Executive Summary: ISG Provider Lens™ Multi Public Cloud Services - Europe 2024

The individual quadrant reports are available at:

ISG Provider Lens™ Multi Public Cloud Services - Sovereign Cloud Infrastructure Services - Europe 2024

Increased demand for data sovereignty drives the development of innovative cloud technologies in Europe.

The Gaia-X initiative is a comprehensive framework that regulates data sovereignty for information considered  confidential by EU member states. Since its inception in 2019 with 22 stakeholders, it has grown to over 340 organizations by 2023. In addition to enforcing strict security and encryption protocols, Gaia-X mandates that data be stored within the EU and recommends that sovereign cloud services maintain at least 50 percent ownership by EU entities. This framework is central to our research on the sovereign cloud landscape.

In April 2022, Gaia-X introduced three labels for categorizing sovereign cloud providers. Labels 1 and 2 prioritize stronger cybersecurity and interoperability than most public cloud services, while Label 3 emphasizes European ownership. The framework advocates for European control of cloud providers to ensure higher levels of data privacy, security and confidentiality. However, this push for local control has posed challenges for EU organizations—both public and private that rely on the scalability and technological capabilities of global hyperscalers such as AWS, Microsoft Azure and Google Cloud.

Due to strict data privacy requirements, the framework limits EU organizations seeking more agile and scalable cloud platforms. EU and non-EU cloud service providers are collaborating with key stakeholders to develop a seamless, scalable cloud ecosystem using open-source platforms to meet EU standards for security and interoperability.

An emerging trend is the increase in partnerships between European cloud providers and global hyperscalers. These alliances enable European providers to offer hyperscale-level sovereign cloud services while adhering to EU ownership and security regulations. Google Cloud has led in this space, collaborating with T-Systems and Thales (through S3NS) to offer sovereign cloud services to European institutions. In March 2023, Google partnered with Proximus to deliver sovereign services in Belgium and Luxembourg.

Concerns over foreign government access to data also drive such collaborations. The U.S. CLOUD Act, passed in 2018, allows U.S.-based tech companies to provide data stored abroad to U.S. authorities under certain conditions. In response, the European Commission advocates creating sovereign cloud data centers within the EU, complete with physical safeguards to prevent foreign interference.

Several key factors are likely to influence the EU sovereign cloud market:

Collaborations and alliances: While European cloud providers lack the scale and technological sophistication of global hyperscalers, partnerships between local and global providers are expected to increase. These partnerships will face policy and technical challenges, such as enforcing European ownership and ensuring data sovereignty.

Cybersecurity and encryption: Enhancing data security is essential. Those managing sovereign data should be based in the EU, ideally EU citizens, with encryption applied throughout the data lifecycle. External key management solutions are becoming vital to prevent unauthorized access to encrypted keys.

Open-source technology adoption: To avoid vendor lock-in, sovereign cloud providers must adopt container-based and open-source solutions to ensure agility and interoperability. Membership in groups, such as the Cloud Native Computing Foundation(CNCF), will support cloud providers in adopting innovative cloud-native technologies.

Industry-specific solutions: Interest in sovereign cloud solutions is growing among EU companies and the number of companies identifying their specific requirements is expected to rise. Providers should focus on tailoring their governance frameworks to meet the specific needs of different industries.

Physical safeguards: Gaia-X recommends storing sovereign data separately from public cloud infrastructure. This process involves identifying and isolating sovereign data, which presents significant technological challenges for service providers.

The sovereign cloud market is in its infancy but poised for substantial growth. Organizations are grappling with the legal challenges of data processing locations and the need for secure data transfer mechanisms to comply with regulations. Migrating to a sovereign cloud often involves compatibility issues with existing infrastructure, requiring significant resources for integration, testing and ensuring interoperability. Local data storage and processing requirements can increase operational costs and reduce flexibility in utilizing global cloud services. Additionally,
companies must navigate the complexities of maintaining consistent data protection across regions and may  encounter vendor lock-in challenges that hinder effective multicloud strategies. Strict regulations can further impede
the adoption of new technologies, complicating efforts to keep pace with cloud computing advancements.

Access to the full report requires a subscription to ISG Research. Please contact us for subscription inquiries.