Gaia‑X: the bid for a sovereign European cloud

While the hege­mony of North Amer­ic­an play­ers – Amazon Web Ser­vices, Microsoft Azure and Google Cloud – struc­tures the glob­al digit­al eco­sys­tem, the launch of the Gaia‑X pro­ject in 2020 by the European Uni­on aims to build a digit­al bul­wark, an inter­op­er­able, secure data infra­struc­ture that com­plies with European stand­ards¹. This ini­ti­at­ive aims to encour­age the devel­op­ment of sec­tor­al “data spaces” in areas such as health, energy and mobil­ity, to ensure that data man­age­ment is aligned with the prin­ciples of trans­par­ency, revers­ib­il­ity and portability.

This year, Gaia‑X is enter­ing an imple­ment­a­tion phase, marked by the expan­sion of more than 180 data spaces². This pro­gress was high­lighted at the Hub France plen­ary meet­ing in March 2025, where pub­lic and private stake­hold­ers dis­cussed stand­ard­isa­tion issues, eco­nom­ic mod­els pro­mot­ing these data spaces, and poten­tial syn­er­gies with arti­fi­cial intel­li­gence³.

At a time when cross-bor­der data flows and AI are rede­fin­ing geo­pol­it­ic­al power rela­tions, Gaia‑X raises sev­er­al ques­tions: can it truly rep­res­ent a cred­ible altern­at­ive to the digit­al giants? On what basis can a sov­er­eign infra­struc­ture be built without suc­cumb­ing to tech­no­lo­gic­al isol­a­tion? And what levers can be mobil­ised to make it a vec­tor of innov­a­tion for European businesses?

To decipher the issues under­ly­ing this ini­ti­at­ive, Francesca Mus­i­ani, Dir­ect­or of Research at the CNRS, brings her expert­ise in digit­al sov­er­eignty and data gov­ernance. She has ana­lysed the Gaia‑X pro­ject in her art­icle “À tra­vers les infra­struc­tures, c’est la souveraineté numérique des États qui se joue⁴” (Data infra­struc­ture: nation­al digit­al sov­er­eignty at stake), in which she exam­ines the implic­a­tions of nation­al autonomy through data infrastructure.

The European Uni­on is embark­ing on a strategy to strengthen its sov­er­eignty and con­trol over digit­al infra­struc­ture and data, which are con­sidered key ele­ments of its autonomy. In light of cur­rent tech­no­lo­gic­al and geo­pol­it­ic­al imper­at­ives, the aim is to ensure that European play­ers retain con­trol over this eco­sys­tem. One of the fun­da­ment­al levers is the devel­op­ment of the continent’s digit­al industry, par­tic­u­larly in stra­tegic sec­tors such as cloud com­put­ing, micro­elec­tron­ic com­pon­ents and cyber­se­cur­ity. The aim is to reduce depend­ence on extern­al sup­pli­ers and encour­age the emer­gence of European play­ers offer­ing altern­at­ive and inde­pend­ent solu­tions. Flag­ship pro­jects such as the European Semi­con­duct­or Alli­ance and Gaia‑X demon­strate this desire to build a decent­ral­ised and com­pet­it­ive digit­al infrastructure.

Francesca Mus­i­ani, Dir­ect­or of Research at the CNRS, explains that the pro­ject is based on an EU-wide archi­tec­ture: “Gaia‑X has a European gov­ernance struc­ture; it is a non-profit asso­ci­ation based in Bel­gi­um (AISBL: Asso­ci­ation inter­na­tionale sans but luc­rat­if) with gov­ern­ing bod­ies com­posed mainly of European play­ers.” This approach aims to pre­vent takeovers by non-European powers. Although extern­al entit­ies can join the pro­gramme, they must com­ply with strict require­ments regard­ing “sov­er­eignty and inter­op­er­ab­il­ity rules”, a point which, accord­ing to the research­er, has some­times gen­er­ated “con­tro­versy due to the track record of cer­tain play­ers such as Microsoft, Google and even Palantir.”

At the same time, an ambi­tious reg­u­lat­ory frame­work is being put in place to gov­ern the use of digit­al inform­a­tion. The Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) is a key pil­lar of this approach, estab­lish­ing strict stand­ards for the pro­tec­tion of European cit­izens’ per­son­al inform­a­tion⁵. New reg­u­la­tions, such as the Data Act and the Digit­al Mar­kets Act, are needed to improve the trans­fer­ab­il­ity of inform­a­tion assets, ensure com­pet­i­tion in the digit­al sec­tor and impose oblig­a­tions on online plat­forms to pre­vent anti-com­pet­it­ive prac­tices and improve access to data⁶.

Anoth­er key aspect men­tioned by Francesca Mus­i­ani is decent­ral­ised archi­tec­ture: “Gaia‑X is not a single cloud, but an eco­sys­tem of nodes inter­con­nec­ted via open stand­ards, which is sup­posed to pre­vent the con­cen­tra­tion of power in the hands of a single play­er, par­tic­u­larly one from out­side Europe.” This mod­el, based on “inter­op­er­ab­il­ity guar­an­teed by com­mon spe­cific­a­tions,” seeks to min­im­ise the risks of excess­ive dom­in­a­tion. The research­er also high­lights the leg­al dimen­sion of the pro­ject, with pro­tec­tion against extra­ter­rit­ori­al legis­la­tion: “An import­ant part of Gaia‑X’s strategy is its exclu­sion from non-European extra­ter­rit­ori­al law; pro­viders must guar­an­tee that for­eign extra­ter­rit­ori­al laws do not com­prom­ise European data.” Some ser­vices even go so far as to rely on “entirely European infra­struc­ture to guar­an­tee leg­al immunity from non-European laws.”

