European Dreams of the Cloud: Imagining Innovation and Political Control

ABSTRACT

Recently, several private and political cloud initiatives emerged in Europe. This paper demonstrates how the sociotechnical imaginaries of three European cloud projects reveal a performative coupling of innovation and political ideas of control, territoriality and sovereignty. I ascertain three elements of the concept of sociotechnical imaginaries (innovation, boundary making and material properties) guiding the empirical analysis. Taking technology in the making and its role in (geo)politics seriously, this paper shows how imaginaries shape and interact with current geostrategic and political developments in Europe. The analysis of Microsoft’s cloud, Bundescloud and GAIA-X reveals that rising privacy and data security issues have been integrated into cloud imaginaries that traditionally highlight progress and innovation. More specifically, state actors and cloud providers link and sometimes merge allegedly opposing technological aspects of innovation and politicised ideas of control such as digital sovereignty. This shift constitutes a move towards erecting political borders and localising IT within a global infrastructure.

Introduction

Although the metaphor of the cloud suggests a dispersed idea of cloud computing, several current European cloud initiatives tie the cloud back to sovereignty and territoriality, concepts rather linked to traditional politics and borders. The promotional video of GAIA-X as one of these initiatives claims that it ‘was initiated with the objective of enabling a secure, open and sovereign use of data’ (GAIA-X n.d.). GAIA-X intends to build a European interconnected cloud ecosystem based on digital sovereignty and European values such as privacy (BMWi 2019). This cloud ecosystem is supposed to allow (non-)European cloud providers to connect with European users while guaranteeing digital sovereignty, data protection, along with providing innovative data analysis solutions within European borders and overcoming data silos. The project gained not only political weight but also became economically important and, after previous reluctance, Microsoft joined the working groups of several companies including US-American giants like Amazon Web Services, Google, and IBM (Jones 2020).

We are witnessing massive investments in cloud computing as well as increasing political attention in Europe and elsewhere. This development is heightened by political initiatives and powerful imaginaries – imaginaries that show struggles for data security, (digital) sovereignty, economic profits, and innovative futures.

On an overarching level, this paper therefore seeks to ask how visions of data clouds function. More precisely, the paper seeks to understand how these visions combine and integrate technical and political ideas within three cases. Specifically, it analyses how ideas of innovation and progress contrast with ideas of control; how these imaginaries are entangled with the material and technological developments of cloud systems; and ultimately, how these systems are enmeshed with traditional political concepts of sovereignty and territoriality.

In this paper, by comparison of three imaginaries of clouds in Europe – GAIA-X, Microsoft Cloud Germany, and the German government’s project ‘Bundescloud’ – I argue that current cloud initiatives drive a coupling between seemingly opposing ideas such as innovation versus political control (e.g., digital sovereignty) within sociotechnical imaginaries (Jasanoff and Kim 2009) of cloud computing in Europe. All three depart from early corporate visions of the cloud by transcending simple metaphors for technological innovation. They are rather a close-knit entanglement of technological innovation paired with control, frequently tied through highly political concepts, such as sovereignty. In this reading, the cloud is not just a technological trend. It also informs us about the inherent tension between a borderless innovative image of doing infrastructure and the urge to control the risks that come with this image.

In technical terms, the term ‘cloud’ describes the on-demand remote use of IT services. It has recently become one of the major trends in the IT sector and internet infrastructure. The cloud is still a growing technology and industry sector, with a growing number of organisations and public administrations cloudifying their infrastructure (KPMG 2019). Western governments have been trying to support, regulate and create cloud infrastructures on their own. However, the cloud is not only a technical trend but also a very powerful idea. It carries several performative understandings of how infrastructure is seen and how the future of societies, economies, and administrations that make use of IT is envisioned.

To approach this endeavour theoretically, I apply the concept of sociotechnical imaginaries by Jasanoff and Kim (2009, 2015) to analyse cloud infrastructure initiatives. This concept allows to ask specific questions about the coproduction of technology and ideas: which elements of imaginaries are distinguishable within cloud infrastructure initiatives in Europe, how are they linked, and what performative meaning is put forward? I ascertain three core elements of sociotechnical imaginaries (innovation, boundary making and technology) to guide the empirical analysis.

