惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Securelist
SecWiki News
SecWiki News
Help Net Security
Help Net Security
Attack and Defense Labs
Attack and Defense Labs
L
LINUX DO - 最新话题
H
Heimdal Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
H
Hacker News: Front Page
Hacker News - Newest:
Hacker News - Newest: "LLM"
Google DeepMind News
Google DeepMind News
V2EX - 技术
V2EX - 技术
Hacker News: Ask HN
Hacker News: Ask HN
O
OpenAI News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
A
Arctic Wolf
Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy & Cybersecurity Law Blog
T
Threatpost
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Spread Privacy
Spread Privacy
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
人人都是产品经理
人人都是产品经理
S
SegmentFault 最新的问题
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Palo Alto Networks Blog
C
CERT Recently Published Vulnerability Notes
PCI Perspectives
PCI Perspectives
AWS News Blog
AWS News Blog
IT之家
IT之家
美团技术团队
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Tailwind CSS Blog
M
MIT News - Artificial intelligence
V
Visual Studio Blog
Schneier on Security
Schneier on Security
T
The Exploit Database - CXSecurity.com
有赞技术团队
有赞技术团队
小众软件
小众软件
Google Online Security Blog
Google Online Security Blog
N
News | PayPal Newsroom
博客园_首页
T
Tenable Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
S
Secure Thoughts
I
Intezer

The Register - Off-Prem: PaaS + IaaS

AWS lets agents drive its virtual cloudy desktops Trump threatens UK with ‘big tariff’ over digital tech tax UK tribunal sends £2B claim accusing Microsoft of overcharging for licensing to trial £2B Microsoft licensing claim gets go-ahead from UK tribunal One of Europe's sovereign cloud picks may not be so-sovereign after all Europe picks 4 sovereign cloud providers, but one has Google Networks not ready for the challenges of AI traffic UK told its Big Tech habit is now a national security risk Commvault has a Ctrl+Z for rogue AI agents Amazon rejects AWS climate disclosure proposal Microsoft cuts cloudy desktop prices by 20 percent Google taps Intel for another round of custom network chips Nutanix thinks some Azure cloud desktops belong on-prem AWS would prefer to forget March in UAE region AWS would prefer to forget March in UAE region CMA dithers as Microsoft's cloud meter runs on your dime Microsoft startup credits are the gift that keeps on billing SAP's grand cloud escape plan €2B short of the runway Alibaba Cloud hikes prices by up to 34%, blames hardware costs and AI demand Alibaba Cloud lifts prices, blames AI and hardware costs Founder finds Azure startup credits don't apply to Claude Lloyds Banking Group apps play mix-and-match with customer transactions Oracle outage knocks TikTok offline for some US users Oracle outage knocks TikTok offline for some US users Bank of England says it can run £431M settlement system without Accenture AWS says drones hit two of its datacenters in UAE, urges users to move resources to different regions AWS says drones hit two of its datacenters in UAE Salesforce CEO 'SaaSquatch' Benioff says his company will monster the SaaSpocalypse Salesforce CEO declared victory over flagging software sales Former Amazon UK boss set to chair CMA Founder drops AWS for Euro stack in bid for sovereignty Founder drops AWS for Euro stack in bid for sovereignty FTC to investigate Microsoft's cloud and AI dominance FTC to investigate Microsoft's cloud and AI dominance Oracle suits up for Air Force Cloud One program with $88M contract Europe set to treble sovereign cloud investment Europe set to treble sovereign cloud investment Courts unplug from ancient datacenters after five-year slog MEP: 'The EU runs on Microsoft', Uncle Sam could turn it off Azure outages ripple across multiple dependent services Azure outages ripple across multiple dependent services Europe shrugs off tariffs, plots to end tech reliance on US Want digital sovereignty? That'll be 1% of your GDP into AI infrastructure please Microsoft Azure OpenAI Service takes an unscheduled day off in Sweden AWS's inevitable destiny: becoming the next Lumen AWS destiny: becoming the next Lumen 3 is the magic number for Alaska Airlines: triple redundancy Microsoft 365 outage drags on for nearly 10 hours GSA's VMware framework deal skips the actual hypervisor AWS flips switch on Euro cloud as sovereignty fears mount Meta reacts to power needs by signing long-term nuke deals UK urged to cut out US Big Tech for sake of digi sovereignty AWS raises GPU prices 15% on a Saturday Europe building an Airbus for the cloud age Oracle's new AI-enhanced support portal leaves users fuming Atlassian's DR simulation showed it lived in dependency hell UK govt seeks replacement for Post Office Horizon system Public cloud spending forecast to reach $591bn in 2023 Google to review every project after $6bn decline in profits Delta Airlines takes flight with Amazon Web Services Cloud infrastructure spend to top non-cloud in 2022 HPE Greenlake to power Taeknizon expansion in UAE Google's Dallas datacenter opens up new cloud region American Airlines decides to cruise into Azure's cloud Tencent happily parting ways with loss-making cloud customers DigitalOcean offers $4 VM while increasing prices Cloud spending will near $500 billion this year Tencent Cloud ends pursuit of 'revenue growth at all costs' IaaS is a lousy business, says Chinese web giant Tencent: PaaS and SaaS is how we’ll make money in the cloud UK government puts £750m on the table as it looks to deal directly with cloud providers Cloud now bigger than Dell, HPE, Lenovo, Cisco combined McAfee says cloud security not as bad as we feared… it's much worse Oracle: Over here, look over here! At the cloud! No, not at our glum licensing numbers Oracle's Hurd says 95% of its software will be cloud services this year Pivotal fluffs up *sigh* Cloud Foundry *sigh* cloud for battle in the *sigh* cloud IBM throws open doors of XaaS supermarket Google offers up its own flesh to the world's braying cloud hordes Red Hat clutches OpenShift, takes platform cloud to second version Swish PaaS Bosh: Sons of VMware spin up Pivotal One cloud platform Google holds its nose, lets the hoi polloi run PHP on its shiny cloud Engine Yard loads Oracle tech into cloud platform Microsoft takes second run at platform cloud CYBORG CLOUD comes to VMware Amazon tightens grip on cloud market, report shows IBM pours WebSphere tech into Cloud Foundry cauldron Red Hat parachutes into crowded PaaS market Heroku publishes API for its platform cloud AppFog PaaS drops Rackspace IaaS Platform clouds can make enterprises all teeth and no tail Report: Amazon dominates global cloud spend Engine Yard plugs multiple IaaS players into back end Red Hat revs OpenShift Enterprise to 1.1 Platform clouds generating more noise than cash IBM adds platform services to SmartCloud Trevor Pott's guide to pricing up the cloud Red Hat answers Microsoft Azure with OpenShift dev cloud Infosmack tackles VMware's Cloud Foundry Why and when choose PaaS? PaaS potential and practicality The public cloud ... why bother?
Europe gets serious about cutting US digital umbilical cord
Kim Loohuis Kim Loohuis · 2025-12-22 · via The Register - Off-Prem: PaaS + IaaS

