On 18 November, we announced that “Scaleway will not renew its GAIA-X membership. The objectives of the Association, while initially laudable, are being sidetracked and slowed down by a polarization paradox which is reinforcing the status quo, that is an unbalanced playing field. Scaleway will focus its time, money and attention on its multi-cloud product offering - a key factor of true reversibility and openness.”
Many of you asked us about the motivation behind this decision: now is the time to share comprehensive and transparent feedback on the past 18 months since co-founding GAIA-X.
Before Day 0, fully supporting the ambitions of GAIA-X, in spite of numerous challenges
Let’s first of all get back to June 2020, when the initiative was launched by German Minister Peter Altmaier and French Minister Bruno Le Maire, Scaleway being at the time among the 22 founding members.
We were indeed fully supportive of the goals expressed and endorsed at the highest political level on both sides of the Rhine, i.e “guaranteeing data sovereignty, availability, interoperability and portability” and “promoting transparency”.
Of course, we knew from the beginning that progressing all together and promoting a common vision would be an interesting challenge, due to the sheer nature of the industrial players involved: three cloud service providers in France (OVH, Outscale and Scaleway) vs. the predominance of vertical industrial players in Germany (BMW, Volkswagen, Deutsche Bank, etc.) using mostly non-European cloud technologies and services.
The objectives of the project being fully aligned with our philosophy and our multi-cloud DNA, we decided to partake in this impetus: on the one hand to strengthen the European digital ecosystem by fixing common, federating rules (i.e: rebalancing the current cloud market conditions and dynamics), and on the other to improve the uptake of cloud solutions in our continent, based on Europe’s values, practices and standards: both pillars having to go together, naturally.
Beyond my own commitment (weekly board meetings + all the underlying follow-up, preparation and coordination), almost 10 Scalers (cloud architects, business developers, communication, public affairs) got partially involved, in the first 12 months of the initiative, to build the first demonstrator featured in the 2020 GAIA-X summit, to support the technical and policy works and get GAIA-X on track. For a company of about 300/350 employees back then, the level of investment we decided to allocate to make GAIA-X fly was quite substantial.
Our assessment: we have no time to lose playing games… And reinforcing the status quo
The first few months of GAIA-X’s existence were characterized by a significant lack of understanding about its scope and objectives: some described it as an “Airbus of the cloud”, others believing it would operate a “sovereign cloud”, yet others talking about a “federation of cloud offers” or a “metacloud”. In the meantime, numerous doubts about the membership perimeters persisted: should non-European companies be allowed to become members, with or without any limitations, with or without any safeguards as to their level of commitment in the workflows?
Scaleway and I, personally, made it very clear that we would leave GAIA-X, should non-European companies be entitled to take part in the governance of the board. Believe it or not, this wasn’t a given for some; I even had to use my veto to avoid a disastrous decision being taken.
A few months later, in April 2021, when the board had to validate the applications of the so-called “day-one members” (having applied between Q3-2020 and Q1-2021), the same discussion occurred again: should we accept all applicants, coming from all over the world? It is obvious that non-European players, having a (very, too strong sometimes) foothold on the European markets, were legitimate to join GAIA-X. But couldn’t we have set up criteria to exclude companies with a third country’s government in the shareholding (e.g: Palantir, Huawei), to differentiate “entrance” and “entrism”?
Typically, we wanted to avoid a situation where such entities could, later on, claim they are key contributors, through GAIA-X, to European digital sovereignty. Looking at how GAIA-X advertised Huawei (Europe)’s contribution to digital sovereignty on Twitter a very few days ago, or considering the sponsorship structure of the last GAIA-X summit in November, I am sad to see that reality proved us right.
Accepting all the non-European dominating cloud service providers without any limitation had a significant impact, probably not anticipated enough: once they joined the technical committees, these dominant entities and their “tech diplomats” flooded other contributors with orientations, requirement proposals and comments that, individually or collectively, the European collective could not possibly cope with, thereby introducing structural bias in the standard-like elaboration process. The risk being, therefore, to create standards favorable to the already dominant players, and not echoing the needs, expectations and challenges of the diverse local technology suppliers throughout Europe. We see similar patterns in a number of similar organizations; the interests of the major players end up being protected while innovative yet contradicting orientations tend to be muffled.
A recent Synergy research group study laid out that, in the past four years (2017-2021), the European market share of European cloud service providers declined from 27% to well under 16%. Amazon, Microsoft and Google would now account for some 70% of the same market share - and “their share continues to steadily rise”.
While the Digital Markets Act is being successfully negotiated by the EU institutions to strictly regulate a great deal of gate-keeper behaviors in the digital markets, it would be somehow inconsistent, through GAIA-X, to put in place new entry barriers for our local ecosystem.
Regrettably, the renewal of the board last June did not send promising signals in terms of proper representativeness of the European cloud and digital ecosystem: the board now has only one cloud service provider (OVH), since neither Outscale nor Scaleway were reelected, nor Aruba, but four telecommunications operators are now in. Three trade associations have joined the board (CISPE, Digital Europe, Bitkom), giving their non-European members direct access to the political governance of the association. Also, as compiled in this table, the board is now composed of European industrial stakeholders mainly using non-European cloud technologies, which is not neutral in terms of decision-making orientations. Last but not least, no SMEs, software or open source companies are part of the board, leaving a whole part of the digital environment in the shadows.
When the initial ambitions of GAIA-X get diverted…
Again, as a founding member, we were 110% supportive of the initial ambitions of GAIA-X. We cherish the high-level principles underpinning GAIA-X’s activities, and our primary goal has been to avoid, as this is so often the case with green-washing, being faced with interoperability, portability or sovereignty-washing - while the related requirements would become “golden standards”, at EU and national levels.
