Next Generation Cloud for Europe

The EU has been progressing its digital single market strategy for the past six years, since its adoption in 2015. It has been identified by the European Commission as one of its ten political priorities and has three pillars:

1. access: improving access to digital goods and services;
2. environment: creating an environment where digital networks and services can prosper; and
3. economy & society: digital as a driver for growth.

On 15 October 2020, the 27 EU Member States signed the Joint Declaration on Cloud (the “Declaration”), which is intended to progress the move towards a digital single market. In particular, it underpins progress on the “environment” pillar of the strategy, which is designed to create the right environment for digital networks and services by providing high-speed, secure and trustworthy infrastructures and services supported by the right regulatory conditions.

The market for public cloud infrastructure has been developing at a great pace outside of Europe. The Declaration notes that the market is converging globally around four large non-European players, and that this “raises concerns over cloud users’ ability to maintain control over strategic and sensitive personal and non-personal data.” We have seen, particularly since the introduction of the GDPR in 2018, a shift in attitudes and an increased appreciation for the value and importance of data privacy. However, for cloud users in the EU, relying on non-EU cloud infrastructure may not offer the same level of protection. Commentators suggest that one of the aims of the Declaration is to rival US corporations by building up the local cloud sector.

Joint Declaration on Cloud

The Declaration has been described by the European Commission as a “milestone achievement” and means that “… signatory Member States agree to work together towards deploying resilient and competitive cloud infrastructure and services across Europe.” It confirms the need for a unified approach and states that there will be a focus on:

• combining private, national and EU investmentin deploying competitive, green and secure cloud infrastructures and services;
• defining a common European approach on federating cloud capacities, by working towards one set of joint technical solutions and policy norms (the EU Cloud Rulebook); and
• driving the take-up of more secure, interoperable and energy-efficient data centres and cloud services.

One of the main components of the Declaration is the creation of the European Alliance on Industrial Data and Cloud (the “Alliance”), moving towards an EU single market for industrial data. The Alliance was formed in December, shortly after the signing of the Declaration. It aims to bring cross-industry experts together to design and implement next generation cloud capacities in line with the objectives of the Declaration.

Impact of the Declaration

Thierry Breton, Commissioner for the Internal Market, put it quite succinctly:  

“Europe needs to join forces to lead on the current and upcoming wave of industrial and public data. This declaration is promising and shows the depth of the change that we witness. There is a common understanding that it is vital that any data can be stored and processed in Europe, according to European rules and standards. That will be a key pillar of our digital sovereignty for this Digital Decade and will propel Europe's recovery, ensure long-term competitiveness and help us reach climate sustainability.”

What the Declaration means for Cloud Users

The Declaration notes that the COVID-19 crisis has further illustrated how crucial the availability of a wide range of digital technologies is for our economy and society. The so-called ‘next generation cloud’ for Europe should lead to increased availability, security and interoperability of data centres and cloud services, which will benefit, in particular, small and medium businesses, start-ups and the public sector. This will reduce reliance on foreign cloud computing providers. Decentralised data processing will be undertaken closer to the user. All of the above should encourage and enable growth and innovation for those using the next generation cloud and should increase our confidence that sensitive data (whether business or personal) can be stored and processed in Europe and in accordance with EU rules and standards.

Cloud Service Providers and Looking to the Future

The Member States have committed to driving significant additional private and national investment in the sector to develop cloud and data infrastructures and the European Commission aims to add €2 billion in financing by 2027. There is an emphasis on a common approach to building the European cloud supply with one set of joint technical solutions and policy norms to encourage more interoperable cloud services, which should result in opportunities to develop and to invest in more secure, energy-efficient and interoperable data centres and cloud services.

We hope to see a significant expansion of the underlying infrastructure that is needed to support emerging technologies and to scale existing ones. Cloud computing provides the data processing capacities required to enable data-driven innovation which, as the Declaration emphasises, is essential to enabling technologies such as artificial intelligence, IoT and 5G/6G, as well as other technological innovations and advances. However, we can also expect to see additional regulation in this space. Service providers will need to keep up-to-date with the agreed technical solutions and policy norms, as well as the latest codes of conduct, certifications and regulation (such as policy rules for cloud federation, the proposed standardised cloud service level agreements, and the proposed regulation on the free flow of non-personal data), to understand their responsibilities.

The Declaration is only one element of the EU’s approach to the digital single market. In addition to the Declaration and the formation of the Alliance, the European Commission also adopted a “Proposal for a Regulation of the European Parliament and of the Council on a Single Market for Digital Services (Digital Services Act) and amending Directive 2000/31/EC (e-Commerce Directive)” on 15 December 2020.  The intention of the Digital Services Act is to update the rules applicable to the providers of digital services and online platforms, detailing their responsibilities and obligations.

There are also a number of related regulations in the pipeline, such as potential regulatory steps on artificial intelligence as suggested by the “White Paper on Artificial Intelligence” dated 19 February 2020. From 19 February to 14 June 2020, this white paper underwent an open, public consultation process to collect stakeholders’ views on the upcoming policy and regulatory steps on artificial intelligence and it has been suggested that the Commission will propose a horizontal regulatory proposal within the first quarter of 2021.

Commentary

Despite the UK not being a signatory to the Declaration, the UK could also benefit greatly from this initiative. It should result in UK organisations being able to source additional cloud capacity which:

• is much closer to home;
• is built in a security and data protection landscape almost identical to that which has been implemented in the UK (noting that it will likely be some time before we see any real divergence in the UK from the EU data protection laws); and
• is therefore likely to be preferable for businesses and individuals, instead of relying on the alternative US or other global players in this space.

The implementation of the ‘next generation cloud’ will be a welcome move for businesses and the public sector alike as it should facilitate cloud computing infrastructure which rivals that which originates from outside of the EU. Simultaneously, it should offer the levels of security and data protection which have become ever more valuable and are now “expected” by cloud users. This should give businesses more confidence and capacity to grow and innovate.