Rather than debating innovation and privacy/data security issues separately, cloud imaginaries are integrating both in a specific way. Cloud imaginaries use politicised concepts of control to address these issues and incorporate a notion of sovereignty and territoriality to solve (technical) problems of the cloud. Clouds are seen as drivers of innovation, yet all three examples are tightly connected to concepts of control. Before diving into the conceptual analysis and comparison of different European cloud imaginaries, it is useful to briefly clarify and situate the concepts of innovation, control and digital sovereignty.

Innovation in this paper is understood as more than just a neutral concept describing (technological) change; it is performative and legitimises changes and policies (Godin and Vinck 2017). Innovation is predominantly seen as positive and linked to creativity and progress, as breaking free of current (technological) limitations. Cloud computing is closely associated with providing enormous innovation potential (Mosco 2014). For decades, the ideal of innovation has been ‘unfettered liberty’ (Pfotenhauer and Juhl 2017, 69) so that data and information technology should be free from constraints. Therefore, overly strict privacy and data protection measures, enabled for instance by strict regulation, as well as unconnected data silos, are perceived as a hindrance to innovation, creative solutions, and progress (Conference observation 18/11/2021). In order to challenge the ‘positive bias’ of innovation (Godin and Vinck 2017), critical innovation studies also investigate its negative aspects (e.g. David 2017). Analysing sociotechnical imaginaries of European cloud initiatives contributes to a more detailed understanding of how innovation is connected to progress and a positive future, but also, how it negatively impacts values such as privacy and autonomy.

Since its beginning, there have been debates on controlling the internet and its infrastructure. Barlow (1996) once famously declared the independence of cyberspace from government control. Questions of control and authority have been discussed with regards to protocols, code, internet governance and parts of the infrastructure such as routing or domain name systems. (e.g. Baur-Ahrens 2017; Deibert et al. 2010; DeNardis 2012; Galloway 2004; Goldsmith and Wu 2006; Herrera 2007).

In the cloud industry, early discussions of control focused rather on technical solutions such as encryption and were related to control over data and infrastructure, privacy, and data protection (Mosco 2014). With the rise of internet giants, questions of control also considered the protection from private companies: Mager (2017, 249–252) for instance showed that imaginaries envisioned ‘politics of control’ (of US American internet giants) within the negotiations of the EU General Data Protection Regulation. After the Snowden revelations, taking back control over European data and technology not only from corporations but also from foreign intelligence and law enforcement has been a core issue of concern (Cogburn 2016; Gros, de Goede, and İ̇şleyen 2017). In the aftermath of the Snowden revelations, several rulings by the European Court of Justice hampered transfers of personal data to US companies. Further, the US CLOUD Act of 2018 requires all US American providers to hand over data to US law enforcement no matter of the location of data centres inside or outside the US. This and the court’s rulings’ impact on control over data has become a crucial issue for companies and individuals in Europe.

One widely discussed development which seeks to address these issues is the term digital sovereignty, as debated particularly in European discourse. The concept combines a political idea of sovereignty with a technological/digital threat and can refer to states, companies and institutions but also to individuals (Pohle and Thiel 2020). Taking back control, protecting one’s autonomy and exercising authority over data and technology is a core aspect of this debate and it became a central pillar of EU policies. Digital sovereignty is therefore not surprisingly a central aspect of recent plans by the European Commission for Europe’s digital future (European Commission 2020a). Although there is no clearcut understanding in EU policy documents, in the last years, the concept of digital sovereignty has been mostly applied to argue that the EU should (re)gain its autonomy and competitiveness, lessen its economic and technological dependence and protect European values (e.g. European Commission 2020b). The growing relevance of IT infrastructures, which are predominantly under the control of foreign private companies and governments, is seen as a core reason to pursue Europe’s digital sovereignty. The EU discourse and policies are rooted in earlier debates and policies of France and Germany and can be understood as a continuation of national debates on an EU level (Pohle 2020). Germany, where the Snowden revelations created a big echo, therefore constitutes a central site for the debate.

