- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
European cloud project Gaia-X is stuck in the concept stage
Too many of the participants in the European cloud project Gaia-X are pursuing their own interests and diluting the concept, Volker Pfirsching told CIO.com’s sister publication Computerwoche in a recent interview. Pfirsching is a partner and member of the Central European management board at management consultancy Arthur D. Little, where he also heads the company’s global Digital Competence Center.
In this interview, he explains that while key members are pulling out, and that funding isn’t flowing as planned, this may not be the end of GAIA-X yet, but just a cleansing effect.
Computerwoche: The European cloud project Gaia-X — the representatives of which prefer to call it a secure European data infrastructure — has been quiet. Is it possible that it will join one of the many European IT initiatives that ultimately come to nothing?
Volker Pfirsching: At the very least, Gaia-X is one of those projects that started with a good idea but then failed to reach critical mass or really take off.
Like the idea of a European search engine? Or the European Payments Initiative? Or De-Mail in Germany?
Pfirsching: You can certainly draw these comparisons. Gaia-X actually got off to a good start, and that was appreciated by everyone involved. The aim was to use cloud infrastructure in a way that was as legally compliant and data protection compliant as possible. The problem is well known: If a European company has reached a certain size today and pursues a cloud strategy, it can hardly avoid the US hyperscalers such as Amazon, Microsoft, Google, and IBM. So, it’s currently operating in an uncertain legal space in terms of using data in infrastructures with servers in the us or other countries outside the EU.
That’s why Gaia-X, with its idea of enabling legally secure cloud use, was generally viewed favorably. However, there was also a communication problem right from the start. Gaia-X was never intended to be an alternative to the offerings of US cloud providers. However, many understood it that way: With Gaia-X, you can buy data sovereignty in Europe — just as you can with AWS, Microsoft, and Google. This misunderstanding has lasted a long time, and disillusionment quickly set in after the initial wave of euphoria.
What is Gaia-X really all about?
Pfirsching: Gaia-X has pursued the goal of creating a common basis or a common set of rules for legally compliant data use in the cloud. As more and more members, large and small, joined the ecosystem, the goals became increasingly blurred. Today, it is a loose association that, in my view, operates too much at the meta level.
There is still an attempt to find common rules and standards. This is still a long way from clear, tangible use cases. Gaia-X never got out of this theoretical sinkhole. It never really got to the point where companies would say: I see value in this.
Does that mean that Gaia-X is already dead?
Pfirsching: I see a great danger, at least, that it will never get off the ground. The fact that important members are slowly withdrawing and that the funding is not flowing as originally planned is not a good sign. Confidence in the Gaia-X initiative is waning. The question is: Is this a cleansing tide that will lead to improved control and implementation? Or is it the beginning of the end?
After all, there is an overarching organization that controls the whole thing, plus the hubs and the corresponding communities. In my view, there are too many theoretical discussion groups there. What’s needed now is clear governance that ensures that there is a focus and that the many particular interests are put aside. That’s the big problem with Gaia-X: There are too many big and small players, all pursuing their own granular interests.
A few use cases have been launched and initial projects have been given budgets to demonstrate exemplary implementations in various industries, but the overall picture is still missing: What does our legally compliant cloud infrastructure actually look like?
Gaia-X in the trough of disillusionment
Large public projects in the EU and also in the German government are usually accompanied by subsidies or support funds that attract a wide variety of companies. Can we expect any real commitment at all?
Pfirsching: That’s what I mean by special interests: There are completely different players at work, from data center providers to IaaS, PaaS, and SaaS cloud providers. Everyone wants to jump on this bandwagon. And many have now reached the valley of disillusionment. If you think about it in terms of the famous Gartner hype cycle, we are now at a crossroads with Gaia-X.
Either the initiative will soon sink into insignificance or those responsible will realize: We have limited ourselves for too long to finding a consensus on a meta level instead of producing value-creating use cases or platforms that can really be used by companies. Up to now, there has been almost nothing but discussion about what such a shared ecosystem might look like.
I suspect that quite a number of members who had participated at some point because they believed in its success will drop out. You don’t need a crystal ball to predict that this exodus is now imminent. But I don’t want to call this the end of Gaia-X just yet. It could also be a cleansing effect.
But it is not exactly enjoyable for anyone to still have nothing tangible in their hands after such a long time…
Pfirsching: That’s the point: The participants in this project have still not found much that goes beyond a theoretical concept. There are a few smaller pilots, but they are very pointed and only useful for very specific use cases. If I as an enterprise were to pursue a cloud-first or even cloud-only strategy, Gaia-X is not a usable concept for me today.
Enterprises basically have no choice but to go to the hyperscalers if they are looking for a cloud-based AI solution, for example. Nothing has changed in terms of the fundamental problem: As a company, can I work with the US hyperscalers in a GDPR-compliant way or not? Or do I have a problem because of the Cloud Act, which grants all sorts of access rights to U.S. security agencies.
A lot of time has been wasted with Gaia-X. The project started in 2019, and the central idea that everyone should be allowed to play a part, including the hyperscalers themselves, was a problem from the very beginning. To date, there is nothing for enterprises to build on, such as a Platform as a Service. No one will say “Ah, Gaia-X solves my data protection problem in a very concrete way” today.
Of course, one can say that such an ecosystem, especially if it is to be open source, must first establish itself. The foundations have to be laid first. I’ll give the project credit for that, and I think it’s a really good idea. But we now need a significant acceleration in terms of infrastructure that can be used by everyone.
