A 3-step check: how EU-sovereign is your cloud?
Last updated: 13 November 2023
1 2 3 Checklist
To comply with European data protection legislation (GDPR), a European sovereign cloud must at least meet all three of these conditions:
1. Housed in the EU zone.
The servers and data must be physically located within the EU zone, and must not leave it.
2. Managed by EU residents.
The individuals who have access to the cloud and data have no nationality other than an EU nationality.
The cloud and all services running on it are owned exclusively by EU entities, without any legal connection to sister, subsidiary, or parent companies outside the EU.
Using this simple checklist, you can easily find that the so-called sovereign cloud services of Oracle, Microsoft, Google, Amazon, and others fail the test.
In Europe, the security of delicate information is considered extremely important, which is clearly reflected in legislation. This is true not only for financial institutions, insurance companies and the healthcare sector but also for government organisations and companies that face significant organisational challenges when implementing cloud services that must comply with the latest legal guidelines.
Sovereign Clouds Companies and (semi-)governments in Europe are thus at a crossroads. On the one hand, they are aware that the adoption of the cloud and other advanced technologies is essential for their business growth and to compete in the international market. On the other hand, managing these technologies involves a high degree of complexity, which can negate the benefits of dynamism and simplicity that characterise cloud solutions. Initiatives such as European Cloud Services were created to address this issue – and not only for companies in highly regulated industries.
Personal data generated on clouds
Even if you encrypt data before placing it on cloud services, there may still be collection and storage of personal data. For example, when an EU resident accesses your services on these clouds (such as when using your application, website or video service), these cloud services (and any additional application services on these clouds) automatically store access logs. All access logs automatically include each user’s IP address, which is considered personal data under the GDPR. Since the cloud services are the creators of these logs, this data is therefore also their property. In the case of a legal non-EU link such as a US parent company, this personal data is retrievable under the US CLOUD Act, and thus you are not compliant.
Jet-Stream’s sovereign cloud: EU-owned, hosted and operated
Jet-Stream is the European streaming specialist and takes data protection, independence, and portability extremely seriously. For this reason, Jet-Stream has built its own European cloud, on EU territory, managed by EU staff, and 100% owned by EU entities, without any non-EU interference.
Jet-Stream data protection
Jet-Stream independence and portability
Sovereign also means you can quickly switch vendors. Jet-Stream was a pioneer in developing an independent control plane and a separate infra plane. Jet-Stream Cloud has multiple layers of independence and portability thanks to that philosophy:
Multiple Content Delivery Networks are deeply integrated. Jet-Stream can geographically set and instantaneously adjust the mix of CDNs for each client. Within that selection, the algorithm can determine real-time and guaranteed which viewer is sent to which CDN. The client itself can override the algorithm and choose which CDNs to deploy per individual stream, video and audio file per region. This implementation has been perfected by Jet-Stream to the ultimate independence and portability in distributing your content.
Jet-Stream’s proprietary tech stack runs entirely in containers, managed by Kubernetes. This orchestration and automation technique not only has the advantage that all services run autonomously with very high availability and scalability, it also has the advantage that the stack can be partially and fully expanded and moved to other cloud providers quickly, creating not only redundancy but also complete independence and portability. The entire Jet-Stream service can thus be quickly scaled up and moved, and the same is true independently for critical components such as storage, origin, edge, packaging, transcoding and analytics, which can be set up on a customer-by-customer infrastructure basis.
There is a trend not to run crucial stuff in the cloud, but in-house (on-premises). Jet-Stream has therefore built its containerised and Kubernetes-orchestrated tech stack into an appliance as well. This MaelStrom appliance includes storage, origination, packager, transcoding and edge tech. The appliance is a hybrid hardware accelerated and cloud-stack solution, which can be stacked and automatically form a self-orchestrated high availability cloud, fully in your control and on your premises (or hosted by Jet-Stream), completely independent of “the clouds. MaelStrom is then linked to 1 CDN and preferably to Jet-Stream’s Multi-CDN for ultimate distribution portability.
Many parties are currently devising and developing a sovereign solution. Some parties already have proof of concept running. What sets Jet-Stream apart is that it has been working with redundancy, abstraction, portability and independence since 2009. In doing so, the company is leading the way and has managed to build up a great deal of knowledge and technology. In combination with the EU-only approach, you are also assured of the highest achievable data protection.