France and Germany are increasingly moving in different directions when it comes to digital sovereignty in the cloud sector. Amazon Web Services (AWS) recently declared the establishment of a 'new, autonomous cloud for Europe,' which is part of a broader pattern where major American cloud providers are addressing the concerns of EU nations about safeguarding their data within European boundaries. Microsoft and Oracle have also introduced their own cloud sovereignty solutions.
The central issue revolves around whether these cloud services can genuinely be considered sovereign, particularly concerning data protection regulations like the EU's General Data Protection Regulation (GDPR). French apprehensions primarily stem from AWS being subject to US laws such as the Foreign Intelligence Surveillance Act (FISA) and the Cloud Act. AWS, however, asserts that it will challenge any inappropriate requests.
This growing disparity in how France and Germany perceive digital sovereignty has been developing over time, resulting in a decline in political support for European initiatives like Gaia-X. France's attempts to replicate its SecNumCloud standards at the EU level have encountered opposition from more liberal EU members, leading to criticism from Germany. This situation has raised concerns that Germany may be favouring American digital companies over French interests, impacting industrial dependencies and sovereignty certifications.