EU Commission’s integration of Oracle Cloud raises concerns over Cloud security consistency
EU Commission’s inclusion of Oracle Cloud Infrastructure in its offerings sparks questions about cloud security strategies and its dedication for digital sovereignty.
The inclusion of Oracle Cloud Infrastructure services in the European Commission’s offerings has raised doubts about the consistency of its cloud security strategies. The decision by the EU executive to enter a six-year framework agreement with Oracle, allowing this US-based company to offer cloud services to EU institutions, has sparked questions about its dedication to digital sovereignty. Even though the Commission justifies this decision as part of its ‘multi-cloud strategy,’ it contradicts its push for technological sovereignty and the European Cloud Services (EUCS) certification program, which mandates that cloud service providers be ‘controlled’ by a European entity.
Why does this matter?
The Commission’s attempts to introduce sovereignty requirements have encountered resistance from industry and several member states. Furthermore, the French SecNumCloud certification scheme is losing traction within the EU, as the restrictions on non-EU ownership of cloud service providers are being abandoned across Europe. Some individuals express worries about American hyperscalers gaining access to European data, potentially imperilling the EU trade secrets and industrial knowledge. This situation underscores the intricate challenges of attaining cloud security and sovereignty in the European context.