So-called “digital sovereignty” has emerged as a critical issue for companies operating across the EU, driven by existing regulations such as GDPR as well as upcoming regulations such as the AI Act and Privacy Shield 2.0. On top of that, private and public organizations alike have become increasingly concerned over how their data might be harnessed by Big Tech behemoths housed thousands of miles away.
This is why we’ve seen a concerted effort from companies seeking to assuage such fears by bringing data and related controls closer to where their customers are. Microsoft launched its Cloud for Sovereignty last July, aimed squarely at public sector organizations — particularly in Europe — that not only want data storage and processing closer to home, but more granular controls and increased transparency. Google, meanwhile, has been bolstering its data sovereignty credentials in various ways, including striking partnerships with local players on the ground, such as Deutsche Telekom’ T-Sytems in Germany.
Amazon’s AWS, meanwhile, has been playing things a little more cooly, with chief security officer Stephen Schmidt referring to the sovereign cloud as “a marketing term more than anything else,” while pointing to the existing data residency controls it offers in Europe. Six months back, though, AWS in fact unveiled its so-called “digital sovereignty pledge,” enshrining its data control commitments into scripture.
With a combined cloud infrastructure services market share of around two-third, Amazon (AWS), Microsoft (Azure) and Google (Google Cloud Platform) are typically banded together as the “big three,” with Oracle inhabiting a space just outside which includes “other” players such as IBM and Alibaba. As with its counterparts, Oracle already offers localized infrastructure for its European customers to store and process their data, but its new EU Sovereign Cloud offering promises to extend this by ensuring all internal operations and customer support responsibilities are bestowed to EU residents too, alongside new frameworks around how Oracle stores and manages access to customer data. This includes entirely separate legal entities that have been incorporated within the European Union, and a technological architecture that exists on its own infrastructure separate to Oracle’s other commercial regions — including those in Europe.
This will be of particular importance to public sector organizations or highly-regulated businesses that have hitherto been reluctant to transition to the cloud due to sensitive data that they’re responsible for. And while it’s true that other cloud providers have been aligning themselves with the data sovereignty hype, Oracle says that one of its main selling points is that it’s making its service available to anyone that needs it, not just public sector organizations.
“This EU Sovereign Cloud service is designed for sectors and customers looking for greater control of their data within the EU,” said Jason Rees, Oracle’s head of technology engineering for the EMEA region, in a statement issued to TechCrunch. “Oracle is the first hyperscaler to offer this service for any company operating in the EU.”
It’s worth noting that despite the increased efforts from all the major cloud providers, concerns will likely always remain, with organizations electing to run their own private cloud or embracing a hybrid approach where their more sensitive workloads are kept in-house. Indeed, just because a data center region is located in Europe, it’s still ultimately owned by a company headquartered thousands of miles away, which is why there could be a sizeable market for more homegrown solutions — just a couple of weeks back, a Swedish startup called Evroc emerged out of stealth with plans to build fully localized, hyperscale data centers in Europe.
But that said, it’s clear that regulations, as well as expectations from organizations and consumers, are driving a sea-change in how companies treat their users’ data — with Europe at the center of this change.
Oracle’s new sovereign cloud is open now to organizations in all 27 EU member states, as well as global companies with data sovereignty requirements in the region, with the same pricing and service level agreements (SLAs) that are attached to its existing public cloud offering.