Gaia‑X: the bid for a sovereign European cloud

While the hege­mo­ny of North Amer­i­can play­ers – Ama­zon Web Ser­vices, Microsoft Azure and Google Cloud – struc­tures the glob­al dig­i­tal ecosys­tem, the launch of the Gaia‑X project in 2020 by the Euro­pean Union aims to build a dig­i­tal bul­wark, an inter­op­er­a­ble, secure data infra­struc­ture that com­plies with Euro­pean stan­dards¹. This ini­tia­tive aims to encour­age the devel­op­ment of sec­toral “data spaces” in areas such as health, ener­gy and mobil­i­ty, to ensure that data man­age­ment is aligned with the prin­ci­ples of trans­paren­cy, reversibil­i­ty and portability.

This year, Gaia‑X is enter­ing an imple­men­ta­tion phase, marked by the expan­sion of more than 180 data spaces². This progress was high­light­ed at the Hub France ple­nary meet­ing in March 2025, where pub­lic and pri­vate stake­hold­ers dis­cussed stan­dard­i­s­a­tion issues, eco­nom­ic mod­els pro­mot­ing these data spaces, and poten­tial syn­er­gies with arti­fi­cial intel­li­gence³.

At a time when cross-bor­der data flows and AI are redefin­ing geopo­lit­i­cal pow­er rela­tions, Gaia‑X rais­es sev­er­al ques­tions: can it tru­ly rep­re­sent a cred­i­ble alter­na­tive to the dig­i­tal giants? On what basis can a sov­er­eign infra­struc­ture be built with­out suc­cumb­ing to tech­no­log­i­cal iso­la­tion? And what levers can be mobilised to make it a vec­tor of inno­va­tion for Euro­pean businesses?

To deci­pher the issues under­ly­ing this ini­tia­tive, Francesca Musiani, Direc­tor of Research at the CNRS, brings her exper­tise in dig­i­tal sov­er­eign­ty and data gov­er­nance. She has analysed the Gaia‑X project in her arti­cle “À tra­vers les infra­struc­tures, c’est la sou­veraineté numérique des États qui se joue⁴” (Data infra­struc­ture: nation­al dig­i­tal sov­er­eign­ty at stake), in which she exam­ines the impli­ca­tions of nation­al auton­o­my through data infrastructure.

The Euro­pean Union is embark­ing on a strat­e­gy to strength­en its sov­er­eign­ty and con­trol over dig­i­tal infra­struc­ture and data, which are con­sid­ered key ele­ments of its auton­o­my. In light of cur­rent tech­no­log­i­cal and geopo­lit­i­cal imper­a­tives, the aim is to ensure that Euro­pean play­ers retain con­trol over this ecosys­tem. One of the fun­da­men­tal levers is the devel­op­ment of the continent’s dig­i­tal indus­try, par­tic­u­lar­ly in strate­gic sec­tors such as cloud com­put­ing, micro­elec­tron­ic com­po­nents and cyber­se­cu­ri­ty. The aim is to reduce depen­dence on exter­nal sup­pli­ers and encour­age the emer­gence of Euro­pean play­ers offer­ing alter­na­tive and inde­pen­dent solu­tions. Flag­ship projects such as the Euro­pean Semi­con­duc­tor Alliance and Gaia‑X demon­strate this desire to build a decen­tralised and com­pet­i­tive dig­i­tal infrastructure.

Francesca Musiani, Direc­tor of Research at the CNRS, explains that the project is based on an EU-wide archi­tec­ture: “Gaia‑X has a Euro­pean gov­er­nance struc­ture; it is a non-prof­it asso­ci­a­tion based in Bel­gium (AISBL: Asso­ci­a­tion inter­na­tionale sans but lucratif) with gov­ern­ing bod­ies com­posed main­ly of Euro­pean play­ers.” This approach aims to pre­vent takeovers by non-Euro­pean pow­ers. Although exter­nal enti­ties can join the pro­gramme, they must com­ply with strict require­ments regard­ing “sov­er­eign­ty and inter­op­er­abil­i­ty rules”, a point which, accord­ing to the researcher, has some­times gen­er­at­ed “con­tro­ver­sy due to the track record of cer­tain play­ers such as Microsoft, Google and even Palantir.”

