Having worked for the French state and wrestled a few times with its IT services, I can tell you that the reason for choosing Microsoft isn't cost, or "efficiency".
It's that they only know Microsoft, they don't want to learn something else, and if there's a problem, it's Microsoft's fault, no theirs, so they don't have to deal with their own incompetence.
If you want an anecdote, we were working with SAS, a statistical software which required costly licences (more than a million € for a few dozens of workers). I suggested to switch to R or Python to the top director, who agreed.
First meeting with the service in charge, the chief opens with "ok, we are asked to change, but the goal here is to show that we tried, and found that it's not possible."
I resigned a few months after, as everything was in the same vein.
Sounds like Germany, and it's not just public services.
I used to work part-time in 1st level IT support in a local hospital when I was younger.
The main "theme" of my superior's work subjects there (2009-2016) was the migration from XP to 7. You heard that right.
And apart from the usual Office- and AD-Lock-In, the most problematic workstations of course were always ones with very specialized software. Virtualization and terminal services were in use, but the whole selling point of Windows was mostly put ad absurdum already, because they needed Windows licenses for dedicated machines running e.g. specialized MRT software, but those weren't even part of the main network anyway. They needed arcane syncing procedures anyway and Windows provided no value whatsoever on these devices. Same for the patient monitoring systems on ICU beds. These were using some "embedded" Windows and were rarely working in a stable way at all, nor way they connected to the networks running AD or the CIS (edit: seems it's called HIS in English)
CAD and stuff in the office divisions was similar, but with less integration needs (apart from network printing)
What I'm trying to say is: like in many offices, any slight change made users hostile, updates cost obscene amounts of work and money, and Windows didn't provide much more value compared to SAMBA. That is dated experience, I know.
But MS has not shown to be a trustworthy company in any of my work experience so far.
It was impossible to create working solutions without MS, yes, but the reasons for that never seemed to be grounded in actual value provided by an MS-centric software and networking structure.
It was just the one available commercial solution with enough adoption, and MS has been milking their target markets with these strategies for a very long time.
Making themselves "indispensable", even in machines where their software was used to run a terminal server, basically.
Hell, in my town, 3 years ago, they started to replace subway train LED signals with crappy Windows-CE-based software.
The effects are still noticeable... the whole infrastructure is still 80% worse compared to 10 years ago.
You recognize the useless Windows licenses by the occasional Desktop (seriously, google "cologne KVB windows trashcan"....), 90deg-tilted display, and of course 20% of the signage is out of operation on average now.
>What I'm trying to say is: like in many offices, any slight change made users hostile,
I remember doing a Windows 7 deployment for a customer, and one of their staff had 3 A4 binders. Probably 1000 pages, of typed notes about how Windows XP works.
The second she sat down at her new Windows 7 machine it was like she had lost her memory. She was instantly aggravated and couldnt find the start menu. Dropped her windows xp binders in the bin and told me to effectively "get lost" so she can relearn it from scratch.
I was thrown. Like its basically the same system with some UI tweaks but she was acting like I had pushed her onto debian or something.
I’ve had a few family relations approach technology this way. I think it’s like they are missing a “theory of mind” for how software works. We have developed this intuition by either using or creating software for a long time.
Like often people are scared to click random buttons or explore menus. We have used software for a long time, so we know that any destructive act would be proceeded by an “are you sure?” dialog box.
I think I would be in their shoes if I ever tried to change the oil on my car. I may be able to follow a procedure. But I would not deviate from it. It would not try to pop the covers off unrelated parts to peek into the alternator, for fear of electric shock.
Anyways, my rambling point is ideally we people would make themselves more familiar with how to understand the technology they work with everyday. But we should have empathy for people who have not contorted their minds to understand the peculiar behavior of software.
Because when they break things they lose hours of work they cannot afford to lose. My parents had a small business and if my mom mis-clicked somewhere and deleted some important thing, she would enter a panicked rage as she'd lose half the day with some remote tech support.
She would never touch a computer after work, because it just stressed her, she found them absolutely unbearable, also because the tech support was unbearably obnoxious.
> she was acting like I had pushed her onto debian or something.
I've actually upgraded elderly people's computers from various Windows versions to various Ubuntu versions. I always tell them it's the newest Windows version, and very rarely have seen any problems. No joke, one of the biggest issues I saw was finding a solitaire program similar enough to the windows solitaire program.
That is seriously how some people navigate through life, not just computers.
Like if they want to go to a certain office in a building: My "instructions" would be to go to department foo, room A5.303 (made up number). Their instructions are something like "in that red brick building, take the elevator to 5th floor, turn left and then again left into the hallway, second door on the right side".
If they navigate UI the same way, then of course every element that is moved slightly to a new place or grouped differently will cause their mental model of how things work to collapse.
Your equivalence seems widely inaccurate to me. I too sometimes have a mental model which is "red building, third floor, left then left" because that’s spatial memory. A random room number tells you absolutely nothing about where you actually have to go. I can (and sometimes do) remember one and will use one if it’s all I have but that’s just random information totally different from actual direction.
I think your comment actually hits the heart of the issue. Most software developers I have met have this kind of disdain for their users familiarity and ability and act like they are above that. Most confuse their own learned familiarity when they were young and could tinker with some kind of superior ability. Well, just go read any post here about systemd, the syntax of Ocaml, or the new ux of any popular framework and you will see that we are all the same.
Accepting change takes time, especially if people had no desire for the change. Most people don’t care about their computers. They are for them a necessary impediment in the way of doing what they want to do. That’s why they dislike change: it looks like work for no upside. A major part of change management is explaining to people where the upsides are for them, helping them operating in the new environment and giving them time to process.
> Most software developers I have met have this kind of disdain for their users familiarity and ability and act like they are above that.
This is absolutely true.
For what it's worth, "so-and-so department, room 123" is only a helpful mental model for navigation if you have additional knowledge not present in that description: that the department is probably contained entirely in one specific building, where that building is, that the rooms are likely numbered sequentially following a pattern that also indicates the floor they're in, etc. By itself this is an address whereas "red building, third floor, left then left" is a turn-by-turn route.
In terms of UIs, the latter is more like "left-hand side of the menu bar, 'Edit' menu I think, half-way down the screen, something like 'Modify' or 'Change' or 'Transform' or something, then third item in the list, something like 'Skew' or 'Bend' or something" compared to the first just being "Transform -> Skew". The former is fuzzier and the exact labels don't really matter because you'll know them when you see them. The latter is extremely precise but tells you nothing about how to actually find what you're looking for (is it in the 'Edit' menu? is it in a right-click context menu? etc). It's only really useful by itself if you have a command palette.
>That is seriously how some people navigate through life, not just computers.
This "treat everything like a ludicrously complex black box that almost nobody can understand" for any given subject are the lowest common denominator that laws get written to.
I’ve come to find that change is not always good, and resistance to change can be good for those that resist.
For example, our German team knew the software that headquarters was going to deploy to them was broken, so they secretly continued to use their old existing process. When the new software was deployed “successfully”, the same software was then deployed in the U.S. and broke horribly. The Germans were told that their responsibility was their region (only), so they literally took care of themselves and refused to be forced to be the guinea pigs.
In addition, I’ve come to learn not to immediately upgrade my OS at work, if I can help it. Typically, being an early adopter means you can get some nasty bugs that sometimes can take days to figure out. No thanks.
I also had an encounter with government software...
I think the long-lasting solution will be to move to a web-based application system, instead of depending on Desktop applications made for Windows or Linux. Using a web app system, the government only has to concern itself with proper development and maintenance of servers and web apps, and the public workers can use any operating system with a web browser.
isn't TFA about how the problem is cloud-infrastructure? web-app will only make that worse unless you're thinking something like adobe air.
Also, as others already noted, somehow the web is uniquely terrible at maintaining compatibility across not only different platforms but different versions of the same platform and even different versions of the same browser, despite being built largely on top of high-level languages that all claim to enable effortless portability.
I agree with this. When it comes to domain-specific b2b software, pretty much everything that doesn't require native resources or performance inaccessible from the web platform should provide a web-based frontend (even if just as a minimum).
And that would be better why exactly? Bloated browsers trying to phone home, even if only to search for updates, or denying access because of overblocking DNS, false software security signatures, whatever? Ja. Klasse! I fucking know about Electron & Tauri. And V8, Node, Bun, TS. Hmmm so geil. Da steht mir der Schwanz steil. Oder auch einfach nur die Haare zu Berge.
Switching from a working, integrated solution (SAS) to a untested collection of random scripts (R or Python??) is a horrendous idea, and I would be willing to bet that the people in charge of implementing this brilliant move saved the French state quite a bit of money by blocking it.
If they had started with the R or with Python, that would have likely been a better solution - but that doesn't mean that switching, especially just because some new employee convinced the director they'd save money with a half-baked idea, is not.
I work for a company whose entire business is basically replacing various dedicated internal tooling scripts with an integrated, extremely costly solution, and we mostly sell to other businesses. Most people who buy this are extremely happy to get rid of their kludge of scripts, and we very rarely feel pressure from such alternatives (our other B2B, also extremely expensive, competitors, are the main thing we get compared with).
Specialized software often works much better, and makes a lot of sense past some scale, than in-house solutions. Especially if there are no big geopolitical risks - which there aren't with SAS for the French government.
- The division doing the change wasn't doing anything critical, mostly yearly statistical analysis reports, and cost estimates for new laws. The move could have been done over a year or two. Most public workers aren't overwhelmed with work, to put it mildly.
- SAS language is horrendous, the IDE is stuck in the 2000´s, and everyone was doing SQL queries inside it as a result. SAS is obsolete compared to what R or Python can do. Career-wise, it's a dead end for workers who use it.
- The French state is heavily indebted, so any cost-saving measure is welcome to reduce the burden on the taxpayer.
But everyone experienced in such a "migration" would challenge your flawed impression that there would be cost saving. SAS is in fact used in many serious companies (I know it's used at the fraud department of Bouygues Telecom, for instance) so you're not gonna dead-end yourself all that much, you can do the python+r stuff on your own probably, as long as the reports are there, and call them from SAS if you cannot stand it.
Meanwhile, nothing has to move, nothing has to change, and your non-critical division will continue to cost exactly as budgeted instead of going through unknown waters just because maybe switching to something new might be ... cheap eventually ?
Plus this has nothing to do with Microsoft really, as most cost is in Windows and its integration. It's hard to replace the global policies of Windows by an alternative.
What are the costs of using python/R? I'm not talking about the full french gov, but a single division (around 25 workers), for which the procurement is done.
This is in reality a clear cost-saving measure, as you may have to pay one time for training, which is however done by another division of the French State (the statistical body, INSEE), and those career workers don't get bonuses or are paid overtime anyway.
Afaik other "big corps" are moving away from SAS as graduate only know Python/R nowadays, which are better and more flexible tools.
Improving tooling and reducing costs are just a thing for private companies. Yeah, the horse carriage drivers weren't happy when the gasoline engine appeared. Imagine the switching costs! There are still horse carriages around! Horses are reliable! You can drive a car on your own!
IDK man, getting some department out from under the thumb of the big org's IT is pretty much SOP when BigCo has a "oh crap we gotta compete in this niche, spin up an internal startup" moment.
Yeah, the plan is insane if you're talking about the entire french government.
> Especially if there are no big geopolitical risks - which there aren't with SAS for the French government.
Are you serious? Especially when officials working for well-respected international organizations are being sanctioned for their work out of political reasons? This entire article wouldn't exist if there were no geopolitical risk.
From the article:
> “Carniaux … was asked by the [French Senate] commission to guarantee that French citizens’ data hosted by Microsoft would never be transmitted to foreign authorities without the agreement of the French authorities. He replied: ‘No, I can’t guarantee that,'” the report stated.
If this isn't geopolitical risk, I don't know what is.
It's clear that your stated job constantly exposed you to all the talking points of mega cloud platforms. But there are negative consequences too, and they're very real.
Oops, I've made a huge mistake here, apologies. I confused SAS for SAP, the German business stats company. My post was entirely from this wrong perspective, that it would be replacing EU business software with open source software.
In light of the new understanding, I fully agree with you that it was extremely shortsighted and sad to have tech leadership oppose a project which directly gives a US company access to such sensitive data with open source alternatives.
The French state is one thing, the Polytéchnique is another. My impression is the old-school network administrators at French universities are fiercely protective of their de facto right to make technical decisions regarding equipment and software. So this part surprises me.
Even when I see "so and so place is switching to X" I always think "uh, do your current Microsoft people ... know how to do that?"
I'm all for training and making the switch, but you gotta get your teams motivated / what they need to do the job. If not IT can resist like few other orgs.
Everything else aside moving to R and Python to escape the USA hegemony means you are still dependend on Python Software Foundation and R Fundation. First is American. Second is based in Vienna, Austria yet still has big American presence among its members. So you end up still dependending on USA. Same with most free and open source. Even if its authors may appear to be European, they may turn out to be Americans (Linus Torvalds) or work for US company anyway (Guido van Rossum)
Depends on what you're doing, to be fair. R would probably be a better choice as it's more likely to have all the statistical stuff in SAS. Python might make sense if you want to integrate it into web/other systems.
It's definitely not an easy lift and shift though, as the OP made it out to be. Particularly when you're integrating with other departments it's vital to have perfect compatibility as otherwise you'll break the other departments workflow.
> Having worked for the French state and wrestled a few times with its IT services, I can tell you that the reason for choosing Microsoft isn't cost, or "efficiency
While this is generally not wrong, the French state still uses and creates open source software extensively. Gendermerie Nationale have their own Linux distribution ; Ministry of Foreign Affairs runs Debian for diplomatic personnel. Multiple pieces of public software was developed out in the open (including the government SSO and the COVID tracking app).
So while there is definitely bad, it has been getting progressively better over the past ~10 years.
This addiction to Microsoft is everywhere and it's terrible for everyone involved. So many small orgs and NGOs paying through the nose for what can be done for free with Google Docs & Sheets.
Using proprietary software that is given away for free is even worse than paying for proprietary software - at least you have a contract in the latter case.
Governments should pay software engineers and system administrators (or infrastructure engineers if you like) to build and run their systems, ideally open sourcing whatever makes sense
Yeah, but Google Docs and Sheets are really worse than Word/Excel for many uses/users. I’d be pretty peeved if my employer decided to save figurative pennies by making me use Google Docs/Sheets.
And Google Docs/Sheets isn’t really free once you need business functionality. Depends what exactly what your feature requirements are, but Google Workspace pricing has about the same range as Office 365 Enterprise. ($10-$50/user/month)
Sounds like they were honest about lying, less confusion than lying about lying and helps prevent the unwanted outcome of accidentally succeeding. Not succeeding helps with job security, the problem justifying your job will continue to exist. Since such skills are in demand at all levels of bureaucracy successfully failing to deliver at a lower level will open up opportunities to fail at a higher level.
