Why is a European cloud infrastructure important?
Europe has a different view on reliability and privacy, with regard to handling (business) data when using cloud services, than the cloud service providers present in the international field.
One example is the European court’s invalidation of the Privacy Shield agreement between Europe and the United States (US) in July 2020. This agreement regulated the conditions when moving and storing user data between Europe and the US since 2016. According to the European court, the agreement did not sufficiently protect the data of European citizens. The main objection to the agreement was that there is no transparency on what data is stored where, as there should be in Europe under the General Data Protection Regulation (GDPR). Because openly voicing objections to the influence of US politics is a touchy matter, it has come to be called ‘data sovereignty’ within Europe. This is best translated with: knowing where your (company) data is, knowing where your data is processed, knowing who all has copies of your data and who all has access to your data.
Besides a different view on reliability and privacy, Europe currently also lacks cloud service providers large enough to compete with the big international players from America and China, for example. The lack of European alternatives creates an increasing dependence on service providers from other continents. By setting up a federated European cloud infrastructure, we can still offer a European alternative without setting up a European hyperscaler. By jointly developing standards and thus connecting services, relatively small players in the cloud market will be able to compete fully with the tech giants from America and China.
The GAIA-X initiative launched by Germany and France is one of the initiatives within the European Cloud Federation to establish a European cloud infrastructure. As mentioned, the aim is not to set up a European hyperscaler, but to develop standards to improve the European cloud service offering. In doing so, compliance with European privacy legislation is a very important part and by developing some kind of seal of approval, companies can be sure that their business data is safe. Through TNO, the CiC is a member of GAIA-X and so we can follow all developments and make our contributions.
NDIX is very curious to see how the cooperation on GAIA-X between the participating European member states will develop. Officially, GAIA-X falls under the ‘European Cloud Federation’, but it was only recently officially registered as a ‘non-profit EU entity’ in Brussels. Germany and France have been working on GAIA-X for more than a year, though. However, this was done mainly independently of each other and now that they have to work together, this cooperation is proving very difficult. For instance, they already cannot agree on the working language within the “cooperating” working groups. France is using a chauvinistic approach to try to force the use of technical standards developed by French companies, but fortunately Germany has a more open and federative approach. The CiC and NDIX are keeping a close eye on these developments!
As a connectivity provider, why is NDIX participating in a Cloud Infrastructure Coalition?
There is a relatively simple answer to that question. NDIX believes that ‘data sovereignty’ involves more than just transparency about where your company data is processed and transparency about the physical storage location(s) of your company data.
Namely, the transport of data between your company’s IT environment and the cloud locations should also be secure and reliable. No one should be able to intercept the transport and the route through a connectivity network should be transparent and thus known. By using the public internet, which to date is the most widely used transport medium, you can be sure of one thing: you do not know in advance which route your data will take through the digital world of networks. This is simply how the internet works. Data flows and routes within and between internetworks cannot be determined by users (network operators can!). You can encrypt data with the most secure encryption techniques such as the latest VPN versions, but you still don’t know who all is accessing that encrypted data along the way. In addition, you also don’t know if someone has managed to get the key to your data and thus come into possession of your company data.
NDIX, as an active member of the CiC, wants to ensure that secure and reliable connectivity gets the necessary attention within the Dutch coalitions and European initiatives and that the right standards are aligned.