Cloud Act and Privacy Shield remain problematic for Europeans
EU Commission President Ursula von der Leyen and US President Joe Biden recently announced their intention to tackle the cloud security issue together. Privacy Shield and the Cloud Act should no longer affect the international data economy. Has this announcement now taken the last wind out of the sails of the Gaia-X initiative?
Pfirsching: I’m not so sure about that. There is still a great deal of skepticism about a legally secure agreement with the US. The hopes of companies, at least those I have dealt with, are not particularly high in this respect. People don’t really believe in a globally homogeneous, easy-to-manage data protection world.
I also think that Europe doesn’t want to be left behind when it comes to the big digital infrastructure issues. Being totally dependent on the big US players for cloud infrastructure is something that is not good for the European economy. This is where I continue to see an opportunity for Gaia-X. We need to offer European businesses an alternative to the hyperscalers that is at least close to par with the US competition in terms of functionality and pricing. This question is still much discussed by CIOs and CTOs.
Gaia-X actually started one level higher: They wanted a multi-tiered data infrastructure to allow customers to better distribute their data by criticality. That’s why they brought in the hyperscalers, because non-critical bulk data can also be held in their US cloud environments. What is still missing today is the control plane or platform from which companies can get started.
Pfirsching: You describe exactly the crux facing a company that wants to use Gaia-X services — even without being a member. There is not this one company or service or website where I can order. That’s why I’m talking about governance: there’s not that one institution that goes beyond the facilitating Gaia-X Association, which is more of a moderator, and provides for real usable applications.
There is a jungle of theoretical constructs that may be correct in terms of content but are not accessible to the decision-makers in the companies. The question: “How can I use Gaia-X in a meaningful way?” is not answered. That’s why I’m calling on everyone to move away from theory and meta-level discussions and create services that can be used in practice. Otherwise, Gaia-X will fail.
Who needs to take concrete action?
Pfirsching: The time has come for one of the really big European players, for example a major data center provider or a telecommunications provider such as Deutsche Telekom, Vodafone, or Orange, to be persuaded to take the conceptual lead and develop and offer an appropriately scalable solution based on Gaia-X. This is the right thing to do. Politicians also have a role to play. They must stop distributing funds in a fine-grained manner like a lawn sprinkler. It would be better to consider how a large budget pot could be created and used to build up a Gaia-X-compliant infrastructure.
So the much-cited AWS competitor after all?
Pfirsching: No, that’s not what I mean, but someone has to be found, mandated, and commissioned to put together a product from the various concepts in the Gaia-X ecosystem.
The Gaia-X makers have to decide what they want
But that would mean that the Gaia-X makers would have to be crystal clear about which direction they want to take. There is a great risk that some of the stakeholders will then jump ship because they no longer see their interests represented.
Pfirsching: That’s right, but would that be so bad? The problem at the moment is that we’re not even getting to that point! At the moment, those involved have the problem that they can’t work on anything because nothing is there yet. However, such initiatives are needed so that the feedback processes can begin and things can get moving. There is not even a channel for large or medium-sized companies to feed back their requirements or wishes.
You can become a member and then try to implement your data sovereignty requirements, but really, it’s just going to cost you effort and money at the moment. You won’t be able to extract anything of user value. It needs the market idea. Someone needs to offer something concrete that allows data sovereignty and is more than just a theoretical concept — ideally a Platform as a Service that everyone can build on.
Wouldn’t it make sense for the European authorities to act as major clients and thus create desire in the market? They could say: We will only use certain services if they are Gaia-X-compliant…
Pfirsching: I could indeed well imagine that. Such impulses are needed to create more pressure and to get these many small boats to move in one direction in a network. European authorities or the German government could play such a role, or even the German Federal Office for Information Security (BSI). It could say: Critical infrastructure must be set up to be Gaia-X-compliant in the future.
How is Gaia-X currently funded? Could better management of funds bring about faster progress?
Pfirsching: The funding is varied. For example, there have been government-funded projects in various industries that have been funded by the German Ministry of Economic Affairs. But in the end, the members carry the project and fund their own use cases. They also have their own specific interests. The European Commission also plays a role here.
Unfortunately, it is not necessarily the best idea that wins, but rather the concept that best fits into a funding scheme or framework. Demand is too strongly decoupled from the allocation of resources and budgets. That’s why I think there would need to be a rethink in the financial structures as well. Projects that have a chance of being applied as widely as possible should be publicly funded. In other words, we should move away from narrow use cases and toward broad application possibilities. The keyword already mentioned is platform as a service, which can then also be used for critical infrastructures.
Faster decisions and better governance would be necessary
From all that you say, Gaia-X obviously has an immense bureaucracy problem….
Pfirsching: Yes. We are operating in a European network here. Of course, we have Germany and France as strong players behind it, but it was a strongly federal concept with a broad diversity of opinions right from the start. Leaner decision-making mechanisms and more governance would really be advisable here.
Incidentally, I also fear that we may no longer be driving innovation fast enough in other areas because the big promise of Gaia-X is in the air and is supported by many players. The risk here is that many people are still waiting for the big bang instead of moving things forward quickly and flexibly in small, feasible steps. That’s why the cleansing tide that is now noticeably coming is just the right thing.
Translated from an article published by CIO.com’s German sister publication, Computerwoche: “Gaia-X — im Konzeptstadium stecken geblieben.”