EU companies slam proposal allowing US big tech companies to bid for sensitive cloud contracts
The companies emphasised the necessity of the sovereignty clauses.
A consortium of 18 European companies, including Deutsche Telekom, Orange, Airbus, and others, have voiced strong opposition to a proposed policy change that would allow non-EU tech giants like Amazon, Google, and Microsoft to compete for highly sensitive EU cloud computing contracts.
As reported earlier, the EU was considering removing sovereignty clauses in the cloud certification scheme, potentially lowering barriers for non-EU companies to compete more effectively for the EU cloud computing contracts.
The proposal, put forth during Belgium’s current presidency of the European Union, outlines a certification scheme (EUCS) aimed at ensuring the cybersecurity of cloud services. This scheme would aid the EU governments and companies in selecting secure and trustworthy vendors for their cloud needs.
Unlike previous drafts, the latest proposal eliminates sovereignty requirements, which mandated US tech giants to collaborate with EU-based entities to qualify for the highest level of the EU cybersecurity label. This change has raised concerns among the consortium members regarding the potential risks of unlawful data access by foreign governments.
In a joint letter addressed to authorities across EU member states and senior Commission officials, the companies emphasised the necessity of including EU headquarters and European control requirements in the certification scheme. They argued that such measures are essential to mitigate the risks posed by foreign laws, such as the US Cloud Act or the Chinese National Intelligence Law, which could enable access to European data.
The absence of sovereignty clauses, the companies warned, could not only facilitate illegal state surveillance but also reinforce the dominance of US cloud providers over the EU market. They highlighted the Gaia-X cloud computing platform, designed to reduce the EU’s reliance on Silicon Valley giants, as a model that incorporates sovereignty requirements.
Furthermore, Reuters reports that the consortium cautioned about the lack of such requirements and the risk that they could impede the growth of EU-based cloud providers compared to their larger U.S. counterparts. They stressed that removing these clauses would undermine the viability of sovereign cloud solutions in Europe, many of which are currently under development or already available.
Among the signatories to the joint letter are notable companies like EDF, OVHcloud, Aruba, Dassault Systemes, Ionos, Telecom Italia, Exoscale, Capgemini, and Eutelsat.
About author
Anastasiya Kazakova
Anastasiya Kazakova is a cyber diplomacy knowledge fellow at DiploFoundation, focusing on cyber conflict, cybercrime, and cybersecurity topics. Anastasiya also implements the Geneva Dialogue on Responsible Behaviour in Cyberspace.
