Challenges Face European Governments Pursuing 'Digital Sovereignty' (theregister.com) 57
The Register reports on challenges facing Europe's pursuit of "digital sovereignty":
The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR)... Furthermore, these warrants often come with a gag order, legally prohibiting the provider from informing their customer that their data has been accessed. This renders any contractual clauses requiring transparency or notification effectively meaningless. While technical measures like encryption are often proposed as a solution, their effectiveness depends entirely on who controls the encryption keys. If the US provider manages the keys, as is common in many standard cloud services, they can be forced to decrypt the data for authorities, making such safeguards moot....
American hyperscalers have recognized the market demand for sovereignty and now aggressively market 'sovereign cloud' solutions, typically by placing datacenters on European soil or partnering with local operators. Critics call this 'sovereignty washing'... [Cristina Caffarra, a competition economistand driving force behind the Eurostack initiative] warns that this does not resolve the fundamental problem. "A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe," she says. "That simply doesn't work." Because, as long as the parent company is American, it remains subject to the CLOUD Act...
Even when organizations make deliberate choices in favour of European providers, those decisions can be undone by market forces. A recent acquisition in the Netherlands illustrates this risk. In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider. This came as an "unpleasant surprise" to several of its government clients, including the municipality of Amsterdam and the Dutch Ministry of Justice and Security. These bodies had specifically chosen Solvinity to reduce their dependence on American firms and mitigate CLOUD Act risks.
Still, The Register provides several examples of government systems that are "taking concrete steps to regain control over their IT."
American hyperscalers have recognized the market demand for sovereignty and now aggressively market 'sovereign cloud' solutions, typically by placing datacenters on European soil or partnering with local operators. Critics call this 'sovereignty washing'... [Cristina Caffarra, a competition economistand driving force behind the Eurostack initiative] warns that this does not resolve the fundamental problem. "A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe," she says. "That simply doesn't work." Because, as long as the parent company is American, it remains subject to the CLOUD Act...
Even when organizations make deliberate choices in favour of European providers, those decisions can be undone by market forces. A recent acquisition in the Netherlands illustrates this risk. In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider. This came as an "unpleasant surprise" to several of its government clients, including the municipality of Amsterdam and the Dutch Ministry of Justice and Security. These bodies had specifically chosen Solvinity to reduce their dependence on American firms and mitigate CLOUD Act risks.
Still, The Register provides several examples of government systems that are "taking concrete steps to regain control over their IT."
- Austria's Federal Ministry for Economy, Energy and Tourism now has 1,200 employees on the European open-source collaboration platform Nextcloud, leading several other Austrian ministries to also implement Nextcloud. (The Ministry's CISO tells the Register "We can see our input in Nextcloud releases. That is a feeling we never had with Microsoft.")
- France's Ministry of Economics and Finance recently completed NUBO (which the Register describes as "an OpenStack-based private cloud initiative designed to handle sensitive data and services.")
- In November the International Criminal Court in The Hague announced it was replacing its Microsoft office software with a European alternative.
- The German state of Schleswig-Holstein is replacing Microsoft products with open-source alternatives for 30,000 civil servants
Thanks to long-time Slashdot reader mspohr for sharing the article.
Re: (Score:2, Flamebait)
So... We should all stop whinging about dara sovereignty and privacy and just settle into being obedient serfs to our techno fascist overlords?
Re:Awful Lot Of European Whining (Score:5, Interesting)
" the solution is stupidly simple - European company's or socialist governments build European hyperscalers " Stupid is the operative word here.
The solution is not more surveillance... (hyperscalers?)
The solution is small, very local, tightly controlled, distributed data that has a well defined purpose and very limited access.... Not a pan-European clone of US surveillance.
The Austrian implementation of NextCloud is a good example.
Re: (Score:2)
There's an awful lot of European whining about their lack of data sovereignty. But, despite the fact that the solution is stupidly simple - European company's or socialist governments build European hyperscalers - no one seems to be actually attempting to address the issue.
Chinese companies built Chinese hyperscalers early and quickly. Why doesn't Europe have it's own hyperscalers? It seems to me that OVH could possibly do it with OVHCloud, and there is Exoscale. The Europeans could switch to these and build them out. But, all I hear is whining about America bad.
So, unless the Europeans are going to actually try to do something about it I really don't want to hear them whining about it. And, for the record, switching to a file syncing NAS and Libre Office is nothing at all like building a hyperscaler.
That's probably what is at least in part going to happen, but it's not as easy as it seems.
