Cloud computing has not only changed the way data is stored and used, but also transformed people’s expectations of how accessible data and services should be. It uses online services to, for example, store, manage, and process files on a common system, making it possible to access these functions from anywhere. When we check our e-mails, stream movies, or listen to music, we are usually using a cloud service.
Cloud computing is beneficial to companies in many ways: it allows them to save money on storage, physical servers, and management services, as well as improving operational flexibility and ease of use for users. This in turn saves employees’ time. It therefore comes as no surprise that demand for cloud computing is growing every year, with forecasts predicting that the global market will reach €260 billion in 2021, an increase of 13% over 2020.
Despite the obvious benefits of cloud, Europe lags behind other regions in developing and using this technology. One reason for this is that there is no Single Market for cloud computing in the European Union.
A fragmented market dominated by the hyperscalers
In a market dominated by non-European cloud providers, the so-called hyperscalers, many European businesses and public sector authorities are still hesitant about adopting cloud computing. They have concerns around topics such as data security, data sovereignty, General Data Protection Regulation (GDPR) compliance, and corporate espionage.
To address these challenges, individual EU member countries have announced or adopted requirements that are specific to their national markets. For a taster of the fragmentation that this is creating, consider the certification requirements now in place in some EU member countries: Germany requires C5, France requires Secnumcloud, and Spain requires ENS – and that’s just the certifications.
When it comes to public procurement policy, each country defines contract terms that are non-negotiable. In the Netherlands, for example, bids often contain clauses requiring all bidders, regardless of size, to prove they are signed up to an escrow service. Moreover, many public agencies in the EU require data to be hosted in their home country, despite the fact that EU law allows and promotes the free flow of data within the EU. These national data localisation requirements add to market fragmentation and limit the ability of cloud providers to offer scalable solutions within the EU.
While there are arguments to justify this approach, it has effectively fractured the European market in this important, emerging area. With operating-at-scale a key success factor, this level of fragmentation impedes our progress.
For the cloud providers, the costs of hosting, maintenance, and audits run in the millions of euros per solution, per market, and per year. Deployment and certification adjustments at a national level can become multi-year projects. Against such a disjointed European backdrop and amplified by the fact that there are very few European cloud providers, only the largest, mainly the non-European, cloud providers (and specialised local editors) can fulfil the different requirements of each member country.
The absence of a functional EU Single Market for cloud computing deprives European customers of the benefits that come with a vibrant and competitive market.
A Single Market for cloud computing would be a boost to smaller European cloud providers and start-ups, helping them to quickly reach a critical mass of customers across Europe.
“If you build it…”
To build this Single Market successfully, a multi-faceted approach is needed.
To get all the players on the same page, consensus would need to be achieved through the recently launched European Alliance for Industrial Data and Cloud, composed of EU Member States, European industry players, and other stakeholders.
It would also involve replacing individual state cloud certification schemes with a single, EU-wide label such as the European Cybersecurity Scheme for Cloud Services (EUCS) that is currently being developed by ENISA, the EU agency for cybersecurity. This would enable providers to fully implement, conform to and be certified for a comprehensive framework rather than having to comply with multiple rules from multiple countries.
The European Commission has proposed an EU Cloud Rulebook to address user concerns and establish EU-wide common rules for cloud computing, including areas such as data security, data privacy, data portability, and energy efficiency. This rulebook could serve as the backbone of public procurement across Europe and take account of the standards and rules developed by GAIA-X.
A Single Market for cloud computing could also legitimately be counted among the planned Important Projects of Common European Interest (IPCEI). This would mobilise significant public and private investments for the development of a next-generation cloud supply that meets European standards and values and could complement the offerings of the hyperscalers.
Against a backdrop of dominant non-European tech companies and accelerating digital transformation across all industries and regions, now is clearly the time to introduce a Single Market for cloud computing. It would lay the foundation for a competitive European cloud computing industry, which would, in turn, lead to more assured choices and better services for European citizens and businesses.
In a market dominated by non-European cloud providers, individual EU member countries have announced or adopted requirements that are specific to their national markets.
The absence of a functional EU Single Market for cloud computing deprives European customers of the benefits that come with a vibrant and competitive market.