The EU Considers Restricting Use of US Cloud Platforms for Sensitive Government Data (cnbc.com)
- Reference: 0183171470
- News link: https://yro.slashdot.org/story/26/05/10/032247/the-eu-considers-restricting-use-of-us-cloud-platforms-for-sensitive-government-data
- Source link: https://www.cnbc.com/2026/05/07/eu-commission-cloud-sensitive-data.html
> The European Union is considering rules that would restrict its member governments' use of U.S. cloud providers to handle sensitive data, sources familiar with the talks told CNBC.
>
> The European Commission — the EU's executive branch — is expected to present its "Tech Sovereignty Package" on May 27, which will include a range of measures aimed at bolstering the bloc's strategic autonomy in key digital areas. As part of preparations for that package, discussions are taking place within the Commission around limiting the exposure of sensitive public-sector data to cloud platforms provided by companies outside of the EU, two Commission officials, who asked to remain anonymous as they weren't authorized to discuss private talks, told CNBC... "The core idea is defining sectors that have to be hosted on European cloud capacity," one of the officials said. They added that companies providing cloud solutions from third countries, including the U.S., could be impacted. Proposals would not prohibit overseas companies' cloud platforms from government contracts entirely, but limit their use in processing sensitive data at public sector organizations, depending on the level of sensitivity, they added. The officials said that talks are ongoing and yet to be finalized...
>
> The officials told CNBC there are discussions around proposing that financial, judicial and health data processed by governments and public-sector organizations require high levels of sovereign cloud infrastructure.
[1] https://www.cnbc.com/2026/05/07/eu-commission-cloud-sensitive-data.html
And replace them with what? (Score:2)
You kind of need actual viable alternatives if you want to migrate off something. And I do not see anything EU-centric that would stand as a replacement for Amazon, Google, IBM, Oracle or Microsoft at the moment.
Sounds like one of those half-baked AI deals that they announced one year ago - not serious at all, just enough to earmark some money for some companies linked to the politicians passing these directives.
Re:And replace them with what? (Score:5, Insightful)
> You kind of need actual viable alternatives if you want to migrate off something.
It's called a private cloud, it's not rocket surgery, we were doing clustering with machines with only dozens of MHz clock speeds and less RAM than most modern embedded platforms back in the nineties.
Re: And replace them with what? (Score:2)
Those private clouds are still going to be running at least some US software. If the stated goal is overall EU sovereignty over their data, that is not going to happen anytime soon.
Re: And replace them with what? (Score:2)
> Those private clouds are still going to be running at least some US software.
Which one?
Re: And replace them with what? (Score:2)
Leave the poor vibe coder alone, can't you see he ran out of credits on claude...
Re: (Score:2)
OVH is a large hosting provider in France that can compete with the likes of Google and Amazon for cloud services.
Alternatives for Oracle and MSFT are open-source: PostgreSQL and Linux respectively, and LibreOffice to replace MS Office. Even though Linux and PostgreSQL have a large developer community in the USA, the fact that they're open-source makes them a lot safer, and both projects also have a lot of EU developers who will be able to carry on if the USA goes rogue.
IBM is a special case; I don't kno
Re: And replace them with what? (Score:2)
As you said, Linux distros and Postgres both heavily rely on US code. Even Linus has been a US citizen for over a decade now.
Almost all modern hardware those clouds run on, from compute to storage to networking, also rely on US code.
When you think of actual, true, real alternatives that can be used today, every single one of them will have some sort of dependency on the US. Even the homegrown platforms in China, which are already lightyears ahead of EU offerings, remain heavily dependent on US tech. It is
Re: (Score:2)
> Linux distros and Postgres both heavily rely on US code.
This is not question they're trying to address. The origin of the code does not matter, you can can fork it, audit it, and you can hire thousands of people to work on it. For example HarmonyOS is a Chinese OS and it does not matter if it depends (or used to depend) on Android. The important question is loyalty. Those who can access sensitive data and those who can disrupt the operations (engineers, managers, executives alike) should not be submitted to the laws of foreign governments.
Re: (Score:2)
Open-source code is much safer the proprietary code. It can be audited, and in the specific cases of Linux and PostgreSQL, there are enough EU developers working on them to fork the project if the USA gets too insane.
To me, the most important things to do to mitigate risk are: (1) No dependence on proprietary US software, and (2) no dependece on US-based cloud services. I think that's the best we can do for now.
_For_ what, though (Score:2)
> And I do not see anything EU-centric that would stand as a replacement for Amazon, Google, IBM, Oracle or Microsoft at the moment.
If you need some kind of worldwide multizone setup, then you're probably right. For government services provided in countries for their citizens, you do not need that.