China has no issue in pouring whatever state aid they want to whatever company they want and have a much greater motivation to not rely on US infrastructure due to the hostility between the countries. The EU or EU State Members on the other side cannot just decide to e.g. "go with Exoscale" or whatever domestic provider because state aid in the EU is pretty strictly regulated: other companies would have the opportunit
Re: (Score:2)
I realized I might have been unclear in my post: with "go with Exoscale" I don't mean merely selecting them as provider, I mean in the context of investing state money into them to let them build up their infrastructure.
Re: (Score:2)
I think you're missing the point.
Europe doesn't need or want a clone panopticon.
Re: (Score:1)
I think you're missing the point. Europe doesn't need or want a clone panopticon.
I guess Brexit was all for the best then. The Brits seem ferociously dedicated to implementing a panopticon, and this would put them at odds with the EU as a whole, and with most of the countries that comprise it.
Re: (Score:2)
Re: (Score:2)
Good point. I knew that but the thought hadn't occurred to me. Doh!
Re:Awful Lot Of European Whining (Score:5, Insightful)
tl;dr: it's not the lack of EU cloud services, it's existing lock-in to US cloud services
Re: (Score:2)
From TFS:
"In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider."
Problem is Cloud Act 2018 passed by Repubs (Score:2, Insightful)
Re:Problem is Cloud Act 2018 passed by Repubs (Score:4, Insightful)
I think the better solution is to not spend money on a country run by an extremist government.
Re: (Score:1)
I think the better solution is to not spend money on a country run by an extremist government.
This, exactly. Also, more players in the cloud services space creates diversity and the possibility of redundancy, which leads to additional resilience.
Re: (Score:3)
Cloud is more than storage. How do you protect your O365 usage with encryption? If the NSA asks, Microsoft just pushes an additional script that logs everything you do, no matter if it is stored securely afterward. Also every key not generated on the end user's device is insecure. And teaching users to do e2e is hard.
Re: (Score:2)
So how do you propose people encrypt the data used and produced by M365?
I'm not sure this is possible (Score:1, Offtopic)
With the U.S. in the mindset that it can do whatever it wants anywhere at any time as long as it says its own "National Security" is threatened I'm not sure that "sovereignty" really means much no matter what words someone writes down on a piece of paper somewhere and votes on it.
Trump a) thinks he can annex Greenland, b) commit open murder in international waters, c) do the same thing in Nigeria, d) invade Venezuela, e) ... you get the idea. But it is not like he was the first one. The Cheney adminis
Re: (Score:1)
There's a big difference between thinking about something or wanting something, and actually doing/getting it. Trump can, eg., talk all he wants about annexing Greenland, but to actually do it he'll have to send the Army to Greenland and invade it. That'll involve having the Danish Army shooting back at the invaders, and the Danes calling on the mutual-defense provisions of NATO to bring most of Europe in on their side. That's not going to end well for the US, not even counting the question of whether the J
Re: (Score:1)
Trump has no problem starting a war with Venezuela and hasn't received much pushback. He will soon invade and take it over unless they surrender "our" oil to him.
Re: (Score:2)
and the Danes calling on the mutual-defense provisions of NATO to bring most of Europe in on their side.
There's nothing in the NATO rule book that allows Article 5 to be triggered for an invasion by another NATO member because it wasn't ever contemplated that this would be a scenario that would ever happen.
Re: (Score:3)
Re: (Score:2)
... the Danes calling on the mutual-defense provisions of NATO to bring most of Europe in on their side.
Don't forget Canada. We're a NATO member, we're between the US and Greenland, and we're in the process of establishing a consulate in Nuuk. Not to mention something most USians don't understand, namely just how over-the-top pissed off we are at Trump's 51st state bullshit.
Those who think the Canadian Military is a joke might want to read this: https://nationalpost.com/news/... [nationalpost.com] If WWII is more your thing, look up Ortona and Scheldt.
We've calmed down a bit since then, but that spirit still lives here.
Re: (Score:2)
Why don't you guys burn the white house again? A lot of people in the whole world would be grateful.
Re: (Score:2)
Why don't you guys burn the white house again? A lot of people in the whole world would be grateful.
Maybe just the East Wing? Oh, wait... ;-)
I don't think most of us here are ones to start a war - but we're definitely up for finishing one if our hand is forced.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
68K in your armed forces? and 27K in reserves? 406 aircraft but only 40% servicable because of lack of personnel? 18 warships in Pacific and 15 in Atlantic? That is all small potatos. Staying out of wars is best, you'd get you canadian bacon handed to you.
The US has an almost unblemished record of utterly failing to hold countries which it "conquers". America could take us over by main force, but it would totally have its ass handed to it by us during the subsequent guerilla warfare. And an awful lot of American soldiers are southern boys who can't even dreive competently on a snowy road, much less survive and thrive in Canadian winters.
