The flags of the European Union fly in front of the European Parliament.
The European Union is contemplating new regulations designed to curb its member governments’ reliance on U.S. cloud providers for handling sensitive data, according to sources privy to the ongoing discussions.
The European Commission, the EU’s executive arm, is slated to unveil its comprehensive “Tech Sovereignty Package” on May 27. This initiative is expected to encompass a suite of measures aimed at strengthening the bloc’s strategic autonomy in critical digital domains.
As part of the preparatory work for this package, internal deliberations are underway within the Commission concerning the potential limitations on exposing sensitive public sector data to cloud platforms operated by entities outside the EU. This was communicated by two Commission officials who requested anonymity, citing their lack of authorization to discuss private deliberations.
Against a backdrop of escalating geopolitical tensions, particularly with the Trump administration, there has been a growing chorus within Europe advocating for a strategic diversification away from dominant U.S. cloud providers. These American companies currently hold a substantial share of the European market, and the sentiment is growing that for the continent’s most critical workloads, homegrown solutions should be prioritized.
“The fundamental objective is to delineate specific sectors that must be hosted on European cloud infrastructure,” a senior official explained. The official further indicated that companies offering cloud solutions from third countries, including the United States, could see their market access impacted.
While the proposed rules are unlikely to impose a blanket prohibition on overseas companies’ cloud platforms for all government contracts, they are expected to restrict their use for processing highly sensitive data within public sector organizations. The exact scope of these restrictions will likely be contingent on the assessed level of data sensitivity. The officials stressed that these discussions are still fluid and have not yet reached a final consensus.
“U.S. cloud providers might encounter limitations in specific sensitive and strategic sectors” within the public bodies of EU member states as a direct consequence of these proposed regulations, one official commented.
The officials further disclosed to CNBC that deliberations are encompassing a proposal to mandate that financial, judicial, and health data processed by governmental and public sector entities must utilize sovereign cloud infrastructure with robust security assurances.
Crucially, these discussions are not extending to the private sector. According to one official, the “Tech Sovereignty Package” will not introduce regulations governing the cloud platform usage of private companies.
Once formally presented by the Commission, the proposed package will require endorsement from all 27 member states. The “Tech Sovereignty Package” is anticipated to include key legislative components such as the Cloud and AI Development Act (CADA) and the Chips Act 2.0, both designed to foster the development and adoption of sovereign, domestically-sourced solutions and products in these burgeoning technological fields.
When reached for comment, a spokesperson for the Commission stated that the package’s overarching aim is “about Europe waking up and getting its act together.”
The spokesperson elaborated that the initiative seeks to “improve opportunities for sovereign cloud offerings, including through public procurement, and support the entry into the market of a more diverse set of cloud and AI service providers.”
Growing Calls for Diversification
Currently, public sector organizations across EU member states have the latitude to employ cloud platforms provided by non-EU companies – predominantly U.S.-based due to their market dominance – for processing highly sensitive data, including critical financial and health information, provided they adhere to existing regulatory frameworks.
However, the scrutiny surrounding this established reliance has intensified significantly amid recent strains in transatlantic relations. A key point of concern is the U.S. Cloud Act of 2018, which empowers U.S. law enforcement agencies to request user data from American companies, irrespective of where that data is physically stored. This extraterritorial reach has raised significant privacy and sovereignty concerns within the EU.
European governments conveyed to CNBC in February their active exploration of homegrown and open-source alternatives to established U.S. technology platforms, concurrently increasing their budgetary allocations towards bolstering digital sovereignty initiatives.
France, for instance, announced the rollout of Visio in January – a government-developed video conferencing tool. The country has projected that this homegrown solution will be available to all state services by 2027, serving as a direct replacement for prevalent U.S. tools like Microsoft Teams and Zoom.
In the same month, the EU acknowledged confronting a “significant problem of dependence on non-EU countries in the digital sphere… potentially creating vulnerabilities, including in critical sectors.” This candid admission underscored the strategic imperative for greater digital self-reliance.
In a concrete step towards fostering European cloud capabilities, the Commission awarded a substantial 180 million euro tender in April to four distinct European sovereign cloud projects. These initiatives are intended to supply cloud services to EU institutions and agencies, with one notable project involving a strategic partnership between the French aerospace giant Thales and Google Cloud.
Original article, Author: Tobias. If you wish to reprint this article, please indicate the source:https://aicnbc.com/21486.html
