Key Requirements for European Cloud Competitiveness

As anyone following EU affairs could not avoid notice, Mario Draghi unveiled his long-awaited report today. He touched upon various issues, but digital technologies in general and AI in particular stand out as a make-it-or-break-it matter. Here is what you need to know. The report's focus is on Europe's competitiveness. For Draghi, the origin of the productivity gap between the EU and the US that started to widen in the mid-1990s is explained mainly by Europe's failure to capitalize on the first digital revolution driven by the internet. Several structural problems are pointed out, particularly those related to access to capital and fragmentation of the single market. However, the most daunting criticism for Brussels is "inconsistent and restrictive regulations" that burden SMEs and innovators. Draghi notes that "while the ambitions of the EU's GDPR and AI Act are commendable, their complexity and risk of overlaps and inconsistencies can undermine developments in the field of AI by EU industry actors." A slap in the face for EU policymakers who boast the 'Brussels effect.' Very harsh words at the press conference as well. "With this legislation, we are killing our companies," Draghi said, pointing out that regulation favors large players since SMEs have fewer resources for compliance. To mitigate this regulatory burden, Draghi suggests harmonizing national AI sandbox regimes, simplifying the implementation of the GDPR, and avoiding contradictions between the two landmark laws. Potential regulatory hindrances should also be regularly assessed. The report recommends the adoption of an EU Cloud and AI Development Act to enhance computing infrastructure and AI capabilities and launch plans to integrate AI models in strategic sectors vertically. Draghi details how he thinks these verticals should be developed, as he sees them as vital for Europe's industrial players to stay competitive. The overall coordination is assigned to a 'CERN-like' AI incubator, an idea that emerged from the EU chief scientific advisors. The report goes one step further and proposes the launch of 'quasi-pilot lines' to bring together the relevant market actors to develop sector-specific AI models. Grand challenges are also envisaged to fast-track translating scientific findings into industrial applications. To sum up, for Draghi, Europe needs to get back into the tech race with the US and China, and the 'AI revolution' is a key opportunity that should not be missed. "A window has opened for Europe to redress its failings in innovation and productivity and to restore its manufacturing potential."

🔔 Peer reviewed paper. I’m pleased to share my latest peer-reviewed paper, “𝗖𝗹𝗼𝘂𝗱 𝗖𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗶𝗼𝗻 𝗮𝘀 𝗮 𝗣𝗿𝗲𝗿𝗲𝗾𝘂𝗶𝘀𝗶𝘁𝗲 𝗳𝗼𝗿 𝗖𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗶𝘃𝗲𝗻𝗲𝘀𝘀: 𝗥𝗲𝘁𝗵𝗶𝗻𝗸𝗶𝗻𝗴 𝗘𝗨 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗥𝗲𝗴𝘂𝗹𝗮𝘁𝗶𝗼𝗻”, published in the Journal of European Competition Law & Practice (Oxford University Press) ☁️ 𝗪𝗵𝘆 𝘁𝗵𝗶𝘀 𝘁𝗼𝗽𝗶𝗰 𝗺𝗮𝘁𝘁𝗲𝗿𝘀 Cloud computing is now a foundational layer of digital transformation. It underpins AI, data analytics, and innovation across sectors, but its benefits for Europe depend on whether firms and public administrations can access cloud services under genuinely competitive conditions. 📉 𝗪𝗵𝘆 𝗰𝗹𝗼𝘂𝗱 𝗮𝗱𝗼𝗽𝘁𝗶𝗼𝗻 𝗶𝗻 𝘁𝗵𝗲 𝗘𝗨 𝘀𝘁𝗶𝗹𝗹 𝗹𝗮𝗴𝘀 𝗯𝗲𝗵𝗶𝗻𝗱 The paper argues that Europe’s weaker cloud adoption reflects several interrelated obstacles, including ❌shortages of skilled ICT professionals, ❌concerns about data privacy, security and localisation, ❌as well as competition issues. ⚠️ 𝗧𝗵𝗲 𝗺𝗮𝗶𝗻 𝗰𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗶𝗼𝗻 𝗯𝗮𝗿𝗿𝗶𝗲𝗿𝘀 The article identifies several barriers that undermine effective competition in cloud computing: ➡️contractual restrictions such as egress fees, cloud credits and committed spend agreements; ➡️technical barriers to interoperability and portability; ➡️strategic practices linked to software licensing and bundling; ➡️and structural advantages enjoyed by the largest providers, including economies of scale, vertical integration, infrastructure ownership, and strong partner ecosystems. 🔍 𝗠𝗮𝗶𝗻 𝗮𝗿𝗴𝘂𝗺𝗲𝗻𝘁 The central argument of the paper is that, in cloud computing, 𝗰𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗶𝗼𝗻 𝗶𝘀 𝗮 𝗽𝗿𝗲𝗰𝗼𝗻𝗱𝗶𝘁𝗶𝗼𝗻 𝗳𝗼𝗿 𝗰𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗶𝘃𝗲𝗻𝗲𝘀𝘀. When switching is difficult, interoperability is weak, and dependency on dominant providers persists, firms are less able to capture the productivity and innovation gains that cloud can deliver. 📘 𝗪𝗵𝗮𝘁 𝘁𝗵𝗲 𝗽𝗮𝗽𝗲𝗿 𝗲𝘅𝗮𝗺𝗶𝗻𝗲𝘀 The article assesses the EU regulatory response, particularly the Data Act and the Digital Markets Act, while also discussing the limits of ex post enforcement under EU competition law. 🚨 𝗔 𝗸𝗲𝘆 𝗯𝗹𝗶𝗻𝗱 𝘀𝗽𝗼𝘁 One of the paper’s main findings is that dominant providers may increasingly shift exclusionary practices towards software licensing, using this layer as a new mechanism of lock-in even as regulation starts addressing contractual and technical barriers more directly. 🛠️ 𝗣𝗼𝗹𝗶𝗰𝘆 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆 The paper calls for a threefold response: ✅stronger competition enforcement, ✅closer scrutiny of licensing practices, ✅and more strategic public procurement to promote interoperability, resilience, and a more open European cloud ecosystem. I’d like to thank the Center for the Governance of Change for their support in this research. Link: https://lnkd.in/eYUBhcDH

