In Europe, big tech providers are at the mercy of data sovereignty

Big tech providers need to partner local IT companies to offer services in Europe - or face the consequences.
12 October 2021

(Photo by Kenzo TRIBOUILLARD / AFP)

Data sovereignty rules around the world continue to get tighter as countries look to protect their citizen’s data. In Europe, one of the ways of ensuring data sovereignty is via the sovereign cloud.

European enterprises want to be able to enjoy the flexibilities and capabilities provided on the cloud — this includes having access to data wherever they are and developing new workloads to meet customer demands, while also being legally compliant, secure, and transparent with regulators.

A KPMG France report showed that the European cloud industry is dominated by three major operators: AWS (53%), Microsoft (9%), and Google (8%), the need for regulations over how they handle customers is becoming increasingly important. And this is where the sovereign cloud comes in.

With the European cloud market expected to climb to between €300 billion to €500 billion by 2027 to 2030, the sovereign cloud is designed to deliver security and data access, based on the requirements of any local law or regulated industry. For enterprises, the sovereign cloud enables them to handle local regulations efficiently without the need to worry about infringing any local laws.

In Europe, privacy concerns are one of the biggest reasons why big tech companies are now looking to partner with local cloud providers when it comes to offering their cloud services. Some of the world’s largest tech companies have been fined in the past for not complying with European regulations and have faced huge fines.

During VMworld 2021, the US-based cloud provider VMware recently announced that they are partnering with local cloud providers to develop the sovereign cloud. Some of the regional European cloud providers working with VMware include European cloud provider OVHcloud, major telco services like Telefonica, the Spanish multinational telco provider.

In Italy, Oracle has also partnered with Telecom Italia and its cloud division Noovle to bring multi-cloud services to enterprises and public sector organizations. Oracle’s hybrid and multi-cloud strategy will enable TIM to ensure that customer data is hosted in-country with a cloud solution that meets customers’ data sovereignty needs.

“The collaboration with Oracle is a key element for accelerating our group’s transition to more flexible models and supporting the digitization of businesses and public administration. By adopting a multi-cloud model, we can enrich our offer of high value-added services, enabling our customers to promptly seize the best business opportunities while simultaneously improving efficiency,” said Carlo d’Asaro Biondo, CEO, Noovle.

Data Sovereignty and the Trusted Cloud

In France, Google Cloud and Thales are co-developing a sovereign hyper-scale cloud offering in the country to meet the criteria of the French “Trusted Cloud”. The jointly developed sovereign cloud offering will enable French organizations to innovate and fully benefit from hype-scale cloud technology, while keeping their data confidential, secure, and fully sovereign.


According to Google Cloud, French companies and public sector institutions will be able to benefit from a set of hyper-scale cloud services that are:

  • operated by a dedicated, newly formed company under French law, held in majority by Thales.
  • hosted in France, within an infrastructure that is separate from Google Cloud, with a separate network and servers controlled and operated by the new company.
  • supported locally by the new company, ensuring customer service is handled in France.
  • locally secured with identity management, data encryption, administration, and supervision being provided by the new company.
  • regularly enhanced via rolling software updates that are evaluated and validated within a security sandbox managed by Thales.
  • managed on a sustainably developed infrastructure.

At the same time, Thales will bring the necessary guarantees of France’s sovereignty requirements by ensuring the management of encryption keys, access, identities, and cyber threat monitoring with its Cybersecurity Operations Center. French customers will be able to migrate their most sensitive applications to the cloud while maintaining control.

For Thomas Kurian, Google Cloud CEO, the joint vision will deliver the most innovative and trusted solutions to companies and public sector organizations in France.

“Our unique approach to addressing the concerns of French citizens and government bodies, including the development of a new company, ensures organizations can benefit from the innovation and agility of the cloud, without compromising on the security, privacy, and sovereignty required by the French government,” said Kurian.

“The government’s national cloud strategy clearly specifies the state’s willingness to use and promote high-performance and trusted cloud offerings. The challenge is to have the widest possible range of solutions compliant with the SecNumCloud repository which details the technical, operational, and legal security rules capable of effectively protecting data and processes hosted in a cloud service,” said Guillaume Poupard, Director General of the National Information Systems Security Agency (ANSSI.)

As Europe continues to go down hard on big tech companies and how they make use of customer data, more are looking to expand their capabilities in the region by partnering with local tech providers.

At the end of the day, to operate in Europe, global technology providers need to prove that they are trustworthy and able to meet all data sovereignty requirements set. Failure to do so may only lead to heftier fines and even a ban in the future.