As a Slashdotter, you should know that on the software side there is a shitload of open source tooling available. The rest is a matter of running and managing a bunch of servers, not rocket science, not something that takes decades to build.
Creating a market only accessible to European companies via this kind of legislation means they can't ge
Re: _For_ what, though (Score:2)
The problem with building your own private cloud for this is that every part of it will still use US components in some fashion. Hardware, OS, networking, everything has US sourced materials or software.
Even if you ran a bunch of RISC-V processors on custom motherboards and linked with Huawei networking gear, youâ(TM)re probably using an OS with code from GNU or BSD. The chips on that networking gear? Broadcom, something ARM based.
You simply cannot decouple yourself from US products completely in 2026.
Re: (Score:2)
Maybe...European cloud platforms?
[1]https://european-alternatives.... [european-alternatives.eu]
[1] https://european-alternatives.eu/category/cloud-computing-platforms
sovereign systems (Score:2)
This, the disruption of the oil distribution network and the Canvas ransomware are examples of Law of Demeter asserting itself. Connecting everything to everywhere is just a bad idea.
[1]https://www.scry.llc/2026/04/1... [scry.llc]
"This is another example of Sovereign Systems / Law of Demeter in motion. The post-WW2 world is largely a fiat fiction which is probably unravelling. I expect this Sovereignty trend to increase as fiat money sheds confidence, national goals diverge and AI transforms the information industry."
[1] https://www.scry.llc/2026/04/11/sovereign-systems-france/
About damn time (Score:4, Interesting)
It has been kinda absurd to maintain the whole "Huawei networking devices are a security risk, they could sniff our traffic!" and then go and voluntarily put all the data directly into datacenters under a government that boasts its fairly comprehensive surveillance access to everything under it, often including by-its-own-laws illegal terms, and has been overtly more belligerent to EU in recent history than China has been in decades.
Re: About damn time (Score:1)
Would you suggest using Chinese hosted data centers? Would you trust the CCP that much? US has issues, but there is not an equivalency in the least.
Re: (Score:3)
What I would suggest, and what it sounds like they're doing, is to use EU data centers.
Way Behind (Score:2)
It is insane that the EU hasn't done more to create local tech companies to reduce their reliance on the US. They need their own version of Baidu, Alibaba, and Tencent (among others), just like China does. It's fine to leverage allies for certain parts of your economy, but the tech sector is right up their with military when it comes to industries where the EU shouldn't be depending on external allies so strongly. It's not like the EU has the same religious devotion to free markets that the US has which wou
Re: (Score:3)
> It's not like the EU has the same religious devotion to free markets that the US has
The EU has been very, very pro free markets. It is a very important part of why it even exists and has made it economically stronger and more prosperous via opening up markets of various European countries to each other and presenting itself as a unified trade partner. Thankfully, the tide is turning here.
It is important to remember that the EU is not at the level of unification or homogeneity that the US is. Member states are still struggling to work together and for many of them the relationship with the
They've realized the US is run by a thug (Score:3)
One phone call to Bezos, or Pichai or any of the others, and even the most sensitive EU data will be in the hands of the US government within hours. (Surely nobody can think these leashed pets will say no.) There's zero respect for security, privacy, national sovereignty, or the conequences.
The same thing is happening in Canada, and it will happen elsewhere. The Cloud Act plus the descent of the US into a fascist oligarchy has made this inevitable, and all of these countries have realized that they need to plan tech, and defense, and energy, and everything else to work with zero reliance on the US.
The US response to this be threats and tariffs, of course. They won't work: they'll only convince the EU to move faster.
Re: (Score:2)
Throwing around the word fascist oligarchy by a European Government Powers supporter is rich for humor. As I know it, Trump will be gone in Jan 2029 and the same old European power structure that has zero problems limiting free speech will just be more embedded in taking advantage of the relationships with North America in combination with ignoring threats of Russia and China.
Re: (Score:2)
In the US, Trump will be gone in 2029 but the Reich Court will still be there, the Heritage Foundation, Federalisti Society, and various Reich wing law groups and oligarchs will still be in place. So the fascist oligarchy will still be in place in America, and will continue to its pogrom of non whites and non male from all positions of power and economic opportunity until it is a Christian slaver nazi state, their new Reich.
Re: (Score:2)
Trump might be gone in 2029, but Trumpism and MAGA ideology will live on.
Obviously (Score:3)
No non-US organizations should rely on US-based proprietary software or US-based cloud services. The risks are simply too high.
So sad (Score:2)
It is incredibly sad that it has come to this, but the US has shown time and again that it prefers autocrats over democracies. This has been a painful lesson for much of Europe, and one we are still processing. But we need to reduce our dependence on the US. Any dependency will become leverage at some point.
