Philipp von Ditfurth | dpa | Picture Alliance | Getty Images
The European Commission — the EU’s executive branch — is expected to present its “Tech Sovereignty Package” on May 27, which will include a range of measures aimed at bolstering the bloc’s strategic autonomy in key digital areas.
As part of preparations for that package, discussions are taking place within the Commission around limiting the exposure of sensitive public-sector data to cloud platforms provided by companies outside of the EU, two Commission officials, who asked to remain anonymous as they weren’t authorized to discuss private talks, told CNBC.
As tensions with U.S. President Donald Trump’s administration have intensified, there have been calls for Europe to diversify away from U.S. cloud providers, which currently dominate the European market, and towards homegrown providers for its most critical workloads.
“The core idea is defining sectors that have to be hosted on European cloud capacity,” one of the officials said. They added that companies providing cloud solutions from third countries, including the U.S., could be impacted.
Proposals would not prohibit overseas companies’ cloud platforms from government contracts entirely, but limit their use in processing sensitive data at public sector organizations, depending on the level of sensitivity, they added. The officials said that talks are ongoing and yet to be finalized.
“U.S. cloud providers could face restrictions in certain sensitive and strategic sectors” within EU member states’ public bodies as a result of the proposals, one official said.
The officials told CNBC there are discussions around proposing that financial, judicial and health data processed by governments and public-sector organizations require high levels of sovereign cloud infrastructure.
The discussions do not relate to private-sector companies and the “Tech Sovereignty Package” would not propose rules about their use of cloud platforms, one of the officials said.
When asked for comment, a Commission spokesperson told CNBC the package was “about Europe waking up and getting its act together.”
They added that it would “improve opportunities for sovereign cloud offerings, including through public procurement, and support the entry into the market of a more diverse set of cloud and AI service providers.”
Growing calls to diversify
EU member states’ public sector organizations can currently use cloud platforms provided by overseas companies — often U.S.-based due to the country’s dominance in the sector — to process highly sensitive data, including health and financial data, provided they comply with regulations.
But scrutiny on that reliance has grown as transatlantic relations have soured in recent months. Under the 2018 Cloud Act, U.S. law enforcement can request user data from American companies, regardless of where the data is stored.
European governments told CNBC in February they were exploring homegrown and open-source alternatives to U.S. tech platforms and upping budgets for digital sovereignty.
France announced it would roll out Visio in January — a video conferencing tool developed by the government — which it said would be available to all state services by 2027, in place of U.S. tools like Microsoft Teams and Zoom.
The same month, the EU said it faced a “significant problem of dependence on non-EU countries in the digital sphere…potentially creating vulnerabilities, including in critical sectors.”
In April, the Commission awarded a 180 million euro tender to four European sovereign cloud projects to supply EU institutions and agencies, with one of those involving a partnership with a joint venture between French aerospace company Thales and Google Cloud.
About the Author
Discover more from InfoVera USA
Subscribe to get the latest posts sent to your email.