Honestly, when management comes up with some silly idea like replacing a perfectly working piece of software that's core to your business with a completely different alternative that is not giving you anything but being slightly cheaper, caring about your job involves stopping this silly change from happening.
Caring about your job involves being informed enough to not open your organization up to abuse from the likes of Oracle and Microsoft. That would save your customers, or fellow citizens if you work for government.
While I still stand by my sentiment to a small extent (it's often people who do care that actually oppose management initiatives, and proprietary business software can be superior to OSS alternatives, in certain areas), I was working under the mistaken impression that this was about replacing SAP, a German business solution, not SAS, the American company.
I should say that I think the real solution here would be to create an EU wide business software public company (or even EU agency), which would build and maintain business software products for EU governments, preferably open source. There is so much commonality in these areas that it's absurd to not build a common core, and later provide consultancy and support services to member states for deep customization, from experts who understand this common core. This is basically the IBM, Oracle, SAS, SAP, or even Microsoft B2B business model, so not some pie-in-the-sky idea.
I do believe that having some unified organization that can provide support and expertise on how others have solved similar problems would be much better than having every municipality and institute in the EU develop its own bespoke OSS-based solution, or, worse, buy from a private company that can just extract a profit from the massive cost savings of deploying substantially similar solutions for hundreds of customers, instead of passing on the cost savings.
ok so "funny" but historically, it has been worse. Like the legend of a warrior King in a region towards modern Hungary.. the school teachers would be ordered to stop work when the King and his military advisors rode on the main road for inspection. All the teachers were required to stop and clean the litter by the road as the King passed by. Perhaps the implication is -- if you do not have my military protection, then your school would be burned by invaders? actually not wrong in some places, but can you blame that scene on "capitalism" ? Want to guess the expenses of the armor and servants for the King and their party? probably more coins than were spent on teachers, who were paid in farm produce and exchange services?
Time[1] and time[2] again, the CJEU has ruled that the US stance of noncitizens having no standing on privacy issues is incompatible with EU law. Time[3] and time[4] again, the European Commission has negotiated a functionally identical agreement codified in executive orders and declared it “adequate” until the court could decide otherwise. Not even the Congress explicitly giving[5] the US government powers to compel (among others) EU subsidiaries of US multinationals, regardless of what EU law says, has changed the equation. Now there’s been a presidential election in the US that many in the EU are unhappy about. *Shocked Pikachu*
> [French MP Philippe] Latombe criticised the US-EU Data Privacy Framework (DPF) deal, saying it no longer served EU interests due to the US president’s “impulsive” nature.
Am I wrong to say that there’s something profoundly rotten in that statement with regards to the rule of law?
All you need to know is that the EU Commission sues their own data protection commissioner because he ruled that the usage of MS365 in the Commission is illegal. So the EU Commission happily works together with Microsoft: https://www.heise.de/en/news/Microsoft-365-EU-Commission-tak...
>saying it no longer served EU interests due to the US president’s “impulsive” nature.
I'd say that if whether or not an agreement serves the EU's interests entirely depends on who the US president is, then it's not an agreement that serves the EU's interests.
International law is not really a thing so ultimately this kind of debate between nations/supernational bodies where their positions are irreconcilable comes down to raw power.
Does either the US or the EU have any cards to play that will force the other to back down, or not?
> Am I wrong to say that there’s something profoundly rotten in that statement with regards to the rule of law?
Why do you think that? The agreement was negotiated under certain conditions, it’s not really surprising that a change in circumstances would make it unfit for purpose.
I worked at a tax office a long time ago which used Windows and Java, and it was a horrendous system and experience. We kept losing time every single day due to some issue elsewhere, so we always had to notify IT, which in turn would notify whoever is responsible for these servers in the capital city. They "fixed" it, except the cycle continued. I bet they are still having issues.
> Am I wrong to say that there’s something profoundly rotten in that statement with regards to the rule of law?
No. The laws are applied as long as they serve the rulling elite. See GDPR for examples. Or the copyright law for examples at the other end of the pond.
I don't see enough talk about reducing the amount of data collected in the first place. Even if it's kept within one jurisdiction, it can still be the target of a breach by a local criminal, a foreign spy, or a new government agency... Cameras on every street, cellular antenas on every car, biometrics for everything... It may vary from country to country, but an expansion on citizen data collection (in one area or another) seems commonplace across most governments, and usually with zero opposition in "the real world". And unlike products or platforms that you can chose to not use, there's hardly any escape from those.
> I don't see enough talk about reducing the amount of data collected in the first place.
It's because the power's that be want all the data and none of the liability. The easiest way to comply with any privacy regulation is to not collect, store, or process any personal data. Just don't store or process data about humans and 99% of the problems go away.
But data is the new oil. And sometimes when you store or process oil there are leaks that spill everywhere, contaminate things, and even sometimes kill people. That's never stopped us from collecting, storing, or processing oil.
Mr. Dany Wattebled , rapporteur . - Mr. Carniaux, as Director of Public and Legal Affairs, you represent Microsoft France before public decision-makers. Can you guarantee before our committee, under oath, that the data of French citizens entrusted to Microsoft via UGAP will never be transmitted, following an injunction from the American government, without the explicit agreement of the French authorities?
Mr. Anton Carniaux . - No, I cannot guarantee that, but, again, it has never happened before.
M. Dany Wattebled, rapporteur. - Monsieur Carniaux, en tant que directeur des affaires publiques et juridiques, vous représentez Microsoft France auprès des décideurs publics. Pouvez-vous garantir devant notre commission, sous serment, que les données des citoyens français confiées à Microsoft via l'Ugap ne seront jamais transmises, à la suite d'une injonction du gouvernement américain, sans l'accord explicite des autorités françaises ?
M. Anton Carniaux. - Non, je ne peux pas le garantir, mais, encore une fois, cela ne s'est encore jamais produit.
> Mr. Anton Carniaux . - No, I cannot guarantee that
He's smart, he doesn't want to go to jail. But all the governments and current and/or past administrations are guilty of pretended to be retarded since we all knew for the past 30 years that Microsoft was not to be trusted.
The EU majorly screwed up by not focusing on a homegrown software ecosystem. The Chinese, due to either luck or competence or both, have a parallel big tech ecosystem compared to America and that is a huge advantage.
Most shamefully for the EU, even Russia, a much, much smaller and poorer country, has a full set of replacements for the US tech hegemony, at least on the software side.
However, we are all complicit in this state of affairs, with pushing dreams of a broderless internet. If the EU had tried to limit Facebook or Google access to the EU markets, or just favored some inferior EU alternatives, people on this very forum would have been up in arms about government overreach, balkanization of the Internet, and Brussels bureaucrats trying to stay relevant.
> even Russia, a much, much smaller and poorer country, has a full set of replacements for the US tech hegemony, at least on the software side
Not really. Meta and Alphabet products like FB, IG, and YouTube remain heavily used in Russia, even in spite of domestic alternatives like VK or Yandex.
That said, pre-2022, Russia definitely had a strong VC and entrepreneurship scene compared to the the rest of Europe. NGINX, Yandex, VK, and Kasperskey were all able to be formed in Russia in the 2000s due to a much less risk averse capital market. Same with Ukraine (eg. Grammarly, Ring) and Belarus (eg. Wargaming)
Aside from Romania and Czechia, I don't see a similar ecosystem anywhere in Europe (even Poland and Ireland's tech industry are largely dominated by FDI from large American players like Google and Bulgaria's from contractor and freelancer shenanigans).
Ofc, unlike France and Germany, Czechia and Romania are way less combative to American tech companies and capital, so it's easier for them to justify investing for the long haul. Romanian successes like UIPath show that the only way a competitive European tech player can develop is through cooperation with the US.
The fact that VK and Yandex (and Telegram, I would add) exist at all, and have a clear presence in the public in Russia and several Russian-speaking countries around them, already puts them way ahead of the EU on this front, even if they have not replaced FB, IG, etc like WeChat did in China.
Otherwise, I generally completely agree with you. The EU tech scene is overall either US controlled or anemic. I'd note that Romania hardly has a real local tech scene. While we have a very large number of programmers and programming positions, it's almost entirely either US (and a few EU, Canadian, Israeli) companies' local offices or explicit outsourcing companies. The exceptions are UIPath, BitDefender, and a few companies that work exclusively on government contracts (and are deeply embedded with the political establishment).
If relations with the USA worsened significantly, it's very hard to see how the Romanian programming/tech sector would survive. There is very very little local leadership on the business side.
Government contracts aren't even wrong, in Russia government is big, so can provide a large market for local enterprise vendors to incubate. The general idea here is that private business will follow government's digital practices.
> If relations with the USA worsened significantly, it's very hard to see how the Romanian programming/tech sector would survive
Unlike Western European countries, Eastern countries like Romania and Poland have helped the US burden share significantly, and this is reflected in bipartisan foreign policy within the US.
Even Elbridge Colby, Oraina Mastro, and Rush Doshi (the primary foreign policy scholars in the US who built bipartisan support for American shifting focus to Asia) have pointed this out.
There's a reason it's overwhelmingly Germany and France that has been vocally combative against the US (be it Trump or Biden due to the IRA+CHIPS).
> The fact that VK and Yandex (and Telegram, I would add) exist at all, and have a clear presence in the public in Russia and several Russian-speaking countries around them, already puts them way ahead of the EU on this front, even if they have not replaced FB, IG, etc like WeChat did in China.
The EU could have been much more FDI friendly like India, which helped enable Meta and Alphabet to devolve even product leadership roles within India. India has been able to get American tech platforms to bend to Indian Internet regulations with little pushback while also dangling massive incentives.
Either build a domestic ecosystem (eg. Russia, China) or become entirely inseparable (eg. India, Israel).
The EU cannot catch up with the former, so it has no choice but to submit and work to become the latter.
> I'd note that Romania hardly has a real local tech scene
No tech scene is 100% local. Barely 5 years ago Microsoft China was the dream R&D job, and Ericcson's R&D remains in China to this day and continues to work on 5G and 6G R&D.
An international ecosystem allows a domestic market to access capital it could not before.
For example, Romania is significantly outperforming Poland in tech despite being being a smaller and poorer country because Romania made sure to leverage the diaspora in the US. Israel, India, and Czechia all did the same.
The issue is Germany and France continue to remain insular and unfriendly to services FDI, and try to make it the entire EU's problem. Romania gets more benefit from an American cloud like AWS domiciled in Cluj compared to a German owned and domiciled "cloud" like Hetzner.
You'll note one common thing between those two successful examples: one language only.
That's the big difference in the EU when you are a start-up and want to go from the $10-50M range to $500M+: in the US and China, you have one big market with a shared language and one rule of law. In Europe? The second you want to expand to a market bigger than 50M people you have to adapt to different languages, cultures and laws.
If you have not baked it in at the start that can be a huge roadblock. And if you have baked it in at the start you may have missed your chance due to the delay you incurred. Then you're just a target to be eaten by a US or Chinese company with a big war chest earned in their own market.
That's why part of the EU rules is about trying to unify its member countries laws. Yes GDPR can seem like a protectionist framework from outside, but the main goal was to make all country in the EU have one shared legal system to handle personal data. So sharing them becomes easier inside the EU. We can expect more of this kind of laws to be written but they'll always be too late.
People forget that China also has multiple languages. It's just that, per national mythology, a thousand years ago an emperor invented both "unified written language" and "civil service". To the extent that Brits will sometimes use "mandarin" as slang for civil servant.
In the Chinese case, competence. Korea also has such an ecosystem - and is a much better example for the EU to look towards - but stems from more of a mix between competence and luck.
Naver Cloud [0] and Samsung SDS Cloud [1] which is basically a Samsung managed AWS ecosystem (sort of like how AWS China is whitelabeled Tencent Cloud).
Those tend to be used by a plurality of Korean organizations within Korea.
Unlike in Europe, both Naver and Samsung began investing in building their own domestic cloud capabilities in the early 2010s.
I'm nitpicking, as your main point is still completely accurate; it is indeed miles ahead in sovereignty compared to the EU! But
> Those tend to be used by a plurality of Korean organizations within Korea.
I've seen from the inside the IT infra of several chaebol subsidiaries (of different groups), of Korean big tech, as well as Korean startups, and really only some of the chaebol subsidiaries made use of these local clouds. Near 0% for startups, low single digits for big tech (besides Naver themselves obviously) and even for the big corps I'd estimate <30%. Azure and AWS are plenty popular, as well as of course on-prem still having a much higher market share than in the West. Not sure if most big corps have a random unused database on Naver Cloud to satisfy some government statistic but talking about meaningful usage here.
No worries. I've tended to glaze over the Korean market so I'm glad to get some more granular info
> Azure and AWS are plenty popular
I was under the assumption that Samsung Cloud is largely a white label of AWS (sort of like Open Telekom Cloud in Germany), and much of the AWS spend can be treated as Samsung SDS. Is that correct?
Scaleway and OVHcloud, much better comparisons than Hetzner, started in the late nineties. UpCloud and Exoscale, arguably even better comparisons, started in 2011.
Then there are many more which I can't be bothered looking at their founding dates, like gridscale, Elastx, Open Telecom Cloud, Fuga, Seeway.
I think you meant to reply to my other comment. But anyhow, none of those compare to even the Korean clouds excluding Open Telekom Cloud, which is white labeled AWS.
That said, my point still stands. All the major examples you mentioned (OVH, Scaleway, gridscale) have largely limited FDI and headcount to within France or Germany, while GCP's Warsaw office owns the product leadership for much of GKE globally, AWS Bucharest owns a major part of AWS's Privacy and Data Security portfolio, MS Praha owns a significant portion of CoreAI, and Ireland is one of MS Azure's major DC hubs.
Most French and German PR about "digital sovereignity" rings hollow when the French and German vendors who stand to benefit have largely kept Capex and headcount within France and Germany.
Why should Poland, Romania, Czechia, Ireland, and Bulgaria lose hundreds of well paying high income tax bracket jobs and billions in FDI and income tax to subsidize French and German industry?
And this is why just about every EU grand strategy conversation falls apart - the individual member states will look out for themselves over the collective. For example, France's recent objection to Germany, the UK, and the Nordics buying American weapons to send to Ukraine instead of buying French [0] and Dassault's lobbying of France to withdraw from FCAS if it doesn't get 80% workshare [1]
German politicians don't answer to Polish voters. Greek politicians don't answer to Irish voters. Either the EU removes national soverignity and becomes a truly federal and centralized union, or the EU has to gradually reduce the political aspects and return to the 1990s and 2000s style defense and economic cooperation union that it was.
> Most French and German PR about "digital sovereignity" rings hollow when the French and German vendors who stand to benefit have largely kept Capex and headcount within France and Germany.
You're comparing companies of widely varying size.
There's not much sense for these French and German companies to open other European offices at their current size, much like there's not much sense for their eastern European equivalents to open offices in France or Germany.
