| News | Blog | Gaia-X: Digital Sovereignty for Europe

Gaia-X: Digital Sovereignty for Europe

With data becoming increasingly important as a raw material for an economic area, it is essential to preserve this resource and to provide all data providers with optimal conditions for handling their data. Gaia-X has set out to realise a data infrastructure according to European values that creates these framework conditions.

In today’s “Internet of Everything”, data is generated almost always and everywhere. Good examples are cars, machines and smartphones, whose data have long since found their way into numerous business models. Our lives are digital and with every action we perform, new data is created about us and around us. Corresponding platform providers collect, aggregate and integrate all this data into a data ecosystem in which new digital services are created through the refinement and analysis of data. These services ultimately lead to innovations for society in all areas of life and work – from education to health or mobility to Industry 4.0.

Sources: European Commission (2020); Statista (2019); IoT Analytics (2018). NB: German position: author’s assessment.

Where large amounts of data are shared and used, the path to cloud computing is not far. Cloud computing enables easy network access to shared computing resources. Using a cloud is independent of where you are. Clouds are available quickly and with minimal effort. Today, they have only one problem for companies as well as citizens in Europe: all large clouds are operated outside Europe. What is allowed to happen to the data is thus subject to framework conditions that are not necessarily compatible with our legal and data protection ideas in Europe.

Risks from non-European cloud platform providers

The dominance of non-European providers poses several risks for cloud platforms in Europe:

  • Monopoly effects: Network effects arise on the platforms, which ultimately leave many losers in data use according to the “the winner takes it all” principle.
  • Monopoly of power: The blocking of the Twitter account of former US President Donald Trump by sole decision of the provider is a good example of the power that such privately operated platforms have. A balance needs to be struck between state and private sector interests.
  • Data access control and data sovereignty: The US Cloud Act, which also allows US authorities to access data obtained by US service providers abroad, cannot be reconciled with European data protection ideas.
  • Structural change in the German economy: Data-driven ecosystems are becoming increasingly important for the future viability of the economy. We must not lose touch here.

Gaia-X: Rules of the game for data exchange according to European values

How can this dilemma be solved? The only way is for Europe to cast its own values into its own architecture for cloud and data sovereignty. The Gaia-X initiative was founded precisely for this purpose and has since also been transformed into its own organisation under Belgian law, the non-profit association Gaia-X AISBL. As a data infrastructure, Gaia-X will provide the framework to which cloud providers wishing to offer their services in Europe must adhere. This means that the development of Gaia-X does not rule out the possibility of non-European providers operating on the market in the future. However, the architecture provides them with framework conditions on how they must do this. In this way, Gaia-X creates the possibility for both private individuals and companies to deal with their own data in a secure and sovereign manner.

Ursula von der Leyen, President of the European Commission, also described the importance of this project in her State of the European Union address on 16 September 2020: “Industrial data is worth its weight in gold when it comes to developing new products and services. But the reality is that 80 percent of industrial data is still collected but never used. That is pure waste. A real data economy, on the other hand, would be a powerful engine for innovation and new jobs. […] For this, we need common data spaces – for example in the energy or health sectors. […] That’s why we will build a European cloud as part of NextGenerationEU – based on Gaia-X.”

Requirements for Gaia-X

The following points form the cornerstones of Gaia-X:

  • Data usage control at the data provider
  • Common protection class definition
  • Trust protection and distributed identity management
  • Openness and participation in design and use
  • Hybrid cloud use
  • Freedom of choice in data storage in terms of jurisdiction and location
  • Portability of data and services

The architecture based on these requirements looks as follows:

Source: Gaia-X, European Association for Data and Cloud, AISBL (2021).

Work on Gaia-X is progressing well: an architecture specification and certification criteria have already been defined. A developer community is working on an open source software repository for the implementation of Gaia-X in its own software. Gaia-X supports the European data spaces that are currently being created (for example in the field of mobility, cf. Catena-X Automotive Network) and the open source development of federation services.

An overview of the market model of this European cloud approach in comparison to the hyperscalers and state-controlled platforms is given in the following figure:

Gaia-X thus offers a great opportunity to translate the right to self-determination over one’s own data into a standard for a data infrastructure that enforces this right. Europe would do well to pursue this path stringently.

The blog posts published by bidt reflect the views of the authors; they do not reflect the position of the institute as a whole.