To pre­vent any undesir­able influ­ence, sev­er­al meas­ures are being con­sidered, as Francesca Mus­i­ani explains: “Lim­it­ing their vot­ing and decision-mak­ing power in man­age­ment bod­ies, mon­it­or­ing cer­ti­fic­a­tions by inde­pend­ent aud­it­ors approved by the Gaia‑X asso­ci­ation and pro­mot­ing the emer­gence of European altern­at­ives in the cloud, AI and data through pub­lic fund­ing.” Trans­par­ency in the decision-mak­ing pro­cess, with “man­age­ment decisions in prin­ciple made pub­licly” and the involve­ment of a “broad com­munity”, is also an import­ant safeguard.

The aim of Gaia‑X is to cre­ate a European infra­struc­ture for inter­op­er­able, secure data gov­erned by shared prin­ciples, with the goal of lay­ing the found­a­tions for sov­er­eign tech­no­logy that can com­pete with dom­in­ant non-European plat­forms while respect­ing European val­ues such as per­son­al data pro­tec­tion and trans­par­ency of processing.

“The ulti­mate goal of this ini­ti­at­ive is to cre­ate a sov­er­eign European tech­no­logy base: the pro­ject sets out a com­mon frame­work of tech­nic­al and gov­ernance stand­ards that guar­an­tees the com­pat­ib­il­ity, secur­ity and port­ab­il­ity of digit­al ser­vices,” explains Francesca Musiani.

The ini­ti­at­ive is based on the rise of industry-spe­cif­ic data col­lect­ives, which aim to facil­it­ate the secure exchange of inform­a­tion in stra­tegic sec­tors such as health­care, auto­mot­ive, energy and mobil­ity. Pro­grammes such as Catena‑X in the auto­mot­ive sec­tor and GAIA‑X Health in health­care are con­crete examples of this approach. These actions aim to guar­an­tee access to data that is essen­tial for innov­a­tion while ensur­ing com­pli­ance with the GDPR and oth­er European stand­ards. For example, Catena‑X aims to trans­form the auto­mot­ive value chain in Europe by facil­it­at­ing the flow of data between industry play­ers while ensur­ing its secur­ity and integ­rity⁷.

The aim of Gaia‑X is to cre­ate a European infra­struc­ture for inter­op­er­able, secure data gov­erned by shared principles

The pro­posed mod­el is part of a drive to cre­ate an integ­rated digit­al mar­ket, where data becomes a shared resource avail­able to European com­pan­ies for devel­op­ing new tech­no­lo­gies such as arti­fi­cial intel­li­gence. Data spaces are also seen as a stim­u­lus for oper­a­tions fun­ded by European pro­grammes such as Hori­zon Europe and the Digit­al Europe Pro­gramme, thereby pro­mot­ing the form­a­tion of innov­a­tion coali­tions. In this sense, this infra­struc­ture aims to foster enhanced cooper­a­tion between pub­lic and private act­ors, as well as between Mem­ber States, to pro­mote true digit­al autonomy on the continent.

“This ini­ti­at­ive is based on sec­tor­al data col­lect­ives that stim­u­late co-innov­a­tion between large groups, SMEs, labor­at­or­ies and pub­lic insti­tu­tions,” the research­er con­tin­ues. “It serves as a cata­lyst for European pro­jects fun­ded by pro­grammes such as Hori­zon Europe or Digit­al Europe.”

How­ever, the cre­ation of these spaces is hampered by a com­plex real­ity: man­aging rela­tion­ships between play­ers whose interests don’t always align is a major chal­lenge. This is par­tic­u­larly evid­ent in archi­tec­tures such as GAIA‑X Health, where the diversity of stake­hold­ers and nation­al approaches slows down the syn­chron­isa­tion of actions. Bey­ond the tech­nic­al aspects, these chal­lenges involve dif­fi­cult gov­ernance nego­ti­ations, espe­cially when it comes to defin­ing com­mon stand­ards. This res­ults in delays in the adop­tion of tech­nic­al stand­ards and in the imple­ment­a­tion of the infra­struc­ture needed to share data.

“The coordin­a­tion pro­cess is dif­fi­cult because each act­or has its own require­ments and pri­or­it­ies, which some­times cre­ates ten­sions between European coun­tries them­selves,” observes the researcher.

The sys­tem is devel­op­ing slowly, with tech­nic­al adjust­ments and coordin­a­tion still in pro­gress. This is res­ult­ing in a series of prac­tic­al and insti­tu­tion­al obstacles that are slow­ing down its imple­ment­a­tion and mak­ing its long-term suc­cess uncer­tain. For example, dif­fer­ences over the dis­tri­bu­tion of roles with­in the vari­ous con­sor­tia and issues of digit­al sov­er­eignty are com­plic­at­ing the estab­lish­ment of com­mon norms and stand­ards for all stake­hold­ers⁸.

“Although it has an innov­at­ive vis­ion, this pro­ject remains fra­gile due to ten­sions in its gov­ernance, insuf­fi­cient tech­nic­al matur­ity and a lack of stra­tegic align­ment between the vari­ous European play­ers,” notes Francesca Musiani.

Aicha Fall