For that matter, it didn't make much sense for Microsoft to open shops in Europe in the 80's, or for Google in the 2000's
On the other hand, it is pretty commonplace for European companies with enough activity across Europe to have offices around and to quite freely move/open offices in other countries. So I don't really see this point as a good one.
> You're comparing companies of widely varying size
OVHCloud is not AWS size, but it is still a large company that generates over $1B in revenue. Yet is has almost no dev or product leadership presence outside of France or the US. Same with Scaleway, which is a division of Iliad SA - one of the largest telcos in France and founded by one of Macron's largest backers who is also the son-in-law of Bernard Arnault of LVMH (and the reason why every country negotiating with the EU puts tariffs on Congac and Champagne), who has pushed Macron to dump ministers and even his PM.
> it is pretty commonplace for European companies with enough activity across Europe to have offices around and to quite freely move/open offices in other countries.
Both OVHCloud and Scaleway have been around since 1999, yet haven't ever expanded their core engineering or product responsibilities outside France or the US.
Meanwhile, AWS, GCP, Microsoft, and hundreds of American tech companies and startups have all given core product leadership responsibilities to their offices across Central and Eastern Europe.
Even small (compared to OVHCloud) American startups like (randomly picking 2 ik of) Cyberhaven and Snyk have opened offices in Romania and Poland that own product and engineering decisions plus roadmap.
> So I don't really see this point as a good one.
It is a major point because it is French (and German) businesses that are lobbying for a combative position at the expense of other EU member states.
Why should Ireland, Czechia, Poland, Romania, and Bulgaria suffer a severe capital outflow and retaliation from the US to help French companies that have keep jobs (and thus income and corporate tax revenue) within France and overwhelmingly benefit French (and German) capital owners?
And like I said before, this is why no unified European grand strategy ever develops - inevitably individual European nations undercut each other to protect their domestic industries.
At least Czechia, Poland, and Romania have helped burden-share via their contributions to Ukraine, which outshine those France has provided on a per capita basis, despite being much poorer countries than France.
> The Chinese, due to either luck or competence or both
China banned foreign tech to allow for local tech to grow. The EU has tried to be in good relationship with the USA allowing big tech to dominate the old continent.
I think that the arrangement worked well for both the USA and EU for a long time. But now that big tech is highly politically motivated to support the far-right that win-win situation has ended.
The only way for the EU to grow domestic tech is to do what the Chinese did, ban USA tech and let local companies to thrive. I just hope that it is done in an open standard-base way instead of the big tech monopolies of the USA.
It's interesting that there at least starts to be two opposing camp in the executive (some people in French government start to push for more sovereignty, some EU governments too, some MEPs, etc...)
Of course the rest of the administrations are not there yet, there are contracts to abide to, habits, etc... But there is the start of a general recognition that overdependence on the US is a liability at some level.
Also, it would incredibly more feasible to move IT infrastructure back and have some reign on data, then it would be to recover from our overdependence on China in terms of... Well, in terms of everything physical.
Which means that the first milestone would be to host pour data on "sovereign" data centers... Using East-Asian made hardware.
Most DCs are already using "Asian made" hardware such as Korean memory chips, Taiwanese power supplies and fabricated chips, and Japanese designed storage.
Unless you mean Chinese-made hardware, which would put much of Europe in the exact same position, with the added downside of supporting a nation that is cooperating with Russia, and is strongly in support of a Russian victory [0] in Ukraine. China has also begun leveraging export controls on tech transfers and outbound FDI as well, so dependency on an external nation would remain.
The reality is there is no choice other than America+ or Chinese made hardware for EU member states, and as long as Russia continues to leverage Chinese dual-use technology, it will be a no-go. And the European (in reality German+Dutch) ecosystem has largely been stagnant since the 2000s, and critical technology like EUV is nominally owned by EU companies but developed and manufactured by autonomous JVs within the US.
Either the EU supports Ukraine, in which case there is no choice but to deal with America+ or the EU leverages China, in which case support for Ukraine would have to stop.
You're absolutely right for the short term, but for the medium-long term (say, 15-30 years from now) there is absolutely no reason why the EU couldn't produce/design its own hardware. There are plenty of advanced pieces of hardware being designed in the EU even today, it's just happening mostly for US companies (e.g. Microchip has big HW design centers all over Europe).
> Microchip has big HW design centers all over Europe)
Microchip is primarily analog and power semiconductors - those have been heavily commodified for decades at this point. And the majority of their headcount and leadership is domiciled in the US and India based on LinkedIn.
And most European domiciled companies like NXP, ST Micro, and Ericcson outsourced the majority of their design operations to India and China 20 years ago.
Most hardware design has been domiciled in the US, China, Taiwan, Israel, and India since the 2000s.
> there is absolutely no reason why the EU couldn't produce/design its own hardware
Because, quite frankly, the ecosystem doesn't exist anymore.
Much of the European semiconductor industry imploded in the 2000s and 2010s due to the recession, austerity, the inability to compete against Apple and Samsung, the inability to hop onto the 5G bandwagon on time, and ASEAN and China's rise as a power electronics, analog chip, OSAT, and Telco hubs.
Much of the presence at this point in Europe is primarily legacy analog and power semiconductors targeted at automotive applications.
None of the EDAs are developed in Europe (even Siemens' EDA is developed by American subsidiaries Altair and UGS - both of whom are airgapped from their European parent). None of the major chemical vendors like Sunlit Chemical or LCY Chemical have a presence in Europe. None of the major lithography vendors like Cymer (the ASML-DoE JV that manufactures EUVs), Tokyo Electron, or Nikon have a lithography manufacturing presence in Europe. None of the major OSAT and Packaging vendors like ASE or Amkor have a presence in Europe. And none of the major display or memory chip fab companies like Sharp, Samsung, SK Hynix, or Micron have a presence within Europe. And none of the storage vendors like Toshiba, Hitachi, or Sandisk have a major manufacturing or R&D presence in Europe.
All these companies have overwhelmingly invested within Asia and the US. Europe didn't ratified it's FTAs with South Korea or Japan until 2015 and 2019 respectively, which meant most Korean and Japanese players were easily wooed by ASEAN, Chinese, and Indian SEZs and incentives in the 2000s and 2010s, right at the moment the European ecosystem was increasingly falling behind.
The US-TW-JP-SK-China-ASEAN-India ecosystem is extremely interconnected to a degree that the European ecosystem is not, and this began all the way back in the 2000s.
> say, 15-30 years from now
None of the EU member states nor the EU as a whole have offered subsidizes anywhere near as lucrative as those the US, SK, JP, TW, CN, ASEAN, and even India provided in 2020-25 for fabrication, design, or packaging. And I have not seen any EU or EU member state legislation moving in the right direction.
Hypothetically, if an EU member state suddenly wakes up tomorrow, it would still take 4-6 years to go from subsidy to constructed fab. For design, it would take 10 years (as can be seen with India's RISC-V ecosystem taking 10 years to even reach a mature enough state that allowed Sequoia and Accel to begin funding Series As and Bs). At that point, the legacy chip market will have already been flooded by Asian competitors, and the bleeding edge chip market will have largely been flooded by Asian and American competitors.
At this point, Europe has largely fallen behind in the traditional semiconductor ecosystem and can't catch up in the short-to-medium term.
The only way European players can remain relevant is by investing in opportunities to leapfrog in frontier segments such as 2D semiconductor design, photonics/quantum applications, and composite semiconductors - but even in these segments Europe has fallen severely behind US and Chinese players, and increasingly behind Japanese, South Korean, and even Indian domiciled R&D labs.
If control flows through data infrastructure, does it matter who “owns” the platform?
Once exposure is built into the structure, sovereignty becomes a user illusion.
I think we need a lot more accessible disclosure on the subject for the public. Even beyond government services, products exposing one to the US should come with a big fat warning.
> products exposing one to the US should come with a big fat warning
You mean products like Microsoft Windows, Apple's iOS and MacOS, Google's Android, Chrome and ChromeOS, Cisco, Fortinet, HP, Dell, AWS, Linux, Meta's Whatsapp Facebook and Instagram and so on and so forth.
Just search for Azure on wiz.io's blog, the amount of terrible yet easy to exploit security vulnerabilities, often with shit responses from Microsoft, is terrifying. It clearly demonstrates nobody with power within the Azure org cares about security. How can anyone trust them with anything remotely critical? Let alone the terrible UX and absurdly eventual consistency.
Yeah, yeah, I know, the people who know and understand this aren't the ones getting wined and dined to buy it. But still..
I think given the NSA's capacity they'll find a way to listen to us regardless which devices we use. But we're certainly going out of our way to make it easy for them.
Sadly, I understand why: they have a tonne of systems, that all, at least somewhat, work, that people know how to use, with established contacts and support contracts. IT departments trained and certified on how to run and deploy MS software. And that's before we start talking about lobbying.
edit: added a link to a good resource about the topic.
We should have started moving over yesterday, but it's a long and difficult process, I just hope we start moving forward on this.
There's simply no option for digital sovereignty other than cultivating a strong domestic software industry. As the source details, much of this exposure is being done with full understanding of the risks and costs.
The article also refers to some report claiming that European solutions are "wrongly judged to be too costly or inefficient". I'd be interested to read it if anyone has a translation. Even for something as basic as word processing software, every case I've seen so for the alternatives quickly lands on "you have to accept rough edges because that's the cost of data sovereignty" - much easier for a hobbyist or politician to say than an IT director charged with making sure your organization runs well.
The sad part is, both the EU and the UK (which has the same issue) have the capacity to do this as we have enough software engineers. But most software companies end up being bought out by US ones at some point.
> There's simply no option for digital sovereignty other than cultivating a strong domestic software industry.
Yes, but they tried and can't.
Those ideas of domestic computer industry and digital sovereignty have been around since the 60s.
The French had Bull which is now Atos and they failed miserably.
France was very impressive after WW2, they build almost on their own a nuclear weapons, a nuclear energy, aeronautic, military industry and impressive space capabilities.
After that you would expect them to have built a serious competitor to Intel and Microsoft but they didn't. They can't even built basic digital capabilities to support a bureaucracy.
My guess is a very different generation arrived in the 60s-70s in the workplace and in charge: the Silent Generation and the Boomers.
Those generations were not about building anything but more about entitlements and collecting dividends. But of course it takes quite some time for things to get really bad. Information technologies slowly took over many aspects over our societies over the last 50 years and now they find out they do not have sovereignty anymore.
They can, they just don't really want to, as the dozens of anecdotes in this very comment section reveal. None of these things are about technical competence or capabilities. They're all about organizations, politics, fiefdoms and enormous amounts of intentional obstruction by those who want to keep the status quo. If the country would collectively decide they'd want to change it, it could be done quite rapidly.
Turns out it was founded by an American, who was arrested on suspicion of bias-motivated crimes, second-degree assault and harassment after attacking a reporter in the USA but currently living in Hungary and running some media org there, with ties to the right wing Fidesz party. And he is on paper as being the founded of brusselssignal.eu
His organization received a big loan from an undisclosed source to set up the Brussels organisation and it seems to made up of or advised by a rag tag of European right wing politicians.
The whole thing stinks of Russian meddling in Europe.
One of these days Europeans will realize they are also part of the American empire just in a bit of a dominion status. If you host an American military installation, you are part of the empire with a fig leaf of domestic policy control that keep the bulk of the populace from realizing this. Take a look at a map of American military installations. The sun never sets on this latest roman empire.
It took Trump for the Europeans to realize that De Gaulle was right.
The consequences of the European Union realizing the were the USA's protectorate are not going to please the USA though... Buy ITAR-free, buy European !
I still don't think all this talk with trump and ukraine represents any meaningful retreat from american influence. It isn't like military bases are closing. Whoever is in power in a given US allied state very much wants to preserve the status quo that saw them seated in the position of power, aligned with the largest and most comprehensive military on the planet.
Empire has an idiot at the helm. As a Pole, I enjoyed pax americana a lot, I regret deeply its decline, and I blame not just MAGA, but both parties. But no matter what is the reason, you guys are not worth the trust anymore. Europe is re-militarizing.
Dunno about op's site, but the news itself comes from a french parliament hearing, has been discussed quite a bit on other news media, and from my experience, is being discussed by people here.
Russia wants broadly anything that sows disharmony/chaos/doubt within or between the NATO countries. It doesn’t matter whether it comes from the political far left or far right.
There is no requirement that the politics of destabilization form a cohesive worldview.
If you want to move away from <insert US tech giant>, you either need to embrace Linux and open source software which requires the state's employees to learn a new "stack" of applications which means they need to be given appropriate training or you need to have you home grown solutions that are as easy to use as their US counterparts and were developed within the EU by the EU's member countries with the EU's values embedded in them.
The first solution is not going to happen, as Linux is still relatively unknown all things considered and I don't see the French government employees learning how to use this OS and/or the applications running on it by themselves.
Secondly in times of budget cuts like in France currently, the government is not about to rip all the Microsoft products off and replace them with something that would take years to transition to and cost a fortune to implement.
So that leaves the homegrown solution. Unfortunately the work to move off of Microsoft et al should have started 10 years ago but it hasn't. Europe has completely dropped the ball on tech and now it's coming back to bit it in the ass.
The Draghi report from last year was supposed to kick things into gear but we will be lucky to see anything coming through within the next 5 years and by this stage the US tech giants will have entrenched themselves even more in the EU.
I am sorry to say but this is a failure that will resonate for the many decades to come.
I doubt that the average employee could tell Linux and Windows apart if you applied a Window-style skin to Linux.
But at least in Germany, I've seen Windows being written into agreements between state governments and trade unions representing clerks and employees. Good luck changing those without a negotiation running 3 years.
Lots of people would be disrupted by having to move off MS Office. Not insurmountably so, and MS ironically helps make the case that people can learn new things by often changing their own product interfaces.
If you really want to smooth out the transition, there's also companies which would be happy to help you setup and maintain your office environnement on Linux.
> I doubt that the average employee could tell Linux and Windows apart if you applied a Window-style skin to Linux.
It doesnt really matter if the UI is the same or almost the same. We are talking about rolling out an entire new suite of tools to every government worker in a given country.
It would take years to plan the migration, then start deploying it in stages to the less critical services of said government while you work out all the kinks.
While that is happening, you most likely will need to support both systems for a while so that you have a fallback if things go wrong with the new system.
Then you will need to train all these employees properly so that they can potentially troubleshoot some of the issues they encounter and give them enough time to become as productive as they were before the new system rolled out.
> But at least in Germany, I've seen Windows being written into agreements between state governments and trade unions representing clerks and employees. Good luck changing those without a negotiation running 3 years.
And there is that too. I am sure its the case in many countries.
Finally this migration if successful would not bear any fruits to the person who initiates it at best because by the time the roll out is complete this person will have moved on to another position, be elected somewhere else or retired.
But if it goes badly, you can be sure that this will be used by the opposition political parties to attack the governing party and accuse them of bringing the entire country's services to a stand still.