Everyone calls it a "EU cloud win." One of the four winners runs on Google. On 17 April, the European Commission awarded its first Sovereign Cloud framework: €180M, 6 years, 4 providers. The headlines: Europe picks European. The small print tells a different story. The four winners 1️⃣ Post Telecom with OVHcloud and CleverCloud 2️⃣ STACKIT 3️⃣ Scaleway 4️⃣ Proximus (with S3NS, Clarence, and Mistral AI) 3 are European. One is EU governance over US technology. The new sovereignty test: SEAL The Commission turned "digital sovereignty" into a measurable, scored, and repeatable definition. The Cloud Sovereignty Framework evaluates providers across 8 criteria - from supply chain and legal exposure to data, AI, and security - and ranks them on a sovereignty scale: 🟥 SEAL-0 → No sovereignty 🟧 SEAL-2 → Data sovereignty: EU law applies and is enforceable 🟨 SEAL-3 → Digital resilience: ops survive disruption and external pressure 🟩 SEAL-4 → Full digital sovereignty: no critical non-EU dependencies None of the 4 winners qualifies as fully sovereign (SEAL-4). The rule has changed: ▫️ Not EU vs non-EU ▫️ But: controlled vs uncontrolled SEAL-2 is the threshold. Why this matters for Boards This framework applies to every EU regulated industry: 🚗 Automotive: connected vehicles generate data. Where it sits, and under whose jurisdiction, is now a board question for every OEM. 🏦 FSI: with DORA in enforcement, SEAL ratings will become a reference for cloud concentration risk in supervisory dialogues. 💊 Healthcare & pharma: clinical, genomic and patient data are governed by this framework. ⚡ Energy and defence: SEAL-4 will become the standard. SEAL-2 won’t hold for long. AWS, Microsoft, and Google still control 70% of the EU cloud market. The EU Commission is targeting this dependency by shifting the rule: ➡️ from origin to control under EU law. AWS launched its EU Sovereign Cloud, backed by €7.8B in Germany. Others will follow What's next The €180M contract sets demand. The Cloud and AI Development Act (CADA) aims to scale capacity and standardise sovereignty across EU. The debate is active. 25 CEOs have challenged Henna Virkkunen, pushing for stricter rules and EU preference. The framework is in place. The tightening will follow. 3 moves worth putting on executives agenda 1️⃣ Map dependencies: who controls what and under which jurisdiction. 2️⃣ Own the encryption keys: know who controls access to your data. 3️⃣ Test it: move a critical workload. If it stops, control is elsewhere. ➡️ Build sovereignty readiness in 2026, or be forced to account for in 2027. Brussels did not just buy cloud. It formalised the rules of control in EU. Those rules will shape every decision that follows. #Cloud #DigitalSovereignty #Boardroom #AIGovernance #StratEdge

