GAIA-X, an ongoing attempt to establish common requirements for a European data infrastructure, has a “great opportunity to improve open standards, improve market transparency and build a valuable market for data, cloud and federated security and IT services,” according to Paul McKay, speaking during a session at the Forrester Technology & Innovation Global 2020 virtual event.
McKay began by outlining why the GAIA-X project has become necessary. This is fundamentally due to the dominance of US and Chinese providers in the European public cloud market, with over 75% of public cloud networks currently processed by non-European providers. Recent legislation in these countries (the US CLOUD Act 2018 and Chinese Cybersecurity Law 2017) allow national security authorities access to certain data even when it is hosted outside of that jurisdiction and by an entity not connected to it.
“This has meant European businesses have again started becoming nervous about a lack of a sizeable European cloud provider that can make certain guarantees about data sovereignty, where data is actually stored and give transparency over data movements,” he explained.
This has led to the introduction of GAIA-X by the French and German governments in 2019, which has subsequently been put on a more formal footing this year. In addition, last month the GAIA-X Foundation was set up in Belgium with the purpose of developing a services market place in which it will “certify prospective suppliers of those services against common security requirements.” This will be underpinned by current privacy and cybersecurity legislation such as the GDPR and European Cybersecurity Act.
McKay explained that GAIA-X has been set up to allow providers to operate across one or more of a number of layers, including data services and products, building identity and trust services and compliance.
The use cases set out by GAIA-X are predictive maintenance, smart manufacturing, smart living – energy efficiency, research platform genomics, medical records framework and AI for agriculture. McKay said: “In all these cases there is some kind of sensitive data, either IP or highly sensitive personal data, as defined by GDPR, that you need to have certain guarantees around where the data is stored, who is transferring the data from A to B, and having some certainty that the regulatory framework is always going to be consistently European in nature.”
Despite the urgent need for this kind of approach, McKay believes the foundation will need to act quickly to be relevant. As it stands, nothing can be bought via it, and as it stands only minimal viable products will be available by the first half of 2021, which is not what CIOs are looking for. As a result, he expects the “hyperscalers” to continue to dominate next year. “That means the foundation is going to have to do things pretty quickly and get away from minimal viable products to a fully fledged product very quickly in 2021 if it wishes to remain relevant,” added McKay.
For the time being, he advised CIOs to keep a watch on GAIA-X and how it develops, but not to make any moves towards it at the moment.