The EU Considers Restricting Use of US Cloud Platforms for Sensitive Government Data (cnbc.com) 88
CNBC reports:
The European Union is considering rules that would restrict its member governments' use of U.S. cloud providers to handle sensitive data, sources familiar with the talks told CNBC.
The European Commission — the EU's executive branch — is expected to present its "Tech Sovereignty Package" on May 27, which will include a range of measures aimed at bolstering the bloc's strategic autonomy in key digital areas. As part of preparations for that package, discussions are taking place within the Commission around limiting the exposure of sensitive public-sector data to cloud platforms provided by companies outside of the EU, two Commission officials, who asked to remain anonymous as they weren't authorized to discuss private talks, told CNBC... "The core idea is defining sectors that have to be hosted on European cloud capacity," one of the officials said. They added that companies providing cloud solutions from third countries, including the U.S., could be impacted. Proposals would not prohibit overseas companies' cloud platforms from government contracts entirely, but limit their use in processing sensitive data at public sector organizations, depending on the level of sensitivity, they added. The officials said that talks are ongoing and yet to be finalized...
The officials told CNBC there are discussions around proposing that financial, judicial and health data processed by governments and public-sector organizations require high levels of sovereign cloud infrastructure.
The European Commission — the EU's executive branch — is expected to present its "Tech Sovereignty Package" on May 27, which will include a range of measures aimed at bolstering the bloc's strategic autonomy in key digital areas. As part of preparations for that package, discussions are taking place within the Commission around limiting the exposure of sensitive public-sector data to cloud platforms provided by companies outside of the EU, two Commission officials, who asked to remain anonymous as they weren't authorized to discuss private talks, told CNBC... "The core idea is defining sectors that have to be hosted on European cloud capacity," one of the officials said. They added that companies providing cloud solutions from third countries, including the U.S., could be impacted. Proposals would not prohibit overseas companies' cloud platforms from government contracts entirely, but limit their use in processing sensitive data at public sector organizations, depending on the level of sensitivity, they added. The officials said that talks are ongoing and yet to be finalized...
The officials told CNBC there are discussions around proposing that financial, judicial and health data processed by governments and public-sector organizations require high levels of sovereign cloud infrastructure.
About time (Score:5, Insightful)
Given that citizens of the US have elected Trump as the US president twice it is pretty clear that EU countries cannot count on the US being a 100% reliable ally in the future.
That has all sorts of consequences and will require the EU to develop all sorts of capabilities.
The question of course is: will this mean willingness to reduce benefits / increase working hours to pay for all this to develop genuine competence through significantly more effort or will it be just performative?
Re:About time (Score:5, Insightful)
US hasn't been a reliable ally to anyone sans maybe Israel in decades.
Re: (Score:3)
US hasn't been a reliable ally to anyone sans maybe Israel in decades.
When has the US been a reliable ally?
Re: (Score:2)
1941 to 1990
Re: (Score:3)
1941 to 1990
You mean 1939?
Oh yeah wait a mo America only "came to its allies aid" after being attacked. That my man is not being a reliable ally, that's being purely self interested.
Re: (Score:2)
USAID
UNESCO
WHO
There were clearly some benefits to the US with those, but the US had at least been a reliable and beneficial participant, and those had been a net positive for the world. (With the US being the only participant with USAID)
Re: (Score:2)
Re: About time (Score:2)
Re:About time (Score:5, Insightful)
Re:About time (Score:5, Insightful)
Must be the way of thinking that only ruthless exploitation and/or suffering can lead to success.
It is a way to rationalize and justify the suffering. If not for success, then why all the hardship?
Re: About time (Score:2)
Because the there's about a 2%+ (Poland on the high end) swing in GDP for countries to feel internally secure.
That's either taxes or benefits cuts.
If we in the US get our heads out of our asses and start negotiating on medicine it'll be even more, since currently the US is funding a lot of medical research through high insurance prices.
Re: (Score:2)
The high US insurance prices aren't funding a lot of medical research. The research is done around the world in universities and research institutes at a steady rate.
The US pharmaceuticals want a lot of money from Americans so they can *develop* the existing research into products and corner the market. That is not cheap, because the bar to entry is high. The bar to entry is high because when private corporations rush to market, they make mistakes. And they rush to market only so that they can beat their
Re: (Score:2)
You seem to conflate or confuse the "effort" of the individual doing his job with the "effort" of the government ordering him to do so. You seem to believe they don't have any less-useful endeavors to allocate man-hours from, and that training more sysadmins is not possible or desired.
