In the third quarter of 2020, European companies generated only 16% of the global cloud market revenue. Only 5% of European data is stored in the European Union. In the “Old Continent”, 73% of companies have not yet adopted cloud computing (compared to 60% in the US and Asia, according to IDC), making Europe the next Eldorado for “big tech”.
The pandemic has pushed this “cloud decade” to the point of making cloud services the backbone of digital transformation and our entire society. However, if we do not protect our sovereignty, most of this growth can benefit non-European players.
Likewise, as evidenced by GDPR-like legislation, European values of data protection, transparency and humanity do not always align with American and Asian principles. This is why it is essential for Europe’s large sovereign cloud providers to protect the values of our continent and help grow local players.
Despite, or perhaps because of, these differences, non-European stakeholders have not sought to protect their customers in Europe from the consequences of extraterritorial legislation (in practice, US cloud law allows the US government to access data stored by US companies even if it is stored outside the territory of the United States). Not content with this, these players did everything to derail Europe’s efforts to strengthen its tech companies, but also to slow the evolution of the European tech ecosystem towards independence.
Sovereignty by Scaleway
What is “sovereignty” according to Scaleway? Or rather what is not so?
As defined by Larousse, sovereignty means “absolute independence” and “authority unconstrained by any other state.” As we can see, this term is closely related to the concept of freedom. It is also traditionally associated with the concept of territory, such as the nation-state, a classic definition that does not apply to the digital world, free of borders but built on strong interdependencies on a global scale.
That is why we should not confuse digital sovereignty with “dominance”. This is not a dogmatic form of independence. We must also be careful not to equate sovereignty with protectionism or isolationism. Its purpose is to mitigate the negative effects of monopoly exercised by a minority of players in the cloud market. Sovereignty is not synonymous with exclusion, it is a tool aimed at rebalancing the balance of power, making Europe’s voice heard in international conversations, and protecting its universal values.
For us, achieving European sovereignty over the cloud is feasible as EU providers can meet the needs of 80% of the market.
At the European level, basing a cloud offering on transparency and trust is a paramount necessity.
In order to provide a more transparent and complete view of sovereignty, it is first important to clearly define what a “trust” is.
The foundation of the cloud offering on transparency and trust is of paramount importance at the European level, if we are to align the digital transformation of our economies and societies with the values of the European Union. It will also allow us, current and future cloud adopters, to make free and informed choices based on unbiased criteria.
To determine trust in the context of the cloud, it is necessary to analyze the entire range of cloud computing services by the provider, from real estate to software components, that make up the cloud, in order to ensure complete transparency in the applicable jurisdiction, depending on the conditions of storage, calculation and data processing. From this point of view, the “cloud at the center” doctrine introduced by the government in May, with the new “credible cloud” designation, raises key questions for France, but also for other countries. The concept of “trust” is of paramount importance for the SecNumCloud certification, introduced by the French government, which can only be awarded to cloud service providers working with the public sector. Unfortunately, this certification, associated with many extraterritorial legal checks, excludes many French sovereign players. We believe it is necessary to define “trusted cloud” more clearly with, perhaps, a new certification coming from the French cybersecurity agency, ANSSI.
Towards a ‘multi-cloud first’ policy
For the same reason that storing all your data on one server is unwise, relying on a few dominant providers can only lead to disaster. Addiction is the enemy of resilience. Therefore a multi-cloud approach is necessary.
However, for this approach to work, all vendors need to develop interoperable architectures, to enable data portability and lock-down terminations, that bind customers to suppliers through long-term contracts, which prevent them from moving their data elsewhere. The SWIPO Code of Conduct for Data Portability makes good recommendations. However, so far, the largest cloud service providers refuse to adhere to these principles.
Similar resistance exists to the European Union’s Digital Market Law (DMA), which aims to rebalance competition rules in the digital sphere. Some GAFAM companies even go so far as to demand a complete withdrawal of cloud computing services from DMA.
Finally, a new label soon to be proposed by GAIA-X, which is built around the European cloud, could give a boost to cloud adoption across Europe. However, this designation could promote non-EU players, rather than encourage the diversity of European ecosystems.
What do you do next? It is clear that without a strong legislative basis, the cloud industry in the European Union cannot increase its supremacy.
Industry independence, a driver of sovereignty
French and European legislation should stimulate the growth of EU players, and rebalance the still unequal access possibilities to public markets. In the USA and China, with their already well-established dominance, local players have made great strides towards capturing the general market, thus excluding European suppliers. The latter are also excluded by the data localization regulations imposed by these countries. This double bond is particularly unfair, especially since the opposite does not exist in Europe.
Therefore, it seems to us that the budgets of European and national countries should serve as an example and that:
- Prioritize the adoption of European (multiple) cloud service providers;
- Ensure public cloud acquisition options based on transparency, innovation, security, sovereignty and climate neutrality;
- He made the principle of “purchasing European technology” more of an instinct and incorporated it directly into law.
European cloud stakeholders are mostly small or medium enterprises. In the “David vs. Goliath” battle, they need the help of legislators to create a level playing field.
For all of these reasons, we believe independence from non-European technologies should become a top priority for our legislators across Europe. A legal act that limits unequal access to domestic public markets for non-European players would be a tangible way to rebalance competition, while giving positive opportunities to the European cloud.
Without these protections and assurances, anti-competitive actions by some of the big players will continue into the future, to the detriment of European companies and the technology sector. Here, in conclusion, is what makes sovereignty key to this new decade of the cloud.
Yan Lichel, CEO of Scaleway