major challenges for Europe and five scenarios with major impacts by 2027-2030

A deep inconsistency between US and EU regulations is eroding the European cloud market

In April 2021, audit firm KPMG provided Talan SAS, InfraNum, OVHcloud and Linkt with this report, with the aim of “to analyze the situation and the challenges of the European cloud market”, almost all are in the hands of suppliers outside Europe. In the first half of 2020, 68%of European companies ’cloud infrastructure spending was taken up by Amazon Web Services (53%), Microsoft Azure (9%) and Google (6%) while French company OVHcloud, head of Europe in the private cloud, holds only 4%. In an emerging market, which will increase from 53 billion euros in 2020 to 560 billion in 2030, the company estimates that stakes for Europe represent “approximately 550,000 jobs and nearly 200 billion euros in investments during 2021-2027, in the configuration of where cloud operators will locate their operations and investments in Europe”.

Developed by 250 interviews with private and public decision makers, including the European Commission, the document explains in particular “regulatory inconsistency” between European and American law. In 2016, during the development of the General Regulation for the Protection of Personal Data (GDPR) in Europe (see The rem n ° 42-43, p.21), the United States adopted Privacy Shield (privacy shield), to regulate the transfer of personal data from Europeans to the United States. Then, the United States passed, in March 2018, the Clarifying Lawful Overseas Use of Data Act, known as the “CLOUD Act,” which allows them to compel any cloud service provider established in U.S. territory to provide personal anyone’s data, stored on servers. located in the United States and abroad. However, this law and the American surveillance programs are not compatible with the principles of the GDPR, which has been in force since May 2020 in Europe, which was confirmed by the Court of Justice of the European Union (CJEU) on July 16, 2020 to its present . famous stop “Schrems II” (see The rem n ° 54bis-55, p.5). The inconsistency of this regulation results in “Companies that transfer personal data of Europeans to the servers of non-European companies no longer have a legal basis linked to Privacy Shield and are therefore liable to legal proceedings”. For example, “dismissals that can be reinstated because the evidence provided by the company is hosted in the data centers of a non-compliant cloud provider” o “A company in Europe may not use relevant evidence of a stolen customer data, because this data was taken from an access control system stored and processed in the United States while such a processing is not legal. basis “.

However, this deep inconsistency could be beneficial to the European cloud market, if the law is followed. “In the coming years, Data sovereignty will be a commercial issue due to the growing expectations of consumers in Europe in that matter “explanation of the report.

Among the scenarios the company is considering, the one that allows the largest acquisition of value in Europe and favors innovation more than the others is that of “the Europeanization of operations of cloud service providers” accompanied by a “Effective European control over local subsidiaries ofhyperscalers ». Ang hyperscalersassigning the world’s best cloud offerings – Amazon, Microsoft and Google – will be forced to provide in Europe “larger share of benefits to cloud economy”, particularly through investment and localization obligations in Europe for their R&D (Research and Development). In this scenario, KPMG also suggests that its European subsidiaries hyperscalers legally owned by European companies, in the form of joint ventures, to ensure genuine compliance of their activity with European regulations on the use and transfer of personal data. This scenario is unrealistic because China and the United States are doing exactly the same. According to the report, “in China, Microsoft Azure and Amazon Web Service provide local cloud computing services through a joint venture set up with local players”. China’s cybersecurity law only applies “Overseas cloud providers will partner with local companies to provide services to Chinese customers”. In the United States, in 2020, “Chinese gaming company Beijing KunlunTech sold Grindr, a former site they bought in 2016, after being ordered by the Committee for Foreign Investment in the United States (CFIUS)”.

According to the audit firm, the absence of a protective position from Europe could lead to the loss of 20 to 50% of the expected economic impact, both in terms of the amount obtained and the number of jobs created or new investments.

The European Cloud: key challenges for Europe and five scenarios with major impacts by 2027-2030, KPMG Global Strategy Group, April 2021.

Leave a Comment