Re: (Score:2)
Re:About time [someone elected someone] (Score:2)
But the joke I was looking for was about who elected (and will elect) whom in these days of applied psychology destroying human freedom and the meaning of elections. In the form of a mystery novel the detective sometimes starts by asking "Who benefited?" (Certainly not Europe. Too soon to say China?)
And yet my mind is still boggled by the idea that there are people who voted for the YOB six times, counting primaries. Fool me one is supposed to be a mistake, twice is a shame, but six times?
Re: (Score:2)
Not sure what benefits or working hours have to do with this.
You are starting to see news like this:
https://www.techzine.eu/news/i... [techzine.eu]
It's not a mass exodus as such, but when contracts are up for renewal, there *are* European options, and they are starting to look attractive. Yes, that article is about Lidl (well, Lidl's owners) growing their cloud offering. If AWS grew out of a bookstore then I guess such a platform can be grown out of a grocery store as well.
And replace them with what? (Score:3)
You kind of need actual viable alternatives if you want to migrate off something. And I do not see anything EU-centric that would stand as a replacement for Amazon, Google, IBM, Oracle or Microsoft at the moment.
Sounds like one of those half-baked AI deals that they announced one year ago - not serious at all, just enough to earmark some money for some companies linked to the politicians passing these directives.
Re:And replace them with what? (Score:5, Insightful)
You kind of need actual viable alternatives if you want to migrate off something.
It's called a private cloud, it's not rocket surgery, we were doing clustering with machines with only dozens of MHz clock speeds and less RAM than most modern embedded platforms back in the nineties.
Re: And replace them with what? (Score:2)
Those private clouds are still going to be running at least some US software. If the stated goal is overall EU sovereignty over their data, that is not going to happen anytime soon.
Re: And replace them with what? (Score:2)
Those private clouds are still going to be running at least some US software.
Which one?
Re: And replace them with what? (Score:2)
Leave the poor vibe coder alone, can't you see he ran out of credits on claude...
Re: (Score:2)
What US software? One can use Ceph or Hadoop and have a multi-PB private cloud on F/OSS.
The only place I see that is lacking is a replacement for MinIO because it was abandoned... but I'm sure if someone funds a fork of it, it would be updated and be brought current. MinIO would give S3 compatibility and object locking.
Private clouds are not rocket science these days. If one doesn't want a F/OSS solution, there are numerous solutions that you can throw on an array of generic supermicros with drives on th
Re: (Score:1)
Re: (Score:2)
Those private clouds are still going to be running at least some US software.
Are they? Much of the open source world is driven out of the EEA if not the EU itself, and even if it isn't, open source can be forked. It would be far more correct of you to say that most private clouds in the USA are running some EU software.
From server management, virtualisation, cloud infrastructure, storage, OSes, groupware, communications, and even enterprise AI agents are all possible right now with 100% non-US software across the entire stack.
Re: (Score:3)
OVH is a large hosting provider in France that can compete with the likes of Google and Amazon for cloud services.
Alternatives for Oracle and MSFT are open-source: PostgreSQL and Linux respectively, and LibreOffice to replace MS Office. Even though Linux and PostgreSQL have a large developer community in the USA, the fact that they're open-source makes them a lot safer, and both projects also have a lot of EU developers who will be able to carry on if the USA goes rogue.
IBM is a special case; I don't kno
Re: And replace them with what? (Score:2)
As you said, Linux distros and Postgres both heavily rely on US code. Even Linus has been a US citizen for over a decade now.
Almost all modern hardware those clouds run on, from compute to storage to networking, also rely on US code.
When you think of actual, true, real alternatives that can be used today, every single one of them will have some sort of dependency on the US. Even the homegrown platforms in China, which are already lightyears ahead of EU offerings, remain heavily dependent on US tech. It is
Re: And replace them with what? (Score:4, Interesting)
Linux distros and Postgres both heavily rely on US code.
This is not question they're trying to address. The origin of the code does not matter, you can can fork it, audit it, and you can hire thousands of people to work on it. For example HarmonyOS is a Chinese OS and it does not matter if it depends (or used to depend) on Android. The important question is loyalty. Those who can access sensitive data and those who can disrupt the operations (engineers, managers, executives alike) should not be submitted to the laws of foreign governments.
Re: (Score:2)
A lot came from US code. Easy fix... fork it, or if really worried, have AI rewrite the code in a clean room style, like what malus.sh offers. Bonus points if it gets rewritten in a better language like Rust for performance and safety reasons.
F/OSS isn't the issue. It is closed source solutions... or even worse, services that are what one wants to get away from.
