View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
April 8, 2021updated 06 Jul 2022 3:41am

Can GAIA-X solve Europe’s data sovereignty problem?

The new standards system could boost the EU's position in cloud computing but more action will be needed to regain control of the continent's data.

By Matthew Gooding

A new ecosystem for the next generation of cloud computing is being developed in Europe. Politicians hope the framework, GAIA-X, will provide the foundations for a European cloud that can help the continent regain some of the data sovereignty it has lost to the US and China in recent years. What role the post-Brexit UK will play in this system remains to be seen.

A set of rules and open architecture for cloud providers, GAIA-X has so far received a warm welcome from politicians and businesses. European Commission President Ursula von der Leyen has put digital at the centre of her plans for the European Union. In her state of the union address in September, she declared the next ten years to be Europe’s ‘digital decade’. “Europe must now lead the way on digital – or it will have to follow the way of others, who are setting these standards for us,” she said, announcing that part of the EU’s $750bn NextGenerationEU Covid-19 recovery fund will go towards GAIA-X.

What is GAIA-X?

European data is largely stored on servers owned by US and Chinese companies. The new GAIA-X cloud standards could help change this. (Photo by Mixmagic/Shutterstock)

The GAIA-X Association was founded in 2019 with the backing of the French and German governments and 22 member businesses. Last week, 212 new companies signed up to the scheme, including many of the biggest names in computing and telecoms. “We are pleased to welcome a significant number of companies which will now participate in the implementation of common standards to ensure that data is hosted, used and transferred transparently and with full confidence,” said Hubert Tardieu, chairman of the GAIA-X board.

What is GAIA-X?

The GAIA-X Association is led by CEO Francesco Bonfiglio, who joined the non-profit earlier this year after a 30-year career in IT. The project is “unprecedented in scale”, Bonfiglio says, due to the sheer numbers of stakeholders involved.

“We are building the next generation of a safe and secure data infrastructure,” he says. “The new generation of cloud has to have a new model – it has to be decentralised and federated.”

This new approach is required, Bonfiglio believes, because while the enterprise cloud spending continues to grow, the majority of businesses still use legacy systems based on-premise. “We still don’t have a sufficient level of cloud adoption in Europe,” he says. Indeed, levels of cloud adoption vary across the continent, with an average of 36% of workloads being run in the cloud in 2020, up from 24% in 2018.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Bonfiglio believes this low level of adoption is in part because business requirements can not be met by a small number of public cloud providers. Instead, he argues, hybrid solutions are required. “The hyperscalers simply cannot keep growing in terms of power and capacity,” he says. “Data needs to be consumed and moved around in a faster, more flexible, reliable way.”

GAIA-X aims to provide a common set of standards and rules for data storage and transfer that all participating cloud services will need to abide by. This will help build trust in the cloud, Bonfiglio says. “In the cloud adoption world there is no framework or contract to ensure that a cloud user is safe in adopting a cloud technology,” he explains. “We are building this common set of rules encompassing data security, interoperability, transparency trust and sovereignty.”

Alongside this, GAIA-X also specifies a standard technical architecture, which will be made available with an open-source license so that organisations developing new cloud platforms can ensure they are compatible with other systems.

Cloud providers from anywhere in the world can be part of GAIA-X as long as they follow the rules and offer a compatible architecture, Bonfiglio says, and the world’s biggest public cloud operators, including market leaders AWS and Microsoft Azure, have all signed up.

Will GAIA-X protect Europe’s data sovereignty?

It is no surprise that GAIA-X has piqued the interest of the hyperscalers, as it could offer an answer to one of cloud computing’s longstanding problems. “As long as I’ve been covering cloud the biggest question for organisations has always been ‘what’s happening with my data?’,” says Carla Arend, lead cloud analyst for the EMEA region at IDC. “Companies worry about if it is secure and whether it will be compliant for regulations – that’s always been one of the biggest reasons for not using cloud.”

Arend believes GAIA-X standards could be adopted across Europe and beyond, in a similar way that GDPR has become the “gold standard” for data protection globally. “I think if they come up with some good use cases it could become the global standard for how to use data in an ethical way that is mutually beneficial for both the data holder and the cloud provider,” she says. “It’s a great concept and I’ve been pleasantly surprised by how much support they’ve received from companies.”

But GAIA-X alone will not solve Europe’s data sovereignty problem, Arend says, with the cloud market still dominated by providers based in the US and China. Figures from Synergy Research Group show that the European cloud market was worth €5.9bn in 2020, more than three times its size in 2017. But in the same period, European cloud providers saw their market share shrink from 26% to less than 16%, with the three biggest US cloud companies – AWS, Microsoft Azure and Google Cloud – occupying 66% of the market last year.

“On a strategic level, it is a risk that European data resides in infrastructure that is not owned by European organisations,” Arend explains. “How are we to control our digital destiny if we don’t own the IT infrastructures that hold our data? What happens in a theoretical geopolitical event when access to these services is denied by a foreign government?”

If the European cloud providers pooled their resources they could compete with the hyperscalers.
Carla Arend, IDC

The current dominance of the cloud market by a handful of suppliers looks unassailable, but GAIA-X could enable a federation of smaller providers to take on the might of AWS and Microsoft. “If the European cloud providers pooled their resources they could compete with the hyperscalers and provide a European-owned cloud infrastructure that covers the whole continent,” Arend says. But, she adds, “there are some issues around that, not on a technological level but on a business level in terms of who owns the data and who guarantees the level of service, so there are a lot of organisational challenges to make that happen.”

She says that one short-term solution would be for GAIA-X to provide a catalogue of cloud services for European companies. “That way customers wanting to run a particular workload, or have their data reside in a particular country, would be able to see all their options, and there would be greater transparency,” she says.

What role will the UK play in GAIA-X?

GAIA-X could be key for the EU as it seeks to re-establish its tech credentials on the world stage. “Europe was a technology leader in the 20th century, but it hasn’t maintained that status in the 21st century,” says Abishur Prakash, geopolitical futurist at the Centre for Innovating the Future, a Toronto-based consultancy. “Where they were previously at the forefront of advancements in things like telecommunications, they’ve focused on very stringent regulation in emerging technologies such as gene editing, which has really clamped down on innovation.” Prakash says the EU risks being side-lined by the US and China, as well as the growth of emerging markets such as India. “The EU has realised it needs to take action otherwise it risks being irrelevant in these new fields,” he adds.

Meanwhile, the UK’s status as a global tech hub remains undimmed, despite the disruption caused by Brexit, Prakash believes. “The British government is investing strategically and creating leadership in very important fields,” he says. “If you look at the recent defence blueprint, it’s cutting the number of troops and doubling down on AI and robotics. These are the capabilities any country is going to need to build its global power.”

But although the UK is seeking to establish its own standards in many areas, when it comes to data, Arend says it is likely to have to follow Europe’s lead if GAIA-X is widely adopted. “The European Commission sees itself as good at defining standards that can potentially be adopted globally, like GDPR,” she says. “That’s what they’re trying to do here, establish rules and standards based on what good looks like from a European perspective.”

GAIA-X hubs are being planned for each country participating in the project, and Bonfiglio says one is likely to be set up in the UK. “Our strategy is to be absolutely inclusive,” he says. “We are talking to the EU 27, we are talking to the UK, we are talking to Japan, because the need [for GAIA-X] is broadly recognised and we think we’re doing the right thing at the right time.”

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.