The EU Commission just created something that didn't exist before: a way to actually measure digital sovereignty
-
The EU Commission just created something that didn't exist before: a way to actually measure digital sovereignty.
Their new SEAL framework rates cloud providers 0–4. No US hyperscaler won a lead contract. €180M goes to OVHCloud, STACKIT, Scaleway, Proximus.
The quiet part: SEAL-2 minimum means your provider can't be compelled by foreign law to hand over your data. Most winners hit SEAL-3 — immune to non-EU supply chain disruption.
This is procurement policy, not rhetoric. It will cascade.
https://commission.europa.eu/news-and-media/news/commission-advances-cloud-sovereignty-through-strategic-procurement-2026-04-17_en
#DataSovereignty #SovereignCloud #EU #Privacy #FOSS -
The EU Commission just created something that didn't exist before: a way to actually measure digital sovereignty.
Their new SEAL framework rates cloud providers 0–4. No US hyperscaler won a lead contract. €180M goes to OVHCloud, STACKIT, Scaleway, Proximus.
The quiet part: SEAL-2 minimum means your provider can't be compelled by foreign law to hand over your data. Most winners hit SEAL-3 — immune to non-EU supply chain disruption.
This is procurement policy, not rhetoric. It will cascade.
https://commission.europa.eu/news-and-media/news/commission-advances-cloud-sovereignty-through-strategic-procurement-2026-04-17_en
#DataSovereignty #SovereignCloud #EU #Privacy #FOSSExcellent news, but probably worth remembering that the US Cloud Act came into force in 2018 and our govts have only recently taken precautionary measures.
Wondering whether this a response to digital sovereignty and security or a function of the USA being considered to be more of a hostile state than previously?
-
Excellent news, but probably worth remembering that the US Cloud Act came into force in 2018 and our govts have only recently taken precautionary measures.
Wondering whether this a response to digital sovereignty and security or a function of the USA being considered to be more of a hostile state than previously?
@ReggieHere you're right to call out the timeline. The CLOUD Act is from 2018. The EU flagged the conflict with GDPR immediately — then did nothing for 8 years!
-
R relay@relay.an.exchange shared this topic
-
@ReggieHere you're right to call out the timeline. The CLOUD Act is from 2018. The EU flagged the conflict with GDPR immediately — then did nothing for 8 years!
Exactly. There was a lot of news around this last year when Microsoft lawyers conceded in the French and Swiss courts that they could neither deny a Federal request for data nor inform the data owners, but that was pretty obvious from reading the Cloud Act.
I'm curious about whether Trump's presidency has shifted Europe's relationship with the US, or whether it simply took that long to negotiate European bureaucracy or extract an honest answer from MS.
Sensitive Data and Cloud Act: Microsoft France Admits It Cannot Oppose an American Injunction
On June 10th, Microsoft France was heard by the Senate inquiry commission on the effective costs and modalities of public procurement. The company's representat...
ActuIA (www.actuia.com)
-
Exactly. There was a lot of news around this last year when Microsoft lawyers conceded in the French and Swiss courts that they could neither deny a Federal request for data nor inform the data owners, but that was pretty obvious from reading the Cloud Act.
I'm curious about whether Trump's presidency has shifted Europe's relationship with the US, or whether it simply took that long to negotiate European bureaucracy or extract an honest answer from MS.
Sensitive Data and Cloud Act: Microsoft France Admits It Cannot Oppose an American Injunction
On June 10th, Microsoft France was heard by the Senate inquiry commission on the effective costs and modalities of public procurement. The company's representat...
ActuIA (www.actuia.com)
@ReggieHere I would be surprised if it was an either/or situation. Seems very likely to have been elements of both.
Microsoft in particular has for a very long time been seen as a default, "of course they're trustworthy" level contractor. In a non-trivial number of cases that's probably still so. Very few will truly question a choice of the default, "everyone uses them" provider. Suggest something else, though, and suddenly you're taking on a lot of responsibility.
-
R relay@relay.mycrowd.ca shared this topic
