Microsoft has revealed it has been holding talks with the German economy ministry over whether the company could be contracted as a supplier for Gaia-X, the ambitious European cloud network infrastructure initiative.
The Gaia-X project has been hailed by senior politicians across Europe as an opportunity for the continent to claim a sense of their technological sovereignty, amid a European marketplace for cloud technology dominated by US and Chinese firms.
The public cloud market is currently made up for the most part by five firms: Amazon Web Services who run 47.8% of the global market, followed by Microsoft at 15.5%, Alibaba with 7.7%, and Google and IBM with 4% and 1.8% respectively.
Microsoft initially reacted with apprehension in response to Europe’s plans to build up its own cloud service. However, the company is now starting to stake its claim for central participation in the project.
A Microsoft spokesperson recently told EURACTIV that “in the cloud age, however, we think it is wrong to define sovereignty along territorial borders,” adding that the company is “convinced” that it can offer the “appropriate technological architecture” to ensure Europe’s coming cloud infrastructure is protected from unauthorised access from malicious actors.
“We are currently in discussions about our participation with the ministry of economy in Berlin,” the spokesperson added.
At the time of publishing this article, the German ministry has not responded to EURACTIV’s request for comment.
EU Cloud dominated by US
German Economy Minister Peter Altmaier has sought to establish himself as the driving force behind the Gaia-X project and has rallied its potential benefits for helping to establish the European market for cloud infrastructure, and, by extension, contributing towards greater European autonomy from reliance on technologies coming from abroad.
The initiative is also being backed by the European Commission and France, as well as close to 100 companies.
In July 2019, Altmaeir said “Germany has a claim to digital sovereignty. That’s why it’s important to us that cloud solutions are not just created in the U.S.”
Following these remarks, the Frankfurter Allgemeine Zeitung leaked an internal government paper in August last year that revealed Altmaier’s plans, with the German economy minister conceding that “cloud industry is currently largely dominated by US corporations.”
Moreover, at the EU level, Commission President Ursula von der Leyen recently spoke about the importance of technological sovereignty for the bloc – noting in a recent op-ed that the concept refers to the capability that Europe has to “make its own choices, based on its own values, respecting its own rules, in the digital arena.”
However, the recent disclosure that Microsoft is jockeying to be part of Europe’s cloud infrastructure plans could pour cold water over the notion of the bloc being able to achieve its own sense of sovereignty and dependence from US firms in the field of digital affairs.
US Cloud Act
Moreover, there have been those who believe the US Cloud Act, when imposed on US companies with data centres in the EU, could impact the protection of EU personal data. may compromise the protection of EU personal data.
Last year, following a question from the European Parliament’s Committee on Civil liberties, the European data protection board released an analysis of the potential impacts of the US Cloud Act on GDPR, in which they highlighted potential points of conflict between the two legislations.
Controversy with regards to the American framework revolves around the fact that the Cloud Act gives US law enforcement agencies the legal right to force the release of customer data outside the US, resulting in an “extraterritorial reach of powers”, according to the European Data Protection Board.
“Service providers controlling personal data whose processing is subject to the GDPR or other EU or member states’ law will be susceptible to facing a conflict of laws between US law and the GDPR and other applicable EU or national law of the member states,” the EDPB opinion stated.
Effectively, the EDPB opinion is that the Cloud Act is not legally watertight in bypassing GDPR to justify personal data transfers to the US.
Elsewhere, US firms have found themselves at the centre of a storm with regards to the supply of public cloud services. The US Joint Enterprise Defence Infrastructure project, or JEDI as it is known, aims to create a single cloud network for the US military. The contract for the service is worth around $10 billion.
However, a US judge has put a hold on the plans, following an appeal by Amazon, who had originally been slated to take part in the initiative but were eventually sidelined in favour of Microsoft. Amazon argue this could be down to President Donald Trump’s feud with Amazon CEO Jeff Bezos.
Until the lawsuit is resolved, no further developments to the JEDI project will take place.
Back in Europe, the Gaia-X project is due to start this spring, with a view to making the system live before the end of 2020.
[Edited by Zoran Radosavljevic]