Paris, December 7th, 2021 — EUCLIDIA, an organization of 26 cloud technology makers all headquartered within Europe1, asks EU member states to promptly harmonize their cloud strategies for cybersecurity and technological autonomy. It therefore calls for a moratorium on national cloud strategies that currently rely on fragmented national definitions and qualifications and whose lack of impact assessments risks jeopardising the European digital sovereignty they claim to defend.
While EUCLIDIA strongly supports the objective of reinforcing trust and Europe's technological autonomy in cloud services used by governments and by essential private services, the organisation underlines that this goal requires consistent and constructive dialogue with European companies to identify the key factors at stake. Because cybersecurity and data sovereignty are separate topics, high-level cybersecurity qualifications cannot be a one-size-fits-all answer where what we need is technological autonomy and true control over the data. Cybersecurity qualifications should only be required where it does not create unjustified barriers to innovative sovereign solutions made in Europe.
EUCLIDIA stresses in particular that trust and technological autonomy for European cloud services cannot be gained by overlooking the legal and practical impacts of licensing core software developed by non-European entities. The assessment of the risks of a withdrawal or modification of a software licence used for the provision of their services should be required from cloud services providers, as well as the risks of extraterritorial reach of foreign legislation and regulations that apply to such licences.
Unfortunately, this risk assessment is not currently required by all national strategies, even for the highly strategic IaaS/PaaS software on which public and private applications are deployed. And in some countries, irrelevant criteria de facto exclude trustworthy European technologies that could provide strategic autonomy.
Moreover, EUCLIDIA proposes that to ensure trust and cybersecurity where dependency to third-party software is high, governments should have full and immediate access to the source code of such software for security auditing. They should also be provided with the irrevocable right to the continued use of such code in case of a licence change or withdrawal.
EUCLIDIA strongly regrets that some national governments did not wait for a risk assessment and even made public statements affirming that the licensing of non-European software would be compatible with their national cloud strategy. This already led misinformed private and public decision makers to believe that relying on incumbent non-European technologies would facilitate their compliance with future cybersecurity and non-extraterritorial requirements, which puts them at legal risks and unfairly distorts competition.
“We need the European governments to take the time necessary to assess the impact of their cloud doctrines in an exclusive dialogue with the European cloud industry. Changes in these strategies will be necessary to ensure that they accelerate the adoption and development of the numerous cloud technologies that have already been created in Europe and contribute to data sovereignty, cybersecurity and strategic autonomy”, says Philipp Reisner, interim co-president of EUCLIDIA.
1 Members list is available at https://www.euclidia.eu/members/
FAQ can be found here.
The European Cloud Industrial Alliance (EUCLIDIA) is an industrial alliance formed by independent European original technology makers, for the promotion of digital independence and strategic autonomy. It carries the voice of European cloud technology innovators. It provides lawmakers and national policymakers with the field expertise and vision that will reinforce policies that accelerate the adoption and development of leading cloud technologies made in Europe. It advocates policies that reflect European values such as the protection of privacy and the promotion of fair competition while enabling European cloud industries to be competitive.
EUCLIDIA maintains a list of European-based cloud solutions based on European cloud technologies: see here.