Germany’s ‘sovereign cloud’ is coming—and it’s provided by Google
Germany has, along with France, been a driving force behind Europe’s quest for cloud “sovereignty.” When the countries announced plans for a European cloud network called Gaia-X a couple of years back, the idea was for European enterprises not to have to rely on foreign providers for the foundations of their online services and internal data-wrangling.
Now Germany is getting a “sovereign cloud” that will target sectors such as automotive and health care, along with the public sector, when it launches next year. It will be run by T-Systems, the Deutsche Telekom–owned systems integrator that is one of Gaia-X’s founding members, in partnership with the distinctly non-European cloud giant that is Google.
It is not clear how Google and T-Systems’ sovereign cloud might relate to the Gaia-X network, which is supposed to offer interoperability between participating providers, which include Google as well as Microsoft and Amazon. (The idea of keeping U.S. companies out did not last long; a fact that has particularly irked the French.)
Google said just over a week ago that it would invest $1.2 billion in its German cloud infrastructure over the next decade, and Google Cloud CEO Thomas Kurian reiterated Wednesday that the American tech giant was “committed to helping enable Germany’s digital transformation.”
The sovereign cloud from Google and T-Systems, he said in a statement, “will provide public- and private-sector organizations with an additional layer of technical and operational measures and controls that ensure German customers can meet their data, operational, and software sovereignty requirements.”
The term “data sovereignty” means more than just data localization, which is the practice of storing data from a certain country’s citizens or government in that country itself. This is something that countries such as China and Russia mandate, and that the less-authoritarian EU at least tries to encourage through its General Data Protection Regulation (GDPR), which places strict conditions on exporting personal data outside the union.
Data sovereignty is also about who gets to access the data—a particularly hot topic when it comes to American cloud providers. That’s thanks to the U.S.’s 2018 Cloud Act, which gives U.S. prosecutors access to data stored by those providers in foreign data centers, and to a ruling by the EU’s top court last year that threatens transatlantic data flows because of the U.S.’s invasive online surveillance practices.
Under T-Systems and Google’s new arrangement, T-Systems will handle things like customers’ encryption and identity management, and both companies will have to supervise any access to their joint facilities in Germany. T-Systems will be able to scrutinize Google’s software updates before they are deployed.
This will be a public cloud physically separate from the Google Cloud that German companies can already use, but the providers are promising “full public cloud scale as well as version and feature parity to [the] global network.”
“Even stricter compliance requirements for public sector institutions will be addressed,” T-Systems CEO Adel Al-Saleh said in the statement. “We are happy that we’ll be able to offer customers a cloud solution that is secure and sovereign, but also gives access to the innovation and scalability of Google Cloud in Germany.”
Al-Saleh said Austria and Switzerland were being considered for similar upcoming projects.
Second time lucky
This is not the first time T-Systems has tried such an offering; the last time was in 2015, with Microsoft as the partner.
At the time, Microsoft launched new data centers in Germany that were controlled by T-Systems, which acted as a “data trustee.” Under that structure, Microsoft was unable to access the data without customers’ permission, and T-Systems got to supervise access when that permission was granted.
However, updates to the service lagged behind those of Microsoft’s standard Azure cloud-infrastructure platform. The German-specific service was more expensive than regular Azure and reportedly harder to use. Microsoft axed the offering in 2018.
A couple of weeks ago, T-Systems announced a “cloud privacy service” for Microsoft’s public cloud users in Germany, encrypting data before it hits Microsoft’s servers and decrypting it on the return journey. Meanwhile, Microsoft has reportedly proposed a sovereign cloud for Germany’s federal and other governments.
Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.