The European open cloud and data infrastructure project Gaia-X, which aims to help European organizations break free of the dominant group of American and Chinese cloud vendors through an authorized set of services protected by European data laws, continues to face serious challenges and delays two years after its 2019 announcement.
The most recent progress was the establishment of the federation services. “Gaia-X is a key project for Europe’s competitiveness and digital independence,” said Thomas Jarzombek, Germany’s commissioner for the digital economy and startups, in a statement. “With the establishment of the so-called federation services, the technical heart or operating system of Gaia-X, the next milestone has been reached. The requirements have now been defined and are now being implemented in open-source code. This way, all services of Gaia-X will be connected to a transparent and open system according to European standards.”
Still, the project is more than a year behind schedule, and criticisms over its direction and management are mounting.
The Gaia-X plan
The foundational Gaia-X Federation Services were announced in May 2019 as:
- The Identity & Trust Services, which include authentication and authorization, credential management, decentralized identity management, and the verification of analog credentials.
- The Federated Catalogue, which will bundle all offers from authorized providers to help users find the right service for them.
- The Sovereign Data Exchange Services, to regulate the negotiation of data contracts over the network and enable the enforcement of common data usage policies.
- The Compliance Services, to define onboarding policies and continually monitor the compliance of providers and services to be offered to Gaia-X users.
These services are intended to form the foundation of the project, which aims to link existing cloud data and infrastructure ecosystems so companies retain sovereignty and control over their data and have more transparency and choice over which platforms and cloud resources they use to collaborate with partners, all while avoiding vendor lock-in.
The result should be a “federated and interoperable overall ecosystem in which participants can use data and services sovereignly across sector-specific data spaces,” according to ECO, the Association of the Internet Industry, the Germany-based organization tasked with project management for Gaia-X.
The next step for the project is to invite tenders for partners to implement these specifications in source code and create a reference implementation, which is to be open-sourced and available to all interested parties. The first functional services should be available by 2022.
While the basis of Gaia-X is still currently being worked on, some IT vendors aren’t waiting around. For example, Hewlett Packard Enterprise (HPE) has put together its own solution framework for Gaia-X, which is intended to support companies, service providers, and authorities intending to work in a decentralized environment such as Gaia-X. HPE also announced that it will provide a roadmap service for Gaia-X, to help customers assess their Gaia-X readiness.
Gaia-X is behind schedule and seeing increased criticism
Despite the progress around Gaia-X, there is still a lot of sand in the gears in the European cloud project. It lags far behind schedule—the first Gaia-X services should have been available by 2021, for example. The establishment of the Gaia-X umbrella organization needed to legally commence operations, the Association for Data and Cloud (AISBL) also dragged on. It was not until February 1, 2021, that the Gaia-X AISBL was entered in the Belgian commercial register.
Behind the scenes, meanwhile, there are still many discussions about the sense and purpose of the project. For example, the involvement of the large cloud hyperscalers from the US and China (Microsoft wants to be a provider, for example) is cause for some controversy given Gaia-X’s goal of being an independent European cloud. Palantir’s membership in the project has also raised concerns about its data-mining activities and close ties with US intelligence organizations in a cloud meant to be private and sovereign. And the sheer number of contributors—with some reports putting the number at 500—is slowing down crucial decision-making.
Meanwhile, two Gaia-X members, Capgemini and Orange, have begun building their own “cloud de confiance” (“trusted cloud”) to create a sovereign cloud for government purposes in France. Their Bleu effort is ultimately supposed to join the Gaia-X initiative.
Due to the technical and logistical delays and other controversies, the critical voices are getting louder. “We have to make the European cloud project Gaia-X a success so that an ecosystem emerges that triggers demand,” Deutsche Telekom CEO Timotheus Höttges told the German news channel Welt.
In the meantime, many companies that had started the Gaia-X adventure with a lot of enthusiasm seem to have become disillusioned. German newspaper Handelsblatt reported in April 2021 that many startups have complained about too much bureaucracy at Gaia-X. The European cloud project was becoming increasingly complex and threatened to overwhelm companies, it said.
“Overall, it is not easy for companies to navigate Gaia-X and get the information they need,” the paper quoted Ronny Reinhardt, who heads business development at the startup Cloud and Heat, as saying. The project needs to make it more transparent “what the current status is, who is working on what, and how you can get involved as a company.”
In addition, the work on the project has become so formalized that it has become very time-consuming for everyone, complained Lars Francke, founder of the startup Stackable. In addition, there is the perception that large corporations have now taken control of Gaia-X development, said Christian Berendt, CEO of the cloud service provider 23Technologies.
Henrik Hasenkamp, head of Gridscale, a developer of operating systems for data centers, criticized the approach to Gaia-X as too bureaucratic. He said there is often abstract discussion about European data sovereignty, but little about what concrete benefits the customer should get. “Too much PowerPoint, too little action” is how his colleague Francke summed it up.
Martin Bayer is deputy editor-in-chief of IDG Germany’s Computerwoche. This article was translated from its original German on Computerwoche.de.