What is Gaia-X? A guide to the EU’s unified cloud ecosystem
A unified ecosystem of cloud and data services protected by European data laws.
Major cloud providers, like Microsoft, Amazon, Google and IBM, have dominated the public cloud market for some years now. With the cloud’s growing popularity, European companies little choice but to trust one or more of these providers, but security concerns are prevalent because the data often lives on US servers. This issue is especially true when it comes to government organizations.
German and French politicians fear losing data sovereignty and digital independence to external cloud providers, so Europe reinforced its infrastructure with the announcement of Gaia-X at the end of 2019.
The initiative is projected to boost Europe's digital ecosystem, but there is more to it than that. Below, we’ll cover all you need to know about Gaia-X.
What is Gaia-X
Gaia-X is an initiative by Europe for Europe that aims to build a unified data infrastructure - a secure, federated system protected by the European data laws, and promotes innovation while meeting the highest standards of digital sovereignty.
The system would link together various cloud service suppliers through an interoperable data exchange that acts as a warehouse for data across industries. It would also serve as a repository where businesses can find specific data services, like artificial intelligence (AI), IoT, analytics and big data.
Gaia-X isn’t a threat to Amazon, Google and Microsoft's cloud platforms, as it’s not a competitor. Instead, Gaia-X is a solution to link existing cloud services from European companies into a cohesive ecosystem.
Furthermore, the initiative also makes domestic cloud providers more visible in the national and international markets. It’ll help businesses across various industries, like agriculture, energy, finance and public service, collaborate and exchange data.
Gaia-X's primary features include openness, transparency and the ability to connect with other European countries. Representatives from seven European countries are already a part of the project. The authorities behind this initiative have invited other European partners to join the project and contribute to its development.
This open digital ecosystem will enable European companies to compete globally. Alongside the representatives, over 300 organizations from various countries are also involved in Gaia-X. The project invites more interested parties from outside Europe to contribute domain-specific technical requirements and submit new use cases.
US cloud providers' data centers are operated by their European subsidiaries and subjected to EU laws. Hence, Amazon Web Services and Azure claim and provide audited certification that data never leaves the EU data centers, ensuring data safety. However, the EU wants to be a leader in data-driven innovation, specifically in the evolving fields of AI, cloud computing and big data.
The purpose of Gaia-X poses a dilemma for the EU. According to the Gaia-X project papers, Europe currently has no prominent cloud platform, search engine or operating system. It depends on an array of infrastructure and platform providers based overseas, especially the US and China.
This dependence creates a conflict of interest, as these countries take a different stance on governing data ownership, data processing and privacy. It becomes difficult for European companies to protect their users' data when processed on US- or China-based servers that follow different data laws.
In a nutshell, Gaia-X aims to ease Europe's reliance on international cloud giants and boost businesses' reliance on home-grown solutions that abide by European data laws. Additionally, it aims to fuel cross-country collaboration by enabling enterprises to find cloud services, exchange data and work together on new digital services that enhance the EU’s digital marketplace.
How does Gaia-X work
Federated services should be based on common standards that ensure transparency and interoperability. Gaia-X addresses this requirement by aligning cloud solution providers (CSP), network and interconnection providers, high-performance computing (HPC), and sector-specific clouds and edge systems.
The initiative's mechanism works to find, combine and connect services from participating providers to create a user-friendly infrastructure ecosystem. Gaia-X identifies minimum technical requirements and services. It also includes the concept of privacy to ensure the highest standards of security requirements and privacy protection.
The technical implementation of federation services focus on the following areas:
- Implementing secure federated identity and trust mechanism
- Sovereign data services that identify the source and receiver of data to ensure access and usage right toward the data
- Easy access to available nodes, providers and services;
- Integration of existing standards to ensure interoperability and portability across infrastructure, applications and data
- Establishing a compliance framework and certification and accreditation services.
The initial set of federation services will be expanded in the future, and the roadmap is laid to accommodate any changes and align with the development of ecosystem requirements.
The rule of Gaia-X and who can join
Gaia-X is in its development phase and won't set its own policies and guidelines from the ground up. Instead, it will build on a few of the existing European rules.
A noteworthy point about Gaia-X is it allows participants to choose which data they want to share with other companies, which data they want to keep to themselves and what the data can be used for. It also allows participants to maintain data ownership, even when using it across different industry spaces.
Gaia-X allows any cloud companies worldwide, including Amazon, Microsoft and Google, to be a part of the project. However, these service providers should abide by the initiative's principles and guiding policies:
- European Data Protection: Compliance with European legislation, including GDPR, Cybersecurity Act, Free Flow of Non-Personal Data Regulation and the ability to apply different protection levels depending on the data type and use case.
- Openness and Transparency: The open data infrastructure supports transparency and standardized contracts and procedures to reduce complexity and costs.
- Authenticity and Trust: Gaia-X plans to offer a mechanism that ensures participants comply with rules regarding IT security, sovereignty, service levels and frameworks, and precise conditions for collaboration, cross-company authentication and access management.
- Digital Sovereignty and Self-Determination: Each participant can decide where their data will be stored, who can access it and why it’s accessed.
- Free Market Access and European Value Creation: The project will allow data exchange between companies, organizations, institutions, research institutes and associations to create new business models that can be further expanded in Europe.
Who is involved in Gaia-X
Twenty-two companies from various industries comprise the Gaia-X founding member's panel, including:
- Deutsche Telekom
- German Edge Cloud
- Institut Mines-Telecom
- International Data Spaces Association
- 3DS Outscale
Since Gaia-X’s October 2019 announcement, nearly 40 industry use cases for the project were submitted. According to the documents outlining the project, 170 people from around 150 companies, associations, research institutes and institutions currently contribute to the initiative.
When will Gaia-X launch
The first announcements about Gaia-X arrived in October 2019, and the completed project is expected to launch in 2021. Germany and France hope to have a prototype platform up and running by the end of 2020.
Humility in AI: Building trustworthy and ethical AI systems
How humble AI can help safeguard your businessDownload now
Future of video conferencing
Optimising video conferencing features to achieve business goalsDownload now
Leadership compass: Privileged Access Management
Securing privileged accounts in a high-risk environmentDownload now
Why you need to include the cloud in your disaster recovery plan
Preserving data for business successDownload now