Speech - A cloud for Europe
European Commission
Neelie Kroes
Vice-President of the European Commission responsible for the Digital Agenda
A cloud for Europe
Cloud for Europe conference /Berlin
14 November 2013
To add your comment to this speech, see the social version of the speech here
Cloud computing offers a massive boost for Europe.
For every business, value-for-money, flexible IT services: just what the most dynamic, innovative companies need.
For every European, a locker to store their favourite online material. With instant secure access whenever, wherever, on any device.
For every government, the chance to offer integrated, effective public services that serve every citizen, without costly contracts.
No wonder the cloud is worth hundreds of billions of euros to the European economy.
The news recently has been very focused on security and privacy. Those revelations are astounding, we must respond, and we must protect ourselves. But this does not mean turning our backs on a huge opportunity.
The EU's leaders realise this. At the recent European Council, they saw the importance of cloud computing. They agreed the EU needs a single cloud market, with high standards for a cloud that is secure, high-quality, reliable. And they explicitly asked the European Cloud Partnership to help put Europe at the forefront.
Such a strong push from the highest level is an unprecedented opportunity for all of us: now we must respond. But how?
First, we can develop new inter-operable cloud infrastructure across the continent. For me a European cloud does not mean a new centralised European super-infrastructure. Our role is rather to federate and enhance national, regional and local initiatives. Allowing people, products and services to freely circulate without borders and barriers. That is what we have recognised in our recent proposals for a connected continent. With a single market for the telecoms networks that underpin connectivity. And it also applies to the services that run online. Like a single cloud market for Europe.
Already many Member States are consolidating isolated data centres into national clouds. But how about more ambition? What about joint pan-European cloud storage? What if we had public sector systems working across borders, for more resilience, better services, and greater economies of scale?
We can start today: concretely. Through the Connecting Europe Facility, we can already support the key building blocks that enable pan-European services, like electronic invoicing and e-signature. And I am delighted that the legislator has now agreed the legal base for that investment.
Second: we can boost demand. Particularly from the public sector, about one fifth of the market. Today, we officially launch the platform for public sector cooperation with this "Cloud for Europe" initiative. This is an enormous step forward.
Working together — industry and governments, researchers and standards bodies — we can bring down barriers, build trust, and take off into the cloud. I am very much looking forward to the results.
We need to analyse those barriers, before we can remove them. Really understanding problems like compliance, risk management, liability, audit and so on.
Much of this was set out in our cloud strategy last year, and in some cases will soon bear fruit. Like mapping out standards as ETSI is doing, or ensuring technical security requirements are mapped onto certification as ENISA is leading, model "service level agreements", and safe and fair contract terms.
As you may know, last week we have proposed the first Horizon 2020 work programme (for the next two years). We are using a new instrument there to subsidise joint public procurement for innovative cloud services (a so-called PPI).. This will be concrete progress, moving from joint experimentation to joint implementation.
Third, we can boost supply. In H2020 2 we have set out the EU's plans for research and innovation funding over the next two years. And you should use that chance. Identify those "first mover" applications that matter, where you can come together. From generic services to specific applications like culture or education. And Horizon 2020 also supports research and innovation into security and privacy in the cloud, so that European suppliers can offer the best technology, and guarantee the highest standards of protection.
Fourth, we need to restore trust and transparency.
As I said on Monday at the Bonn Cybersecurity Summit: recent allegations on online spying are indeed shocking.
But let's not confuse issues: issues like data privacy and data integrity are distinct and should be treated as such. And nor should we be naïve, or sit there stunned like a rabbit in the headlines.
Rather: let's respond proportionately, let's protect ourselves, and let's rebuild trust and confidence.
That starts with basic transparency for cloud users. What am I buying? Will the performance meet the promise? What happens if the service goes down? Standards and certification can help in that context: and we are working to provide more clarity and transparency in Europe.
But it goes beyond that: including clear undertakings about how data will be used. Has my data been breached? Who can look at your data, when, and why? Will I be told if it's breached? Exactly when can governments access data? And when, if ever, might personal data be transferred outside the EU?
We need providing those details to become the norm when you're buying cloud services. And particularly for activities beyond the EU's borders.
Indeed our cloud strategy already identified what we need to do: now let's do it. I am talking about the review of standard contractual clauses about transfering personal data overseas and the Binding Corporate Rules the cloud industry is working on. I am pleased that the cloud will be dealt in the forthcoming EU-US trade agreement. These are all positive steps forward.
Fifth, we need to make the most of our single market.
Because a European cloud is not just about infrastructure: it is about a strong and consistent European framework.
A uniform legal base for data protection is an important part of that. And you'll know that we are making good progress.
And in parallel we are working well with the industry on a code of conduct for data protection in the cloud for endorsement by Data Protection Agencies. This work we will complete during this current mandate; that is by mid-2014..
A uniform code matters because our ultimate goal is to embrace the single market. National limits and restrictions are not the way to bring the cloud boost to our citizens and businesses. Even less the way to conquer the global market.
But this is about more than personal data protection. We need information to flow easily and safely, creating value and enabling new services without endangering privacy.
This is not about sharing data as such. It's about creating a common data space with common rules, common policies, common protections, enabling services to work across borders. Many sectors, many industries remain unaware of the power of the cloud for growing their businesses on a continental basis. From banking to tourism, from music to healthcare, there are so many opportunities just waiting to be grabbed.
And I am clear: we should not impose national limits and restrictions to chain down our data. Nor use yesterday's tools, impose yesterday's models, to fix tomorrow's problems. Those are not the way to bring Europeans the cloud boost. Even less the way to conquer the global market.
We don't need national mini-clouds, we need a European cloud that is trustworthy, secure and ambitious.
We aren't there yet. There are many barriers to data flows within Europe. We need to identify them, figure out how you might dismantle them, and look at the costs and benefits.
People have a choice about whether to seize these opportunities: companies have a choice about where to locate.
Systems need to be secure: but without a dynamic market, without choice, quality and economies of scale, people won't use these at all. Or they will just go overseas to get them. And that is the opposite of what we want.
So let's set off on the right path.
Let's take down the barriers that our single market faces. Let's develop the technology that will enhance our competitiveness. The twin forces of technology and trade can bring about more innovation, more security, and more opportunities.
Those are my five steps up to a European cloud. Investing in key pan-European service infrastructures. Stimulating demand through government procurement, and supply through research and innovation. Building trust and transparency. And developing a single market for data, where economies of scale stimulate a vibrant dynamic market, and European solutions.
Europe has a great opportunity now: to become the home, the world's leader, in trustworthy cloud computing.
The European Council has given us momentum: let's use it.
So I am pleased that the industry is supportive and committed. Let's lead the world with services that perform, data that is protected, systems that are secure.
Thank you.