This is everywhere in the EU. The Dutch government put out an RFP for MS Outlook licenses. RFPs are supposed to be vendor neutral, so I don't understand how an RFP for something that only a single company sells can be vendor neutral.
They outsource all their email, but they don't put out RFPs for "email". MS is burrowed so deep into EU governments good luck getting them out.
EU obviously needs a Great Firewall - this would force foreign big tech to host data within the EU and subject these companies to ironclad EU legal jurisdiction. Naturally, some companies will not comply and withdraw services, clearing the way for domestic EU operators to emerge. This may seem like an unpalatable choice but it really is the only way back toward digital sovereignty - right now, the EU has been in 'trust me bro' situation with US big tech - a huge and accumulative risk
The EU is not a single country, every member is a sovereign country and there is no "EU jurisdiction".
The EU only provide directives that each member state adapt to their legal framework. Each country decides on their own policy regarding internet access, and it is very unlikely that a directive that have them go through some central EU-controlled firewall would pass.
They are trying with the Digital Privacy shield, but the issue is there is no domestic alternative to act as an alternative to the US.
And a grand bargain with China is highly unlikely given Wang Yi's recent visit with Kaja Kallas [0] where he announced Chinese moral support for Russia in Ukraine, which is diametrically opposed to the EU's foreign policy, while Von der Leyen condemned China for providing unrestricted support to Russia and causing industrial overcapacity [1].
Unlike Japan or South Korea, the EU holds no cards that it can leverage against the US or China - JP and SK can offer China a trilateral FTA which acts as a negotiating tool against the US, and SK+Japan can offer additonal military support for the US within the APAC domain which can act as a negotiating tool against China. What can the entire EU offer either US or China which cannot be vetoed by a COE member.
The EU has an added issue that the COE requires unanimity amongst heads of state to pass EU wide legislation, and US FDI representing €900B in inward FDI stock [2] within Ireland means there is a guaranteed veto against any tech decoupling. It's a similar story in Czechia, Poland, Romania, and Bulgaria as well.
> The EU has an added issue that the COE requires unanimity amongst heads of state to pass EU wide legislation
This is vaguely similar to the truth, at best.
The Council of Europe (CoE) has nothing to do with the EU, you're probably confusing it with the European Council (EUCO).
But the EC is not normally involved in the legislative process. Instead, EU legislation is proposed by the European Comission (EC) and must be accepted by both the European Parliament and the Council of Ministers.
The Council of Ministers is the closest body to what you probably meant, but it's made up of heads of government of member states, not the heads of state. It also doesn't require unanimity to pass a law - it takes at least 4 countries to outright block legislation. There is a procedure in which a single country which is unhappy with a law passing can raise this to the EUCO for additional review, but it doesn't apply to ordinary legislation.
So, no, Ireland can't unilaterally block any such legislation, it has to convince other countries to join in.
> The Council of Europe (CoE) has nothing to do with the EU, you're probably confusing it with the European Council (EUCO)
Yes! Thanks for the correction! I did mean the Council of Ministers
> So, no, Ireland can't unilaterally block any such legislation, it has to convince other countries to join in
Yep, but my point still stands.
Poland, Romania, Czechia, and Bulgaria have overwhelmingly profited from FDI from American BigTech players - they were the largest winners in the GCC and outsourcing rush of the early-to-mid 2020s due to very pro-business subsidizes and tax incentives.
Ireland has also continued to overwhelmingly profit from it's very American business friendly tax legislation.
All these countries have enough pull together to push back on any attempts at coercing American tech companies in a manner that other EU members may want.
Furthermore, they themselves have shown how the EU can better attract American companies to build a European presence - they need to become friendly to FDI and foreign players potentially dominating a market.
The issue is Germany and France (logically) tend to oppose this as their own domestic competitors are getting undercut.
yes, I suspect a version of the GFW may emerge from EU red tape - a 'great thicket' perhaps? However, I suspect Trump will go ape and force the EU to back down, like they already have by dropping Digital Tax. I think EU Great Firewall can only happen inadvertently now, the governments are too dependent on the voting public (being democracies) and now also too dominated by the US. Permanent vassalage is the end point, though this time w/o any prospect of influence to the center
> I suspect a version of the GFW may emerge from EU red tape - a 'great thicket' perhaps
Barely. There's a reason American bigtech FDI within the EU has largely coalesced around Ireland, Poland, Czechia, Romania, and Bulgaria - they rolled out the red carpet and tried to reduce any acrimony that American companies might have. They are also the most lax with enforcing EU digital regulations, as enforcement falls under national sovereignity.
> I suspect Trump will go ape and force the EU to back down, like they already have by dropping Digital Tax
Pretty much. BigTech can afford GRC, not startups. VC overwhelmingly backed Trump for this reason as Vance promised to fight digital export barriers (and largely delivered in the UK and Canada)
> Permanent vassalage is the end point, though this time w/o any prospect of influence to the center
I'm not sure. I think what will happen is the return of the primacy of individual states trying to curry favor with major powers, which has already started to happen.
Look at Hungary rolling the red carpet to Chinese FDI as a bulwark against the EU; Czechia and the Baltics adopting an avowedly pro-Taiwan stance in order to curry favor from the US; and Italy+Greece leveraging IMEC to re-negotiate better terms on OBOR-related investments from the 2010s. In most context, "Europe" has almost always been used to denote Germany Inc.
I wouldn't be surprised if Wang Yi ranted this exact same thing to Kallas during their 4 hour meeting which apparently lead to the entire China-EU summit being canceled. Similar incidents arose with American, Turkish, and Indian negotiators as well, all of whom prefer to work directly with national leaders instead of the EU leadership.
European countries now need to choose between the US or China. There is no other way.
these seem like solved problems. in canada, many govt depts have procurement rules that state all data must be hosted nationally by a custodian subject to national or even provincial law, and this has been standard for decades. the firm I work for also doesn't use google or microsoft clouds for similar reasons.
the deeper problem is governments are not technology builders and cannot produce tech products because they have no unique ability to deliver anything anyone subject to them actually wants.
Honestly how hard can it be given Microsoft size (and AWS, and Google's) to mandate the intervention of a EU corporate entity to manage their IP in the region, full source code, EU cloud assets, encryption keys, EU-only support access, collect their royalties etc., but essentially act as a privacy buffer wholly unanswerable to any US head office or any obligations US law holds the company to wrt any EU person, its just a black hole that grants them the right to earn money and hold a large market share in the EU. The Chinese aren't afraid to do it.
> Honestly how hard can it be given Microsoft size (and AWS, and Google's) to mandate the intervention of a EU corporate entity to manage
Very difficult.
Countries like Ireland, Poland, Czechia, Romania, and Bulgaria are heavily dependent on American FDI in their tech industry, and the European Council has final say and requires unanimity. A rule such as the one you mentioned would smother VC/PE in much of the EU, as European funds like Index Ventures and Munich Re Ventures are heavily dependent on the US to raise capital and build dealflow.
Major European employers like Volkswagen AG, Siemens AG, NXP, Phillips, Infineon, and others would also face severe retaliation as a result.
It would also set a precedent that would make an alternative like China extremely hesitant to invest, as the Chinese government heavily utilizes export controls on tech transfers. For example, BYD investment in Hungary is largely CDK with the core high value components like Batteries being manufactured in China. Biren, Huawei, and SMIC would face similar export controls.
Major Cloud providers would still need to invest eu-customer money in providing eu IT services, this is more a legal, security and privacy isolation for big tech players in order to maintain their share, extract royalties etc.
Startups that are not in a large marketshare situation wouldn't trigger the need for intermediary/isolation so the effect on FDI would be limited, and anyway, the tides are turning on US capital in general.
Retaliation: I'm not sure the US fiscal and legal overreach isn't already in place, e.g. VW dieselgate, export controls etc. The US looks after its interests (fair enough), but its time the EU levelled the field to protect its citizens, a small loss of regional sovereignty for those companies in exchange for the EU revenue they continue to make.
> Major Cloud providers would still need to invest eu-customer money in providing eu IT services, this is more a legal, security and privacy isolation for big tech players in order to maintain their share, extract royalties etc.
That's already done today with little-to-no acrimony, and none of the regulations you mentioned. Where do you think much of that FDI in Ireland, Poland, Czechia, Romania, and Bulgaria is coming from?
> Startups that are not in a large marketshare situation wouldn't trigger the need for intermediary/isolation so the effect on FDI would be limited, and anyway, the tides are turning on US capital in general
It's not just startups. American BigTech GCCs represent the bulk of tech related FDI in Czechia, Romania, Poland, and Bulgaria, and Ireland's US-friendly business law has lead to a severe dependency on the US for capital [1].
> the tides are turning on US capital in general.
American Capital markets continue to remain larger in size than the entire EU's combined [0]. And China's is roughly in size to the entire EU. An the reality is, European capital markets are nowhere near as unified as either the US or China's.
> its time the EU levelled the field to protect its citizens, a small loss of regional sovereignty for those companies in exchange for the EU revenue they continue to make
But how?
The EU isn't significantly unified, and depends on unanimity within the European Council. As I mentioned before, Ireland, Czechia, Romania, Bulgaria, and Poland would be a significant veto to any shift against the US.
Furthermore, French and German domestic giants continue to compete against each other in every industry, which has lead to cooperation failures such as the FCAS snafu recently [2].
There is no "EU grand strategy", as major member states like Germany, France, and others push back or compete with each other internally.
And given the fact that the Chinese players are cannibalizing European competitors within China, major European companies like Volkswagen and Siemens are now heavily dependent on the US as an alternative market.
Korea actually invested in building indigenous and domestic capacity in software and hardware since the 1990s, and rapidly expanded financing+subsidizes along with tech export promotion in the 2000s and 2010s while much of the EU fell under severe austerity and financialized much of it's R&D capacity. Furthermore, Korean companies like Samsung Group, LG Group, SK Group, and Hyundai Group spent tens of billions building R&D capacity and conducting tech transfers with American partners in order to build a much more balanced economic partnership.
Samsung Group, SK Group, LG Group, Hyundai Group, and Naver Group all built domestic capacity across both the software and hardware stack with Korea, and can decouple from the American ecosystem worst comes to worst because they have built a strong ecosystem across Japan, ASEAN, China, and India.
European countries never did the same. There is no domestic equivalent within Europe (and no, ASML does not count - all their bleeding were EUV work is done in the US via a JV with the DoE). In chips alone, Infineon, NXP (which is largely Motorola), and ST Micro are all heavily dependent on US capacity, and their niche in analog and power chips has largely been commodified by Asian players like Samsung Group, Hyundai Group, and SK Group. This can also be seen with CHIPS and IRA disbursements - Samsung and LG have been the biggest beneficiaries of the former and latter, and Naver has been leading US-SK trade negotiations with Trump Jr which lead to automotive being impacted but electronics largely unscathe.
South Korea also allows a level of market consolidation and oligopoly power that would violate European regulations.
Furthermore, SK can always dangle the China-SK-JP trilateral FTA to force the US into a more equal bargain, while dangling enhanced military cooperation with the US, Philippines, and Taiwan to force China to negotiate. The EU cannot offer the same because it is faced with Russia on it's eastern border, and thus cannot use China as a bulwark against the US.
Europe is decades behind Japan, South Korea, and Taiwan, let alone the US or China
Having worked for the French state and wrestled a few times with its IT services, I can tell you that the reason for choosing Microsoft isn't cost, or "efficiency".
It's that they only know Microsoft, they don't want to learn something else, and if there's a problem, it's Microsoft's fault, no theirs, so they don't have to deal with their own incompetence.
If you want an anecdote, we were working with SAS, a statistical software which required costly licences (more than a million € for a few dozens of workers). I suggested to switch to R or Python to the top director, who agreed.
First meeting with the service in charge, the chief opens with "ok, we are asked to change, but the goal here is to show that we tried, and found that it's not possible."
I resigned a few months after, as everything was in the same vein.
Sounds like Germany, and it's not just public services.
I used to work part-time in 1st level IT support in a local hospital when I was younger.
The main "theme" of my superior's work subjects there (2009-2016) was the migration from XP to 7. You heard that right.
And apart from the usual Office- and AD-Lock-In, the most problematic workstations of course were always ones with very specialized software. Virtualization and terminal services were in use, but the whole selling point of Windows was mostly put ad absurdum already, because they needed Windows licenses for dedicated machines running e.g. specialized MRT software, but those weren't even part of the main network anyway. They needed arcane syncing procedures anyway and Windows provided no value whatsoever on these devices. Same for the patient monitoring systems on ICU beds. These were using some "embedded" Windows and were rarely working in a stable way at all, nor way they connected to the networks running AD or the CIS (edit: seems it's called HIS in English)
CAD and stuff in the office divisions was similar, but with less integration needs (apart from network printing)
What I'm trying to say is: like in many offices, any slight change made users hostile, updates cost obscene amounts of work and money, and Windows didn't provide much more value compared to SAMBA. That is dated experience, I know.
But MS has not shown to be a trustworthy company in any of my work experience so far.
It was impossible to create working solutions without MS, yes, but the reasons for that never seemed to be grounded in actual value provided by an MS-centric software and networking structure.
It was just the one available commercial solution with enough adoption, and MS has been milking their target markets with these strategies for a very long time.
Making themselves "indispensable", even in machines where their software was used to run a terminal server, basically.
Hell, in my town, 3 years ago, they started to replace subway train LED signals with crappy Windows-CE-based software.
The effects are still noticeable... the whole infrastructure is still 80% worse compared to 10 years ago.
You recognize the useless Windows licenses by the occasional Desktop (seriously, google "cologne KVB windows trashcan"....), 90deg-tilted display, and of course 20% of the signage is out of operation on average now.
>What I'm trying to say is: like in many offices, any slight change made users hostile,
I remember doing a Windows 7 deployment for a customer, and one of their staff had 3 A4 binders. Probably 1000 pages, of typed notes about how Windows XP works.
The second she sat down at her new Windows 7 machine it was like she had lost her memory. She was instantly aggravated and couldnt find the start menu. Dropped her windows xp binders in the bin and told me to effectively "get lost" so she can relearn it from scratch.
I was thrown. Like its basically the same system with some UI tweaks but she was acting like I had pushed her onto debian or something.
I’ve had a few family relations approach technology this way. I think it’s like they are missing a “theory of mind” for how software works. We have developed this intuition by either using or creating software for a long time.
Like often people are scared to click random buttons or explore menus. We have used software for a long time, so we know that any destructive act would be proceeded by an “are you sure?” dialog box.
I think I would be in their shoes if I ever tried to change the oil on my car. I may be able to follow a procedure. But I would not deviate from it. It would not try to pop the covers off unrelated parts to peek into the alternator, for fear of electric shock.
Anyways, my rambling point is ideally we people would make themselves more familiar with how to understand the technology they work with everyday. But we should have empathy for people who have not contorted their minds to understand the peculiar behavior of software.
