The world’s leading publication for data science, AI, and ML professionals.

GAIA-X: a pitch towards Europe?

Will Europe's ambitious data- and cloud infrastructure project keep its promises?

Overcoming Data Lake Silos with GAIA-X? (image by paraglider Kim Rehberg)
Overcoming Data Lake Silos with GAIA-X? (image by paraglider Kim Rehberg)

Currently, only a few hyperscale Cloud providers are dominating the market: Google Cloud Platform, Amazon Web Services, IBM Cloud, Microsoft Azure, and Alibaba Cloud, to name the probably most famous ones. They are all unified because they do not have a European origin. Living in Europe, if you want to store and analyze data in a cloud, you will most likely end up with an American provider, which is subordinate to the Cloud Act. And you will most likely find yourself being kind of locked into these giant global tech players. Europe’s digital infrastructure and analytics rely on non-European conglomerates that offer worldwide scalable cloud infrastructure. If lock-in is added as an option to this fact, that can mean that adding value within Europe is not possible. At this point, before going into further details, please let me stress that I am not scaremongering. Per se, there is absolutely nothing wrong with these global tech players. Everyone who deals with data like we do must be fascinated by their impressive services. Personally speaking, I am a huge fan of each of them. Also, this post does not criticize globalism. In my humble opinion, globalism offers more opportunities than protectionism, which, in my eyes, is not a sustainable answer to today’s questions. But certainly, that doesn’t mean we are supposed to play the game without any rules. This post mainly wants to trigger some thoughts about data sovereignty.

What is GAIA-X aiming for?

One of ** Greece’s primordial deities, Gaia, originated from chaos (1). I wouldn’t call the current cloud status chaotic, but only the future will tell what the X in GAIA-X stands for, I reckon (or maybe I am just totally misinterpreting the project’s name). Whether you like naming a cloud project after a God or not, it’s just a name, so let’s move on to the main idea behind it. One of the biggest misunderstandings about GAIA-X is that it’s supposed to be a cloud service. However, GAIA-X is not meant to become the European Cloud Alternative; it’s better described as a non-profit-oriented Cloud Initiative. If anything, GAIA-X, as a digital ecosystem, strives to set the Rules and Standards for Secure (European) cloud services that satisfy European Data and Intellectual Property.** As mentioned, this post will not choose a nationalized path regarding clouds. Still, since we already mentioned America, China, and Europe a lot, maybe it’s now a good time for a hypothetical question:

Does data have a nationality?

Idealistically, the internet was meant to leave borders behind and connect everyone on this planet – free data exchange. Everything is traded equally.

Cloud platforms are built upon the internet, and their owners are revenue-triggered. These suppliers obey the laws and orders of their homelands and must also comply with those of the countries where they offer their services. I, for instance, am a German citizen who uses the Google Cloud Platform and feeds it with my data. Is Google allowed to use my data as well? And when I use Google’s human labeling services for machine learning tasks, what social standards are these workers protected by? Social standards of what country? And should I care at all? As this topic goes beyond the scope of this post, we will just leave it to another one yet to come.

Many agree that national institutions must protect data transparently and not let it be passed on non-transparently to private companies. The idea is that in a democracy, laws are more likely in the public interest than the business interest of a company. If it wouldn’t, it’s up to the people to vote for change. So, how does GAIA-X’s approach look?

As a Cloud Initiative, GAIA-X aims not to have one huge server but rather lots of small (e.g., European) and big providers’ (like from China and the USA) capacities, which will be linked via a unified interface when in demand. GAIA-X is a kind of Cloud Network. Within this network, GAIA-X mainly has two aims [3]:

  • Companies shall safely exchange their data within Europe for the sake of data driven value chains (instead of letting their data drain off through the Atlantic).
  • Strengthen smaller cloud vendors’ position via cooperation of their services so they can build a joined counterweight against the established huge cloud players’ dominance.

Sharing data between companies to extract more value (as a win-win situation for every partner involved) using a secure infrastructure is thrilling. We probably do not worry too much about the physical safety of our cloud data during everyday life. However, some of OVHcloud’s (a large cloud provider from France) customers remembered that even though clouds are not heavenly safe areas, they are also prone to earthly catastrophes like fires. Some of OVHcloud’s servers located in Strasbourg unfortunately burnt down on the night of the 10th of March 2021(2). Indeed, without any malicious joy, that should be a reminder of how critical safety nets are. Clouds are no exception to that fact. But despite this obvious claim for safety, security from a GAIA-X point of view is more aimed at Data Protection, quite similar to the "General Data Protection Regulation" (GDPR, or Datenschutz-Grundverordnung DSGVO, as it’s called in Germany).

How does GAIA-X try to achieve its goals?

Policy Rules

There must be specifications you can audit to make sure that European values are complied with regarding data protection and intellectual property. Per definition, using the cloud means that your data will be stored on external servers. American providers are subject to the American Cloud Act. This Cloud Act is opposite to any European attempt at European Data Sovereignty.

Statement from my website
Statement from my website

To be more precise, data sovereignty is key! You need to be in control and have access to data to strive for data-driven innovations like "out of the box" data ecosystems. Fair and transparent competition rules with only healthy dependencies are what a globalized economy needs.

