Europe lacks courage in pursuing digital sovereignty, cloud service CEO says

Content-Type:

News Based on facts, either observed and verified directly by the reporter, or reported and verified from knowledgeable sources.

"The data economy is as important as the agricultural or energy sectors," begins Paulin. "Accessing and manipulating data today gives strategic power. The scandal surrounding Cambridge Analytica has shown this bit," he introduces. [photo_gonzo / Shutterstock]

EU policymakers should have the “courage and fair-mindedness” to pursue a sovereign cloud and regulate American cloud providers under the EU antitrust law on digital markets, Michel Paulin, CEO of the leading French provider OVHcloud, told Euractiv in an interview.

The cloud sector, a crucial component of the digital economy in its storing of data, is currently governed under sometimes overlapping legislative frameworks in the US and the EU. As such, digital sovereignty and cybersecurity concerns are of the essence.

“The data economy is as important as the agricultural or energy sectors,” said Paulin. “Accessing and manipulating data today gives strategic power.”

OVHcloud, France’s largest cloud services provider, has been at the forefront of calls arguing for more digital sovereignty.

“Today, what Amazon is saying when it evokes a European sovereign cloud is illusory semantics,” he said. In his view, US companies like Amazon, Microsoft and Google cannot be trusted with Europe’s strategic data because US laws might force them to cooperate with US security agencies.

France and Germany increasingly drift apart on digital sovereignty of cloud sector

The recent announcement of “a new, independent cloud for Europe” by Amazon Web Services has underlined the growing divergence between the positions of Paris and Berlin regarding digital sovereignty in the cloud sector.

Digital sovereignty challenges

OVHcloud is a European company. As such, it is “immune to American extraterritorial legislation” that allows US security agencies to access personal data stored by US companies irrespective of where they are stored, such as FISA or the Cloud Act, Paulin said.

However, “OVHcloud is subject to local law and could receive requests from US administrations on data stored in the United States.”

OVHcloud has been one of the strongest supporters of introducing the transparency principle in the sovereignty criteria in the European Could Services scheme (EUCS), the currently debated EU-wide cloud security certification harmoniser, “so that cloud users know who is accessing their data and how”.

These sovereignty criteria would replicate at the EU level France’s SecNumCloud, excluding American cloud providers from considerable chunks of the European market. However, it has faced strong opposition from businesses and several EU countries, including a sceptical Germany, who consider it a protectionist move.

“I hope that Europe and the Germans will have the courage and fair-mindedness to include the principle of transparency, which is at the service of customers, markets and innovations. Otherwise, we risk another Edward Snowden-style scandal in the near future,” Paulin added.

EU Parliament set to request involvement in cybersecurity certification schemes

All major political groups are expected to get behind amendments requiring the adoption of cybersecurity certification schemes to be rubberstamped by the European Parliament.

The DMA debacle

In September, the European Commission designated six companies as “gatekeepers” in critical sectors of the internet economy under its Digital Markets Act (DMA). This designation comes with a series of ex-ante rules to favour the contestability of digital markets.

However, the EU executive has so far failed to designate any cloud service under the DMA, a shortcoming Paulin attributed to “a lack of courage”.

“The Commission published a list that seems to say that no, there are no anti-competitive practices from these three companies, which control 78% of the European cloud market,”  he continued.

For Paulin, this indifference from the side of EU authorities contradicts the growing scrutiny from antitrust authorities worldwide in the cloud sector, while the companies dominating this market manage to impose their solutions over more innovative ones.

Are EU regulators ready for concentration in the AI market?

Artificial Intelligence is set to be the next frontier of market concentration in the internet economy. Still, experts Euractiv has spoken with feel that even the EU’s shiny new regulatory tools might be ill-suited to prevent abuses of market dominance in this area.

Data Privacy Framework

OVHcloud’s CEO also expressed its dissatisfaction with the new Data Privacy Framework, the transatlantic agreement that provides the legal framework for EU-US data transfers.

“I am convinced that the Court of Justice of the European Union will shortly rule on the illegitimacy and illegal nature of the Data Privacy Framework,” Paulin said, hinting at the fact he hopes for a Schrems III ruling that would invalidate the transatlantic data framework for a third time.

Scalability of French cloud

During the examination of the French digital bill spearheaded by the French Digital Minister Jean-Noël Barrot, the Senate suggested adding obligations for public administrations to migrate their data to SecNumCloud-certified secure clouds.

The amendment was deleted at the National Assembly reading, as reported by Euractiv, over considerations that French cloud providers currently would not have such capacity.

“It is wrong to say that OVHcloud, Scaleway and Outscale do not currently have the capacity, skills or resources to host public administration data on SecNumCloud-certified clouds. These are the talking points of extremely influential lobbyists who are repeating false information over and over again,” Paulin added.

He stressed that “OVHcloud’s SecNumCloud-certified cloud is currently our fastest-growing product” and that his company “would be fully capable and equipped to receive data from the French administration”.

EU cloud certification headed for tiered approach on sovereignty criteria

A draft Cybersecurity Certification Scheme for Cloud Services, seen by EURACTIV, moved the requirement excluding non-European companies into a new subcategory.

Artificial intelligence

Paulin also touched upon the growing AI sector, which in his view will further increase the strategic power of data.

OVHcloud’s strategy in this area is to join consortia and work “with players in the ecosystem to enable its customers to use their tools in a secure universe in which their current ownership is guaranteed, without anyone having access to their data”.

[Edited by Luca Bertuzzi/Nathalie Weatherald]

Subscribe to our newsletters

Subscribe