Yes, this is extremely accurate. Many people are very afraid to explore or experiment with any software program out of fear of breaking things.
Because when they break things they lose hours of work they cannot afford to lose. My parents had a small business and if my mom mis-clicked somewhere and deleted some important thing, she would enter a panicked rage as she'd lose half the day with some remote tech support.
She would never touch a computer after work, because it just stressed her, she found them absolutely unbearable, also because the tech support was unbearably obnoxious.
As someone who liked windows seven I find Ubuntu clearer than windows 11.
That is seriously how some people navigate through life, not just computers.
Like if they want to go to a certain office in a building: My "instructions" would be to go to department foo, room A5.303 (made up number). Their instructions are something like "in that red brick building, take the elevator to 5th floor, turn left and then again left into the hallway, second door on the right side".
If they navigate UI the same way, then of course every element that is moved slightly to a new place or grouped differently will cause their mental model of how things work to collapse.
Your equivalence seems widely inaccurate to me. I too sometimes have a mental model which is "red building, third floor, left then left" because that’s spatial memory. A random room number tells you absolutely nothing about where you actually have to go. I can (and sometimes do) remember one and will use one if it’s all I have but that’s just random information totally different from actual direction.
I think your comment actually hits the heart of the issue. Most software developers I have met have this kind of disdain for their users familiarity and ability and act like they are above that. Most confuse their own learned familiarity when they were young and could tinker with some kind of superior ability. Well, just go read any post here about systemd, the syntax of Ocaml, or the new ux of any popular framework and you will see that we are all the same.
Accepting change takes time, especially if people had no desire for the change. Most people don’t care about their computers. They are for them a necessary impediment in the way of doing what they want to do. That’s why they dislike change: it looks like work for no upside. A major part of change management is explaining to people where the upsides are for them, helping them operating in the new environment and giving them time to process.
> Most software developers I have met have this kind of disdain for their users familiarity and ability and act like they are above that.
This is absolutely true.
For what it's worth, "so-and-so department, room 123" is only a helpful mental model for navigation if you have additional knowledge not present in that description: that the department is probably contained entirely in one specific building, where that building is, that the rooms are likely numbered sequentially following a pattern that also indicates the floor they're in, etc. By itself this is an address whereas "red building, third floor, left then left" is a turn-by-turn route.
In terms of UIs, the latter is more like "left-hand side of the menu bar, 'Edit' menu I think, half-way down the screen, something like 'Modify' or 'Change' or 'Transform' or something, then third item in the list, something like 'Skew' or 'Bend' or something" compared to the first just being "Transform -> Skew". The former is fuzzier and the exact labels don't really matter because you'll know them when you see them. The latter is extremely precise but tells you nothing about how to actually find what you're looking for (is it in the 'Edit' menu? is it in a right-click context menu? etc). It's only really useful by itself if you have a command palette.
>That is seriously how some people navigate through life, not just computers.
This "treat everything like a ludicrously complex black box that almost nobody can understand" for any given subject are the lowest common denominator that laws get written to.
Changing the UI was the biggest mistake by microsoft, can't overestimate it.
> Probably 1000 pages, of typed notes about how Windows XP works.
Probably more than microsoft themselves maintained.
I wonder if she found any UI bugs that they don't know about.
> seriously, google "cologne KVB windows trashcan"
I did, and didn't get any relevant results. I had to google "koeln kVB windows papierkorb" to get several photos with screenshots of such screens.
Seriously, just link the image!
https://verliebtinkoeln.com/wp-content/uploads/2021/09/KVB-P...
makes sense, thanks, localized results got me here.
I’ve come to find that change is not always good, and resistance to change can be good for those that resist.
For example, our German team knew the software that headquarters was going to deploy to them was broken, so they secretly continued to use their old existing process. When the new software was deployed “successfully”, the same software was then deployed in the U.S. and broke horribly. The Germans were told that their responsibility was their region (only), so they literally took care of themselves and refused to be forced to be the guinea pigs.
In addition, I’ve come to learn not to immediately upgrade my OS at work, if I can help it. Typically, being an early adopter means you can get some nasty bugs that sometimes can take days to figure out. No thanks.
Got a work machine upgraded to Win11 recently... I held out as long as possible but in the end had to upgrade because support will be dropped.
My biggest daily frustration is that Microsoft dropped support for putting the taskbar anywhere other than the bottom...
I also had an encounter with government software...
I think the long-lasting solution will be to move to a web-based application system, instead of depending on Desktop applications made for Windows or Linux. Using a web app system, the government only has to concern itself with proper development and maintenance of servers and web apps, and the public workers can use any operating system with a web browser.
> the public workers can use any operating system with a web browser
With IE6^W Chrome, you mean. Nobody’s going to bother testing on anything else.
I saw they use Linux and Firefox at our local hospital.
Nothing says “long-lasting” like browser standards and front-end frameworks.
isn't TFA about how the problem is cloud-infrastructure? web-app will only make that worse unless you're thinking something like adobe air.
Also, as others already noted, somehow the web is uniquely terrible at maintaining compatibility across not only different platforms but different versions of the same platform and even different versions of the same browser, despite being built largely on top of high-level languages that all claim to enable effortless portability.
ok, then they develop that system using dynamics 365 or some crap like that
I agree with this. When it comes to domain-specific b2b software, pretty much everything that doesn't require native resources or performance inaccessible from the web platform should provide a web-based frontend (even if just as a minimum).
And that would be better why exactly? Bloated browsers trying to phone home, even if only to search for updates, or denying access because of overblocking DNS, false software security signatures, whatever? Ja. Klasse! I fucking know about Electron & Tauri. And V8, Node, Bun, TS. Hmmm so geil. Da steht mir der Schwanz steil. Oder auch einfach nur die Haare zu Berge.
Waldmeisterlicher Wackelpudding. Ahoi.
Go SWB, paint it green. Kölle Alaaf!
Just kidding. Triggered some memories.
Switching from a working, integrated solution (SAS) to a untested collection of random scripts (R or Python??) is a horrendous idea, and I would be willing to bet that the people in charge of implementing this brilliant move saved the French state quite a bit of money by blocking it.
If they had started with the R or with Python, that would have likely been a better solution - but that doesn't mean that switching, especially just because some new employee convinced the director they'd save money with a half-baked idea, is not.
I work for a company whose entire business is basically replacing various dedicated internal tooling scripts with an integrated, extremely costly solution, and we mostly sell to other businesses. Most people who buy this are extremely happy to get rid of their kludge of scripts, and we very rarely feel pressure from such alternatives (our other B2B, also extremely expensive, competitors, are the main thing we get compared with).
Specialized software often works much better, and makes a lot of sense past some scale, than in-house solutions. Especially if there are no big geopolitical risks - which there aren't with SAS for the French government.
- The division doing the change wasn't doing anything critical, mostly yearly statistical analysis reports, and cost estimates for new laws. The move could have been done over a year or two. Most public workers aren't overwhelmed with work, to put it mildly.
- SAS language is horrendous, the IDE is stuck in the 2000´s, and everyone was doing SQL queries inside it as a result. SAS is obsolete compared to what R or Python can do. Career-wise, it's a dead end for workers who use it.
- The French state is heavily indebted, so any cost-saving measure is welcome to reduce the burden on the taxpayer.
But everyone experienced in such a "migration" would challenge your flawed impression that there would be cost saving. SAS is in fact used in many serious companies (I know it's used at the fraud department of Bouygues Telecom, for instance) so you're not gonna dead-end yourself all that much, you can do the python+r stuff on your own probably, as long as the reports are there, and call them from SAS if you cannot stand it.
Meanwhile, nothing has to move, nothing has to change, and your non-critical division will continue to cost exactly as budgeted instead of going through unknown waters just because maybe switching to something new might be ... cheap eventually ?
Plus this has nothing to do with Microsoft really, as most cost is in Windows and its integration. It's hard to replace the global policies of Windows by an alternative.
What are the costs of using python/R? I'm not talking about the full french gov, but a single division (around 25 workers), for which the procurement is done.
This is in reality a clear cost-saving measure, as you may have to pay one time for training, which is however done by another division of the French State (the statistical body, INSEE), and those career workers don't get bonuses or are paid overtime anyway.
Afaik other "big corps" are moving away from SAS as graduate only know Python/R nowadays, which are better and more flexible tools.
Improving tooling and reducing costs are just a thing for private companies. Yeah, the horse carriage drivers weren't happy when the gasoline engine appeared. Imagine the switching costs! There are still horse carriages around! Horses are reliable! You can drive a car on your own!
IDK man, getting some department out from under the thumb of the big org's IT is pretty much SOP when BigCo has a "oh crap we gotta compete in this niche, spin up an internal startup" moment.
Yeah, the plan is insane if you're talking about the entire french government.
> Especially if there are no big geopolitical risks - which there aren't with SAS for the French government.
Are you serious? Especially when officials working for well-respected international organizations are being sanctioned for their work out of political reasons? This entire article wouldn't exist if there were no geopolitical risk.
From the article:
> “Carniaux … was asked by the [French Senate] commission to guarantee that French citizens’ data hosted by Microsoft would never be transmitted to foreign authorities without the agreement of the French authorities. He replied: ‘No, I can’t guarantee that,'” the report stated.
If this isn't geopolitical risk, I don't know what is.
It's clear that your stated job constantly exposed you to all the talking points of mega cloud platforms. But there are negative consequences too, and they're very real.
Oops, I've made a huge mistake here, apologies. I confused SAS for SAP, the German business stats company. My post was entirely from this wrong perspective, that it would be replacing EU business software with open source software.
In light of the new understanding, I fully agree with you that it was extremely shortsighted and sad to have tech leadership oppose a project which directly gives a US company access to such sensitive data with open source alternatives.
That makes much more sense! Swapping SAP for some Python scripts is pretty risky.
The French state is one thing, the Polytéchnique is another. My impression is the old-school network administrators at French universities are fiercely protective of their de facto right to make technical decisions regarding equipment and software. So this part surprises me.
Even when I see "so and so place is switching to X" I always think "uh, do your current Microsoft people ... know how to do that?"
I'm all for training and making the switch, but you gotta get your teams motivated / what they need to do the job. If not IT can resist like few other orgs.
I've lived the exact same scenario in a large public company. Large orgs and misaligned incentives are not exclusive to the public sector.
Everything else aside moving to R and Python to escape the USA hegemony means you are still dependend on Python Software Foundation and R Fundation. First is American. Second is based in Vienna, Austria yet still has big American presence among its members. So you end up still dependending on USA. Same with most free and open source. Even if its authors may appear to be European, they may turn out to be Americans (Linus Torvalds) or work for US company anyway (Guido van Rossum)
You may be underestimating the depth of scope of SAS. You can't just replace it with "a bunch of R and Python scripts".
Depends on what you're doing, to be fair. R would probably be a better choice as it's more likely to have all the statistical stuff in SAS. Python might make sense if you want to integrate it into web/other systems.
It's definitely not an easy lift and shift though, as the OP made it out to be. Particularly when you're integrating with other departments it's vital to have perfect compatibility as otherwise you'll break the other departments workflow.
> Having worked for the French state and wrestled a few times with its IT services, I can tell you that the reason for choosing Microsoft isn't cost, or "efficiency
While this is generally not wrong, the French state still uses and creates open source software extensively. Gendermerie Nationale have their own Linux distribution ; Ministry of Foreign Affairs runs Debian for diplomatic personnel. Multiple pieces of public software was developed out in the open (including the government SSO and the COVID tracking app).
So while there is definitely bad, it has been getting progressively better over the past ~10 years.
This addiction to Microsoft is everywhere and it's terrible for everyone involved. So many small orgs and NGOs paying through the nose for what can be done for free with Google Docs & Sheets.
Using proprietary software that is given away for free is even worse than paying for proprietary software - at least you have a contract in the latter case.
Governments should pay software engineers and system administrators (or infrastructure engineers if you like) to build and run their systems, ideally open sourcing whatever makes sense
Google isn't free for non-personal use.
Yeah, but Google Docs and Sheets are really worse than Word/Excel for many uses/users. I’d be pretty peeved if my employer decided to save figurative pennies by making me use Google Docs/Sheets.
And Google Docs/Sheets isn’t really free once you need business functionality. Depends what exactly what your feature requirements are, but Google Workspace pricing has about the same range as Office 365 Enterprise. ($10-$50/user/month)
^foss alternatives like onlyoffice, nextcloud...
Relying on yet another American mega corp instead of Microsoft doesn't seem very wise.
NGOs pay little compared to businesses, AFAIR.
When you say first meeting, is the implication that they were lying about even trying?
Sounds like they were honest about lying, less confusion than lying about lying and helps prevent the unwanted outcome of accidentally succeeding. Not succeeding helps with job security, the problem justifying your job will continue to exist. Since such skills are in demand at all levels of bureaucracy successfully failing to deliver at a lower level will open up opportunities to fail at a higher level.
This is fairly normal. I’ve seen it in every corporate job I’ve had.
Most people seemed to have a retirement clock running and wanted to avoid doing anything they don’t give a crap about until then.
Giving a crap about your job is an outlier.
Honestly, when management comes up with some silly idea like replacing a perfectly working piece of software that's core to your business with a completely different alternative that is not giving you anything but being slightly cheaper, caring about your job involves stopping this silly change from happening.
Caring about your job involves being informed enough to not open your organization up to abuse from the likes of Oracle and Microsoft. That would save your customers, or fellow citizens if you work for government.
While I still stand by my sentiment to a small extent (it's often people who do care that actually oppose management initiatives, and proprietary business software can be superior to OSS alternatives, in certain areas), I was working under the mistaken impression that this was about replacing SAP, a German business solution, not SAS, the American company.
I should say that I think the real solution here would be to create an EU wide business software public company (or even EU agency), which would build and maintain business software products for EU governments, preferably open source. There is so much commonality in these areas that it's absurd to not build a common core, and later provide consultancy and support services to member states for deep customization, from experts who understand this common core. This is basically the IBM, Oracle, SAS, SAP, or even Microsoft B2B business model, so not some pie-in-the-sky idea.
I do believe that having some unified organization that can provide support and expertise on how others have solved similar problems would be much better than having every municipality and institute in the EU develop its own bespoke OSS-based solution, or, worse, buy from a private company that can just extract a profit from the massive cost savings of deploying substantially similar solutions for hundreds of customers, instead of passing on the cost savings.
It's funny that capitalism rewards jobs that have meaning- healthcare, education- the least.
> capitalism rewards jobs that have meaning- healthcare, education- the least
Doctors and researchers do quite well when they're effective.
ok so "funny" but historically, it has been worse. Like the legend of a warrior King in a region towards modern Hungary.. the school teachers would be ordered to stop work when the King and his military advisors rode on the main road for inspection. All the teachers were required to stop and clean the litter by the road as the King passed by. Perhaps the implication is -- if you do not have my military protection, then your school would be burned by invaders? actually not wrong in some places, but can you blame that scene on "capitalism" ? Want to guess the expenses of the armor and servants for the King and their party? probably more coins than were spent on teachers, who were paid in farm produce and exchange services?