The US used to be the good guys.
Re: (Score:2)
America prefers anything over socialist democrats getting in the way of a vibrant free market. This history of failure is long and very visible. Why do Europeans cling to big government?
Re: (Score:2)
What America "prefers" doesn't matter so much as what America "got" last year, which is Iron Curtain, not free markets.
Re: (Score:2)
> America prefers anything over socialist democrats getting in the way of a vibrant free market. Why do Europeans cling to big government?
It is more honest to say that those in power prefers it. Polling in the US shows consistent support for universal healthcare and making tuition at public colleges free for instance - both examples of the dreaded "big government".
And yes. I agree, the whole world has gotten a fine demonstration of your values.
Re: (Score:2)
Perhaps because on average, European countries are amongst the happiest in the world? Certainly far happier than the USA.
As a US citizen (Score:3, Interesting)
I totally support this. Its great that Europe is asserting its rights and taking control of its data for the sake of privacy and freedom.
Now. Who is gonna store the data? A European company I assume. Great. Which one? Its gotta be big enough to have the required scale. Except Europe doesnt like new big companies. If one doesnt exist, theyre gonna have to let one grow. Except everything about EU law is designed to tie companies up in red tape and prevent quick growth. Also, the company will probably have to operate in ALL the member countries, and each of those is a sovereign nation with its own laws and they dont agree on ANYTHING. Each with its own set of red tape. Where will the company be headquartered? If its not France, the French wont allow it. Ditto for a dozen other EU members.
I could go on. I totally encourage this. But Europe would have to change a LOT of things to actually make it happen.
At the moment, the reality is that its impossible to grow a new large company in the EU.
Re: (Score:3)
> Now. Who is gonna store the data?
Perhaps E.U. organizations will just rack up their own servers. There's really nothing magic about the cloud. Unless putting all your eggs in one [1]basket [slashdot.org] has some advantage to other than hackers or the NSA. Sure, it may look expensive to us. But E.U. tax rules differ subtly from the U.S. in terms of depreciation and capital vs expense. Data centers are huge loss-generating machines that look more profitable than reality.
[1] https://it.slashdot.org/story/26/05/08/0622227/the-canvas-hack-is-a-new-kind-of-ransomware-debacle
Re: (Score:1)
Oh come on. There are plenty of companies with many servers, and there is no need for a single company or country. Just look at [1]https://european-alternatives.... [european-alternatives.eu] but there are many more companies.
The only thing required is a set of sensible rules and regulations mostly concerning privacy and security, like EU's GDPR.
[1] https://european-alternatives.eu/category/cloud-computing-platforms
This Will Be Fascinating To Watch (Score:2)
I'm quite eager to see how this unfolds. On one hand, I agree with separating themselves from dependency on the U.S..** But on the other hand, I wonder where will they go, since there isn't any real European equivalent to M365, Azure, AWS, Google.
They could go with the Chinese or the Russian variants. But that seems like jumping from the frying pan to the fire, in my opinion. Of course the common suggestion is private cloud with Open Source software and whatever they can kludge together. But, that's going t
Trust is a vulnerability. (Score:2)
It's silly to trust other nations with one's data because the nation one made friendly arrangements with can replace the administration you trusted and purge its appointees.
Europe should not want any but FOSS because proprietary software only belongs to its creator. To use it is submission to its owners. The cost to European governments to code any software required is a trifle compared to relying on the kindness of their enemies.
No non-corrupt reasons exist to want the shackles of proprietary software. Th
About time (Score:2)
Given that citizens of the US have elected Trump as the US president twice it is pretty clear that EU countries cannot count on the US being a 100% reliable ally in the future.
That has all sorts of consequences and will require the EU to develop all sorts of capabilities.
The question of course is: will this mean willingness to reduce benefits / increase working hours to pay for all this to develop genuine competence through significantly more effort or will it be just performative?
Re: (Score:2)
US hasn't been a reliable ally to anyone sans maybe Israel in decades.
Re: (Score:3)
Why would any of this require reducing benefits or even increasing working hours? These are orthogonal issues with privacy and sovereignty and national security.
Re: (Score:3)
Must be the way of thinking that only ruthless exploitation and/or suffering can lead to success.
It is a way to rationalize and justify the suffering. If not for success, then why all the hardship?
Re: (Score:2)
You seem to conflate or confuse the "effort" of the individual doing his job with the "effort" of the government ordering him to do so. You seem to believe they don't have any less-useful endeavors to allocate man-hours from, and that training more sysadmins is not possible or desired.