PaaS + IaaS

Europe gets serious about cutting digital umbilical cord with Uncle Sam's big tech

Public bodies migrate in the bloc as hyperscalers claim sovereignty

FEATURE Europe’s quest for digital sovereignty is hampered by a 90 per cent dependency on US cloud infrastructure, claims Cristina Caffarra, a competition expert and a driving force behind the Eurostack initiative.

While Brussels champions policy initiatives and American tech giants market their own ‘sovereign’ solutions, a handful of public authorities in Austria, Germany, and France, alongside the International Criminal Court in The Hague, are taking concrete steps to regain control over their IT.

These cases provide a potential blueprint for a continent grappling with its technological autonomy, while simultaneously revealing the deep-seated legal and commercial challenges that make true independence so difficult to achieve.

The core of the problem lies in a direct and irreconcilable legal conflict. The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR).

This creates a risk that is difficult, if not impossible, to mitigate contractually. Any private contract between a European customer and a US cloud provider is ultimately subordinate to US federal law. A warrant issued under the CLOUD Act legally compels an American company to hand over data, overriding any contractual commitments of data residency or privacy.

Furthermore, these warrants often come with a gag order, legally prohibiting the provider from informing their customer that their data has been accessed. This renders any contractual clauses requiring transparency or notification effectively meaningless. While technical measures like encryption are often proposed as a solution, their effectiveness depends entirely on who controls the encryption keys. If the US provider manages the keys, as is common in many standard cloud services, they can be forced to decrypt the data for authorities, making such safeguards moot.

The conflict between the CLOUD Act and European data protection law becomes a practical barrier through Article 35 of the GDPR, which mandates a Data Protection Impact Assessment (DPIA) before deploying any new technology that is "likely to result in a high risk to the rights and freedoms of natural persons."

When conducted for US hyperscaler services, these DPIAs invariably flag the CLOUD Act as a significant, often unacceptable, risk. This legal obligation is increasingly becoming the primary driver of public bodies to seek alternatives.

What Austria learned

Austria's Federal Ministry for Economy, Energy and Tourism is a case in point. The ministry recently completed a migration of 1,200 employees to the European open-source collaboration platform Nextcloud, but the project was not a migration away from an existing US cloud provider. It was a deliberate choice not to adopt one.

Unlike many organizations that rushed to adopt American cloud solutions during the COVID-19 pandemic, the Austrian ministry had more time to evaluate alternatives because it was still using Skype for Business. That breathing room proved critical.