Speaking to this debate and developing this conceptual perspective, this paper argues that control on the one hand, but also innovation, which is often seen as translating to economic strength, on the other hand, have become central to debates of European digital sovereignty. The fact that US and Asian companies dominate internet infrastructure and especially cloud computing is crucial; an issue of control over data and technology has developed into a geopolitical debate especially after Snowden and the CLOUD Act. The analysis of three cloud imaginaries in Europe scrutinises the relation and performativity of innovation and control, with a focus on territorial forms of establishing control and thereby speaking to its geopolitical relevance.

The paper proceeds as follows: Firstly, I introduce the concept of sociotechnical imaginaries, distinguish three elements within it, and relate the concept to existing literature on imaginaries of the cloud. Secondly, the empirical part scrutinises the cloud through the lens of sociotechnical imaginaries and shows the development of cloud visions in three European initiatives: the Microsoft Cloud Germany, the Bundescloud, and GAIA-X. By comparison, I distinguish several different ways of linking the allegedly opposing concepts of innovation and control and conclude that the cloud is more than a simple metaphor for technological innovation, but rather, it must be viewed as a complex entanglement of equally complex concepts – innovation and control. Further, the analysis shows a politicisation of forms of control in the imaginaries.

Sociotechnical Imaginaries and Their Elements

This section establishes a basis for analysis of current cloud visions and imaginaries building on Jasanoff and Kim’s concept of the sociotechnical imaginaries (Jasanoff and Kim 2009, 2015). In a second step, common elements and tropes of sociotechnical imaginaries are identified and linked to previous work on cloud images (for instance, see Amoore 2016; Hu 2015; Mosco 2014) in order to allow for empirical analysis.

This paper speaks to the literature that started to link concepts from Science and Technology Studies (STS) and International Studies (for an overview, see Bellanova, Jacobsen, and Monsees 2020; Evans, Leese, and Rychnovská 2021; Hoijtink and Leese 2019), for example, by analysing the relation between cyberspace and IT or territoriality and sovereignty in International Relations (IR) (Lambach 2020; Möllers 2021). Technology is not a given category but needs to be understood as in the making. Nonetheless, there is little work that focuses on ‘unpacking’ the processes of constructing and implementing technology within social contexts (Leese and Hoijtink 2019). This paper brings together the concept of sociotechnical imaginaries from STS and the politics of European identity and European values, its sovereignty, the surrounding political narratives and Europe’s geopolitical ambitions. It not only takes the underlying foundational infrastructure seriously, it also helps to unpack the coproduction of this technology in the making with European politics, norms and aspirations. I thereby contribute to a better understanding of technology in IR and the ways in which it is analysed. One further contribution is I ascertain three core elements from the concept of sociotechnical imaginaries to guide the empirical analysis. These elements might further enable the discussion on sociotechnical imaginaries in political and international studies.

Sociotechnical Imaginaries

Jasanoff defines sociotechnical imaginaries as ‘collectively held, institutionally stabilised, and publicly performed visions of desirable futures, animated by shared understandings of forms of social life and social order attainable through, and supportive of, advances in science and technology’ (Jasanoff 2015, 4). What distinguishes this concept is that it clearly values the co-productive relationship between future technologies and (un)desirable futures, as well as the relationship between materiality and normativity.

By making these relations explicit, the concept of sociotechnical imaginaries also establishes a relationship between (currently) rather separately debated strands of social sciences and STS:

Sociotechnical imaginaries occupy the theoretically undeveloped space between the idealistic collective imaginations identified by social and political theorists and the hybrid but politically neutered networks or assemblages with which STS scholars often describe reality.