He outright said their goal was to lie about trying.
Time[1] and time[2] again, the CJEU has ruled that the US stance of noncitizens having no standing on privacy issues is incompatible with EU law. Time[3] and time[4] again, the European Commission has negotiated a functionally identical agreement codified in executive orders and declared it “adequate” until the court could decide otherwise. Not even the Congress explicitly giving[5] the US government powers to compel (among others) EU subsidiaries of US multinationals, regardless of what EU law says, has changed the equation. Now there’s been a presidential election in the US that many in the EU are unhappy about. *Shocked Pikachu*
> [French MP Philippe] Latombe criticised the US-EU Data Privacy Framework (DPF) deal, saying it no longer served EU interests due to the US president’s “impulsive” nature.
Am I wrong to say that there’s something profoundly rotten in that statement with regards to the rule of law?
[1] https://en.wikipedia.org/wiki/Max_Schrems#Schrems_I
[2] https://en.wikipedia.org/wiki/Max_Schrems#Schrems_II
[3] https://en.wikipedia.org/wiki/EU%E2%80%93US_Privacy_Shield
[4] https://en.wikipedia.org/wiki/EU%E2%80%93US_Data_Privacy_Fra...
[5] https://en.wikipedia.org/wiki/CLOUD_Act
All you need to know is that the EU Commission sues their own data protection commissioner because he ruled that the usage of MS365 in the Commission is illegal. So the EU Commission happily works together with Microsoft: https://www.heise.de/en/news/Microsoft-365-EU-Commission-tak...
A bit of offtopic but when opening this article in the cookie consent screen I get
> Data processing by advertising providers including personalised advertising with profiling Consent required for free use
How legal is this?
It is considered illegal and is currently under investigation thanks to the wonderful Noyb organization: https://en.wikipedia.org/wiki/Consent_or_pay (the article even mentions Heise) & https://noyb.eu/en/frequently-asked-questions-about-pay-or-o...
The Irish DPA held secret meetings with Facebook about sharing EU citizens data.
https://www.cpomagazine.com/data-protection/schrems-slams-sl...
The rot runs incredibly deep.
>saying it no longer served EU interests due to the US president’s “impulsive” nature.
I'd say that if whether or not an agreement serves the EU's interests entirely depends on who the US president is, then it's not an agreement that serves the EU's interests.
International law is not really a thing so ultimately this kind of debate between nations/supernational bodies where their positions are irreconcilable comes down to raw power.
Does either the US or the EU have any cards to play that will force the other to back down, or not?
> Am I wrong to say that there’s something profoundly rotten in that statement with regards to the rule of law?
Why do you think that? The agreement was negotiated under certain conditions, it’s not really surprising that a change in circumstances would make it unfit for purpose.
If migrating off Microsoft would effectively shut down the government for a period of time they don't really have any choice.
I worked at a tax office a long time ago which used Windows and Java, and it was a horrendous system and experience. We kept losing time every single day due to some issue elsewhere, so we always had to notify IT, which in turn would notify whoever is responsible for these servers in the capital city. They "fixed" it, except the cycle continued. I bet they are still having issues.
> Am I wrong to say that there’s something profoundly rotten in that statement with regards to the rule of law?
No. The laws are applied as long as they serve the rulling elite. See GDPR for examples. Or the copyright law for examples at the other end of the pond.
I don't see enough talk about reducing the amount of data collected in the first place. Even if it's kept within one jurisdiction, it can still be the target of a breach by a local criminal, a foreign spy, or a new government agency... Cameras on every street, cellular antenas on every car, biometrics for everything... It may vary from country to country, but an expansion on citizen data collection (in one area or another) seems commonplace across most governments, and usually with zero opposition in "the real world". And unlike products or platforms that you can chose to not use, there's hardly any escape from those.
> I don't see enough talk about reducing the amount of data collected in the first place.
It's because the power's that be want all the data and none of the liability. The easiest way to comply with any privacy regulation is to not collect, store, or process any personal data. Just don't store or process data about humans and 99% of the problems go away.
But data is the new oil. And sometimes when you store or process oil there are leaks that spill everywhere, contaminate things, and even sometimes kill people. That's never stopped us from collecting, storing, or processing oil.
Seen here:
https://www-senat-fr.translate.goog/compte-rendu-commissions...
================================================================
Quoting the translation:
Mr. Dany Wattebled , rapporteur . - Mr. Carniaux, as Director of Public and Legal Affairs, you represent Microsoft France before public decision-makers. Can you guarantee before our committee, under oath, that the data of French citizens entrusted to Microsoft via UGAP will never be transmitted, following an injunction from the American government, without the explicit agreement of the French authorities?
Mr. Anton Carniaux . - No, I cannot guarantee that, but, again, it has never happened before.
================================================================
Original:
M. Dany Wattebled, rapporteur. - Monsieur Carniaux, en tant que directeur des affaires publiques et juridiques, vous représentez Microsoft France auprès des décideurs publics. Pouvez-vous garantir devant notre commission, sous serment, que les données des citoyens français confiées à Microsoft via l'Ugap ne seront jamais transmises, à la suite d'une injonction du gouvernement américain, sans l'accord explicite des autorités françaises ?
M. Anton Carniaux. - Non, je ne peux pas le garantir, mais, encore une fois, cela ne s'est encore jamais produit.
================================================================
Thread on Mastodon:
https://toot.cat/@devopscats/114879479938557566
> Mr. Anton Carniaux . - No, I cannot guarantee that
He's smart, he doesn't want to go to jail. But all the governments and current and/or past administrations are guilty of pretended to be retarded since we all knew for the past 30 years that Microsoft was not to be trusted.
The EU majorly screwed up by not focusing on a homegrown software ecosystem. The Chinese, due to either luck or competence or both, have a parallel big tech ecosystem compared to America and that is a huge advantage.
Most shamefully for the EU, even Russia, a much, much smaller and poorer country, has a full set of replacements for the US tech hegemony, at least on the software side.
However, we are all complicit in this state of affairs, with pushing dreams of a broderless internet. If the EU had tried to limit Facebook or Google access to the EU markets, or just favored some inferior EU alternatives, people on this very forum would have been up in arms about government overreach, balkanization of the Internet, and Brussels bureaucrats trying to stay relevant.
> even Russia, a much, much smaller and poorer country, has a full set of replacements for the US tech hegemony, at least on the software side
Not really. Meta and Alphabet products like FB, IG, and YouTube remain heavily used in Russia, even in spite of domestic alternatives like VK or Yandex.
That said, pre-2022, Russia definitely had a strong VC and entrepreneurship scene compared to the the rest of Europe. NGINX, Yandex, VK, and Kasperskey were all able to be formed in Russia in the 2000s due to a much less risk averse capital market. Same with Ukraine (eg. Grammarly, Ring) and Belarus (eg. Wargaming)
Aside from Romania and Czechia, I don't see a similar ecosystem anywhere in Europe (even Poland and Ireland's tech industry are largely dominated by FDI from large American players like Google and Bulgaria's from contractor and freelancer shenanigans).
Ofc, unlike France and Germany, Czechia and Romania are way less combative to American tech companies and capital, so it's easier for them to justify investing for the long haul. Romanian successes like UIPath show that the only way a competitive European tech player can develop is through cooperation with the US.
The fact that VK and Yandex (and Telegram, I would add) exist at all, and have a clear presence in the public in Russia and several Russian-speaking countries around them, already puts them way ahead of the EU on this front, even if they have not replaced FB, IG, etc like WeChat did in China.
Otherwise, I generally completely agree with you. The EU tech scene is overall either US controlled or anemic. I'd note that Romania hardly has a real local tech scene. While we have a very large number of programmers and programming positions, it's almost entirely either US (and a few EU, Canadian, Israeli) companies' local offices or explicit outsourcing companies. The exceptions are UIPath, BitDefender, and a few companies that work exclusively on government contracts (and are deeply embedded with the political establishment).
If relations with the USA worsened significantly, it's very hard to see how the Romanian programming/tech sector would survive. There is very very little local leadership on the business side.
Government contracts aren't even wrong, in Russia government is big, so can provide a large market for local enterprise vendors to incubate. The general idea here is that private business will follow government's digital practices.
> If relations with the USA worsened significantly, it's very hard to see how the Romanian programming/tech sector would survive
Unlike Western European countries, Eastern countries like Romania and Poland have helped the US burden share significantly, and this is reflected in bipartisan foreign policy within the US.
Even Elbridge Colby, Oraina Mastro, and Rush Doshi (the primary foreign policy scholars in the US who built bipartisan support for American shifting focus to Asia) have pointed this out.
There's a reason it's overwhelmingly Germany and France that has been vocally combative against the US (be it Trump or Biden due to the IRA+CHIPS).
> The fact that VK and Yandex (and Telegram, I would add) exist at all, and have a clear presence in the public in Russia and several Russian-speaking countries around them, already puts them way ahead of the EU on this front, even if they have not replaced FB, IG, etc like WeChat did in China.
The EU could have been much more FDI friendly like India, which helped enable Meta and Alphabet to devolve even product leadership roles within India. India has been able to get American tech platforms to bend to Indian Internet regulations with little pushback while also dangling massive incentives.
Either build a domestic ecosystem (eg. Russia, China) or become entirely inseparable (eg. India, Israel).
The EU cannot catch up with the former, so it has no choice but to submit and work to become the latter.
> I'd note that Romania hardly has a real local tech scene
No tech scene is 100% local. Barely 5 years ago Microsoft China was the dream R&D job, and Ericcson's R&D remains in China to this day and continues to work on 5G and 6G R&D.
An international ecosystem allows a domestic market to access capital it could not before.
For example, Romania is significantly outperforming Poland in tech despite being being a smaller and poorer country because Romania made sure to leverage the diaspora in the US. Israel, India, and Czechia all did the same.
The issue is Germany and France continue to remain insular and unfriendly to services FDI, and try to make it the entire EU's problem. Romania gets more benefit from an American cloud like AWS domiciled in Cluj compared to a German owned and domiciled "cloud" like Hetzner.
You'll note one common thing between those two successful examples: one language only.
That's the big difference in the EU when you are a start-up and want to go from the $10-50M range to $500M+: in the US and China, you have one big market with a shared language and one rule of law. In Europe? The second you want to expand to a market bigger than 50M people you have to adapt to different languages, cultures and laws.
If you have not baked it in at the start that can be a huge roadblock. And if you have baked it in at the start you may have missed your chance due to the delay you incurred. Then you're just a target to be eaten by a US or Chinese company with a big war chest earned in their own market.
That's why part of the EU rules is about trying to unify its member countries laws. Yes GDPR can seem like a protectionist framework from outside, but the main goal was to make all country in the EU have one shared legal system to handle personal data. So sharing them becomes easier inside the EU. We can expect more of this kind of laws to be written but they'll always be too late.
People forget that China also has multiple languages. It's just that, per national mythology, a thousand years ago an emperor invented both "unified written language" and "civil service". To the extent that Brits will sometimes use "mandarin" as slang for civil servant.
> The second you want to expand to a market bigger than 50M people you have to adapt to different languages, cultures and laws
So do US companies which operate in the EU. I doubt that's the main limiting factor.
In the Chinese case, competence. Korea also has such an ecosystem - and is a much better example for the EU to look towards - but stems from more of a mix between competence and luck.
Where are the Korean cloud providers? Even Samsung uses American ones.
Naver Cloud [0] and Samsung SDS Cloud [1] which is basically a Samsung managed AWS ecosystem (sort of like how AWS China is whitelabeled Tencent Cloud).
Those tend to be used by a plurality of Korean organizations within Korea.
Unlike in Europe, both Naver and Samsung began investing in building their own domestic cloud capabilities in the early 2010s.
[0] - https://www.navercloudcorp.com/
[1] - https://cloud.samsungsds.com/serviceportal/index.html
I'm nitpicking, as your main point is still completely accurate; it is indeed miles ahead in sovereignty compared to the EU! But
> Those tend to be used by a plurality of Korean organizations within Korea.
I've seen from the inside the IT infra of several chaebol subsidiaries (of different groups), of Korean big tech, as well as Korean startups, and really only some of the chaebol subsidiaries made use of these local clouds. Near 0% for startups, low single digits for big tech (besides Naver themselves obviously) and even for the big corps I'd estimate <30%. Azure and AWS are plenty popular, as well as of course on-prem still having a much higher market share than in the West. Not sure if most big corps have a random unused database on Naver Cloud to satisfy some government statistic but talking about meaningful usage here.
> I'm nitpicking
No worries. I've tended to glaze over the Korean market so I'm glad to get some more granular info
> Azure and AWS are plenty popular
I was under the assumption that Samsung Cloud is largely a white label of AWS (sort of like Open Telekom Cloud in Germany), and much of the AWS spend can be treated as Samsung SDS. Is that correct?
Scaleway and OVHcloud, much better comparisons than Hetzner, started in the late nineties. UpCloud and Exoscale, arguably even better comparisons, started in 2011.
Then there are many more which I can't be bothered looking at their founding dates, like gridscale, Elastx, Open Telecom Cloud, Fuga, Seeway.
I think you meant to reply to my other comment. But anyhow, none of those compare to even the Korean clouds excluding Open Telekom Cloud, which is white labeled AWS.
That said, my point still stands. All the major examples you mentioned (OVH, Scaleway, gridscale) have largely limited FDI and headcount to within France or Germany, while GCP's Warsaw office owns the product leadership for much of GKE globally, AWS Bucharest owns a major part of AWS's Privacy and Data Security portfolio, MS Praha owns a significant portion of CoreAI, and Ireland is one of MS Azure's major DC hubs.
Most French and German PR about "digital sovereignity" rings hollow when the French and German vendors who stand to benefit have largely kept Capex and headcount within France and Germany.
Why should Poland, Romania, Czechia, Ireland, and Bulgaria lose hundreds of well paying high income tax bracket jobs and billions in FDI and income tax to subsidize French and German industry?
And this is why just about every EU grand strategy conversation falls apart - the individual member states will look out for themselves over the collective. For example, France's recent objection to Germany, the UK, and the Nordics buying American weapons to send to Ukraine instead of buying French [0] and Dassault's lobbying of France to withdraw from FCAS if it doesn't get 80% workshare [1]
German politicians don't answer to Polish voters. Greek politicians don't answer to Irish voters. Either the EU removes national soverignity and becomes a truly federal and centralized union, or the EU has to gradually reduce the political aspects and return to the 1990s and 2000s style defense and economic cooperation union that it was.
[0] - https://www.politico.eu/article/europe-donald-trump-weapons-...
[1] - https://www.ft.com/content/a38f6f36-6284-428c-b8af-fe6d6d7db...
> Most French and German PR about "digital sovereignity" rings hollow when the French and German vendors who stand to benefit have largely kept Capex and headcount within France and Germany.