More concretely, when we read the intentions behind the strictest level of label that GAIA-X members have been iterating on, we can only express concern at how those notions are being handled and (vaguely) defined:
“This level targets the highest standards for data protection, security, transparency, portability and flexibility, as well as European control. It extends the requirements of Levels 1 and 2, with criteria that ensure immunity to non-European laws and a strong degree of control over vendor lock-in. A service location in Europe is mandatory. For cybersecurity, the minimum requirement will be to meet ENISA European Cybersecurity Scheme Level High”.
Typically, the notion of “extraterritoriality” is not mentioned, “European control” is a meaningless concept (or, on the contrary, it can have a plurality of meanings...). The link made with the requirements of the “ENISA European Cybersecurity Scheme Level High” is more than welcome. Nevertheless, we fail to understand how some non-European actors, fiercely opposed to high level of ambition for this certification scheme could, suddenly, support a reference to that within GAIA-X? Would they bet on the failure of ENISA (and Member States)?
The same goes for the ambition of “strong degree of control over vendor lock-in”: this wording has surely been the result of intense negotiations but, as it stands - it makes you wonder how far GAIA-X will go to solve the lock-in phenomena encountered in the market. “Control” does not mean “mitigation”, which should be a key target if we collectively want to rebalance current oligopolistic cloud market conditions, which are detrimental both to European suppliers and to cloud users. In addition, we have seen how voluntary codes of conduct developed by the SWIPO association, to facilitate switching and porting, have not had any impact in reality: Google and Microsoft have not declared adherence to any services, and AWS did for just three of them.
Meanwhile, a crucial angle remains uncovered: data extraction costs, also known as “egress fees”. Indeed, our market experience leads us to fully share this assessment of the judiciary committee of the US House of Representatives in October 2020, noting that “lock-in exists because switching costs for cloud computing customers are high”.
The longer we wait to introduce changes to this situation, the more “surpassing the incumbents in the market will be challenging because of the potential for vendor lock-in”, according to the same US official report. After the lack of impact of the SWIPO codes of conduct, developing a new kind of self-voluntary approach through GAIA-X, focusing on technical requirements, will only be a way to preserve the status quo. We need hard law, at EU level, to progress toward greater data portability, to make our clients’ freedom of choice effective and sustainable from a financial perspective, and truly enhance free flow of data on the European continent.
We have also been regularly puzzled by a very specific way of envisaging transparency and trust, in the context of GAIA-X governance process and working procedures, making it all the more time-consuming and complicated to follow and contribute proactively to GAIA-X activities.
...Scaleway commits to building the cloud that makes sense in Europe in accordance with the founding principles of GAIA-X!
One may say that “leaving the organization will not help to have leverage”: well, de facto, for months, we had no leverage anyway. How can a 400-person company handle some 100 meetings per month, with no overarching visibility, and get properly involved, when mobilizing even 1% or 2% of our total company’s workforce, full-time, would not even be sufficient?
This whole situation creates for us what I refer to as as a “paradoxical injunction”: European cloud service providers are often blamed for being “late”, not “competitive enough”, “lagging behind in terms of innovation”: all these assumptions are highly questionable, but one thing has become clear for us: in a European tech ecosystem consisting of a wide range of small- and medium-sized companies, all operating in adverse conditions, setting up a cloud "Adminotaur" cannot be the best way to boost the visibility of these players' industrial and engineering know-how.
On our side, our choice is clear - 2022 will be a year to focus on:
- Delivering the promise of GAIA-X today vs. in 2023: by delivering multi-cloud enabling products and strategies, Scaleway is effectively already delivering the values of GAIA-X today, through interoperable and reversible workload orchestration with Kosmos (a multi-cloud Kubernetes control plane) or with our multi-cloud Load Balancer. While GAIA-X pledges to redefine data sovereignty its own way to take it to the next level within 18 or 24 months, our clients can rely on our sovereign cloud stack, up and running for years: from the data centers we own and operate in the Paris region, the physical infrastructure (compute power and storage) to the software infrastructures (IaaS and PaaS) we develop in-house, our commitment to your sovereignty is crystal clear: minimal level of dependencies, maximum level of data protection.
- Velocity in innovation & product development: with our 40 products, we are able today to meet some 80% of market needs: compute, storage and networking power. Public cloud markets are growing at an unprecedented pace, up to 30/40% annually… Our strength, to regain market share (and not only increase our volume of sales), lies in our capacity to move quickly. This hasn’t been the GAIA-X way thus far; this does not reflect how our markets are currently evolving.
- Impacting actions, to challenge the status quo: in order to clarify our positioning, we took also the decision to leave organizations we were part of, where no leverage in line with our values was effective, be it in terms of sovereignty, interoperability/portability, competition or environmental policy goals: this is the case for the Cloud infrastructure service provider in Europe association (CISPE), or with SWIPO, for the reasons mentioned above.
- Working with and shaping new coalitions, such as EUCLIDIA, along with alternative European players, with and for the European tech ecosystem; to make our alternative voice heard, to enable public law-makers understand the beauty of cloud technologies and markets’ complexity, and to demonstrate that it is possible, all together, to build “a cloud that makes sense” to foster the digital transformation and resilience of our economies.
- Leading (even more) by example on the transparency and environmental side, to keep up with our commitment to become the most environmentally efficient and transparent cloud worldwide. We are convinced that our radical approach to transparency is a source of positive externalities, and it is definitely generating trust. We owe it to our clients, to our public institutions, but also to the overall society and to the next generations.