Interoperability (Liberté, to say it in French)

One of these rules is interoperability. That means providers must ensure their customers can easily switch (also called portability) their data from one cloud provider to another without losing any of their data. GAIA-X also wants to offer customers mutual use of different vendors’ services, e.g., analytics. The hope is that interoperability through using a mutual GAIA-X Reference Architecture leads to collaboration and scaling of business models. This is quite the opposite approach to the current big players’s lock-in effect. **** Today, using, e.g., AWS, Amazon is working hard for you as the customer also to use Amazon’s other services. As the customer, the reason for staying with Amazon might be convenient (transferring data to other vendors is possible but takes effort). Another reason for staying with Amazon (same counts for Google, Microsoft, etc.) is that their services technically already satisfy your needs, most likely. Every cloud provider can provide cloud storage to save your data. That is not a big challenge. But will those suppliers also be able to offer competitive cloud services comparable to IBM’s Watson Natural Language Processing, Google’s Vision API, Microsoft’s Azure Machine Learning Services, Alibaba’s Quick BI, or Amazon’s Augmented AI? Competing with these extremely high-raised bars, I believe they are virtually uncatchable. But GAIA-X’s decisive trump card is its approach to transparency.

Transparency

Maybe even more fundamental for the tech giants is the requirement for transparency. Everyone willing to fulfill GAIA-X standards is highly welcome to join. From a law perspective that’s targeting the question of which regulation the cloud provider underlies:

  • American Cloud Act

or respecting

  • European General Data Protection Regulation (which contradicts American Cloud Act)

GAIA-X wants to become a marketplace for cloud hosts that comply with European standards regarding transparency and interoperability. All cloud providers are welcome to let their services be certified by GAIA-X standards. The American hosts are submitted to the Cloud Act. The Cloud Act stands in clear contrast to European Cloud standards. Theoretically, the Cloud Act obliges American vendors to grant access to data hosted on their servers for American agencies in exceptional cases (even law experts still argue what that means). While it will be interesting to see if GAIA-X attracts non-European customers, I expect some European companies to have a strong interest in such a European cloud-quality labeled marketplace.

Outlook: Data Economy in Europe

GAIA-X’s applications want to ensure that data can be exchanged between companies and countries in a safe environment. These networks of cloud infrastructures are the basis for creating data-driven ecosystems in many application areas like industry 4.0, health, finance, etc. GAIA-X’s ecosystem should allow us, as a marketplace, to make money out of data. For instance, artificial intelligence could be fed with datapools for training, which were offered to companies from other businesses (something that was not possible in that way before). The idea is to create secondary data out of primary data. The secondary data has a lower need for protection than the primary data. Domain-specific approval and acceptance are thought to be saved as metadata for the primary data. If a company develops libraries for GAIA-X, it will receive all the necessary information like authentification protocols, etc. These e.g., libraries, are then the developers’ property and put on the market as "Intellectual Property "(IP). Similar to the European Data Strategy, GAIA-X aims to create digital ecosystems, especially in these areas [3]:

  • Industrial
  • European Green Deal
  • Mobility
  • Health
  • Finance
  • Agriculture
  • Civil Service

Data Clusters

For instance, the Finance Data Cluster promises to connect data to more fruitfully fight money laundering and market abuse. Datapools of the European Central Bank and other banks combined with artificial intelligence could lead to higher hit rates. If that is not a desirable aim for using cloud analytics, then what?

Will GAIA-X only attract European businesses?

At the beginning of the GDPR (General Data Protection Regulation), many people (including myself) were skeptical about whether this approach would protect Data Privacy. I have to admit that I expected GDPR to worsen things, destroying more European jobs than it creates without adding severe benefits to data protection. How wrong my assumption was. Today, the GDPR is well understood in Europe and even an export hit to countries like China, South America, and Japan.

One concept that is currently heavily discussed is the fact that big tech companies are also free to join the GAIA-X project. For instance, the French OVH-Cloud provider cooperates with Google. Google is supposed to deliver its software and applications using open-source compatible technology while respecting the principles of European sovereignty. Europeans will practice this technology on servers located in Europe, so no data is expected to leave Europe. As mentioned at the beginning of this post, GAIA-X does not want to create Cloud and Cloud applications independently. Europe is realistic enough to estimate that there is no solution without the expertise of the established big players who heavily invested billions into this technology.

To this day, there is not yet a concrete GAIA-X service we could use. I am excited to see if GAIA-X will become a high-flying new cloud standard or a theoretical Gedankenexperiment (German for thought experiment).

Until then, many thanks for reading! I hope this article is helpful for you. Feel free to connect with me on LinkedIn, Twitter or Workrooms.

Join Medium with my referral link – Jesko Rehberg

Originally published on my website DAR-Analytics.

Reference:

[1] Gaia on Wikipedia: https://en.wikipedia.org/wiki/Gaia

[2] FAZ Net, Flammen wüten beim größten Cloud-Anbieter Europas: https://www.faz.net/aktuell/wirtschaft/digitec/frankreich-feuer-bei-groesstem-cloud-anbieter-europas-ausgebrochen-17237695.html

[3] EDERAL MINISTRY FOR ECONOMIC AFFAIRS AND ENERGY, GAIA-XA Federated Data Infrastructure for Europe: https://www.bmwi.de/Redaktion/EN/Dossier/gaia-x.html

GAIA-X: a high-flying new cloud standard or just a theoretical Gedankenexperiment? (image by paraglider Kim Rehberg)
GAIA-X: a high-flying new cloud standard or just a theoretical Gedankenexperiment? (image by paraglider Kim Rehberg)

Related Articles