You're comparing companies of widely varying size.
There's not much sense for these French and German companies to open other European offices at their current size, much like there's not much sense for their eastern European equivalents to open offices in France or Germany.
For that matter, it didn't make much sense for Microsoft to open shops in Europe in the 80's, or for Google in the 2000's
On the other hand, it is pretty commonplace for European companies with enough activity across Europe to have offices around and to quite freely move/open offices in other countries. So I don't really see this point as a good one.
> You're comparing companies of widely varying size
OVHCloud is not AWS size, but it is still a large company that generates over $1B in revenue. Yet is has almost no dev or product leadership presence outside of France or the US. Same with Scaleway, which is a division of Iliad SA - one of the largest telcos in France and founded by one of Macron's largest backers who is also the son-in-law of Bernard Arnault of LVMH (and the reason why every country negotiating with the EU puts tariffs on Congac and Champagne), who has pushed Macron to dump ministers and even his PM.
> it is pretty commonplace for European companies with enough activity across Europe to have offices around and to quite freely move/open offices in other countries.
Both OVHCloud and Scaleway have been around since 1999, yet haven't ever expanded their core engineering or product responsibilities outside France or the US.
Meanwhile, AWS, GCP, Microsoft, and hundreds of American tech companies and startups have all given core product leadership responsibilities to their offices across Central and Eastern Europe.
Even small (compared to OVHCloud) American startups like (randomly picking 2 ik of) Cyberhaven and Snyk have opened offices in Romania and Poland that own product and engineering decisions plus roadmap.
> So I don't really see this point as a good one.
It is a major point because it is French (and German) businesses that are lobbying for a combative position at the expense of other EU member states.
Why should Ireland, Czechia, Poland, Romania, and Bulgaria suffer a severe capital outflow and retaliation from the US to help French companies that have keep jobs (and thus income and corporate tax revenue) within France and overwhelmingly benefit French (and German) capital owners?
And like I said before, this is why no unified European grand strategy ever develops - inevitably individual European nations undercut each other to protect their domestic industries.
At least Czechia, Poland, and Romania have helped burden-share via their contributions to Ukraine, which outshine those France has provided on a per capita basis, despite being much poorer countries than France.
> The Chinese, due to either luck or competence or both
China banned foreign tech to allow for local tech to grow. The EU has tried to be in good relationship with the USA allowing big tech to dominate the old continent.
I think that the arrangement worked well for both the USA and EU for a long time. But now that big tech is highly politically motivated to support the far-right that win-win situation has ended.
The only way for the EU to grow domestic tech is to do what the Chinese did, ban USA tech and let local companies to thrive. I just hope that it is done in an open standard-base way instead of the big tech monopolies of the USA.
It's interesting that there at least starts to be two opposing camp in the executive (some people in French government start to push for more sovereignty, some EU governments too, some MEPs, etc...)
Of course the rest of the administrations are not there yet, there are contracts to abide to, habits, etc... But there is the start of a general recognition that overdependence on the US is a liability at some level.
Also, it would incredibly more feasible to move IT infrastructure back and have some reign on data, then it would be to recover from our overdependence on China in terms of... Well, in terms of everything physical.
Which means that the first milestone would be to host pour data on "sovereign" data centers... Using East-Asian made hardware.
One thing at a time, I guess ?
> Using East-Asian made hardware.
Most DCs are already using "Asian made" hardware such as Korean memory chips, Taiwanese power supplies and fabricated chips, and Japanese designed storage.
Unless you mean Chinese-made hardware, which would put much of Europe in the exact same position, with the added downside of supporting a nation that is cooperating with Russia, and is strongly in support of a Russian victory [0] in Ukraine. China has also begun leveraging export controls on tech transfers and outbound FDI as well, so dependency on an external nation would remain.
The reality is there is no choice other than America+ or Chinese made hardware for EU member states, and as long as Russia continues to leverage Chinese dual-use technology, it will be a no-go. And the European (in reality German+Dutch) ecosystem has largely been stagnant since the 2000s, and critical technology like EUV is nominally owned by EU companies but developed and manufactured by autonomous JVs within the US.
Either the EU supports Ukraine, in which case there is no choice but to deal with America+ or the EU leverages China, in which case support for Ukraine would have to stop.
[0] - https://www.scmp.com/news/china/diplomacy/article/3316875/ch...
You're absolutely right for the short term, but for the medium-long term (say, 15-30 years from now) there is absolutely no reason why the EU couldn't produce/design its own hardware. There are plenty of advanced pieces of hardware being designed in the EU even today, it's just happening mostly for US companies (e.g. Microchip has big HW design centers all over Europe).
> Microchip has big HW design centers all over Europe)
Microchip is primarily analog and power semiconductors - those have been heavily commodified for decades at this point. And the majority of their headcount and leadership is domiciled in the US and India based on LinkedIn.
And most European domiciled companies like NXP, ST Micro, and Ericcson outsourced the majority of their design operations to India and China 20 years ago.
Most hardware design has been domiciled in the US, China, Taiwan, Israel, and India since the 2000s.
> there is absolutely no reason why the EU couldn't produce/design its own hardware
Because, quite frankly, the ecosystem doesn't exist anymore.
Much of the European semiconductor industry imploded in the 2000s and 2010s due to the recession, austerity, the inability to compete against Apple and Samsung, the inability to hop onto the 5G bandwagon on time, and ASEAN and China's rise as a power electronics, analog chip, OSAT, and Telco hubs.
Much of the presence at this point in Europe is primarily legacy analog and power semiconductors targeted at automotive applications.
None of the EDAs are developed in Europe (even Siemens' EDA is developed by American subsidiaries Altair and UGS - both of whom are airgapped from their European parent). None of the major chemical vendors like Sunlit Chemical or LCY Chemical have a presence in Europe. None of the major lithography vendors like Cymer (the ASML-DoE JV that manufactures EUVs), Tokyo Electron, or Nikon have a lithography manufacturing presence in Europe. None of the major OSAT and Packaging vendors like ASE or Amkor have a presence in Europe. And none of the major display or memory chip fab companies like Sharp, Samsung, SK Hynix, or Micron have a presence within Europe. And none of the storage vendors like Toshiba, Hitachi, or Sandisk have a major manufacturing or R&D presence in Europe.
All these companies have overwhelmingly invested within Asia and the US. Europe didn't ratified it's FTAs with South Korea or Japan until 2015 and 2019 respectively, which meant most Korean and Japanese players were easily wooed by ASEAN, Chinese, and Indian SEZs and incentives in the 2000s and 2010s, right at the moment the European ecosystem was increasingly falling behind.
The US-TW-JP-SK-China-ASEAN-India ecosystem is extremely interconnected to a degree that the European ecosystem is not, and this began all the way back in the 2000s.
> say, 15-30 years from now
None of the EU member states nor the EU as a whole have offered subsidizes anywhere near as lucrative as those the US, SK, JP, TW, CN, ASEAN, and even India provided in 2020-25 for fabrication, design, or packaging. And I have not seen any EU or EU member state legislation moving in the right direction.
Hypothetically, if an EU member state suddenly wakes up tomorrow, it would still take 4-6 years to go from subsidy to constructed fab. For design, it would take 10 years (as can be seen with India's RISC-V ecosystem taking 10 years to even reach a mature enough state that allowed Sequoia and Accel to begin funding Series As and Bs). At that point, the legacy chip market will have already been flooded by Asian competitors, and the bleeding edge chip market will have largely been flooded by Asian and American competitors.
At this point, Europe has largely fallen behind in the traditional semiconductor ecosystem and can't catch up in the short-to-medium term.
The only way European players can remain relevant is by investing in opportunities to leapfrog in frontier segments such as 2D semiconductor design, photonics/quantum applications, and composite semiconductors - but even in these segments Europe has fallen severely behind US and Chinese players, and increasingly behind Japanese, South Korean, and even Indian domiciled R&D labs.
If control flows through data infrastructure, does it matter who “owns” the platform? Once exposure is built into the structure, sovereignty becomes a user illusion.
I think we need a lot more accessible disclosure on the subject for the public. Even beyond government services, products exposing one to the US should come with a big fat warning.
> products exposing one to the US should come with a big fat warning
You mean products like Microsoft Windows, Apple's iOS and MacOS, Google's Android, Chrome and ChromeOS, Cisco, Fortinet, HP, Dell, AWS, Linux, Meta's Whatsapp Facebook and Instagram and so on and so forth.
Yes, so the ones you didn’t list will stand out.
Yes
> Linux
Citation needed.
Linus was born a Finn but is now a US national.
GNU/Linux is FLOSS, so nationality doesn't matter.
Systemd's default dns settings, depending on distro defaults.
Yes, it's not the kernel you are probably starting to nitpick about, but it doesn't run anywhere else, so far.
So it's not Linux but certain privacy-unfriendly distros.
I'm not exactly sure, anymore. I think I've first read about it, some years ago, at the time not using systemd anywhere, personally.
IIRC it was about the default dns servers pointing to cloudflare and google in upstream.
So it would rather be the other way around. The upstream default was(is?) privacy unfriendly. What the distros do with this is another matter.
Similar stuff arose with timesyncd (ntp), and some other small thing which I can't remember anymore, atm.
You do have a point: https://news.ycombinator.com/item?id=23712434
Nevertheless it's a tiny thing compared with every other item in your list, and many respected distros fix it.
Europe is in love with azure too bizarrely.
Anyone using Azure is bizarre.
Just search for Azure on wiz.io's blog, the amount of terrible yet easy to exploit security vulnerabilities, often with shit responses from Microsoft, is terrifying. It clearly demonstrates nobody with power within the Azure org cares about security. How can anyone trust them with anything remotely critical? Let alone the terrible UX and absurdly eventual consistency.
Yeah, yeah, I know, the people who know and understand this aren't the ones getting wined and dined to buy it. But still..
Until customers start to disappearing due to issues, why bother. That is usually what matters.
I many time heard here in Europe not to trust Chinese appliances as these devices do listen to us… is #USA any different?
I think given the NSA's capacity they'll find a way to listen to us regardless which devices we use. But we're certainly going out of our way to make it easy for them.
I mean, same story in Belgium, The Netherlands, and (I'm gonna assume) every other EU government.
Specifically for The Netherlands, https://berthub.eu/articles/posts/demystifying-european-digi... is a good read, from someone that really understands how this works in government.
Sadly, I understand why: they have a tonne of systems, that all, at least somewhat, work, that people know how to use, with established contacts and support contracts. IT departments trained and certified on how to run and deploy MS software. And that's before we start talking about lobbying.
edit: added a link to a good resource about the topic.
We should have started moving over yesterday, but it's a long and difficult process, I just hope we start moving forward on this.
There's simply no option for digital sovereignty other than cultivating a strong domestic software industry. As the source details, much of this exposure is being done with full understanding of the risks and costs.
The article also refers to some report claiming that European solutions are "wrongly judged to be too costly or inefficient". I'd be interested to read it if anyone has a translation. Even for something as basic as word processing software, every case I've seen so for the alternatives quickly lands on "you have to accept rough edges because that's the cost of data sovereignty" - much easier for a hobbyist or politician to say than an IT director charged with making sure your organization runs well.
The sad part is, both the EU and the UK (which has the same issue) have the capacity to do this as we have enough software engineers. But most software companies end up being bought out by US ones at some point.
The French state is working on a google-docs open source alternative: https://docs.numerique.gouv.fr/home/
> There's simply no option for digital sovereignty other than cultivating a strong domestic software industry.
Yes, but they tried and can't.
Those ideas of domestic computer industry and digital sovereignty have been around since the 60s.
The French had Bull which is now Atos and they failed miserably.
France was very impressive after WW2, they build almost on their own a nuclear weapons, a nuclear energy, aeronautic, military industry and impressive space capabilities.
After that you would expect them to have built a serious competitor to Intel and Microsoft but they didn't. They can't even built basic digital capabilities to support a bureaucracy.
My guess is a very different generation arrived in the 60s-70s in the workplace and in charge: the Silent Generation and the Boomers.
Those generations were not about building anything but more about entitlements and collecting dividends. But of course it takes quite some time for things to get really bad. Information technologies slowly took over many aspects over our societies over the last 50 years and now they find out they do not have sovereignty anymore.
They can, they just don't really want to, as the dozens of anecdotes in this very comment section reveal. None of these things are about technical competence or capabilities. They're all about organizations, politics, fiefdoms and enormous amounts of intentional obstruction by those who want to keep the status quo. If the country would collectively decide they'd want to change it, it could be done quite rapidly.
This site has a heavy pro Russian bias, see for example https://brusselssignal.eu/2025/07/europe-still-has-the-power...
Turns out it was founded by an American, who was arrested on suspicion of bias-motivated crimes, second-degree assault and harassment after attacking a reporter in the USA but currently living in Hungary and running some media org there, with ties to the right wing Fidesz party. And he is on paper as being the founded of brusselssignal.eu
His organization received a big loan from an undisclosed source to set up the Brussels organisation and it seems to made up of or advised by a rag tag of European right wing politicians.
The whole thing stinks of Russian meddling in Europe.
Sources https://www.szabadeuropa.hu/a/szazhetvennegy-millios-kolcson...
https://www.companyweb.be/company/0793608171/free-pub/231068...
https://edition.cnn.com/2024/12/28/us/patrick-thomas-egan-ac...
Yeah, anyone who wants Europe to move away from Our Holy American Benefactors, are, uh, uhhh, yeah, russian plants!
One of these days Europeans will realize they are also part of the American empire just in a bit of a dominion status. If you host an American military installation, you are part of the empire with a fig leaf of domestic policy control that keep the bulk of the populace from realizing this. Take a look at a map of American military installations. The sun never sets on this latest roman empire.
It took Trump for the Europeans to realize that De Gaulle was right.
The consequences of the European Union realizing the were the USA's protectorate are not going to please the USA though... Buy ITAR-free, buy European !
I still don't think all this talk with trump and ukraine represents any meaningful retreat from american influence. It isn't like military bases are closing. Whoever is in power in a given US allied state very much wants to preserve the status quo that saw them seated in the position of power, aligned with the largest and most comprehensive military on the planet.
Empire has an idiot at the helm. As a Pole, I enjoyed pax americana a lot, I regret deeply its decline, and I blame not just MAGA, but both parties. But no matter what is the reason, you guys are not worth the trust anymore. Europe is re-militarizing.
Dunno about op's site, but the news itself comes from a french parliament hearing, has been discussed quite a bit on other news media, and from my experience, is being discussed by people here.
These damn Russians wanting the EU to be digitally sovereign!!
Russia wants broadly anything that sows disharmony/chaos/doubt within or between the NATO countries. It doesn’t matter whether it comes from the political far left or far right.
There is no requirement that the politics of destabilization form a cohesive worldview.
