Gaia-X: an interoperable, sovereign European cloud network

" When a company chooses a cloud provider , it's a bit like when you agree to terms and conditions of use or sale: you never really know how you're going to be able to switch services, or how much it's going to cost." With this analogy, Anne-Sophie Taillandier illustrates the constraints currently weighing on companies using cloud solution providers. Director of the ITM's TeraLab platform specialized in data analysis and AI, she is also involved in the European Gaia-X project, which aims to introduce transparency and interoperability to cloud services in Europe.

Initiated by German Economics Minister Peter Altmaier, Gaia-X currently has ten German and ten French founding members, including cloud service providers and major users of all sizes and from all sectors. Alongside the companies are a number of academic players specializing in digital science research, including the ITM. The aim of this public-private consortium is to develop two types of standard to standardize European clouds.

On the one hand, we are pushing ahead with technical standards to harmonize the practices of all players. This is an important condition for facilitating data and software portability. Each company must be able to decide, if it so wishes, to change service provider without having to modify its databases to make them compatible with a new service. Standardizing the technical framework of each cloud service is a crucial lever for promoting the circulation of data between European players.

Environmental issues illustrate the importance of this technical challenge. " Measuring the impact of a company's activity requires it to pool its data with that of its suppliers and possibly its customers," explains Anne-Sophie Taillandier, whose work with TeraLab has been addressing these issues of data transparency and portability for several years now. " If each player hosts its data on a different service, with its own technical storage and processing architectures, we'll have to go through a lengthy process of harmonizing data spaces. This step currently represents an obstacle for players who either don't have the financial means or don't have the skills, such as small businesses or public organizations.

In addition to technical standards, the members of the Gaia-X association also want to establish a regulatory and ethical framework for cloud players in Europe. The aim is to introduce clarity into contractual relations between service providers and customers. " SMEs don't have the same legal and technical teams as large corporations," stresses Anne-Sophie Taillandier. " When they sign with a cloud provider , they don't have the resources to assess all the contractual subtleties. "

The consortium has already begun work on these ethical rules. For example, there should be no hidden costs when a company wishes to move its data from one provider to another. Ultimately, this part of the project should give companies the power to choose their cloud providers transparently. An approach not unlike that of the RGPD, which gives citizens the ability to choose their digital services more transparently, and to ensure the portability of their personal data if necessary.

Renewing Europe's digital sovereignty

It's no coincidence, moreover, that the concepts guiding Gaia-X's action evoke those of the RGPD. Indeed, Gaia-X is anchored in a fundamental trend in the European Union concerning data sovereignty. The initiative is thus an integral part of a long-term EU strategy to create a sovereign space for industrial and personal data, protected by technical and legal mechanisms that are themselves sovereign.

In 2018, the Cloud Act passed in the United States raised concerns among European players. Under this federal law, local and national law enforcement agencies can request access to data stored by U.S. companies, if this data happens to be needed in a judicial investigation, including if the companies' servers are located outside the U.S.. The cloud services market is dominated by American players. Between them, Amazon, Microsoft and Google hold more than half of the sector's market share. For European companies, the Cloud Act poses a risk to data sovereignty.

However, the aim of the project is not to create a new European leader in the cloud, but rather to promote, through its guidelines and standards, the growth of existing players, while harmonizing the practices of existing players. The aim is not to prevent American players or those from other countries - the cloud of Chinese giant Alibaba is gaining more and more ground - from accessing the European market. " We want to publish standards that respect European values, so that anyone who wants to enter the European market can do so, as long as they respect the rules.

At present, Gaia-X has adopted an associative structure. In the coming months, the consortium is set to open up to other European companies wishing to participate. "Anne-Sophie Taillandier explains: " The initiative is originally Franco-German, but it is intended to open up to include other European players wishing to contribute. In the same vein as the digital development initiatives in Europe that have been underway for several years in the fields of cybersecurity and artificial intelligence, Gaia-X and its ambition for the European cloud will therefore be placed under the sign of co-construction.