European cloud services providers share their views on planned protection measures.
European cloud companies have called on the European Union to strengthen its legislative plans for cloud resilience and sovereignty, as they are concerned that it could enable US hyperscalers to indulge in “sovereignty-washing” — giving their services a false appearance of European sovereignty.
The chair of the industry association Cloud Infrastructure Services Providers in Europe and 24 CEOs of cloud service providers have sent an open letter to Henna Virkkunen, the European Commission’s executive vice president for tech sovereignty, security, and democracy, highlighting five areas they see as critical if a proposed law, the EU Cloud and AI Development Act (CAIDA) is to advance European industrial competitiveness.
While the proposed text of CAIDA has not been finalized, the European Parliament and the European Commission have called on companies and other interested organizations to contribute to the debate. The aims of the act will be to limit the dominance of US cloud providers in the European market, and to seek ways to expand data center capacity in Europe.
CISPE and its co-signatories have made their thoughts public in their open letter, setting out what they expected to see in the forthcoming Cloud and AI Development Act.
Among their proposals are the need to define sovereignty by European involvement and not mere presence: having a foothold in Europe would not be enough if it meant operational control remained elsewhere. They also want companies to ensure that data is protected from any interference from foreign governments and other third parties.
They also call for European public sector procurement to consider European cloud providers and to recognize the importance of open-source software.
Finally, they say, there should be taxpayer-funded investments in cloud and AI infrastructure and support for the European development of key components such as memory and chips and the incorporation of strict environmental sustainability requirements.
“It’s important to realize that the proposal is not just about the technical aspects but the non-technical ones as well — factors like territorial laws,” said Axel Laniez, head of public affairs at Clever Cloud, one of the letter’s signatories,
It’s a bold initiative but other European companies are already expressing concern that over-zealous application of sovereignty rules could have negative effects on European businesses as they struggle to replace existing suppliers.
The move is in line with CISPE’s efforts to strengthen the European cloud market: Last year CISPE won concessions from Microsoft in its drive to help European providers, and the organization is very keen to provide more opportunities for European businesses.
Barriers
However, there are real barriers to overcome. “US hyperscalers account for roughly two-thirds of the EU cloud market. The gap is both economic and a real dependency risk” said Zbyněk Sopuch, CTO of Czech security company Safetica.
“I don’t think the most protectionist version of this legislation will pass. Any measure that significantly restricts market access would require broad alignment across EU member states on how far digital sovereignty should go — and that alignment is not there,” he added.
When it comes to public procurement, organizations have been reluctant to leave systems built around existing US suppliers.
“That may have been an issue in the past,” said Laniez. “But there are now real options from Europe and we’re already seeing public organizations thinking of switching.”
The call for public investment in AI could represent a real opportunity, too. “US companies are ahead at the moment,” said Laniez. “However, we have higher ethical standards in Europe and we also offer greater privacy, thanks to factors such as GDPR.”
There are continuing debates about the future of the Act and what it will be like when it is finally passed. Sopuch thinks that there will be some form of compromise. “The more probable outcome is a framework that indirectly favors European providers through incentives, procurement preferences, and sovereignty requirements, rather than explicitly excluding US companies.”
Whatever the final decision, there will be some genuine European options in future but it will difficult to replace the entrenched hyperscalers.
