The Alcimed team explores the challenges of digital sovereignty for multiple major actors in France and Europe with a view to helping them better understand the digital ecosystem in order to promote a transition towards more sovereign solutions.
They trust us
The challenges related to digital sovereignty
Today, the field of information and communication technologies is governed by the American giants: GAMAMs (Google, Apple, Meta, Amazon, Microsoft, etc.). These organisms have established a virtual monopoly of the global digital space. This monopoly, both technical and economic, sometimes threatens the integrity of our most sensitive data. In addition, events (Snowden affair in 2013 – Promulgation of the Cloud Act in 2018) that made it possible to turn these threats into reality have pushed European players to build a strategy in order to remove themselves from the hegemony of the GAMAMs and, in doing so, to regain digital sovereignty.
Achieving this digital sovereignty is a national and European strategic objective in order to be able to better master digital technologies and ensure data integrity, on the internet and in cyberspace first and foremost. Many challenges remain for European industrial companies and institutional players seeking to regain their digital sovereignty:
The need to migrate to the cloud is being felt. Working in the cloud makes it possible to increase the productivity of companies by making them more agile in the way they work, and by allowing them to use application services such as AI or big data. Many players are therefore becoming dependent on these solutions to remain competitive. However, when it comes to critical infrastructures such as an airport or a hospital, sensitive digital data cannot be handled on any cloud platform.
Let’s take the example of the two American laws, the Patriot Act and the Cloud Act. These two laws allow the American government to request access to digital data for legal purposes, as long as it is operated by an American service provider, regardless of its location. And, to date, U.S. companies share nearly 70% of the global market for cloud solutions. At the same time, the services offered by the current French and European clouds are far from reaching the level of those offered by the Americans. It is therefore essential to develop compatible, high-performance solutions with the required level of security for this sensitive data in each territory.
At the French level, many initiatives towards digital sovereignty are carried out by the National Agency for the Security of Information Systems (ANSSI). For example, in 2016, ANSSI launched the “SecNumCloud” or “Trusted cloud” certification to qualify cloud offers on digital sovereignty and security aspects. Several cloud offer providers such as OVH, OoDrive, and 3DSOutScale have already obtained this label certifying their compliance.
What possibilities exist today to work on the cloud while keeping control of your digital data? What market is there for SecNumCloud platforms? What is the state of the art of these platforms?
Despite a real desire to create more sovereign digital offers, the level of services and the resources offered by French and European solutions are often barriers to data migration for many companies. Indeed, American suppliers are clearly ahead, and often offer better scalability, availability, and performance. However, digital sovereignty also rests on the person who operates and secures his data.
If we look at the case of France, associations between American suppliers and French players have recently emerged (Google & Thales or Microsoft & Orange). Their offers, aiming to obtain the “trusted cloud” label, could represent a fair balance between digital sovereignty and performance. The American partner would then provide its high-level service solution, that would be entirely operated and secured by the French player, and the data would be located in France. It should be noted that these offers would be built on an American infrastructure, which raises doubts as to whether they would obtain the SecNumCloud label.
At the European level, the GAIA-X project, which aims to build a cloud computing infrastructure operated and secured by European players, will launch its first data spaces in 2022. Unfortunately, GAIA-X is now sponsored by Huawei and Alibaba (Chinese players), as well as by Microsoft and AWS (American players), so some French players, such as the cloud host Scaleway, are dropping out of the project.
What is the concrete impact of using a European versus American cloud solution? What are the trade-offs to be made between digital sovereignty and performance? What future solutions should be considered to meet all needs?
Digital sovereignty is not just limited to cloud aspects, as there is also a desire for sovereignty in the production of chips and around geolocation and access to information, for example. Europe is moving in this direction: the first wish is supported in Europe by the Chips Act initiative, a 43-billion-euro plan aimed at doubling Europe’s market share (10% today) in semiconductors. The second is the Galileo project to create a fully European satellite positioning system.
Nevertheless, it should be noted that the Chips Act did attract a major investor, in this case the American company Intel, which announced an investment plan of 33 billion euros to manufacture semiconductors in Europe.
On what aspects of my operation as a company am I dependent on another country? How can we free ourselves from these dependencies?
How we support you in your projects related to digital sovereignty
Alcimed has been supporting its clients for over 25 years with their innovation and new business development projects, among which digital sovereignty is a key issue. We support many industrial and institutional players, who work on different aspects of data management and French and European digital sovereignty (e.g. Thales, MBDA, CNES, etc.).