Florian Zinnagl, the ministry's CISO, and Martin Ollrom, its CIO, led the project. The ministry processes not only employee data but also sensitive information from citizens and external businesses, making the DPIA risk assessment particularly critical. For Ollrom, the issue went beyond a single technology decision.

"This is not just about Microsoft. It's about a fundamental shift where Big Tech companies are moving all your data and operational control into their clouds," he tells The Register. "We in the IT department have been concerned for years about losing control over our own infrastructure."

The primary driver was not cost, but sovereignty. "It was never about saving money," Zinnagl adds. "It was about maintaining control over our own data and our own systems."

A three-month proof-of-concept on the ministry's own servers convinced the team that Nextcloud could deliver the functionality they needed. More importantly, it offered something Microsoft never could, according to the CISO: "We can see our input in Nextcloud releases. That is a feeling we never had with Microsoft," says Zinnagl.

The migration, completed in just four months, demonstrated that such projects can be executed swiftly. The Nextcloud solution turned out to be significantly cheaper, we're told, but the principle of maintaining control remained paramount.

The decision has triggered a ripple effect, as several other Austrian ministries have since begun implementing Nextcloud. For Zinnagl and Ollrom, this proves that one organization willing to take the first step can inspire others to follow.

Their advice to other European governments is clear: be brave, involve management, and start. "You don't achieve digital sovereignty overnight," Ollrom tells The Register. "You have to do this in many steps, but you have to start with the first step. Don't just talk about it, but execute it."

Yet the Austrian case also illustrates the practical limits of digital sovereignty. Nextcloud now serves as the primary collaboration platform for internal communication and file sharing, but Microsoft Teams has not been banned entirely.

Its use is strictly limited to external communication with parties that still rely on it, such as the European Commission. Even then, strict rules apply: no sensitive information may be discussed on Teams, and usage is kept to an absolute minimum. This hybrid approach reflects a pragmatic recognition that complete independence is not always immediately possible when external partners remain locked into US platforms.

The scale of Europe's technological deficit makes migrations like Austria’s daunting for most organisations. A recent analysis by the Australian Strategic Policy Institute found that of 64 crucial technologies, China leads in 57 and the United States in the remaining seven. Europe leads in none.

The Draghi report on European competitiveness, published in September 2024, similarly warned of Europe's growing dependence on foreign technology providers.

This stark reality underscores a broader vulnerability: Europe's digital infrastructure is almost entirely dependent on non-European providers. If a major American cloud provider were to restrict European access or cease operations, the consequences would be immediate and severe. This fragility has created a market opportunity that American hyperscalers are now exploiting.

The scale of the challenge is underscored by recent market analysis from analyst firm Forrester. It predicted that no European enterprise will shift entirely from US hyperscalers in 2026, citing geopolitical tensions, ongoing volatility, and the impact of new legislative acts like the EU AI Act as barriers to independence.

For Cristina Caffarra, founder of the Eurostack Foundation and a competition economist, Europe's predicament is both alarming and self-inflicted. She estimates that 90 percent of Europe's digital infrastructure (cloud, compute, and software) is now controlled by non-European, predominantly American, companies.

The issue, she argues, is not that Europe needs to eliminate American providers entirely, but that it has allowed its own market share to collapse to dangerous levels. In every other major region, procurement rules favour local providers. Europe, by contrast, operates under a default principle of open procurement that effectively mandates buying from anywhere. "We have rules that are so poorly designed they work against us," she said in an interview with The Register.

Caffarra's critique extends beyond procurement policy. She is scathing about Europe's regulatory response to Big Tech dominance, dismissing initiatives like the Digital Markets Act and antitrust cases as ineffective distractions.

While Brussels focuses on regulating consumer-facing services, the underlying infrastructure has been handed over entirely. "What Europeans don't realize is that while they regulate e-commerce and app stores, the digital infrastructure on which everything rests is now owned by non-Europeans," she says.

Her proposed solution, embodied in the Eurostack Foundation, is not more regulation but an industrial strategy focused on three pillars:

First, buy European: procurement rules must prioritize European providers for critical infrastructure, as is standard practice in the United States and Asia.

Second, build European: the private sector must invest in developing European alternatives, rather than relying on subsidies or waiting for government intervention.

And third, fund European: a dedicated fund should support the development of Europe's technology stack, with public bodies acting as launching customers to create initial demand and prove viability.

The goal, she emphasizes, is not autarky or protectionism, but resilience. Europe does not need to achieve complete independence from American technology, but it does need to reclaim a meaningful share of its own market. "Can we please have 30 to 40 percent for ourselves?"

For Caffarra, the path forward requires a fundamental shift in mindset: from talking to building, from regulating to investing, and from passivity to action. Europe cannot rely on Brussels to deliver this transformation. The market must build it, but governments must create the conditions, through procurement preferences and initial funding, that make it viable.

