The objective of Gaia-X is to define what sovereignty means and how it shall be applied in our data market by ensuring controllability of service characteristics, and visibility of their independence from extra-european legislation or access from extra-european actors. This endeavor has been publicly and repeatedly supported by public institutions as one of the important evolutions supporting a more general development towards European sovereignty. European users will require Gaia-X compliant services, and extra European players will be free to adapt to our sovereignty framework to operate in Europe.
The Gaia-X framework will define common service descriptors, common service compliance verificators and common service registers accessible to all for inspection. Gaia-X labels will be assigned only to services (not operators) verified to be compliant through the Labelling Framework. Extra European players will be able to propose services with label 1 and label 2 , but the set of criteria imply that the extra European players cannot be the main providers of the service labelled level 3 although they can cooperate with the main provider of the service.
Gaia-X defines common standards for all its members, resulting into service offerings adopted by the market. For this reason we accept the presence of any company (even extra-european) that wish to accept our statues and want to implement our values, the protection of which is guaranteed by a series of rules implemented in the association, that guarantee equal opportunity to all members regardless of their size and geography, but preserves the guidance and leadership to a Board of Directors that can only be composed by European Headquarted members.
Looking at the technology side, non-European actors are therefore welcome to join Gaia-X and to develop or adapt their existing services according to the Gaia-X standards and specifications. This will not prevent them to operate in the European market, but will force them to be compared to other players on the basis of the Gaia-X parameters.
In this way every user – being a private company or a public administration – will be able to classify their data in terms of their impact to strategic assets or services of a sovereign state and then adopt Gaia-X services that are qualified to treat to those classification levels.
As an example, the treatment of standard levels of confidentiality or impact, might not require the segregation of data onto a specific territory, whilst healthcare or social insurance data of citizens should be stored and processed within the state territory or within the EU. Through Gaia-X it will be possible to verify and tag (Label) the characteristic or a specific service to ensure it complies with the required level of label. This governance and control layer provided by Gaia-X allow then for the co-existence of multiple providers instead of exluding any of them but preventing the adoption of non-compliant services.
As an example, we show how to differentiate data according to the level of confidentiality and the different types of clouds, with stringent segregation rules, that might be required to treat those data. In this example non-European CSP could not provide services for the most confidential data, but only through the implementation of Gaia-X compliant services and it will be possible to objectively verify the service characteristics, and therefore the compliance, of both European or non-European services.
Process and requirements shall be adapted to the level of confidentiality of the data.
At a standard data level, non European members will have to abide by the main operational stands of interoperability, transparency and reversibililty of the data, which will be checked with the level 1 and level 2 labels.
Confidential and strategic data must be protected from interference of extra European members/legislation and these guarantees are reflected on level 3 set of criteria that are built by the Gaia-X Association.