Challenges Face European Governments Pursuing 'Digital Sovereignty' (theregister.com)
- Reference: 0180467921
- News link: https://yro.slashdot.org/story/25/12/28/0642206/challenges-face-european-governments-pursuing-digital-sovereignty
- Source link: https://www.theregister.com/2025/12/22/europe_gets_serious_about_cutting/
> The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR)... Furthermore, these warrants often come with a [2]gag order , legally prohibiting the provider from informing their customer that their data has been accessed. This renders any contractual clauses requiring transparency or notification effectively meaningless. While technical measures like encryption are often proposed as a solution, their effectiveness depends entirely on who controls the encryption keys. If the US provider manages the keys, as is common in many standard cloud services, they can be [3]forced to decrypt the data for authorities, making such safeguards moot....
>
> American hyperscalers have recognized the market demand for sovereignty and now aggressively market 'sovereign cloud' solutions, typically by placing datacenters on European soil or partnering with local operators. Critics call this 'sovereignty washing'... [Cristina Caffarra, a competition economistand driving force behind the Eurostack initiative] warns that this does not resolve the fundamental problem. "A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe," she says. "That simply doesn't work." Because, as long as the parent company is American, it remains subject to the CLOUD Act...
>
> Even when organizations make deliberate choices in favour of European providers, those decisions can be undone by market forces. A recent acquisition in the Netherlands illustrates this risk. In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider. This came as an "unpleasant surprise" to several of its government clients, including the municipality of Amsterdam and the Dutch Ministry of Justice and Security. These bodies had specifically chosen Solvinity to reduce their dependence on American firms and mitigate CLOUD Act risks.
Still, The Register provides several examples of government systems that are "taking concrete steps to regain control over their IT."
Austria's Federal Ministry for Economy, Energy and Tourism now has 1,200 employees on the European open-source collaboration platform Nextcloud, leading several other Austrian ministries to also implement Nextcloud. (The Ministry's CISO tells the Register "We can see our input in Nextcloud releases. That is a feeling we never had with Microsoft.")
France's Ministry of Economics and Finance recently completed NUBO (which the Register describes as "an OpenStack-based private cloud initiative designed to handle sensitive data and services.")
In November the International Criminal Court in The Hague announced it was [4]replacing its Microsoft office software with a European alternative .
The German state of Schleswig-Holstein is [5]replacing Microsoft products with open-source alternatives for 30,000 civil servants
Thanks to long-time Slashdot reader [6]mspohr for sharing the article.
[1] https://www.theregister.com/2025/12/22/europe_gets_serious_about_cutting/
[2] https://cyberscoop.com/microsoft-cloud-fourth-amendment-justice-department/
[3] https://cpl.thalesgroup.com/blog/encryption/cloud-encryption-key-management-byok-hyok
[4] https://www.theregister.com/2025/10/31/international_criminal_court_ditches_office/
[5] https://www.theregister.com/2025/10/15/schleswig_holstein_open_source/
[6] https://www.slashdot.org/~mspohr
Problem is Cloud Act 2018 passed by Repubs (Score:3)
and the obscene amount of money US companies spent for global cloud dominance. But there is an easy solution without spending all that money - Data encryption, the last line of defense against the extraterritoriality of the Cloud Act? Data encryption is currently the most effective barrier against the side effects of the Cloud Act. This technical protection makes data accessible to American authorities but not readable, and thus protects the interests of European companies.
Re: (Score:2)
I think the better solution is to not spend money on a country run by an extremist government.
I'm not sure this is possible (Score:2, Offtopic)
With the U.S. in the mindset that it can do whatever it wants anywhere at any time as long as it says its own "National Security" is threatened I'm not sure that "sovereignty" really means much no matter what words someone writes down on a piece of paper somewhere and votes on it.
Trump a) thinks he can annex Greenland, b) commit open murder in international waters, c) do the same thing in Nigeria, d) invade Venezuela, e) ... you get the idea. But it is not like he was the first one. The Cheney adminis
Re: (Score:2)
There's a big difference between thinking about something or wanting something, and actually doing/getting it. Trump can, eg., talk all he wants about annexing Greenland, but to actually do it he'll have to send the Army to Greenland and invade it. That'll involve having the Danish Army shooting back at the invaders, and the Danes calling on the mutual-defense provisions of NATO to bring most of Europe in on their side. That's not going to end well for the US, not even counting the question of whether the J
Acquisitions (Score:2)
> American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider.
Don't foregin (EU) countries have anything like [1]CFIUS [treasury.gov]? Where they can essentially tell US companies and even shareholders to basically f* off.
[1] https://home.treasury.gov/policy-issues/international/the-committee-on-foreign-investment-in-the-united-states-cfius
National sovereignty (Score:3)
The Dutch government could have (and should have) blocked the acquisition of Solvinity.
And yes, all non-US countries and organizations must, as a matter of critical importance, minimize their dependence on US software and services. The risk of not doing so is simply far too high.
Awful Lot Of European Whining (Score:1)
There's an awful lot of European whining about their lack of data sovereignty. But, despite the fact that the solution is stupidly simple - European company's or socialist governments build European hyperscalers - no one seems to be actually attempting to address the issue.
Chinese companies built Chinese hyperscalers early and quickly. Why doesn't Europe have it's own hyperscalers? It seems to me that OVH could possibly do it with OVHCloud, and there is Exoscale. The Europeans could switch to these and buil
Re: (Score:2)
So... We should all stop whinging about dara sovereignty and privacy and just settle into being obedient serfs to our techno fascist overlords?
Re: (Score:2)
LOL! You could not have proven my point any better, even if you had tried.
I literally told you the solution and rather than setting out to effect the changes, you whine about being told to quit whining. God forbid you actually expend any effort.
Re: (Score:2)
> There's an awful lot of European whining about their lack of data sovereignty. But, despite the fact that the solution is stupidly simple - European company's or socialist governments build European hyperscalers - no one seems to be actually attempting to address the issue.
> Chinese companies built Chinese hyperscalers early and quickly. Why doesn't Europe have it's own hyperscalers? It seems to me that OVH could possibly do it with OVHCloud, and there is Exoscale. The Europeans could switch to these and build them out. But, all I hear is whining about America bad.
> So, unless the Europeans are going to actually try to do something about it I really don't want to hear them whining about it. And, for the record, switching to a file syncing NAS and Libre Office is nothing at all like building a hyperscaler.
That's probably what is at least in part going to happen, but it's not as easy as it seems.
China has no issue in pouring whatever state aid they want to whatever company they want and have a much greater motivation to not rely on US infrastructure due to the hostility between the countries. The EU or EU State Members on the other side cannot just decide to e.g. "go with Exoscale" or whatever domestic provider because state aid in the EU is pretty strictly regulated: other companies would have the opportunit
Re: (Score:2)
I realized I might have been unclear in my post: with "go with Exoscale" I don't mean merely selecting them as provider, I mean in the context of investing state money into them to let them build up their infrastructure.
Re: (Score:2)
And what you don't understand is that cloud services come with a large amount of lock-in. If you are, for example, using AWS, you are locked into that (since your Terraform files or your deployment bash scripts are specific to EC2 or EKS). European governments were indifferent to that lock-in for years, since they considered the US a friendly country. Instead, China's governmental IT infrastructure was designed to avoid lock-in to US cloud services since day 1 .
tl;dr: it's not the lack of EU cloud service