Regulation vs. Reality: Why the EU’s Cloud Strategy Risks Falling Short. Despite ambitious frameworks like the EU Data Act and the Digital Markets Act, Europe still trails behind in cloud adoption and faces growing risks of dependency, lock-in, and lost competitiveness, if you believe in the results of my Alma Mater’s IE University CGC report by Judith Arnal Martínez Here comes the knowledge scoop from the CGC report “Towards Competitive Cloud Ecosystems”: • Cloud ≠ just tech infrastructure: It’s the backbone for AI, data-driven innovation, and public service modernization. • Europe is lagging: Just 41% of EU companies use cloud, compared to 60% in the US, with massive gaps between member states. • Vendor lock-in is real: Through egress fees, proprietary APIs, and licensing tricks, dominant players make it costly and complex to switch. • The regulatory gap: While the Data Act targets portability and the DMA addresses gatekeepers, software licensing remains an unregulated lock-in frontier. • Public procurement = untapped power: Smarter, pro-competitive tenders can shape a more open ecosystem and support EU cloud resilience. Why it matters for our healthcare sector on this side of the pond: Cloud is no longer optional in healthcare, it’s becoming essential. Here is why: - AI-powered diagnostics and decision support rely on scalable cloud infrastructure. - Integrated care and patient data sharing require interoperable platforms. - Cybersecurity and disaster recovery depend on resilient cloud services. - Cost reduction and efficiency in hospital IT and imaging departments hinge on cloud-native solutions. - Public health readiness (as shown during COVID-19) needs real-time, cloud-enabled coordination across systems. But without fair competition, innovation stalls, and critical healthcare systems risk being locked into expensive, inflexible ecosystems that undermine long-term resilience and affordability. The Bottom line: Cloud competition isn’t just about fair markets. It’s about sovereignty, health system transformation, and Europe’s ability to play and lead in AI-driven healthcare field. Enjoy the read and let me know what you 🤔

European Parliamentary Research Service: Cloud and AI development act Data centres are key to innovation in artificial intelligence (AI). Data centres are needed to access on-demand and scalable computational power and to deploy centralised digital services. Both are key in the lifecycle of large AI models, as their training and execution are intensive and centralised. Increased EU data centre capacity would benefit AI innovation, as would research and innovation to achieve resource optimisation and the decentralisation of computational tasks. Weak EU AI development could further hurt EU competitiveness across industries by slowing digitalisation. Data centre capacity in the European Union is insufficient. The lack of capacity negatively impacts EU innovation, hindering economic growth. Studies suggest that despite comparable GDP, the United States has twice Europe's share of global data centre capabilities, and just three US-based companies account for 65 % of the EU cloud services market, which relies on data centres. Excessive dependence on non-EU capacity threatens the competitiveness of EU companies. EU data centre capacity-building is also hindered by legal and financial obstacles, as well as a lack of resources. EU-based secure cloud and AI computing services are lacking for highly critical use cases. The EU's need for a sovereign digital transition is increasingly salient in the face of geopolitical shifts and growing global competition for innovation. Providers and customers lack legal clarity however, hindering enhanced availability and the use of EU-based highly secure cloud and AI offers. Member States did not manage to reach agreement in recent efforts to define the requirements for a sovereign cloud through a proposed European cybersecurity certification scheme for cloud services (EUCS).

The European Union has defined a Sovereign Cloud Framework, which is the first step of having a clear definition for when a Cloud Provider is Sovereign. It defines Sovereignty Objectives on which each provider will be evaluated (for public tenders). The Framework says here: "The contracting authority will assess the level of assurance provided by the tenderer for each of the Sovereignty Objectives, through a Sovereignty Effectiveness Assurance Level (SEAL). The SEAL level is used as a Minimum Assurance Level." As well as "The Sovereignty Score contributes to the quality score of the tender, as an Award Criterion." The 8 objectives are: 1. Strategic Sovereignty 2. Legal & Jurisdictional Sovereignty 3. Data & AI Sovereignty 4. Operational Sovereignty 5. Supply Chain Sovereignty 6. Technology Sovereignty 7. Security & Compliance Sovereignty 8. Environmental Sovereignty While the evaluation is up to the tender and the asked questions, it gives some interesting thoughts.   If an office decides that the provider needs to achieve SEAL-4, practically every provider outside of the EU is out of the game. Or?   What we can also read from the weights is the focus on the Supply Chain. This is interesting as most hardware and software don't come from Europe.  On the other hand, legal sovereignty only comes with 10%. A legal-washing approach to avoiding direct kickouts of US/China providers?   I think that is the first step toward some clarity. I would have wished there were more details on each objective beyond the given dimensions to check.