Re: And replace them with what? (Score:5, Interesting)
Open-source code is much safer the proprietary code. It can be audited, and in the specific cases of Linux and PostgreSQL, there are enough EU developers working on them to fork the project if the USA gets too insane.
To me, the most important things to do to mitigate risk are: (1) No dependence on proprietary US software, and (2) no dependece on US-based cloud services. I think that's the best we can do for now.
Re: (Score:2)
As you said, Linux distros and Postgres both heavily rely on US code. Even Linus has been a US citizen for over a decade now.
Yes, Linus also has US citizenship, but I believe it is just for helping with practical matters (and to not be considered an immigrant to be deported), as he is living over there. But he still has Finnish citizenship as well, and also identifies himself that way as well, as evidenced e.g. here [kernel.org]
Re: (Score:2)
Europe has ARM, Linux was created here, and there is plenty of domestic enterprise grade hardware in things like telecomms.
China has been transitioning away, and shows it is possible. They have domestic CPUs, RAM, storage, motherboards... Europe can catch up.
_For_ what, though (Score:2)
And I do not see anything EU-centric that would stand as a replacement for Amazon, Google, IBM, Oracle or Microsoft at the moment.
If you need some kind of worldwide multizone setup, then you're probably right. For government services provided in countries for their citizens, you do not need that.
As a Slashdotter, you should know that on the software side there is a shitload of open source tooling available. The rest is a matter of running and managing a bunch of servers, not rocket science, not something that takes decades to build.
Creating a market only accessible to European companies via this kind of legislation means they can't ge
Re: _For_ what, though (Score:2)
The problem with building your own private cloud for this is that every part of it will still use US components in some fashion. Hardware, OS, networking, everything has US sourced materials or software.
Even if you ran a bunch of RISC-V processors on custom motherboards and linked with Huawei networking gear, youâ(TM)re probably using an OS with code from GNU or BSD. The chips on that networking gear? Broadcom, something ARM based.
You simply cannot decouple yourself from US products completely in 2026.
Re: (Score:2)
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: _For_ what, though (Score:2)
https://en.wiktionary.org/wiki... [wiktionary.org]
Re: (Score:2)
You seam to be under the misunderstanding that this is somehow done in order to punish American corporations. It is not, it is simply the EU wanting sensitive government data to be solely under EU jurisdiction.
Aka using an European instance of AWS, Azure or Google makes the data be under both EU and American jurisdiction. Having a 100% European cloud provider however, and that is regardless of where the hardware used comes from, makes it be 100% under EU jurisdiction.
Re: (Score:2)
Maybe...European cloud platforms?
https://european-alternatives.... [european-alternatives.eu]
Re: (Score:2)
You kind of need actual viable alternatives if you want to migrate off something. And I do not see anything EU-centric that would stand as a replacement for Amazon, Google, IBM, Oracle or Microsoft at the moment.
That's because you only follow US news where US companies dominate your world view. The EU has plenty of providers. Cloud providers are dime a dozen, this includes ones that integrate with groupware providers. There are alternative office applications. There are MANY alternative communication providers. All of this is not only perfectly viable, they are already actively used in plenty of EU nations. The problem is some others have become victim of big US IT marketing.
Specifically on cloud services there are
sovereign systems (Score:2)
This, the disruption of the oil distribution network and the Canvas ransomware are examples of Law of Demeter asserting itself. Connecting everything to everywhere is just a bad idea.
https://www.scry.llc/2026/04/1... [scry.llc]
"This is another example of Sovereign Systems / Law of Demeter in motion. The post-WW2 world is largely a fiat fiction which is probably unravelling. I expect this Sovereignty trend to increase as fiat money sheds confidence, national goals diverge and AI transforms the information industry."
Re: (Score:2)
"Law of Demeter"? We don't use de meter in America! We use feet and yards, as God intended!
It seems there would be advantages in individual countries using their own national clouds. Countries within the EU still compete against each other.
About damn time (Score:5, Interesting)
It has been kinda absurd to maintain the whole "Huawei networking devices are a security risk, they could sniff our traffic!" and then go and voluntarily put all the data directly into datacenters under a government that boasts its fairly comprehensive surveillance access to everything under it, often including by-its-own-laws illegal terms, and has been overtly more belligerent to EU in recent history than China has been in decades.
Re: About damn time (Score:1)
Re: About damn time (Score:4, Informative)
What I would suggest, and what it sounds like they're doing, is to use EU data centers.
Re: (Score:2)
Would you suggest using Chinese hosted data centers?
Why would the alternative to the US be China when the EU has the second largest number of datacentres and cloud providers in the world? I think a better alternative would be education of the clueless people who think the EU doesn't have anything.
