The EU is putting together a consortium to build a new, non-US, based cloud platform. It’s called Gaia-X.
Will Bedingfield, Wired »
The project is a collaboration between the European Commission, Germany, France, and according to an email from a spokesperson for Germany’s Federal Ministry for Economic Affairs and Energy “some 100 companies and organisations”. (Firms confirmed include SAP SE, Deutsche Telekom AG, Deutsche Bank AG, Siemens and Bosch.) The first proofs of concept for the European cloud are set to be ready towards the end of this year.
The driving motivation behind the project is “data sovereignty”, or, more accurately “data governance” – an ambition to bring the flow and storage and data under greater European control. “Data sovereignty is the key to GAIA-X,” says Harald Summa, the CEO of DE-CIX Group AG, a group involved in the project. “Especially given that our society is relying more and more heavily on digital services, it is in the interest of a state or a region to enable a certain level of independence from external service providers.”
The project is a direct response to the dominance of American and Chinese service providers. The European Commission has already locked horns with Google, fining the company €4.34 billion for antitrust violations back in 2018. The US Cloud Act requires American firms to provide law enforcement with customers’ personal data on request, even when the servers containing the information are abroad.
That American law enforcement have access to personal data Google, Apple, Amazon, Microsoft, and others, have stored offshore, is no different from what the US Administration is up in arms with Huawei’s 5G equipment being installed in allied countries. It may be a fact that the Chinese government has effective control over Huawei’s 5G worldwide network, but this is no different from what is happening in the US.
Google locked out Huawei’s customers from the Google Play Store, for example, when a new government directive was issued.
Another example, two years ago Apple ceased developing their promised end-to-end encryption project of iCloud when the FBI complained it would hinder their investigations. Apple has since cooperated with law enforcement’s requests and turned over personal information users believed was encrypted and not accessible to anyone.
Industry players in Europe want to avoid ending up in arrangements which make it difficult for them to process the data they produce themselves and to extract value from it. Looking further along the path, such arrangements could also impact on data that is needed to train artificial intelligence in designing models for predictive maintenance, predictive analytics, and so on.
To counteract these concerns, Europe has now taken the first steps to establishing a sovereign digital ecosystem for European industry and users. GAIA-X is an ambitious and timely project which will create an efficient, secure, distributed, and sovereign European data infrastructure in dialogue between state, industry, and research. In October 2019, Germany and France announced that the project will start in 2020. With concerns about Europe losing data sovereignty and self-determination in the areas of digital development, digital services, and so on, the European Commission and several EU member states see the need to support European industry by creating a federated data infrastructure as the cradle of a vibrant European ecosystem.
The US, and particularly this latest administration, has shown little respect for the laws of other nations when it doesn’t match their own.
And last year German Chancellor Angela Merkel spoke of Gaia-X to help the EU avoid becoming over-reliant on US based cloud providers.
The aim of GAIA-X is therefore to provide services with “European DNA,” guided by seven key principles:
- European data protection
- Openness and transparency
- Authenticity and trust
- Digital sovereignty and self-determination
- Free market access and European value creation
- Modularity and interoperability
GAIA-X is designed to comply with the General Data Protection Regulation (GDPR) principles. It supports decentralized processing (Edge, Fog, Cloud) and has clear and user-friendly data management rules. By providing a choice of services and full support for multi-cloud strategies, it reduces the risk of vendor lock-in. By adopting multi-stakeholder-governance for trustworthy and certified services, both providers and users can rely on the promised standards being upheld.
While I applaud the European Union for this initiative, Amazon.com Inc. and Microsoft Corp. criticized the initiative, and tech analyst Benedict Evans thinks the project is “laughable“.