project does not focus on creating an European champion, but plans to create a new pan-European platform pooling together different cloud service providers. GAIA-X is not intended to compete against existing offers, but focuses on linking different elements through open interfaces and standards in order to create an innovative aggregation platform. The project, which involves 22 firms from both France and Germany, and officially registered as a non-profit organisation (“GAIA-X AISBL”, association internationale sans but lucratif) on 15 September 2020, aims to create an environment in which EU Cloud Solution Providers (CSPs), High Performance Computing (HPC), and specific clouds in edge computing systems, can share and store information under European data protection standards. The development of these services will follow the principles of the Security by Design, the Privacy by Design and will follow the two self-regulatory Codes of Conduct on data portability and cloud switching on ‘Infrastructure as a service’ and ‘Software as a service’ portability, to allow smaller companies and new market entrants to compete.

The platform will mainly operate in the areas concerning the creation of trust mechanisms that guarantee the identities of sources and recipients, access and usage rights, and an overall harmonisation of existing standards in order to allow for interoperability of infrastructures, applications and data. Furthermore, it will intervene in the provision of data through federal catalogues and in the establishment of compulsory EU-wide certification and standard schemes to support suppliers in offering safe and compatible services.
More than 300 firms have been involved up to now, including major US cloud providers, as non-European firms can also enter the scheme if they accept the standards in line with EU values. This is to promote a level playing field open to all who accept the common principles, without encountering market barriers or protectionist issues. As well, according to a Mlex research, the main German firms do not intend to interrupt their services from US providers but, instead, opt for a diversification of services in a multi-cloud perspective and for the strengthening of the inter-operability and inter-exchangeability features. The Commission also plans to integrate this platform with investments in the rest of the cloud infrastructure – from computing to software – to improve the European supply, considering it essential to guarantee sovereignty for the future, as well as to create a more dynamic market. Will the set budget be enough to catch up with the world’s top performers and reach these ambitious goals?