By Yann Lechelle, CEO, Scaleway
Of the myriad ways the global health crisis has changed our lives since early 2020, the increasing reliance on cloud services is one of the most obvious. With IDC asserting that the global cloud market’s value will grow from $53bn in 2020, to $560bn in 2030 (which would make it as big as the telecoms sector today), it’s no wonder that Gartner has called the current boom in the adoption of cloud technologies “the new normal.”
European companies generated just 16% of global cloud market revenues in Q3 2020. Furthermore, only 5% of European data is actually stored in the EU. Unsurprisingly, the ‘old continent’, where 73% of companies have yet to shift to cloud computing (versus 60% in the US and Asia, according to IDC), is seen as the next cloud Eldorado for big tech.
The pandemic has boosted this ‘cloud decade’ to the point where cloud services are now the veritable backbone of our society and its digital transformation. However, without the right sovereignty safeguards, the majority of this growth could end up benefiting non-European players.
Also, as legislation like GDPR demonstrates, European values of data protection, transparency and humanism aren’t always compatible with Asian and American principles. Hence the resounding need for strong sovereign European cloud providers, to protect the continent’s values, and to favour the growth of local players.
Despite — or perhaps because of — these differences, not only have non-EU players not sought to protect their European clients from the impact of extraterritorial legislation (concretely, the US Cloud Act means the American government can access data stored by US companies, even if it is stored outside the US); furthermore, they have tried to stall Europe’s attempts to strengthen the continent’s tech companies, and to slow the development of an independent European tech ecosystem.
Sovereignty according to Scaleway
But what do we mean by “sovereign”? Or rather, what don’t we mean?
Defined by the Cambridge Dictionary as “having the highest power or being completely independent”, sovereignty is clearly indissociable from the notion of freedom. This concept has traditionally been associated with notions of territory (typically, a nation State). Of course, this classical definition doesn’t apply in the digital world, which has no borders, and strong, global interdependencies.
Therefore, our understanding of digital sovereignty shouldn’t be confused with what we could call “sovereignism”, or a dogmatic form of independence. It’s also not to be equated with protectionism, or isolationism; rather, an attempt to mitigate the negative effects of the hyper-domination of the cloud market by a handful of players. Finally, it’s not about exclusion, but instead redressing the balance of power, so that Europe can be part of a global conversation, and protect its own universal values.
For us, European cloud sovereignty is all the more achievable now that EU providers can cover 80% of the market’s needs.
Building transparency and trust around cloud offers is highly needed at European level
A better definition of “trust” is required to provide a transparent and complete vision about sovereignty.
Building transparency and trust around cloud offers is highly needed at European level, if we want the digital transformation of our economies and societies to be in line with our core EU values. It is also key if we want to maximize the freedom of choice of today and tomorrow’s cloud adopters, based on well-documented, unbiaised criteria.
Defining trust in the cloud requires us to scrutinise the whole stack of cloud computing services for a given provider, from the real-estate all the way up to the software components that make up the cloud, to provide full transparency on the applicable jurisdiction according to data storage, computing and processing conditions. From this standpoint, the “cloud at the center doctrine” presented in May by the French government, laying out a new “trusted cloud” label, is raising key questions for France and beyond.
Towards multicloud-first policies
Just as you wouldn’t store all of your data on one server, relying on a handful of dominant providers is a recipe for disaster. Dependence is the enemy of resilience. Hence the need for a multicloud approach.
This approach, however, requires that all providers develop interoperable architectures, to allow for data portability, and to stop lock-ins (where clients are bound to providers by long-term contracts, unable to transfer their data elsewhere). SWIPO’s “switching and porting” data portability code of conduct provides useful guidelines here. But to date, the biggest cloud providers won’t adhere to these principles.
Similar resistance is currently being shown to Europe’s Digital Markets Act (DMA), which aims to rebalance the rules of competition in the digital sphere: certain big tech companies are even demanding that cloud services be entirely removed from the DMA’s scope.
Finally, the imminent new label to be proposed by European cloud association GAIA-X could well help drive explosive growth in cloud adoption across the continent. But there’s also real risk of this label reinforcing non-EU players, rather than boosting European ecosystems’ diversity.
So, what is to be done? It’s clear that the EU cloud sector can’t reach greater sovereignty without legislative support.
Industrial autonomy, a vehicle for sovereignty
French and European legislation should stimulate the growth of EU players, and rebalance asymmetrical access to public markets. In the US and China, already-dominant local players have made great strides in terms of public market procurement, thus excluding European providers. The latter are also shut out by those countries’ data localisation regulations. A particularly unfair double bind, especially considering the opposite is not true in Europe.
It seems to us in this case that European and national state budgets should lead by example and:
- Prioritise adoption of European (multi) cloud providers
- Ensure public cloud procurement choices are based on transparency, innovation, security, sovereignty and climate neutrality
- Make the “Buy European tech” instinct part of the law.
European cloud players are for the most part small- or medium-sized companies. To be given a fighting chance in this David-versus-Goliath scenario, they need lawmakers’ help to establish a level playing field.
This, we believe, is why independence from non-EU technology must be made an urgent priority of policy-makers throughout the continent. Implementing a legal instrument to limit asymmetrical access to local public markets for non-European players would be a concrete way to re-balance competition conditions, while generating positive opportunities for the European cloud industry.
Without such protections and failsafes, the anti-competitive behaviour of certain large players will only continue in the future, to the detriment of European business and technology. This, to conclude, is why sovereignty is the key to this new cloud decade.