GAIA-X: Strengthening privacy and security with new standards and certifications

If you’re not familiar with the term, GAIA-X is a consortium of representatives from European business, science and government. Together, they are working to create the next generation of a European data infrastructure: a secure, federated platform that meets the highest standards of digital sovereignty while promoting innovation.

Currently, its members are finalizing the standards for a European trusted cloud based on common technical protocols and ethical requirements that align with Europe’s GDPR data protection regulations. This huge project will result in the first GAIA-X certified solutions by the end of this year.

The objective is for European players to soon be able to rely on a catalog of services that meets a set of criteria and specifications in which they can have confidence. The labelling will consist of several levels, the highest of which is intended for the most sensitive and strategic data with applications in the defense sector and the civil service.

The focus is on data sovereignty, through the establishment of a legal framework guaranteeing the transparency of cloud service providers — particularly regarding the jurisdictions under which the data is placed. The trusted cloud will require cloud service provider platforms to be hosted in Europe. Similarly, their headquarters and teams must be based on the continent and not subject to the laws of non-EU countries.

What happens in Europe stays in Europe

Like the SecNumCloud security label issued by France’s National Cybersecurity Agency (ANSSI), the GAIA-X criteria will prevent strategic European data from being subject to the laws of countries outside Europe. The CLOUD Act (Clarifying Lawful Overseas Use of Data) in the United States is of particular concern, since it allows law enforcement and intelligence agencies to access data from American cloud service providers, even when hosted on servers in other countries.

At the same time, the new criteria will increase transparency on the use of personal data, which is regularly questioned by the news. The latest example: in May, some associations referred the matter to the CNIL (an independent French administrative regulatory body whose mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data) to obtain details about the activity of the American company IQVIA, accused of collecting then selling the health data of French pharmacy customers.

The participation of American and Chinese players (like Google Cloud, Amazon Web Services, Alibaba Cloud, Huawei, etc.) in the GAIA-X consortium will not jeopardize these principles. Although they are in the minority (92% of the consortium's members are European), foreign companies will be able to apply for the certification in compliance with the rules that have been defined, for example by relying on European players.

We have a role to play as a trusted partner operating these platforms in a framework that respects the GAIA-X standards. Atos cybersecurity and decarbonized solutions and our range of servers produced in France will be very useful in this respect, because they guarantee the security and protection of data throughout the value chain and its lifecycle.

All on the same page

Beyond data protection, the harmonized technical standards for cloud services that GAIA-X has established aim to facilitate data sharing between companies within each sector (finance, energy, mobility, etc.), which is still too often hampered by technological barriers. We need to put an end to vendor lock-in and encourage communication between different providers — for example, allowing customers to move from Microsoft to OVHcloud or Google to AWS without any problems. In other words, the goal will be to ensure portability (the ability to retrieve and transfer data to another service) and interoperability (the ability of digital services to communicate with each other).

The emergence of a secure European Edge/Cloud continuum with full interoperability will benefit many applications that must be able to communicate with each other, such as autonomous vehicles, charging stations for electric cars or fraud management platforms in the banking industry.

From smart grids to fraud detection, the use cases are coming

Many major use cases in data spaces as diverse as agriculture and defense have already been identified. GAIA-X members are now developing the first prototypes and business models by creating consortia that will carry these projects. Funding provided by EU member states and the European Union will help accelerate this work.

Athea is a sovereign platform that mobilizes an ecosystem of partners (companies, startups and research organizations), combining massive data processing and artificial intelligence for the defense and homeland security sectors.

We have been contributing to the Campus Biotech Digital alongside Microsoft and IBM to develop a training platform in the field of biomanufacturing. We are increasingly moving from a monolithic model where each company develops its products using traditional competition mechanisms, to a digital platform economy where manufacturers and startups will work together to meet common challenges.

Artificial intelligence (AI) is a key element in the prototyping of the first use cases, both in the energy sector where the priority is developing smart grids and optimizing electricity flow management, and in the financial sector, to optimize the detection of fraudulent transactions. The same goes for the health sector, where algorithms are a valuable tool in the detection of rare diseases and the prevention of cardiac pathologies.
This vision is supported by a strong environmental focus, whether through a data space dedicated to the "Green Deal" working to decarbonize industries, or across other sectors like renewable energy, sustainable mobility and sustainable finance.

For those of us who are deeply involved in helping European organizations leverage data to advance scientific research, connect with customers, or provide innovative new products and services, this is an exciting development. GAIA-X is devoted to making European business more competitive, serving the public better, and protecting the privacy of our citizens.

We will see the first demonstrators later this summer, and the first services will follow at the end of the year, so stay tuned. There will surely be lots to talk about!

Topics

• Cloud
• Cybersecurity
• Data & artificial intelligence
• Ethics & digital society