At the same time, an ambi­tious reg­u­la­to­ry frame­work is being put in place to gov­ern the use of dig­i­tal infor­ma­tion. The Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) is a key pil­lar of this approach, estab­lish­ing strict stan­dards for the pro­tec­tion of Euro­pean cit­i­zens’ per­son­al infor­ma­tion⁵. New reg­u­la­tions, such as the Data Act and the Dig­i­tal Mar­kets Act, are need­ed to improve the trans­fer­abil­i­ty of infor­ma­tion assets, ensure com­pe­ti­tion in the dig­i­tal sec­tor and impose oblig­a­tions on online plat­forms to pre­vent anti-com­pet­i­tive prac­tices and improve access to data⁶.

Anoth­er key aspect men­tioned by Francesca Musiani is decen­tralised archi­tec­ture: “Gaia‑X is not a sin­gle cloud, but an ecosys­tem of nodes inter­con­nect­ed via open stan­dards, which is sup­posed to pre­vent the con­cen­tra­tion of pow­er in the hands of a sin­gle play­er, par­tic­u­lar­ly one from out­side Europe.” This mod­el, based on “inter­op­er­abil­i­ty guar­an­teed by com­mon spec­i­fi­ca­tions,” seeks to min­imise the risks of exces­sive dom­i­na­tion. The researcher also high­lights the legal dimen­sion of the project, with pro­tec­tion against extrater­ri­to­r­i­al leg­is­la­tion: “An impor­tant part of Gaia‑X’s strat­e­gy is its exclu­sion from non-Euro­pean extrater­ri­to­r­i­al law; providers must guar­an­tee that for­eign extrater­ri­to­r­i­al laws do not com­pro­mise Euro­pean data.” Some ser­vices even go so far as to rely on “entire­ly Euro­pean infra­struc­ture to guar­an­tee legal immu­ni­ty from non-Euro­pean laws.”

To pre­vent any unde­sir­able influ­ence, sev­er­al mea­sures are being con­sid­ered, as Francesca Musiani explains: “Lim­it­ing their vot­ing and deci­sion-mak­ing pow­er in man­age­ment bod­ies, mon­i­tor­ing cer­ti­fi­ca­tions by inde­pen­dent audi­tors approved by the Gaia‑X asso­ci­a­tion and pro­mot­ing the emer­gence of Euro­pean alter­na­tives in the cloud, AI and data through pub­lic fund­ing.” Trans­paren­cy in the deci­sion-mak­ing process, with “man­age­ment deci­sions in prin­ci­ple made pub­licly” and the involve­ment of a “broad com­mu­ni­ty”, is also an impor­tant safeguard.

The aim of Gaia‑X is to cre­ate a Euro­pean infra­struc­ture for inter­op­er­a­ble, secure data gov­erned by shared prin­ci­ples, with the goal of lay­ing the foun­da­tions for sov­er­eign tech­nol­o­gy that can com­pete with dom­i­nant non-Euro­pean plat­forms while respect­ing Euro­pean val­ues such as per­son­al data pro­tec­tion and trans­paren­cy of processing.

“The ulti­mate goal of this ini­tia­tive is to cre­ate a sov­er­eign Euro­pean tech­nol­o­gy base: the project sets out a com­mon frame­work of tech­ni­cal and gov­er­nance stan­dards that guar­an­tees the com­pat­i­bil­i­ty, secu­ri­ty and porta­bil­i­ty of dig­i­tal ser­vices,” explains Francesca Musiani.

