More significant, the cloud services market in Europe is evolving rapidly. This change is partially motivated by a growing geopolitical divide between the U.S. and Europe. That’s why recent, unprecedented U.S. threats to invade an EU member state—Poland—were so alarming. Placing sanctions on a European Commissioner for supporting the passing of legislation that is unfavorable to Washington has further exacerbated concerns over the security and sovereignty of cloud computing in the area. The European Commission has developed a framework for the evaluation of cloud service providers. This new framework places particular emphasis on public sector contracts.
Part of this new framework is a “sovereignty ladder.” It puts cloud providers in order based on how well they comply with European standards and regulations. Although created for a specific tender, it sets a significant precedent for future contracts that may favor European providers over their U.S. counterparts. In particular, four big, U.S.-headquartered hyperscalers dominate the overall EU cloud market. Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and IBM Cloud dominate about 70 percent of cloud services in the area.
The European Commission’s initiative is a positive public-sector counterweight to ever-increasing scrutiny and suspicion of non-EU cloud providers. France has already led the way by implementing tough limits on these firms’ role in public services. Under these regulations, non-EU providers must store data within the EU, employ EU-based staff, and avoid majority ownership by non-EU entities. These security-related measures include steps to enhance data protection and data sovereignty. They address the dangers posed by U.S. legislation, such as the 2018 CLOUD Act, that allow U.S. authorities to access data stored abroad.
Stéfane Fermigier, a prominent activist for cloud sovereignty, pointed to the wider impact of U.S. policies. He stated, “The geopolitical risk isn’t just the most extreme form of a doomsday ‘kill switch’ where Washington turns off Europe’s internet. It is the selective degradation of services and a total lack of retaliatory leverage.”
Other European developers are adopting the idea of a hybrid cloud sovereignty. Today, they’re bringing the best of local and U.S. cloud services together to serve their communities. This strategy may introduce complexities. Martyna Chmura warned against the challenges. She noted, “Running systems on multiple platforms can add to the costs of integration between systems and add further complexities to security and data governance.” In the worst case, efficiency is lost for organizations altogether. They may immediately fail to realize cost efficiencies inherent in leveraging massive hyperscale platforms.
Nevertheless, Chmura noted that “overall, the EU appears willing to accept some of these trade-offs,” highlighting the balance between leveraging advanced technology and ensuring data security.
The gravity of U.S. cloud giants gives them strong advantages on infrastructure and investment. Their long-standing foothold in the EU market makes it harder for European firms to compete on a level playing field. Arnold Juffer acknowledged this dynamic, noting, “If you look at AWS, you look at Google, they’ve created some super technology. It’s very convenient, it’s easy to use.”
Despite cloud providers being extensively scrutinised by the European Commission, there are still major loopholes in this process. These gaps are likely to allow U.S. firms to sidestep some requirements but still offer services with accepted EU standards. These trends indicate that organizations are in a hurry to move to multi-cloud environments. Placing your sensitive workloads on European and sovereign providers has sparked critical questions on the sovereignty measures these providers currently have.