The diversity of our clients, the geographic fields we explore and the types of projects we develop give us a global and in-depth understanding of the issues related to digital sovereignty.
Our projects cover areas as diverse as digital transition, new technologies, new business models related to the digital world, the assessment of market opportunities, the launch of innovations, partner identification, as well as regulatory developments.
Examples of recent projects carried out for our clients in digital sovereignty
Identification of priority use cases of critical data for a certified French cloud
We supported an industrial actor in its desire to offer the French Defense Ministry a certified, sovereign private cloud allowing them to work in a cloud-type work environment, but with sensitive data, known as restricted distribution (RD). Our client wanted to identify the priority use cases for this platform and associated services.
After a quick bibliographical analysis and an analysis of the competitive environment of the company, the heart of our intervention consisted of an exchange with players from the Defense universe (large groups, institutions, start-ups, etc.), in order to identify the priority interest applications for this platform.
We were thus able to highlight a particular interest in services enabling collaborative work in the defense sector, but also to propose promising initial avenues outside of defense (OVI: Operators of Vital Importance or ESO: Essential Services Operator), a real uncharted territory for our client, which we continue to explore with him!
Development of a new cybersecurity platform for Defense and Information Systems Security
Alcimed supported a leading security & digital industrial player through a coaching and consulting process for a product line to develop a cybersecurity offer in the form of a digital platform. It enables both the detection and the identification of cyber-attacks aimed at all types of players (industrial, public, governments, etc.) to achieve both security and digital sovereignty, while ensuring controlled risk management and optimal cyber resilience.
To do this, our team carried out an analysis of the needs and expectations of the various players in the ecosystem (manufacturers, ministerial institutions, start-ups, states and governments, etc.) for this platform, as well as an analysis of the competition and a study of the cybersecurity market. Our investigation made it possible to define relevant usage cases for such a platform, to redefine the value proposition of the offer, and to identify the key success factors and potential barriers for its further development.
The result for our client: the validation of the relevance of its platform with regard to the needs of the market and the client ecosystem, the definition of the most relevant value proposition and business model, and recommendations on its future positioning.
You have a project?
To go further
Aeronautics - Space - Defence
Cloud Computing: Challenges and Opportunities for the Defence Industry
The challenge of digital transformation The rise of digital technologies has pushed Defense players to initiate a profound digital transformation in order to guarantee the success of armies, the ...
Green cloud computing: a sustainable solution for reducing the environmental impact of data storage?
Data: an activity with a high environmental impact Today, digital technology represents between 2-4% of worldwide greenhouse gas emissions. An underestimated environmental footprint Today, many ...
Cold data storage: an ecological solution for reducing the environmental impact of data
As data volumes increase, data storage requires more and more energy. Some techniques can help limit its ecological footprint. Here's one: cold data storage.
Founded in 1993, Alcimed is an innovation and new business consulting firm, specializing in innovation driven sectors: life sciences (healthcare, biotech, agrifood), energy, environment, mobility, chemicals, materials, cosmetics, aeronautics, space and defence.
Our purpose? Helping both private and public decision-makers explore and develop their uncharted territories: new technologies, new offers, new geographies, possible futures, and new ways to innovate.
Located across eight offices around the world (France, Europe, Singapore and the United States), our team is made up of 220 highly-qualified, multicultural and passionate explorers, with a blended science/technology and business culture.
Our dream? To build a team of 1,000 explorers, to design tomorrow’s world hand in hand with our clients.
Digital sovereignty is the capacity of a country or an organization to control and protect its own digital data, technologies and infrastructures. This can include, for example, the autonomous management of digital resources, the protection of online privacy, and the reduction of dependency on foreign players.
Several regulatory measures have already been implemented by Europe:
- The General Data Protection Regulation (GDPR) in particular is a vector of digital sovereignty. Entered into force in 2018, the idea behind this regulation is to grant users control over their digital data in the face of the American giants. Regarding American cloud solutions, these major companies seem to have complied with the GDPR. This is not always the case for major social networks (Facebook and Google were fined €60 and €150 million respectively in early 2022 for not providing an easy way to disable cookies).
- The Digital Market Act (DMA) presented in 2020 will make it possible to overcome the problems of the GAMAM monopoly over digital matters by offering more control, protection and freedom to end users. Indeed, the DMA offers governments the possibility of sanctioning companies delivering a platform service in the event of an abusive situation.
- Finally, following the DMA, the Digital Services Act (DSA) was also announced, aiming at regulating and moderating the content published on the platforms of the American giants.