The ini­tia­tive is based on the rise of indus­try-spe­cif­ic data col­lec­tives, which aim to facil­i­tate the secure exchange of infor­ma­tion in strate­gic sec­tors such as health­care, auto­mo­tive, ener­gy and mobil­i­ty. Pro­grammes such as Catena‑X in the auto­mo­tive sec­tor and GAIA‑X Health in health­care are con­crete exam­ples of this approach. These actions aim to guar­an­tee access to data that is essen­tial for inno­va­tion while ensur­ing com­pli­ance with the GDPR and oth­er Euro­pean stan­dards. For exam­ple, Catena‑X aims to trans­form the auto­mo­tive val­ue chain in Europe by facil­i­tat­ing the flow of data between indus­try play­ers while ensur­ing its secu­ri­ty and integri­ty⁷.

The aim of Gaia‑X is to cre­ate a Euro­pean infra­struc­ture for inter­op­er­a­ble, secure data gov­erned by shared principles

The pro­posed mod­el is part of a dri­ve to cre­ate an inte­grat­ed dig­i­tal mar­ket, where data becomes a shared resource avail­able to Euro­pean com­pa­nies for devel­op­ing new tech­nolo­gies such as arti­fi­cial intel­li­gence. Data spaces are also seen as a stim­u­lus for oper­a­tions fund­ed by Euro­pean pro­grammes such as Hori­zon Europe and the Dig­i­tal Europe Pro­gramme, there­by pro­mot­ing the for­ma­tion of inno­va­tion coali­tions. In this sense, this infra­struc­ture aims to fos­ter enhanced coop­er­a­tion between pub­lic and pri­vate actors, as well as between Mem­ber States, to pro­mote true dig­i­tal auton­o­my on the continent.

“This ini­tia­tive is based on sec­toral data col­lec­tives that stim­u­late co-inno­va­tion between large groups, SMEs, lab­o­ra­to­ries and pub­lic insti­tu­tions,” the researcher con­tin­ues. “It serves as a cat­a­lyst for Euro­pean projects fund­ed by pro­grammes such as Hori­zon Europe or Dig­i­tal Europe.”

How­ev­er, the cre­ation of these spaces is ham­pered by a com­plex real­i­ty: man­ag­ing rela­tion­ships between play­ers whose inter­ests don’t always align is a major chal­lenge. This is par­tic­u­lar­ly evi­dent in archi­tec­tures such as GAIA‑X Health, where the diver­si­ty of stake­hold­ers and nation­al approach­es slows down the syn­chro­ni­sa­tion of actions. Beyond the tech­ni­cal aspects, these chal­lenges involve dif­fi­cult gov­er­nance nego­ti­a­tions, espe­cial­ly when it comes to defin­ing com­mon stan­dards. This results in delays in the adop­tion of tech­ni­cal stan­dards and in the imple­men­ta­tion of the infra­struc­ture need­ed to share data.

“The coor­di­na­tion process is dif­fi­cult because each actor has its own require­ments and pri­or­i­ties, which some­times cre­ates ten­sions between Euro­pean coun­tries them­selves,” observes the researcher.

The sys­tem is devel­op­ing slow­ly, with tech­ni­cal adjust­ments and coor­di­na­tion still in progress. This is result­ing in a series of prac­ti­cal and insti­tu­tion­al obsta­cles that are slow­ing down its imple­men­ta­tion and mak­ing its long-term suc­cess uncer­tain. For exam­ple, dif­fer­ences over the dis­tri­b­u­tion of roles with­in the var­i­ous con­sor­tia and issues of dig­i­tal sov­er­eign­ty are com­pli­cat­ing the estab­lish­ment of com­mon norms and stan­dards for all stake­hold­ers⁸.

“Although it has an inno­v­a­tive vision, this project remains frag­ile due to ten­sions in its gov­er­nance, insuf­fi­cient tech­ni­cal matu­ri­ty and a lack of strate­gic align­ment between the var­i­ous Euro­pean play­ers,” notes Francesca Musiani.

Aicha Fall