Stormy weather for cloud computing in the EU
Cloud computing allows businesses to access computing resources as services over the internet. The availability of this service over the internet and on an on-demand basis reduces expenditure on traditionally on-site resources, while allowing businesses to scale quickly.
The European Commission support a transition towards cloud-based IT solutions, with a target of 75% of EU enterprises adopting cloud services within the next decade.
However, while cloud computing brings many advantages to EU businesses, there are also some key concerns related to data sovereignty, security and the environment.
Big tech dominance
The cloud computing market is dominated by American tech firms like Amazon, Microsoft and Google. Amazon currently holds around 34% of the cloud infrastructure market with Microsoft’s Azure holding a 21% market share and Google Cloud with 11%.
One of the key issues with centralized, foreign firms, is that they host large amounts of European citizens’ personal and business information. Governments may seek to obtain that data directly through the cloud computing provider for use in law enforcement, national security or intelligence gathering. For example, under the U.S. CLOUD Act (2018), the government can require firms with connections to the US to hand over data, even where it is held offshore and with little regard for the GDPR or EU authorities. This is particularly acute given the three largest cloud computing providers are all headquartered in the U.S.
This also puts firms in a difficult position, whether they withhold or disclose the requested data, they risk breaching foreign laws, or EU laws.
There is a network of laws in the EU to protect the data sovereignty of EU citizens. This includes the GDPR and EU members’ “blocking statutes”. The proposed Data Act also proposes to prohibit cloud computing firms from complying with foreign authorities’ demands for data. However, some members states want protections to go further, proposing a certification scheme whereby cloud computing firms can only receive the highest level of certification if they are immune from foreign law, and therefore must not comply with foreign requests for data. While the scheme would be voluntary, certification would likely in practice affect a firm’s chances in procurement processes for governments and EU businesses. While the proposal is controversial, the EU is unlikely to fully walk it back, making it likely that some form of certification will be required.
The EU has a strong environmental and green energy policy and that may form an additional rationale for an EU based cloud system. Digital technologies are estimated to account for up to 9% of global electricity consumption, which will only increase with digitization of industries and sectors.
Furthermore, cloud platforms used in other parts of the world may be powered by old hydrocarbon extraction (coal). Therefore, the greater their use by EU businesses the greater the environmental problem that accrues.
To address this concern, the Commission has a range of tools including:
- Regulations relating to the design of servers and data storage products
- Code of Conduct on Data centre energy efficiency
- Green public procurement criteria.
Fostering EU based cloud computing systems that are subject to EU energy regulations and codes is one mechanism to ensure that as businesses digitize, environmental standards can be upheld.
The material in this article is only for general review of the topics covered and does not constitute legal advice. No legal or business decision should be based on its content.
This article is written in English language. Preiskel & Co LLP is not responsible for any translation of all or part of its content into any language.