Politics

EU commission targets foreign tech kill switches

Cloud providers face risk tests in defence criminal justice and border systems, sovereignty push invites lobbying before any systems are moved

Images

Henna Virkkunen, the vice-president for tech sovereignty, said the EU wanted to ensure sensitive services and data were controlled in Europe. Photograph: Thierry Monasse/Getty Images Henna Virkkunen, the vice-president for tech sovereignty, said the EU wanted to ensure sensitive services and data were controlled in Europe. Photograph: Thierry Monasse/Getty Images theguardian.com

The European Commission is proposing new powers to force public authorities and critical sectors to switch away from “risky” foreign technology providers, arguing that Europe should not be left exposed to an external “kill switch” in cloud computing, artificial intelligence services and semiconductor supply, according to the Guardian.

The draft approach would require EU member states to run risk assessments for cloud providers used in sensitive areas such as defence, criminal justice and border management. If a provider is deemed risky, authorities could be required to change supplier. Commission vice-president Henna Virkkunen said the goal is to ensure that sensitive services and data tied to security and law enforcement are controlled within Europe, and pointed to the 2018 US Cloud Act as a mismatch with EU rules.

The commission’s case rests on recent examples of dependency turning into leverage. The Guardian reports that Europe’s vulnerabilities were exposed last year when China stopped semiconductor exports, nearly halting the European car industry. The commission also cites concern that a US administration could abruptly terminate cloud services or compel companies to hand over data. Europe currently relies on foreign providers for more than 80% of digital products, services, infrastructure and intellectual property, the commission says.

The proposal would shift the cost of geopolitical risk from governments’ speeches to their procurement contracts. For national agencies, switching cloud providers is not a paperwork exercise: it can mean rewriting systems, moving data, retraining staff and accepting downtime. For suppliers, the prize is not only revenue but long-term lock-in, which is why the Guardian quotes the Computer and Communications Industry Association — whose members include Amazon and Google — warning that the plan is a “dangerous recipe for progressive market shutdown” that could push trusted providers out of parts of the EU market.

At the same time, Brussels is signalling that it does not intend to build everything at home. The commission says it wants to identify and manage “risky dependencies” rather than pursue full autarky, while also fast-tracking data centre construction and promoting European semiconductor production. That combination points to a familiar European bargain: more industrial policy and more regulation, with the bill arriving through higher compliance costs and duplicated infrastructure.

The plan still needs approval from EU member states and the European Parliament. If it passes, the first visible test may be whether governments can actually migrate their most sensitive systems — or whether “sovereignty” becomes another label applied to the same vendors, through new subsidiaries and new paperwork.