(Jasanoff 2015, 19)

White highlights that imaginaries have ‘material outcomes’ influencing ‘behaviour, feelings of individual and collective identity, and the development of narratives, policy and institutions’ (White n.d.). Sociotechnical imaginaries do not have to depict reality, nor do they have to hold true; they project a certain type of future in which technology plays a crucial role. However, they are real in the sense that they shape not only understandings and ideas, but also influence the development of technologies. The conceptualisation helps to answer questions about changing roles of technology as well as highlights the interplay and struggle between technology and (political) ideas by distinguishing several elements in these imaginaries – and their performative effects on infrastructural governance.

In more recent literature, the concept of sociotechnical imaginaries is also used apart from the national context to include smaller collectives (Trauttmansdorff and Felt 2021, 6–7). Sadowski and Bendor (2019) for instance analyse imaginaries of corporate actors; van Es and Poell (2020) of public media bodies. Hilgartner (2015, 34) expands the concept by introducing ‘sociotechnical vanguards’ as ‘relatively small collectives that formulate and act intentionally to realise particular sociotechnical visions of the future that have yet to be accepted by wider collectives, such as the nation’. Vanguard visions, therefore, can be understood as new and smaller sociotechnical imaginaries referring to smaller collectives. Nevertheless, the majority of authors apply the concept of sociotechnical imaginaries also to non-national collectives. Following this practice and incorporating Hilgartner’s focus on the process, I will use the term ‘sociotechnical imaginary in the making’ when they are still referring to smaller collectives.

Three Core Elements of Sociotechnical Imaginaries

Several case studies using the concept of sociotechnical imaginaries show common elements often found in sociotechnical imaginaries (see Jasanoff and Kim 2015 for an overview). They can be understood as exemplifying the core definition cited above to guide the empirical analysis.

The first core element worth highlighting is innovation. ‘Innovation has become a leitmotif of policy making and institution-building’ (Pfotenhauer and Jasanoff 2017, 784). Narratives of progress and innovation are typically part of sociotechnical imaginaries. These are combined with a prescription of what the society under change should look like in the future; how a society should develop in a ‘best’ way (or not turn ‘bad’) and what specific values and norms a society should follow. By analysing the imaginary of a ‘fourth industrial revolution’, Schiølin (2020) conceptualises future essentialism as innovation presented without alternatives; the future dictates what to do in the present. Innovation played a substantial role in early cloud representations. Visions and imaginaries painted a positive future, promising economic gains and technological solutions to current problems. Innovation through the cloud has been well analysed, although without explicit reference to sociotechnical imaginaries. Mosco, for instance, gives a detailed overview of how the cloud was promoted among private businesses under the guise of economic advantages (Mosco 2014). Amoore argues that the cloud provides the technological foundation for big data and a way of creating knowledge through large data analytics (Amoore 2016, 4). Furthermore, the cloud transforms data analytics and ‘what can be discovered and analysed of the world’ (Amoore 2016, 3).

Secondly, sociotechnical imaginaries often create or reinforce a collective identity by boundary making. In their earlier work, Jasanoff and Kim (2009, 120) as well as scholars taking up the concept often use it in order to make sense of national identity formation and relate it closely to a national community or even nation-building (see for instance Felt 2015). However, as the concept evolved, it was also linked more broadly to ‘other organised groups, such as corporations, social movements, and professional societies’ (Jasanoff 2015, 4). Pfotenhauer and Jasanoff (2017, 788) argue that imaginaries (especially using innovation as a resource) are defining communities and can ‘provide a thread of continuity and stability’. The formation or reinforcement of a collective identity creates a boundary between insiders and outsiders. Connected to the normative function of sociotechnical imaginaries, one can expect to find elements that help to distinguish ‘us’ from ‘them’ and why one identity was preferable to the other. But this creation of borders or boundaries does not have to follow nation state borders. Mager (2017) shows how a European identity is formed along debates on search engines despite multiple communities involved. It can also mirror a temporal aspect: a future identity is depicted as better than the present or past identity. Consequently, sociotechnical imaginaries often feature the narrative of a latecomer needing to advance. A collective is underdeveloped in comparison to others, thus needs to catch up through technological achievements. Interesting examples include several Asian countries advancing in the high-tech sector (see e.g. Yang, Szerszynski, and Wynne 2018).

