21 March 2023

On 21 March, EIF organised a debate hosted by Pilar del Castillo MEP on how to navigate the EU cloud regulatory landscape and the related challenges. The MEP was joined by the following guest speakers:

Pearse O'Donohue, Director for the Future Networks Directorate, DG CONNECT, European Commission
Anne Leslie, Cloud Risk and Controls Leader Europe at IBM Cloud for Financial Service
Nassima Auvray, Chief Trust Officer, Orange Business
Amal Taleb, Director of Public Affairs, SAP

Navigating the EU cloud regulatory landscape

MEP Pilar del Castillo, in her opening remarks, stressed that in the Data Act – recently voted in the Plenary – there is a piece of regulation on clouds. Then, she highlighted the importance of seeing the cloud regulatory landscape in the context of the strategic sovereignty in Europe. This should be something to stimulate the European Union in terms of innovation while avoiding a protectionist narrative.

The European Commission representative, Pearse O'Donohue, emphasised that a free and effective switching between cloud providers is essential for promoting competition and innovation. According to him, the risk of vendor lock-in is an inhibitor to cloud adoption in Europe. Mr. O'Donohue defined the EU Cloud Rulebook as a consolidation of existing rules and best practices from the industry, including technical standards and codes of conduct. Only 41% of EU enterprises use cloud computing, therefore it is necessary to promote cloud adoption among EU enterprises. As the cloud is a key enabler for a lot of technologies, data processing should not be centralized in large data centers, but in cloud and edge facilities close to the user even to reduce the carbon footprint of the sector. In terms of security, the Commission strives to avoid new silos of national laws and to ensure that the European market is trusted for data and cloud services. In the end, he mentioned the European Alliance for Industrial Data, Edge and Cloud which aims to foster the development of new technologies and services while promoting competition and growth.

Anne Leslie explained her role at IBM in helping European financial institutions migrate to the cloud. Financial institutions face challenges in balancing regulatory compliance, privacy, security, and operational decision-making. Cloud technology is essential for financial institutions to remain competitive and innovate, but there is currently decision inertia and fear regarding cloud migration. There is a need of new models of engagement, in which competitors can work together to improve cloud security, risk management, and operational resilience testing. She presented the IBM Cloud Council as an example of stakeholders from different institutions working together to find a mutually beneficial way forward. In the end, Ms. Leslie expressed support for initiatives that simplify and harmonize cloud standards and frameworks, without compromising target outcomes such as privacy, security, and consumer trust.

Nassima Auvray presented Orange's challenges in the EU cloud regulatory landscape. She highlighted three key points: Orange's positioning on cloud evolution; the practical implications of digital sovereignty in providing cloud services; the issues around regulatory trends on cloud at the EU level. She mentioned the Telco Cloud, a paradigm shift for telecom operators, that combines software-defined networking, network functions, virtualization, cybersecurity, and cloud-native technology into a distributed computing network. Digital trust and digital sovereignty are emerging as required components for cloud. However, it is important to maintain operational autonomy, guarantee respect for the confidentiality of data and activities, as well as comply with EU regulations that promote transparency, interoperability, and data protection. Ms. Auvray welcomed the objective of the Data Act to reduce barriers to switching from one cloud service to another and to address issues stemming from vendor lock-in bargaining power and transparency.

Amal Taleb, from SAP, emphasised the importance of reducing market fragmentation and creating a real single market in the EU. She acknowledged that customers from both the private and public sector request localizations and compliance with national requirements regarding cloud services. Diving into the legal landscape for companies operating in the EU, she underlined that established companies like SAP have no issues in complying with the DSA and DMA. Although EU regulations are helpful in creating a coherent market in Europe, they represent a challenge for startups willing to enter the EU market, especially in terms of intellectual and financial burden. Furthermore, there is a risk of fragmentation as different member states may interpret and apply the provisions within the regulations due to legal or technical differences. Ms. Taleb concluded by stating that the legal landscape in Europe is continually evolving, and more coherence is needed among the regulations.

  • #CLOUD


  • Roundtable discussion on an EU-US common approach on digital regulation
  • 1:19 EIF in 2022-2023: video recap
  • 1:55 #EIFasks - Victor Negrescu MEP on the EIF visit to Israel 2023

Related content