And then there's all the manpower, armaments, and fighter jets which our allies would be helping us out with. You know, "al
Re: (Score:1)
Re: (Score:2)
And Europe would get instantly crushed, if it ever came to that.
It won't. But Europe is entirely reliant on the US choosing not to do that.
Re: (Score:1)
Trump thinks he can... (Score:2)
annex Greenland - NOPE, that trial balloon failed to launch
b) commit open murder in international waters - DID IT with some US and non-US pushback but hasn't faced any real consequences yet.
c) do the same thing in Nigeria - HAD (OR COERCED) PERMISSION so it must be okay wink wink
d) invade Venezuela - TBD/STILL IN PLAY
Re: (Score:2)
that this same rouge government
Damn... yet another red scare
Acquisitions (Score:2)
American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider.
Don't foregin (EU) countries have anything like CFIUS [treasury.gov]? Where they can essentially tell US companies and even shareholders to basically f* off.
Re: (Score:3)
Don't foregin (EU) countries have anything like CFIUS [treasury.gov]
The EU has the EU framework for investment screening [europa.eu] and individual State Members also typically have their own national mechanism to review and potentially block acquisitions in some circumstances.
National sovereignty (Score:4, Insightful)
The Dutch government could have (and should have) blocked the acquisition of Solvinity.
And yes, all non-US countries and organizations must, as a matter of critical importance, minimize their dependence on US software and services. The risk of not doing so is simply far too high.
Re: (Score:1)
The cloud act Does Not apply to the big boys (Score:2, Interesting)
The large companies, especially financial companies, do not have their US based company own the assets in other countries. Instead they spin up a new local company in those countries to avoid laws exactly like this one.
They have full control over those companies because they control the purse, but those local countries can then follow the local regulations within their region.
This is VERY common, and I'm surprised this was not mentioned as something that almost all large corporations do to avoid the issues
Re: (Score:3)
"TDS" is a meaningless term used by MAGA idiots to shut down arguments. Anyone who uses it is clearly a clown arguing in bad faith, so meh.
Re: The cloud act Does Not apply to the big boys (Score:2)
Re: (Score:1)
Re: (Score:1)
Are you seriously asserting that European leadership aren't overwhelmingly and negatively focused on whatever Trump does? I'm sure it's coincidence that the EU only warns Twitter ... once Musk has bought it and freed it from the hard-woke filter engine of the left. And the EU only hated Musk because he dared to openly support Trump.
The use of the term "MAGA" is only used to shut down arguments. Anyone who uses it is clearly a clown arguing in bad faith, so meh.
What's Putin's asset in the Whitehouse up to now? (Score:1)
Kremlin aide Yuri Ushakov states that President Vladimir Putin informed President Trump of the claimed Ukrainian drone attack against his residence in the Novgorod Oblast of Northwestern Russia during this morning’s phone call, with Trump said to have been “shocked and outraged,” reportedly telling Putin, “Thank God, we did not give Tomahawks to Ukraine,”
MAGA gullibility goes all the way to the top!
I wonder what possible reason Europeans would have to be anti-Trump and Putin...I guess we'll never know.
What's Putin's asset in the Whitehouse up to today (Score:1)
Disgraced conservative media personality Lauren Chen, the founder of Tenet Media on YouTube, which provided a platform to several right-wing commentators including Tim Pool, Benny Johnson and Dave Rubin, and was exposed by the FBI in 2024 for taking millions in funding from the Russian state-owned news agency RT, resulting in Chen having her work visa revoked and being forced to return to her home country of Canada, was allowed to reenter the United States this month with assistance from officials in the Trump Administration, specifically Joe Rittenhouse, a senior adviser on consular affairs with the State Department who Chen thanked publicly on Instagram and X.
Re: (Score:3)
Right. I am absolutely convinced that if MSFT gets an order from the US feds to turn over data held by one of their spun-up local companies that they will not comply. CONVINCED, I say.
#1 American Interference (Score:2)
So what happens when ... (Score:3)
A USA owned company that has a subsidiary in, say, Ireland that is staffed by Irish people (citizens & domiciled) and USA based staff cannot ssh (or similar) in to do things. The USA government makes an order under the Cloud act on the USA company. This then orders its Irish subsidiary and the Irish staff decide that obeying the order would breach the GDPR/similar and so tell the USA parent to shove it.
What can the USA government do ?
Re: (Score:3)
Force the company to force the subsidiary to do it anyways, since they are owned by the parent company (as they are a subsidiary). If your company is owned by another, and they tell you that you have to do X, you have to do X or you get fired. Also the US parent company would probably require one of their guys have access to all access controls, so they'd just go in and do it anyways and not tell the locals.
Re: (Score:2)
Have M$ shut off Office365 to, say, the ICC. And they do.