Gaia-X: European sovereign cloud guidelines unveiled
On 4 June 2020, the French Minister of the Economy Bruno Le Maire and his German counterpart Peter Altmaier officially launched the European cloud, Gaia-X (1). Amid the domination of the American and Chinese giants, this joint project between France and Germany aims to assert Europe’s digital sovereignty (2).
For European leaders, the aim is to eliminate users’ dependence on American and Chinese hosting providers, in a context where the CLOUD Act, a U.S. federal law, makes it possible to require U.S. service providers to disclose data on any person of U.S. nationality involved in legal proceedings, regardless of whether such data is stored on servers located within the United States or in foreign countries (3).
After the failure to create a French sovereign cloud, the European digital sovereignty project is now attracting attention.
The failure of a French sovereign cloud
On 31 January 2020, Orange closed Cloudwatt, which became a symbol of the failure to create a hosting service for sensitive data in France.
Launched in 2009, the project for a French sovereign cloud — called at the time “Andromède,” [Andromeda] —was designed to lead to the construction of a large data hosting centre supported by a €150 million state-funded budget.
However, in the absence of an agreement between operators and contrary to the initial plan to finance a single project, not one but two competing projects were eventually financed and €75 million were allocated to each: Cloudwatt and Numergy.
Cloudwatt (created in 2012 by Orange and Thalès) and Numergy (supported by SFR) were both to offer government bodies and businesses a national secure data hosting offer. Unfortunately, the project of the French sovereign did not succeed.
Several factors contributed to this failure. First, the needs were very different between the two organisations. Second, the certification of applications generated very significant costs, slowing down the development of these two entities. In the absence of a French offer, users turned to GAFAM.
This is why the French-German data infrastructure project is eagerly awaited.
Announced in 2019 at the Digital Summit, the European project has three main objectives:
- giving concrete form to the technical and economic design of infrastructures;
- creating a common ecosystem bringing together users and providers from government bodies, public health organisations, businesses and scientific institutions;
- creating an enabling environment and support structures.
The creation of a European sovereign cloud
Borrowing its name from the Greek goddess of the Earth, Gaia-X is destined to become a multi-service, multi-provider data storage platform.
Designed as an improved search engine, Gaia-X presents itself as a “meta cloud”. It sets a common technical framework for all members of the Foundation (the legal structure that manages the project) and allows any user according to his or her “cloud strategy” to select the most suitable configuration. This platform will eventually offer a catalogue of digital services supported by hosting providers and software publishers, who previously committed to standards aimed at strengthening user confidence (1).
The European project is not intended to compete directly with the American, Chinese or Indian giants. It focuses on bringing together existing European players around common standards and attributes.
Gaia-X will operate around three principles:
- Interoperability: this is about the reversibility of data. Users will be able to retrieve their data hosted by one provider and transfer it to another provider using easily configurable APIs;
- Transparency: companies will be required to disclose where data is stored and where data centres are located;
- Trust: each member of the Foundation will have to have all or part of the services offered certified.
Only offers that meet the project’s security, integrity and data protection standards will be available on the platform.
Gaia-X vs. CLOUD Act
European companies are dependent on foreign operators as the cloud market is currently dominated by three American (Amazon, Google, Microsoft) and one China (Alibaba) firms. Moreover, the adoption of the U.S. CLOUD Act (“Clarifying Lawful Overseas Use of Data Act”) made the European Union fear digital interference.
Yet there are already many European players on the cloud market. For example, Outscale, a subsidiary of Dassault Systèmes since 2017, opened a data centre dedicated to the public sector in 2018.
To date, 22 German and French companies have agreed to take part in the Gaia-X project. Among them are Dassault Systèmes, Orange, Siemens, SAP, Atos, Scaleway and Robert Bosch.
By bringing together major French and German Cloud players, Gaia-X will give greater visibility to European offers. The European Cloud ecosystem will offer European companies a trustworthy alternative to the market’s dominant operators.
Gaia-X keeps its doors open to non-European interested parties provided that they met the highest standards of confidentiality. These include Microsoft and its cloud offering, Azure Stack.
Gaia-X’s first services are eagerly awaited and expected to be available by 2021.
More than the adoption of a “European CLOUD Act” (4), Gaia-X is the technical, commercial and legal response to the American CLOUD Act. The Monnet-Schuman method of “small steps” based on the implementation of concrete projects should once again prove its worth in the construction of European digital sovereignty.
(1) Joint press release, « Sous l’impulsion de l’Allemagne et la France, l’Europe fait un premier pas vers une infrastructure de données », and “Germany and France take the lead as Europe makes first step towards building a European data infrastructure”, 4 June 2020.
(2) A Franco-German Manifesto for a European industrial policy fit for the 21st Century, 19 February 2019.
(3) US Cloud Act – Extract from Consolidated Appropriations Act 2018 / H.R.4943 – CLOUD Act, 115th Congress (2017-2018).
(4) « Vers l’adoption prochaine d’un Cloud act européen ? », Eric Le Quellenec, 17 January 2019.
Article provided by: Eric Le Quellenec (Lexing, France)
Discover more about INPLP, the INPLP-Members and the GDPR-FINE database
Dr. Tobias Höllwarth (Managing Director INPLP)