The EU has ~3000-4000 datacentres. China has about ~350-500 depending on which source you would look to.
Way Behind (Score:2)
It is insane that the EU hasn't done more to create local tech companies to reduce their reliance on the US. They need their own version of Baidu, Alibaba, and Tencent (among others), just like China does. It's fine to leverage allies for certain parts of your economy, but the tech sector is right up their with military when it comes to industries where the EU shouldn't be depending on external allies so strongly. It's not like the EU has the same religious devotion to free markets that the US has which wou
Re: (Score:3)
It's not like the EU has the same religious devotion to free markets that the US has
The EU has been very, very pro free markets. It is a very important part of why it even exists and has made it economically stronger and more prosperous via opening up markets of various European countries to each other and presenting itself as a unified trade partner. Thankfully, the tide is turning here.
It is important to remember that the EU is not at the level of unification or homogeneity that the US is. Member states are still struggling to work together and for many of them the relationship with the
Re: Way Behind (Score:2)
They don't!
Really? My company has been running fine for over a decade. Maybe I missed the red tape.
Re: (Score:2)
They need their own version of Baidu, Alibaba, and Tencent
Why would we need an EU version of those?
They've realized the US is run by a thug (Score:5, Interesting)
The same thing is happening in Canada, and it will happen elsewhere. The Cloud Act plus the descent of the US into a fascist oligarchy has made this inevitable, and all of these countries have realized that they need to plan tech, and defense, and energy, and everything else to work with zero reliance on the US.
The US response to this be threats and tariffs, of course. They won't work: they'll only convince the EU to move faster.
Re: (Score:1)
Re:They've realized the US is run by a thug (Score:5, Informative)
Re: (Score:2)
Trump might be gone in 2029, but Trumpism and MAGA ideology will live on.
Re: (Score:2)
Maybe, or maybe not. Prior to Hitler's becoming chancellor in 1933, the NSDAP had a minority of seats in the German parliament, having actually dropped in seat count from the previous election, and they had only 33% of the popular vote.
History doesn't repeat exactly, but we can't be complacent.
Re: (Score:2)
Throwing around the word fascist oligarchy by a European Government Powers supporter is rich for humor. As I know it, Trump will be gone in Jan 2029 and the same old European power structure that has zero problems limiting free speech will just be more embedded in taking advantage of the relationships with North America in combination with ignoring threats of Russia and China.
There are legitimate criticisms on can make of the EU. None of that negates the fact that the U.S. is descending into a fascist oligarchy.
Re: (Score:2)
The US has been spying on European leaders and people for years, and American cloud providers were just as much a liability during the Biden Presidency as they are now.
What the EU countries are doing is decades late.
Obviously (Score:4, Informative)
No non-US organizations should rely on US-based proprietary software or US-based cloud services. The risks are simply too high.
So sad (Score:5, Interesting)
The US used to be the good guys.
Re:So sad (Score:5, Insightful)
What America "prefers" doesn't matter so much as what America "got" last year, which is Iron Curtain, not free markets.
Re:So sad (Score:5, Interesting)
America prefers anything over socialist democrats getting in the way of a vibrant free market. Why do Europeans cling to big government?
It is more honest to say that those in power prefers it. Polling in the US shows consistent support for universal healthcare and making tuition at public colleges free for instance - both examples of the dreaded "big government".
And yes. I agree, the whole world has gotten a fine demonstration of your values.
Re: (Score:2)
That may seem like a contradiction, and it is; but anyone who increases taxes or lowers benefits gets voted out of office. Even Trump gave up getting rid of Obamacare.
Re: (Score:3)
Perhaps because on average, European countries are amongst the happiest in the world? Certainly far happier than the USA.
Re: (Score:2)
What's sad is that it has taken so long to reach that decision. I thought it was clear they needed to do this back before 2000. (I'm not exactly sure how long, but plausibly while I was in high school.)
As a US citizen (Score:3, Interesting)
Now. Who is gonna store the data? A European company I assume. Great. Which one? Its gotta be big enough to have the required scale. Except Europe doesnt like new big companies. If one doesnt exist, theyre gonna have to let one grow. Except everything about EU law is designed to tie companies up in red tape and prevent quick growth. Also, the company will probably have to operate in ALL the member countries, and each of those is a sovereign nation with its own laws and they dont agree on ANYTHING. Each with its own set of red tape. Where will the company be headquartered? If its not France, the French wont allow it. Ditto for a dozen other EU members.
I could go on. I totally encourage this. But Europe would have to change a LOT of things to actually make it happen.
At the moment, the reality is that its impossible to grow a new large company in the EU.
