Advancing digital sovereignty on Europe's terms

In September 2021, we unveiled “Cloud. On Europe’s Terms,” an ambitious commitment to deliver cloud services that provide the highest levels of digital sovereignty while enabling the next wave of growth and transformation for European organizations. We’ve since seen increasing demand from customers and policymakers for digital sovereignty solutions. 

Working closely with our European customers, partners, policy makers, and governments, today we’re pleased to share that we’ve delivered and are continuing to develop a broad portfolio of Sovereign Solutions that can support European customers’ current and emerging sovereignty needs as they progress their digital transformation. 

Google Cloud Sovereign Solutions come from these efforts to understand evolving sovereignty requirements. We’ve heard from numerous customers that they would prefer to work with local partners in their transformation journey, and that’s why we have established partnerships including T-Systems in Germany, S3NS in France, Minsait in Spain, and Telecom Italia in Italy. 

Sovereign Controls by T-Systems is now generally available, and Local Controls by S3NS, the Thales-Google partnership, is now available in Preview. You can expect more region and market announcements in the coming months.

Our Sovereign Solutions are designed to support data, operational and software sovereignty requirements, increasing customer control and transparency for sensitive data moving to the cloud. For example, Sovereign Solutions can help support compliance with European regulations such as GDPR and legal rulings such as Schrems II.

Google Cloud Sovereign Solutions comprise Sovereign Controls, which can help organizations more easily manage vital data sovereignty goals, as well as Supervised Cloud and Hosted Cloud options to help address operational and software sovereignty concerns.

The market is already making valuable use of our offerings: In September, employee communication platform Haiilo said it would rely on the Sovereign Cloud from T-Systems and Google in the future.

Oliver Queck, vice president at T-Systems International, said that Sovereign Solutions can help drive digital transformation. “T-Systems and Google Cloud are building and delivering sovereign cloud services for European enterprises from the public and business sectors. Our common goal: support all organizations in migrating their workloads to the cloud - through more innovation, flexibility, performance, and data security.”

Let’s look at each of the product offerings: 

Sovereign Controls for Google Cloud

Today, customers can meet many data sovereignty requirements using Google Cloud controls, delivered directly by Google Cloud through Assured Workloads for EU or through our local partners. These Sovereign Controls can help organizations:

• Create and maintain workloads with data residency controls in Europe for core customer content at rest, with processes that help limit personnel access to core customer content to EU persons located in the EU;
• Maintain comprehensive visibility and control over administrative access to the data and workloads;
• Encrypt data with keys that they (or someone appointed by them) control and manage outside of Google’s infrastructure through our Cloud External Key Manager.

At Google Cloud we firmly believe that the control of encryption keys is the strongest and most effective technical measure against extraterritorial requests for data that can be offered to cloud customers today. To achieve sufficient control, keys must be kept outside of the cloud provider infrastructure and coupled to a strong key access justification mechanism. 

Queck added that Sovereign Controls can help balance data management and control requirements with the drive to innovate. “With Sovereign Controls by T-Systems, we have developed a cloud solution that allows you to securely host your sensitive data and implement supplementary data protection measures that can help meet the requirements of European data protection authorities without losing on scalability or elasticity. In other words, you retain full control over your data, software, and operations, and still benefit from all the advantages of the Google Cloud - especially the innovation power,” he said.

Sovereign Controls for Google Workspace

Customers’ sovereignty requirements also extend to the digital tools they use to collaborate and communicate. We recently announced Sovereign Controls for Google Workspace, which will provide digital sovereignty capabilities for organizations to control, limit, and monitor transfers of data to and from the EU starting at the end of 2022, with additional capabilities delivered throughout 2023. This commitment builds on existing Client-side encryption, Data regions, and Access Controls capabilities in Workspace.

Our forthcoming Supervised Cloud offerings will be managed and operated by partners to support data sovereignty and operational sovereignty needs for specialized and highly sensitive data. We are in the process of designing and building these offerings, aligned with local regulations in France, as well as strong customer needs in Germany, with our respective partners S3NS and T-Systems. 

Cyprien Falque, managing director of S3NS, a Thales and Google Cloud partnership, spoke about plans for their forthcoming solution and ways for customers to begin their journey to the cloud now: 

“S3NS’ mission is to help public and private organizations in France benefit from the power of Google Cloud while protecting their sensitive data in compliance with the criteria of the French ‘Trusted Cloud’. Our Local Controls offering is a first step and a first milestone this year, before a future solution in compliance with the French ‘Trusted Cloud’ criteria, which we are working on in parallel. Our objective is to be among the first to make such an offering available for certification based on hyperscale cloud technology,” Falque said.

Finally, there are some customers and workloads that have a strict need to support disconnected operations. To help meet these software sovereignty requirements, we will offer Hosted Cloud services, which are part of Google Cloud’s Distributed Cloud offerings. Google Distributed Cloud Hosted does not require connectivity to Google Cloud at any time to manage infrastructure, services, APIs, or tooling.

LuxConnect is a Luxembourg-based IT provider whose mission is to strengthen the country's IT infrastructure and to increase international Internet connectivity in order to drive progress and innovation. LuxConnect CEO Paul Konsbruck said that he is looking forward to the availability of Sovereign Cloud solutions that can complement existing IT services, including Hosted Cloud.

“Digital sovereignty is becoming more and more important to us and to our customers across Europe as we work to support their digital transformation initiatives. The ability to keep data within strict boundaries and maintain local operations further enable efforts in Luxembourg to serve for example as “data embassies” - protecting vital data and services that are essential to the smooth running of a country on their behalf, thereby reducing the potential impact of cyberattacks,” he said. “We are closely following the efforts of Google Cloud to develop and offer Hosted Cloud solutions that can complement our data center, connectivity, and HPC offerings.”

It’s also clear from our discussions with Cloud customers and partners that the ability to meet sovereignty requirements must include support for the applications they use to power their businesses and drive innovation. To this end, today we are thrilled to announce that more than 20 Independent Software Vendors (ISVs) from Europe and around the world have joined the new Google Cloud Ready - Sovereign Solutions program with the intent of bringing their products to Google Cloud Sovereign Solution environments. These partners include Aiven, Broadcom (Symantec), Cloud Software Group (Citrix), Climate Engine, Commvault, Confluent, Datadog, DataIKU, Dell Technologies, Elastic, Fortinet, Gitlab, Iron Mountain, LumApps, MongoDB, NetApp, OpenText, Palo Alto Networks, Pega Systems, Siemens, SUSE, Thales, Thought Machine, Veeam, and VMware. 

We’ll continue to listen to our customers and key stakeholders across Europe who are setting policy and helping shape requirements for customer control of data. Our goal is to make Google Cloud the best possible place for sustainable, digital transformation for European organizations on their terms — but also for others around the world, and there is much more to come.