Gaia-X: a sovereign, interoperable European cloud network

France and Germany have unveiled the Gaia-X project, which aims to harmonize cloud services in Europe to facilitate data sharing between different parties. It also seeks to reduce companies’ dependence on cloud service providers, which are largely American. For Europe, this project is therefore an opportunity to regain sovereignty over its data.

 

When a company chooses a cloud service provider, it’s a little bit like when you accept terms of service or sale: you never really know how you’ll be able to change your service or how much it will cost.” Anne-Sophie Taillandier uses this analogy to illustrate the challenges companies currently face in relying on cloud service providers. As director of IMT’s TeraLab platform specializing in data analysis and AI, she is contributing to the European Gaia-X project, which aims to introduce transparency and interoperability in cloud services in Europe.

Initiated by German Economy Minister Peter Altmaier, Gaia-X currently brings together ten German founding members and ten French founding members, including cloud service providers and major users of these services, of all sizes and from all industries. Along with these companies, a handful of academic players specialized in research in digital science and technology – including IMT – are also taking part in the project. This public-private consortium is seeking to develop two types of standards to harmonize European cloud services.

First of all, it aims to introduce technical standards to harmonize practices among various players. This is an important condition to facilitate data and software portability. Each company must be able to decide to switch service providers if it so wishes, without having to modify its databases to make them compatible with a new service. The standardization of the technical framework for every cloud service is a key driver to facilitate the movement of data between European parties.

Environmental issues illustrate the significance of this technical problem. “In order to measure the environmental impact of a company’s operations, its data must be combined with that of its providers, and possibly, its customers,” explains Anne-Sophie Taillandier, who, for a number of years, has been leading research at TeraLab into the issues of data transparency and portability. “If each party’s data is hosted on a different service, with its own storage and processing architecture, they will first have to go through a lengthy process in order to harmonize the data spaces.”  This step is currently a barrier for organizations that lack either financial resources or skills, such as small companies and public organizations.

Also read on I’MTech: Data sharing: an important issue for the agricultural sector

In addition to technical standards, the members of the Gaia-X partnership are also seeking to develop a regulatory and ethical framework for cloud service stakeholders in Europe. The goal is to bring clarity to contractual relationships between service providers and customers. “SMEs don’t have the same legal and technical teams as large companies,” says Anne-Sophie Taillandier. “When they enter into an agreement with a cloud service provider, they don’t have the resources to evaluate all the subtleties of the contract.”

The consortium has already begun to work on these ethical rules.  For example, there must not be any hidden costs when a company wishes to remove its data from a service provider and switch to another provider. Ultimately, this part of the project should give companies the power to choose their cloud service providers in a transparent way. An approach that recalls the GDPR, which gives citizens the ability to choose their digital services with greater transparency and to ensure the portability of their personal data when necessary.

Restoring European digital sovereignty

It is no coincidence that the concepts guiding the Gaia-X project evoke those of the GDPR. Gaia-X is rooted in a general European Union trend for data sovereignty.  The initiative is also an integral part of the long-term EU strategy to create a sovereign space for industrial and personal data, protected by technical and legal mechanisms, which are also sovereign.

The Cloud Act adopted by the United States in 2018 gave rise to concerns among European  stakeholders. This federal law gives local and national law enforcement authorities the power to request access to data stored by American companies, should this data be necessary to a criminal investigation, including when these companies’ servers are located outside the United States. Yet, the cloud services market is dominated by American players. Together, Amazon, Microsoft and Google have over half the market share for this industry. For European companies, the Cloud Act poses a risk to the sovereignty of their data.

Even so, the project does not aim to create a new European cloud services leader, but rather to encourage the development of existing players, through its regulations and standards, while harmonizing the practices already in place among the various players. The goal is not to prevent American players or those in other countries — Chinese giant Alibaba’s cloud service is increasingly gaining ground ­— from tapping into the European market. “Our goal is to issue standards that respect European values, and then tell anyone who wishes to enter the European market that they may, as long as they play by the rules.”

For now, Gaia-X has adopted an associative structure. In the months ahead, the consortium should be opening up to incorporate other European companies who want to take part. “The project was originally a Franco-German initiative,” says Anne-Sophie Taillandier, “but it is meant to open up to include other European players who wish to contribute.” In line with European efforts over recent years to develop digital technology with a focus on cybersecurity and artificial intelligence, Gaia-X and its vision for a European cloud will rely on joint creation.

 

Benjamin Vignard for I’MTech

Leave a Reply

Your email address will not be published.