European alternatives do exist. Platforms like Nextcloud, OVHcloud, Collabora, and others offer genuine sovereignty. Yet for many organizations, distinguishing real alternatives from false promises has become increasingly difficult.

American hyperscalers have recognized the market demand for sovereignty and now aggressively market 'sovereign cloud' solutions, typically by placing datacenters on European soil or partnering with local operators. Critics call this ‘sovereignty washing’.

Caffarra warns that this does not resolve the fundamental problem. "A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe," she says. "That simply doesn't work." Because, as long as the parent company is American, it remains subject to the CLOUD Act.

For Caffarra, this trend is dangerously reminiscent of Gaia-X, a previous flagship initiative for a federated European cloud. "The intention behind Gaia-X was good," she says. "The problem was that American companies lobbied to be included. Once Microsoft, Google, and AWS were inside Gaia-X, the initiative lost its purpose.". In her opinion: "That is why it failed."

The project was, she argues, undermined from within by the very forces it sought to provide an alternative to. Today, "sovereignty-washing" represents a more sophisticated version of the same tactic: coopting the language of autonomy to entrench dependency.

Beyond sovereignty to true tech independence

Yet Europe's vulnerability extends beyond marketing tactics. Even when organizations make deliberate choices in favour of European providers, those decisions can be undone by market forces. A recent acquisition in the Netherlands illustrates this risk. In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider.

This came as an “unpleasant surprise” to several of its government clients, including the municipality of Amsterdam and the Dutch Ministry of Justice and Security. These bodies had specifically chosen Solvinity to reduce their dependence on American firms and mitigate CLOUD Act risks.

Solvinity manages critical national infrastructure, including the Netherlands' citizen authentication system and government service portal. The acquisition places these systems squarely within the potential reach of US authorities. The case demonstrates that even a deliberate choice for a local provider offers no guarantee of long-term sovereignty when that provider can be acquired by a US-based entity, exposing a critical flaw in Europe's strategy that cannot be solved by procurement alone.

Yet despite these structural challenges and the risks they pose, a growing number of public bodies are demonstrating that a different path is possible. Driven by the legal imperatives of the GDPR and mounting concerns about data access, organizations across Europe are taking concrete moves toward genuine sovereignty. The International Criminal Court (ICC) in The Hague announced in November 2025 it was replacing its Microsoft office software with a European alternative.

The decision to adopt OpenDesk, an open-source office and collaboration suite delivered by the German Centre for Digital Sovereignty (ZenDiS), was seen as a direct response to political pressure from the United States, which has sanctioned ICC employees in the past. The move was reportedly catalyzed by an incident in which chief prosecutor Karim Khan was temporarily locked out of his Outlook email account.

The new system, supported by the German government, bundles services from European providers like Nextcloud and Collabora, and involves the Dutch national health institute RIVM. It is a powerful example of an international institution, located in the heart of Europe, pushing back against hyperscaler dominance.

This trend is visible across the continent. In Germany, the state of Schleswig-Holstein is undertaking an even more ambitious project to replace Microsoft products with open-source alternatives for its 30,000 civil servants. The state began its migration in March 2024 and has already transitioned 24,000 employees to LibreOffice, Nextcloud, Open Xchange, and Thunderbird.

The project has since inspired broader European collaboration. In July 2025, Germany, France, Italy, and the Netherlands established the European Digital Infrastructure Consortium for Digital Commons to jointly develop and scale sovereign digital tools like OpenDesk.

In France, the Ministry of Economics and Finance recently completed NUBO, an OpenStack-based private cloud initiative designed to handle sensitive data and services. These cases illustrate that while a complete break from US hyperscalers may seem unrealistic, as Forrester predicts, targeted migrations for specific, high-risk applications are not only possible but are actively being pursued. They represent a grassroots movement, driven by legal obligations and a growing desire for autonomy.

For these individual successes to scale into a continent-wide shift, however, structural barriers must be addressed. The path to digital sovereignty is not a single, grand gesture but a series of deliberate, often difficult, choices. The examples from Austria, France, and the ICC show that the journey begins with a single, courageous step, often prompted by the mundane reality of a data protection assessment.

They prove that alternatives exist and that the benefits extend beyond mere compliance. Yet, the case of Solvinity in the Netherlands serves as a stark warning that procurement alone is not enough; without mechanisms to protect European champions from foreign acquisition, any progress can be undone overnight.

For Europe, the question is no longer whether it should pursue digital sovereignty, but whether it has the collective will to stop talking, start building, and, most importantly, distinguish real autonomy from clever marketing.

Caffarra frames the challenge starkly: "Imagine if Americans woke up one morning to discover that 90 percent of their digital infrastructure was owned by Europeans. Would they regulate? Or would they march to the White House and demand action: 'Let's build'?" ®