Good catch. The OP article is mostly transcript from a Senate hearing, so the bias is limited.
wait, do they (at least attempt to) spearhead it with Mistral and La Suite? La Suite works good...
regard français perplexe
It's always the same issue.
If you want to move away from <insert US tech giant>, you either need to embrace Linux and open source software which requires the state's employees to learn a new "stack" of applications which means they need to be given appropriate training or you need to have you home grown solutions that are as easy to use as their US counterparts and were developed within the EU by the EU's member countries with the EU's values embedded in them.
The first solution is not going to happen, as Linux is still relatively unknown all things considered and I don't see the French government employees learning how to use this OS and/or the applications running on it by themselves.
Secondly in times of budget cuts like in France currently, the government is not about to rip all the Microsoft products off and replace them with something that would take years to transition to and cost a fortune to implement.
So that leaves the homegrown solution. Unfortunately the work to move off of Microsoft et al should have started 10 years ago but it hasn't. Europe has completely dropped the ball on tech and now it's coming back to bit it in the ass.
The Draghi report from last year was supposed to kick things into gear but we will be lucky to see anything coming through within the next 5 years and by this stage the US tech giants will have entrenched themselves even more in the EU.
I am sorry to say but this is a failure that will resonate for the many decades to come.
I doubt that the average employee could tell Linux and Windows apart if you applied a Window-style skin to Linux.
But at least in Germany, I've seen Windows being written into agreements between state governments and trade unions representing clerks and employees. Good luck changing those without a negotiation running 3 years.
Lots of people would be disrupted by having to move off MS Office. Not insurmountably so, and MS ironically helps make the case that people can learn new things by often changing their own product interfaces.
If you really want to smooth out the transition, there's also companies which would be happy to help you setup and maintain your office environnement on Linux.
A cool idea could be to build a replica of Windows, but running Linux and market it to municipalities, NGOs and State entities.
> I doubt that the average employee could tell Linux and Windows apart if you applied a Window-style skin to Linux.
It doesnt really matter if the UI is the same or almost the same. We are talking about rolling out an entire new suite of tools to every government worker in a given country.
It would take years to plan the migration, then start deploying it in stages to the less critical services of said government while you work out all the kinks.
While that is happening, you most likely will need to support both systems for a while so that you have a fallback if things go wrong with the new system.
Then you will need to train all these employees properly so that they can potentially troubleshoot some of the issues they encounter and give them enough time to become as productive as they were before the new system rolled out.
> But at least in Germany, I've seen Windows being written into agreements between state governments and trade unions representing clerks and employees. Good luck changing those without a negotiation running 3 years.
And there is that too. I am sure its the case in many countries.
Finally this migration if successful would not bear any fruits to the person who initiates it at best because by the time the roll out is complete this person will have moved on to another position, be elected somewhere else or retired.
But if it goes badly, you can be sure that this will be used by the opposition political parties to attack the governing party and accuse them of bringing the entire country's services to a stand still.
This is everywhere in the EU. The Dutch government put out an RFP for MS Outlook licenses. RFPs are supposed to be vendor neutral, so I don't understand how an RFP for something that only a single company sells can be vendor neutral.
They outsource all their email, but they don't put out RFPs for "email". MS is burrowed so deep into EU governments good luck getting them out.
EU obviously needs a Great Firewall - this would force foreign big tech to host data within the EU and subject these companies to ironclad EU legal jurisdiction. Naturally, some companies will not comply and withdraw services, clearing the way for domestic EU operators to emerge. This may seem like an unpalatable choice but it really is the only way back toward digital sovereignty - right now, the EU has been in 'trust me bro' situation with US big tech - a huge and accumulative risk
The EU is not a single country, every member is a sovereign country and there is no "EU jurisdiction".
The EU only provide directives that each member state adapt to their legal framework. Each country decides on their own policy regarding internet access, and it is very unlikely that a directive that have them go through some central EU-controlled firewall would pass.
They are trying with the Digital Privacy shield, but the issue is there is no domestic alternative to act as an alternative to the US.
And a grand bargain with China is highly unlikely given Wang Yi's recent visit with Kaja Kallas [0] where he announced Chinese moral support for Russia in Ukraine, which is diametrically opposed to the EU's foreign policy, while Von der Leyen condemned China for providing unrestricted support to Russia and causing industrial overcapacity [1].
Unlike Japan or South Korea, the EU holds no cards that it can leverage against the US or China - JP and SK can offer China a trilateral FTA which acts as a negotiating tool against the US, and SK+Japan can offer additonal military support for the US within the APAC domain which can act as a negotiating tool against China. What can the entire EU offer either US or China which cannot be vetoed by a COE member.
The EU has an added issue that the COE requires unanimity amongst heads of state to pass EU wide legislation, and US FDI representing €900B in inward FDI stock [2] within Ireland means there is a guaranteed veto against any tech decoupling. It's a similar story in Czechia, Poland, Romania, and Bulgaria as well.
[0] - https://www.scmp.com/news/china/diplomacy/article/3316875/ch...
[1] - https://www.scmp.com/news/china/diplomacy/article/3317442/vo...
[2] - https://www.cso.ie/en/releasesandpublications/ep/p-fdi/forei...
> The EU has an added issue that the COE requires unanimity amongst heads of state to pass EU wide legislation
This is vaguely similar to the truth, at best.
The Council of Europe (CoE) has nothing to do with the EU, you're probably confusing it with the European Council (EUCO).
But the EC is not normally involved in the legislative process. Instead, EU legislation is proposed by the European Comission (EC) and must be accepted by both the European Parliament and the Council of Ministers.
The Council of Ministers is the closest body to what you probably meant, but it's made up of heads of government of member states, not the heads of state. It also doesn't require unanimity to pass a law - it takes at least 4 countries to outright block legislation. There is a procedure in which a single country which is unhappy with a law passing can raise this to the EUCO for additional review, but it doesn't apply to ordinary legislation.
So, no, Ireland can't unilaterally block any such legislation, it has to convince other countries to join in.
> The Council of Europe (CoE) has nothing to do with the EU, you're probably confusing it with the European Council (EUCO)
Yes! Thanks for the correction! I did mean the Council of Ministers
> So, no, Ireland can't unilaterally block any such legislation, it has to convince other countries to join in
Yep, but my point still stands.
Poland, Romania, Czechia, and Bulgaria have overwhelmingly profited from FDI from American BigTech players - they were the largest winners in the GCC and outsourcing rush of the early-to-mid 2020s due to very pro-business subsidizes and tax incentives.
Ireland has also continued to overwhelmingly profit from it's very American business friendly tax legislation.
All these countries have enough pull together to push back on any attempts at coercing American tech companies in a manner that other EU members may want.
Furthermore, they themselves have shown how the EU can better attract American companies to build a European presence - they need to become friendly to FDI and foreign players potentially dominating a market.
The issue is Germany and France (logically) tend to oppose this as their own domestic competitors are getting undercut.
yes, I suspect a version of the GFW may emerge from EU red tape - a 'great thicket' perhaps? However, I suspect Trump will go ape and force the EU to back down, like they already have by dropping Digital Tax. I think EU Great Firewall can only happen inadvertently now, the governments are too dependent on the voting public (being democracies) and now also too dominated by the US. Permanent vassalage is the end point, though this time w/o any prospect of influence to the center
> I suspect a version of the GFW may emerge from EU red tape - a 'great thicket' perhaps
Barely. There's a reason American bigtech FDI within the EU has largely coalesced around Ireland, Poland, Czechia, Romania, and Bulgaria - they rolled out the red carpet and tried to reduce any acrimony that American companies might have. They are also the most lax with enforcing EU digital regulations, as enforcement falls under national sovereignity.
> I suspect Trump will go ape and force the EU to back down, like they already have by dropping Digital Tax
Pretty much. BigTech can afford GRC, not startups. VC overwhelmingly backed Trump for this reason as Vance promised to fight digital export barriers (and largely delivered in the UK and Canada)
> Permanent vassalage is the end point, though this time w/o any prospect of influence to the center
I'm not sure. I think what will happen is the return of the primacy of individual states trying to curry favor with major powers, which has already started to happen.
Look at Hungary rolling the red carpet to Chinese FDI as a bulwark against the EU; Czechia and the Baltics adopting an avowedly pro-Taiwan stance in order to curry favor from the US; and Italy+Greece leveraging IMEC to re-negotiate better terms on OBOR-related investments from the 2010s. In most context, "Europe" has almost always been used to denote Germany Inc.
I wouldn't be surprised if Wang Yi ranted this exact same thing to Kallas during their 4 hour meeting which apparently lead to the entire China-EU summit being canceled. Similar incidents arose with American, Turkish, and Indian negotiators as well, all of whom prefer to work directly with national leaders instead of the EU leadership.
European countries now need to choose between the US or China. There is no other way.
these seem like solved problems. in canada, many govt depts have procurement rules that state all data must be hosted nationally by a custodian subject to national or even provincial law, and this has been standard for decades. the firm I work for also doesn't use google or microsoft clouds for similar reasons.
the deeper problem is governments are not technology builders and cannot produce tech products because they have no unique ability to deliver anything anyone subject to them actually wants.
Honestly how hard can it be given Microsoft size (and AWS, and Google's) to mandate the intervention of a EU corporate entity to manage their IP in the region, full source code, EU cloud assets, encryption keys, EU-only support access, collect their royalties etc., but essentially act as a privacy buffer wholly unanswerable to any US head office or any obligations US law holds the company to wrt any EU person, its just a black hole that grants them the right to earn money and hold a large market share in the EU. The Chinese aren't afraid to do it.
Why would you need a corporate entity? Just hire folks to manage data in open source software on open hardware located in government premises.
AWS is doing that: https://www.aboutamazon.eu/news/aws/built-operated-controlle...
This isn't due to coercive mandates as OP mentioned though.
> Honestly how hard can it be given Microsoft size (and AWS, and Google's) to mandate the intervention of a EU corporate entity to manage
Very difficult.
Countries like Ireland, Poland, Czechia, Romania, and Bulgaria are heavily dependent on American FDI in their tech industry, and the European Council has final say and requires unanimity. A rule such as the one you mentioned would smother VC/PE in much of the EU, as European funds like Index Ventures and Munich Re Ventures are heavily dependent on the US to raise capital and build dealflow.
Major European employers like Volkswagen AG, Siemens AG, NXP, Phillips, Infineon, and others would also face severe retaliation as a result.
It would also set a precedent that would make an alternative like China extremely hesitant to invest, as the Chinese government heavily utilizes export controls on tech transfers. For example, BYD investment in Hungary is largely CDK with the core high value components like Batteries being manufactured in China. Biren, Huawei, and SMIC would face similar export controls.
Major Cloud providers would still need to invest eu-customer money in providing eu IT services, this is more a legal, security and privacy isolation for big tech players in order to maintain their share, extract royalties etc.
Startups that are not in a large marketshare situation wouldn't trigger the need for intermediary/isolation so the effect on FDI would be limited, and anyway, the tides are turning on US capital in general.
Retaliation: I'm not sure the US fiscal and legal overreach isn't already in place, e.g. VW dieselgate, export controls etc. The US looks after its interests (fair enough), but its time the EU levelled the field to protect its citizens, a small loss of regional sovereignty for those companies in exchange for the EU revenue they continue to make.
> Major Cloud providers would still need to invest eu-customer money in providing eu IT services, this is more a legal, security and privacy isolation for big tech players in order to maintain their share, extract royalties etc.
That's already done today with little-to-no acrimony, and none of the regulations you mentioned. Where do you think much of that FDI in Ireland, Poland, Czechia, Romania, and Bulgaria is coming from?
> Startups that are not in a large marketshare situation wouldn't trigger the need for intermediary/isolation so the effect on FDI would be limited, and anyway, the tides are turning on US capital in general
It's not just startups. American BigTech GCCs represent the bulk of tech related FDI in Czechia, Romania, Poland, and Bulgaria, and Ireland's US-friendly business law has lead to a severe dependency on the US for capital [1].
> the tides are turning on US capital in general.
American Capital markets continue to remain larger in size than the entire EU's combined [0]. And China's is roughly in size to the entire EU. An the reality is, European capital markets are nowhere near as unified as either the US or China's.
> its time the EU levelled the field to protect its citizens, a small loss of regional sovereignty for those companies in exchange for the EU revenue they continue to make
But how?
The EU isn't significantly unified, and depends on unanimity within the European Council. As I mentioned before, Ireland, Czechia, Romania, Bulgaria, and Poland would be a significant veto to any shift against the US.
Furthermore, French and German domestic giants continue to compete against each other in every industry, which has lead to cooperation failures such as the FCAS snafu recently [2].
There is no "EU grand strategy", as major member states like Germany, France, and others push back or compete with each other internally.
And given the fact that the Chinese players are cannibalizing European competitors within China, major European companies like Volkswagen and Siemens are now heavily dependent on the US as an alternative market.
[0] - https://www.sifma.org/wp-content/uploads/2023/07/2024-SIFMA-...
[1] - https://www.cso.ie/en/releasesandpublications/ep/p-fdi/forei...
[2] - https://on.ft.com/4n77YpQ
Korea has such a mandate and does just fine. Haven't seen a single instance of Korean employers such as Samsung suffering from retaliation over it.
Korea actually invested in building indigenous and domestic capacity in software and hardware since the 1990s, and rapidly expanded financing+subsidizes along with tech export promotion in the 2000s and 2010s while much of the EU fell under severe austerity and financialized much of it's R&D capacity. Furthermore, Korean companies like Samsung Group, LG Group, SK Group, and Hyundai Group spent tens of billions building R&D capacity and conducting tech transfers with American partners in order to build a much more balanced economic partnership.
Samsung Group, SK Group, LG Group, Hyundai Group, and Naver Group all built domestic capacity across both the software and hardware stack with Korea, and can decouple from the American ecosystem worst comes to worst because they have built a strong ecosystem across Japan, ASEAN, China, and India.
European countries never did the same. There is no domestic equivalent within Europe (and no, ASML does not count - all their bleeding were EUV work is done in the US via a JV with the DoE). In chips alone, Infineon, NXP (which is largely Motorola), and ST Micro are all heavily dependent on US capacity, and their niche in analog and power chips has largely been commodified by Asian players like Samsung Group, Hyundai Group, and SK Group. This can also be seen with CHIPS and IRA disbursements - Samsung and LG have been the biggest beneficiaries of the former and latter, and Naver has been leading US-SK trade negotiations with Trump Jr which lead to automotive being impacted but electronics largely unscathe.
South Korea also allows a level of market consolidation and oligopoly power that would violate European regulations.
Furthermore, SK can always dangle the China-SK-JP trilateral FTA to force the US into a more equal bargain, while dangling enhanced military cooperation with the US, Philippines, and Taiwan to force China to negotiate. The EU cannot offer the same because it is faced with Russia on it's eastern border, and thus cannot use China as a bulwark against the US.
Europe is decades behind Japan, South Korea, and Taiwan, let alone the US or China