How Many Cloud Panic Events Does Europe Need?
Robin Berjon: Berjon was previously the Vice President of Data Governance at The New York Times and the Vice Chair of the W3C. He is a technology and governance expert at the Supramundane Agency.
We tend to take for granted the infrastructure underpinning our economies and societies—until something goes wrong. Just ask the residents of Spain and Portugal, who suddenly faced a total power outage last April when a series of consecutive voltage spikes led to the shutdown of electricity grids. Now, both countries are seeking to make substantial investments to enhance the resiliency of their networks. However, citizens shouldn’t have to wait for their leaders to commit to investing in critical infrastructure, which currently includes cloud services, after disasters occur.
From data storage and backup to running and deploying artificial intelligence systems, the “cloud” supports the digital economy. Yet control of this infrastructure is highly concentrated, with just three American companies—Amazon, Google, and Microsoft—holding over 60% of the global market. Consequently, the failure of just one of these services could cost the global economy billions of dollars. This isn’t an unlikely scenario; such failures occur regularly. Just last month, an outage of Amazon Web Services disrupted thousands of services worldwide, including messaging apps, banking platforms, and home security cameras. Days later, Microsoft Azure experienced a similar global outage.
Until now, such events have been incidental. Yet, cloud infrastructure can be used as a geopolitical weapon. Since the three main service providers operate under U.S. jurisdiction, they are subject to the whims of American authorities, who could force them to suspend services as a means of punishment or coercion.
This is not a far-fetched idea. After the International Criminal Court issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu and his former Defense Minister Yoav Galant late last year, then-President Donald Trump imposed sanctions on the ICC’s prosecutor, Karim Khan—leading Microsoft to deactivate his email account. The troubling reality is that a significant portion of the global digital economy has an off switch that Trump could operate at will.
If the cloud services provided by these tech giants are technologically advanced—requiring rare expertise and complex, expensive equipment to an extent that others cannot easily compete—then the gamble might seem justified. However, it is not: European companies already have the capacity to operate high-quality cloud services. The only reason these three American firms—two of which are monopolistic and one deemed anti-competitive—enjoy dominance is that they have captured enough value elsewhere in the digital stack to support their cloud service market share.
With the dangers of such quasi-monopolistic dominance becoming increasingly apparent, more and more corporate buyers and the general public are looking for alternatives. This aligns with the goal of European Commission President Ursula von der Leyen, which she first articulated in 2019, to achieve “technological sovereignty” for Europe—not just including cloud services, but encompassing the entire digital ecosystem.
While Europe has yet to make noteworthy progress in this area, American cloud giants are working to eliminate the threat to their market share: They have begun offering “sovereign cloud” options that ostensibly could meet Europe’s “unique digital sovereignty needs.” In reality, this claim is absurd. Sovereignty requires the sovereign entity to set its own rules within its jurisdiction, something that U.S. cloud service providers cannot deliver to Europe.
For real progress toward digital sovereignty, Europe must adopt a “tear down and build up” strategy. The “tear down” portion focuses on dismantling entrenched monopolies. To this end, Europe can rely on existing tools for enforcing competition, such as the Digital Markets Act, which is currently underutilized. However, it must also work to bolster these tools by increasing the number of personnel tasked with enforcement. Similarly, unaccountable bilateral negotiations between the European Commission and tech companies should give way to open processes for standard-setting, which would help expand the pool of experts contributing to solutions under the Digital Markets Act.
The “build up” element of this strategy requires identifying and addressing deficiencies in Europe’s digital sovereign infrastructure on a sector-by-sector basis. When it comes to cloud services, the first step may be to ensure that government procurement of relevant services aligns with European sovereignty goals.
Overall, the European Union needs to devise an industrial policy that promotes the development of core technological capabilities, perhaps drawing inspiration from the Eurostack initiative or the newly established European Digital Infrastructure Consortium for the digital commons. Emerging projects such as Eurosky and Staan, if sufficiently funded, could support this effort. The proposal for Airbus for Artificial Intelligence—whereby mid-sized powers would collaborate to create a public AI company, akin to the model that established Airbus in 1970—is also worth exploring.
The recent outages of Amazon and Azure once again underscore the risks posed by American tech companies’ control over digital infrastructure in Europe. Now, EU leaders must do whatever is necessary to mitigate these risks before it is too late.
