I’m thrilled to sit down with Maryanne Baines, a renowned authority in cloud technology with extensive experience evaluating cloud providers, their tech stacks, and how their solutions serve various industries. Today, we’re diving into the hot topic of the EU Cloud Sovereignty Framework, exploring its goals, the concerns raised by local providers, and the broader implications for Europe’s tech landscape. Our conversation touches on the balance between sovereignty and competition, the challenges faced by European cloud providers against US giants, and the ongoing debate over transparency and standards in this critical sector.
Can you walk us through the EU Cloud Sovereignty Framework and what prompted its development?
Absolutely, Robert. The EU Cloud Sovereignty Framework is essentially a set of guidelines and criteria designed to ensure that cloud services used by public sector bodies in Europe align with the region’s values and legal standards. It was created to address growing concerns over Europe’s heavy reliance on US-based hyperscalers, especially in light of data privacy issues and geopolitical tensions. The framework aims to promote data sovereignty by encouraging the use of cloud services that are subject to EU laws, prioritize security, and maintain transparency in their operations. It’s a push to build a more independent and resilient digital infrastructure for Europe.
What are some of the main criticisms coming from local cloud providers about this framework?
Well, organizations like CISPE, which represents many European cloud providers, have been quite vocal about their concerns. They argue that the framework, as it stands, is too vague and could inadvertently favor the big US players over local operators. The so-called “sovereignty score” used to evaluate providers is seen as opaque, lacking clear benchmarks. There’s a fear that the criteria are so broad that large hyperscalers can check enough boxes to appear compliant without truly embodying the spirit of European sovereignty, which puts smaller, local providers at a disadvantage.
How do you think the design of the sovereignty score could impact the competitive landscape for European cloud providers?
That’s a critical point. The way the score is structured, it seems to allow providers to rack up points in areas that don’t necessarily reflect true sovereignty—like having a token presence in Europe or meeting minimal legal requirements. For smaller European providers, who often focus on niche, localized solutions, this is a real problem. They might score lower despite being more aligned with EU values simply because they can’t match the scale or global reach of giants like AWS or Microsoft. It risks widening the gap, making it harder for local players to compete for public sector contracts.
Let’s talk about the concept of a sovereign cloud. How does it differ from standard cloud services, and why is there a push for a clearer definition?
A sovereign cloud, at its core, is about control and independence. Unlike standard cloud services, which might store and process data anywhere in the world under varying legal jurisdictions, a sovereign cloud ensures that data stays within the EU, adheres to its regulations, and is immune to foreign interference—like US laws that could force data disclosure. The push for a clearer definition, as advocated by groups like CISPE, stems from the need for transparency. Customers, especially in the public sector, need to know exactly what they’re getting. A vague scoring system can obscure whether a service is truly sovereign, so a binary or straightforward indicator is seen as more trustworthy.
The European Commission argues that this framework brings clarity and sets a higher standard for the market. What’s your take on their perspective?
I see where the Commission is coming from. They’ve outlined eight sovereignty objectives—covering everything from legal compliance to supply chain transparency and environmental sustainability—which, in theory, should elevate standards across the board. The idea is to create a level playing field where providers must demonstrate their commitment to EU principles. However, I think the execution falls short. The objectives are noble, but if the scoring system lacks rigor or allows for loopholes, it won’t push the market toward genuine sovereignty. It might just be a box-ticking exercise for some of the bigger players, which undermines the whole purpose.
With US hyperscalers holding around 70% of cloud revenue in Europe, what kind of hurdles do local providers face in carving out their space?
The dominance of US hyperscalers is a massive challenge for European providers. The main hurdles are scale and resources. These giants have vast global infrastructures, deep pockets for R&D, and established relationships with major clients, including governments. Local providers often struggle with limited funding, smaller customer bases, and the high cost of building competitive tech stacks. On top of that, there’s a perception issue—many organizations equate size with reliability, so even when local providers offer tailored, sovereign solutions, they’re often overlooked. It’s a steep uphill battle.
What’s your forecast for the future of cloud sovereignty in Europe over the next few years?
I think we’re at a crossroads. If the EU can refine this framework to truly prioritize local providers and enforce strict, transparent sovereignty standards, we could see a real shift toward a more balanced market. There’s growing awareness and demand for data control, especially with political uncertainties and privacy concerns. However, if the current ambiguities persist, I fear the dominance of US hyperscalers will only deepen, even with their recent moves to appear more “European-friendly.” The next few years will hinge on whether Europe doubles down on fostering its own digital champions or continues to grapple with loopholes that favor the status quo.