Re:As a US citizen (Score:4, Informative)
Now. Who is gonna store the data?
Perhaps E.U. organizations will just rack up their own servers. There's really nothing magic about the cloud. Unless putting all your eggs in one basket [slashdot.org] has some advantage to other than hackers or the NSA. Sure, it may look expensive to us. But E.U. tax rules differ subtly from the U.S. in terms of depreciation and capital vs expense. Data centers are huge loss-generating machines that look more profitable than reality.
Re: (Score:1)
Re: (Score:2)
this is no situation for amateur hour
So, cloud hosting is out. Got it.
Re: (Score:2, Informative)
The only thing required is a set of sensible rules and regulations mostly concerning privacy and security, like EU's GDPR.
Re: (Score:3)
Now. Who is gonna store the data? A European company I assume. Great. Which one? Its gotta be big enough to have the required scale.
Pick one. There's a lot of ignorance here as to the problem. The EU isn't some monolith and no one in the EU is proposing an EU wide single supplier. The scale does not need to cover 700 million people, it needs to cover the data requirements of each country.
As for who has that capability, the EU is only marginally behind the USA when it comes to the number of datacentres, and has about 10x the number of datacentres that China has. There are many cloud providers in the EU, and what is being proposed isn't s
Re: (Score:2)
You say that there are various EU companies focused on AI and datacenter services, and some of them are so big that they serve an entire EU country. You seem to think that a company that meets the Netherlands needs is huge.
In the US, the Netherlands wou
This Will Be Fascinating To Watch (Score:3)
I'm quite eager to see how this unfolds. On one hand, I agree with separating themselves from dependency on the U.S..** But on the other hand, I wonder where will they go, since there isn't any real European equivalent to M365, Azure, AWS, Google.
They could go with the Chinese or the Russian variants. But that seems like jumping from the frying pan to the fire, in my opinion. Of course the common suggestion is private cloud with Open Source software and whatever they can kludge together. But, that's going to be a significant step backwards in terms of the way today's businesses and governments operate on a technological level.
It's going to be fascinating to watch what Europe does and how it all works out, if they do anything. But, I suspect that they'll wind up right where they are now.
** It's somewhat interesting that the European position is that they don't want to deal with America's volatility and "lack of trustworthiness". They act as if America is suddenly beneath them and they are snubbing the U.S.. But, Trump has been banging on about 'pay your fair share or GTFO', at least with regards to NATO, for literally years. So the indignant 'we're leaving' seems weak. Perhaps even pathetic. Like; 'Good. Don't let the door hit you on the way out.'
Re: (Score:2)
Of those, Google will be the hardest to replace. At least without exerting eminent domain over patents.
Re: (Score:2)
** But on the other hand, I wonder where will they go, since there isn't any real European equivalent to M365, Azure, AWS, Google.
There's literally many alternatives to these in the EU. M365 you can look to Nextcloud, or Colabora, for Azure, AWS, and Google you could look to literally countless cloud providers within the EU.
They could go with the Chinese
The EU has roughly 10x the datacentre capacity of China mostly owned by companies you've never even heard of. Many governments are already using sovereign cloud infrastructure and local companies to achieve this. The EU is slow to pass such rules. One of the reasons is that these rules often go through an incredibl
Re: (Score:2)
Great! Sounds like you have it all figured out and solved then. Au revoir.
Re: (Score:2)
It's going to be particularly unpleasant for those using Graviton instances at AWS. You can't buy off-the-shelf replacements that actually compete well (yes I know about Ampere but Amazon is ahead of them, even after the ARM buyout).
Re: (Score:2)
Trust is a vulnerability. (Score:3)
It's silly to trust other nations with one's data because the nation one made friendly arrangements with can replace the administration you trusted and purge its appointees.
Europe should not want any but FOSS because proprietary software only belongs to its creator. To use it is submission to its owners. The cost to European governments to code any software required is a trifle compared to relying on the kindness of their enemies.
No non-corrupt reasons exist to want the shackles of proprietary software. That's like wanting proprietary speech.
Re: (Score:2)
The EU seems already busy with moving in the direction of open source software.
By the way: there is a difference between the EU and Europe. That being said, neither is a country.
i press the duh button (Score:1)
how is anyone so conceptually illiterate as to not recognize "cloud" and "security" as contradictory terms, anyway
Not only that (Score:3)
Roughly 20-25 years to late but better ... (Score:3)
... late than never I say.
MS 365 (Score:2)
While I am favorable to reducing the dependency on foreign cloud services, it is funny to promote the reduction of member state choices in a directive that has "sovereignty" in the name.
A close topic: is UE commission done with MS 365 after all?