The EU’s data protection watchdog, the EDPS, has ordered the Commission to bring its Microsoft use into compliance. This implies exploring less intrusive alternatives than Microsoft, but little has been done in this regard.
The case offers a stark example of the chasm between Europe’s desire for autonomy in highly sensitive areas such as IT, and the on-the-ground reality of its dependence on American tech.
There are no known credible offerings from European providers, reads an internal Commission document seen by Euractiv.
In another recent report by the Directorate-General for Digital Services (DG DIGIT), also seen by Euractiv, concerns about
excessive power in the hands of a few non-European companies, risks associated with a single supplier (price hikes, migration difficulties), and the potential loss of in-house competencieswere mentioned – concerns the Commission has not yet publicly acknowledged.The report also gives a very positive description of member state initiatives to develop open and sovereign alternatives to Microsoft, yet concludes only that DG DIGIT will
Jacob Wulff Woldplanto evaluate them internally as apossible complementforsmall scaleinitiatives withvery restricted scope.
In terms of digital sovereignty, I think this is a far more pressing issue than, say, the amount of VC funding for EU startups or whether these companies end up listing on a European stock market. It should have become a priority a decade ago when the Obama administration was caught spying on Angela Merkel’s conversations. And it is undoubtedly imperative now, with geopolitical pressure on European states mounting from all sides.
On top of national security concerns (odd to refer to these as ‘national’, since the EU is a supranational structure, but I don’t see another term that fits), improved cybersecurity is another argument in favor of seeking Microsoft alternatives, as the company had various security incidents lately. And that’s even before considering questionable initiatives like Recall, which would constantly capture the screen and use it to train AI…
Switching your email infrastructure and cloud services is a monumental task though. You need to allocate funds for the new solutions, thoroughly assess them, train people, possibly migrate historical data, all of which takes time and diverts resources away from other priorities. As public servants, the Commission should ideally uphold high standards of transparency and accountability in their communications – you don’t want officials deciding crucial policy over encrypted apps or auto-deleting messages.
The larger the organization, the greater the inner resistance to change from people accustomed to existing services and reluctant to learn new software; this gets further amplified by internal politics, fights for influence and control between departments, and by outside influences in the form of lobbyists.
Then there’s the distinct lack of proper alternatives to Microsoft 365. The only integrated suite that (barely) comes close would be Google’s Workspace suite, but replacing one US provider with another would not address the original conundrum. Some might jump at the opportunity to again bash the EU for failing to foster local innovation in tech, but I think this simply reveals the extent of American Big Tech’s monopolistic control over markets and their near hegemony worldwide. Even China, a proponent of sovereignty (or authoritarian control if you prefer) is still mostly relying on Microsoft Windows…
One possible solution would be a wider adoption of opensource, where it’s easier to validate what applications do in the background and tailor them to specific needs. But this comes with its own set of pitfalls, the lack of consistent and reliable support possibly being the most pressing. To use opensource effectively at the scale of the EU Commission would probably require a department dedicated to its customization, maintenance and cybersecurity; a large investment for sure, but one that could in time be extended to national administrations or other states looking for similar solutions.
Post a Comment