𝐓𝐡𝐞 𝐄𝐔 𝐒𝐨𝐯𝐞𝐫𝐞𝐢��𝐧 𝐂𝐥𝐨𝐮𝐝 𝐅𝐫𝐚𝐦𝐞𝐰𝐨𝐫𝐤: 𝐟𝐫𝐨𝐦 𝐩𝐫𝐢𝐧𝐜𝐢𝐩𝐥𝐞 𝐭𝐨 𝐦𝐞𝐚𝐬𝐮𝐫𝐚𝐛𝐥𝐞 𝐬𝐨𝐯𝐞𝐫𝐞𝐢𝐠𝐧𝐭𝐲 The European Union has just taken a decisive step toward defining what it really means for a cloud to be sovereign. For the first time, a 𝐒𝐨𝐯𝐞𝐫𝐞𝐢𝐠𝐧 𝐂𝐥𝐨𝐮𝐝 𝐅𝐫𝐚𝐦𝐞𝐰𝐨𝐫𝐤 establishes how providers will be evaluated in public tenders through a new metric called 𝐒𝐄𝐀𝐋 (𝐒𝐨𝐯𝐞𝐫𝐞𝐢𝐠𝐧𝐭𝐲 𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞𝐧𝐞𝐬𝐬 𝐀𝐬𝐬𝐮𝐫𝐚𝐧𝐜𝐞 𝐋𝐞𝐯𝐞𝐥). Each provider will be scored across 𝟖 𝐒𝐨𝐯𝐞𝐫𝐞𝐢𝐠𝐧𝐭𝐲 𝐎𝐛𝐣𝐞𝐜𝐭𝐢𝐯𝐞𝐬 1️⃣ Strategic Sovereignty 2️⃣ Legal and Jurisdictional Sovereignty 3️⃣ Data and AI Sovereignty 4️⃣ Operational Sovereignty 5️⃣ Supply Chain Sovereignty 6️⃣ Technology Sovereignty 7️⃣ Security and Compliance Sovereignty 8️⃣ Environmental Sovereignty This creates a measurable link between 𝐬𝐨𝐯𝐞𝐫𝐞𝐢𝐠𝐧𝐭𝐲 𝐚𝐬𝐬𝐮𝐫𝐚𝐧𝐜𝐞 and 𝐭𝐞𝐧𝐝𝐞𝐫 𝐜𝐨𝐦𝐩𝐞𝐭𝐢𝐭𝐢𝐯𝐞𝐧𝐞𝐬𝐬, where the 𝐒𝐨𝐯𝐞𝐫𝐞𝐢𝐠𝐧𝐭𝐲 𝐒𝐜𝐨𝐫𝐞 directly impacts the award decision. Yet, the implications are profound. If a tender requires a 𝐒𝐄𝐀𝐋 𝟒, very few global providers outside the EU would qualify. At the same time, the weighting reveals priorities 𝐒𝐮𝐩𝐩𝐥𝐲 𝐂𝐡𝐚𝐢𝐧 𝐒𝐨𝐯𝐞𝐫𝐞𝐢𝐠𝐧𝐭𝐲 is dominant, while 𝐋𝐞𝐠𝐚𝐥 𝐒𝐨𝐯𝐞𝐫𝐞𝐢𝐠𝐧𝐭𝐲 only counts for 10 percent a potential form of legal washing to avoid excluding major hyperscalers too quickly. It is a promising first step toward clarity and measurable trust, but also a reminder that 𝐬𝐨𝐯𝐞𝐫𝐞𝐢𝐠𝐧𝐭𝐲 𝐢𝐬 𝐧𝐨𝐭 𝐝𝐞𝐜𝐥𝐚𝐫𝐞𝐝 𝐢𝐭 𝐢𝐬 𝐞𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐞𝐝 🔗 Link: https://lnkd.in/dbgZbubc #Cloud #SovereignCloud #AI #DigitalSovereignty #Edge #FinOps #EUCloud