Julia Rone of the Vrije Universiteit Amsterdam explains some of the reasons that the EU lags behind the US and China in terms of cloud computing, despite the bloc’s ambitions for digital sovereignty.
It has been well acknowledged that the European Union is falling behind the US and China when it comes to cloud computing because of its lack of technological capabilities. In a recently published article, however, I argue that there is another important and often overlooked reason for EU’s laggard status: the persistent disagreement between different EU member states, which have very different visions of EU cloud policy.
In the wake of the disruption of global supply chains, trade wars between China and the US, and the war in Ukraine, EU policy makers realised the bloc is highly dependent on foreign digital technologies, with worrying implications in terms of both cybersecurity and industrial policy. As a response, the EU has developed a doctrine of digital sovereignty – defined as ‘the ability to act independently in the digital world’ and has turned to both regulation and innovation on different layers of the stack, including chips production, 5G networks, the cloud, and artificial intelligence. Despite the strong rhetoric around achieving digital sovereignty, however, the EU has so far failed to mount a coherent and successful response to the dominance of foreign cloud companies such as AWS, Google or Microsoft Azure. This is very similar to developments in other spheres, such as foreign relations, where despite EU’s rising sovereignty rhetoric, there has been more bark than bite.
Indeed, while the European Commission set the ambitious goal to have 75 per cent of European companies using the cloud by 2030, as of 2020, non-European servers hosted about 80 per cent of European Data. And research from 2022 has shown that the share of European cloud providers in the EU is actually going down rather than up. This is the case despite significant industrial investment at the EU level, and big projects such as the Franco-German Gaia-X, which has so far remained conflict-ridden and captured by foreign businesses interests and ideational power.
Problems similar to those observed in Gaia-X could be seen also in the less well-known attempt to develop a European Union Cloud Services Certification Scheme (EUCS), showing that rather than being anomalies, both Gaia-X and EUCS in fact manifest an underlying structural problem with EU’s pivot to digital sovereignty: the inability of different member states to agree on a clear common course of action. The goal of EUCS in particular, was to provide a much-needed harmonization of the EU cloud services market. Despite being a technical document, the cloud certification scheme became highly controversial and led to a clash between EU member states and a protracted stalemate.
On the one hand, France pushed early on for digital sovereignty requirements, including ownership controls, immunity from non-EU law, and a requirement that a company is headquartered in the EU. These sovereignty requirements were relevant for the highest level of certification a cloud company could achieve in order to sell services to entities such as governments or critical infrastructure providers. On the other hand, the Netherlands had the exact opposite approach and welcomed US corporate giants, seeing them as more secure than any domestic alternative. The Netherlands thus lobbied actively against including digital sovereignty provisions in EUCS and convinced also other EU member states to oppose them. In the stand-off between France and the Netherlands, Germany behaved as a swing state and changed its position along the way – from supporting digital sovereignty provisions to calling for a political debate on the issue. Ultimately, the drafting of the scheme has taken years and has not yet been concluded as of July 2024.
It is impossible to understand the controversies around EUCS without paying attention to diverging member state preferences – a key concept of liberal intergovernmentalism – one of the three main EU integration theories, which aim to explain the process of member states integration and supranational institution building. According to Liberal intergovernmentalism states are key actors of EU integration: they negotiate and bargain to defend their national preferences, often formed under intense lobbying by domestic industries. This is indeed what we see in the conflict between France and the Netherlands on EUCS.
France was intensely lobbied by domestic cloud companies and as a big country can nurture ambitions to develop national or even EU cloud champions. To the contrary, smaller EU countries such as the Netherlands, Denmark or Ireland have much less fiscal capacity and would find it difficult to subsidize cloud champions. They choose instead a more open approach to foreign cloud giants and focus on developing other digital economy industries, including companies specializing in certification.
Digital sovereignty in the sense of nurturing national and/or European champions is thus an ambition only of a few big countries, most prominently of France, known for its dirigiste approach and active industrial policy . The Dutch Digitalization Strategy notoriously stated in a footnote ‘[W]e use the term “digital sovereignty” here because it is the standard European jargon. “Digital autonomy” would be more accurate, however, since we are referring to the digital dimension of strategic autonomy’.
At the same time, contrary to what classic liberal intergovernmentalism would predict, preference formation on cloud policy might sometimes happen first in an intergovernmental setting, a pattern of preference formation similar to what we have seen during the euro-crisis. When it comes to EUCS, Germany supported the introduction of sovereignty requirements as the result of preceding coordination with France and only then asked for a political discussion of EUCS under pressure from some of its domestic businesses.
Ideology also matters. Central and Eastern European (CEE) states such as Poland and Czechia but also digital-forerunner states such as Finland, Sweden or Ireland have shown more support for free trade, liberalization and foreign direct investment. Such countries clearly belong to the so-called “digitally like-minded group” of more liberal policy making in the sphere of the digital. Opposed to them when it comes to data flows, platform regulation, but as we see also in cloud policy, is the Franco-German nexus which adopts a more interventionist approach.
Finally, any attempt to arrive at a coherent EU cloud policy unfolds in a precarious geopolitical reality. CEE countries such as Poland have been increasingly promoting the so-called Three Seas Initiative which emphasizes transatlantic collaboration with the US. It is thus not a surprise that Three Seas Initiative partners have seen the digital sovereignty requirements in EUCS as highly problematic, as they could exclude US businesses from the EU market.
All in all, talking about EU cloud sovereignty presupposes that the EU speaks with one voice. But as controversies around EUCS have shown, this is not the case. So, whose cloud sovereignty are we talking about? Conflicts between member states have led to the removal of sovereignty requirements for the highest level of certification in EUCS. Stuck in a competition over network centrality between China and the US and in disagreements between its own member states, the EU ultimately finds it very difficult to push forward ambitious and truly transformative projects in the cloud that would help it become a major player in the field. EU cloud sovereignty so far remains all bark and no bite.
This post represents the views of the author and not the position of the Media@LSE blog, nor of the London School of Economics and Political Science.