Amoore partly covers this cloud imaginary when she links the cloud to geopolitical debate (Amoore 2016). The metaphor of the cloud often feeds into the impression that the cloud is ‘above’ the world and not bound to territories or even reality. ‘It is this imagination of the cloud as a dispersed yet spatially located array of data centres that is present in computer science, and that has extended into geographical, and even political and geopolitical debate’ (Amoore 2016, 5).

Thirdly, most sociotechnical imaginaries attempt to encode their properties into technology and to shape technological developments (Jasanoff 2015, 20). This element builds on the theoretical argument that the term ‘sociotechnical’ adds to the concept of imaginaries. It is the acknowledgement that ‘these imaginaries are at once products of and instruments of the coproduction of science, technology, and society in modernity’ (Jasanoff 2015, 19).

The concept of coproduction helps to appreciate the entanglement of technology and knowledge that lies at the core of imagined cloud computing futures. In parts, this has already been elaborated with regard to smaller cloud imaginaries. Vonderau (2017) analyses such imaginaries in the construction of a data centre in Sweden, where materiality helped to grasp and determine a cloud data centre in the making. While this work is a first important start to take materials’ role into account when analysing imaginaries (of the cloud), it is limited in that it focuses on smaller, local examples.

The concept of sociotechnical imaginaries allows to capture the interplay of the three ascertained elements, how they are filled with meaning, how they change and what normative prescription these imaginaries entail. Metaphors play a role in these imaginaries, but themselves are limited to language, the present and past, and are less collectively shared, normative and performative than sociotechnical imaginaries. With sociotechnical imaginaries one can trace the creation of larger, collective, institutionally backed and thereby also more performative European imaginaries.

Having set out the concept of sociotechnical imaginaries, its elements, and its relation to cloud infrastructures, I will proceed by using this concept to analyse three recent European cloud initiatives. Thereby, I trace how the relation between innovation and economic progress, but also ideas of control, sovereignty, and territory manifest within these three cloud imaginaries. Furthermore, I examine how new imaginaries of European clouds are encouraged and how these ideas are co-produced by language, practices, and materiality.

Three Current European Cloud Imaginaries

In the coming section, I follow Jasanoff who suggests focusing on practices of social actors and institutions. This means that I analyse policy documents to gather ‘insights into the framing of desirable futures’ and also for ‘specific verbal tropes and analogies’ identifying the elements of an imaginary (see Jasanoff 2015, 27). Applying the concept of sociotechnical imaginaries and its methods as described below will allow me to analyse the three European Initiatives paying attention to innovation and control.

The set of three distinct cloud initiatives was chosen in order to engage with different, yet prominent, European cloud imaginaries. Their comparison allows to understand differences and shared visions of cloud futures in Europe and clarify how these imaginaries link contrary ideas of innovation and control. In order to allow for a fruitful comparison, the selected cases are from Europe and all focus on a discussion of innovation and forms of control. To provide for more depth within the comparison, I chose cases from different sectors: a strictly private cloud initiative (Microsoft Cloud Germany), a public-private initiative and at the same time the most prominent example (GAIA-X) and a strictly governmental initiative (Bundescloud). All three cases moreover share a link to Germany. The Bundescloud is a German example (however not the only government cloud in Europe), while the Microsoft case and GAIA-X started in Germany with a focus on Europe. As mentioned in the introduction, the EU debate on digital sovereignty largely builds on the earlier German debate. According to the material and interviews related to GAIA-X, this initiative is highly welcomed by the EU and many European countries and companies joined this collaboration. Despite their strong connection to Germany, these examples exemplify the current European cloud landscape. Especially given that data protection is a core topic with these projects, being based in Germany is a logical choice for these initiatives, as Germany allegedly provides one of the most advanced data protection frameworks in the world. Likewise, Germany maintains the largest European market for these services.

Besides secondary literature, the empirical analysis is based on multinational corporations’ arguments and how they interlink with the media to establish and support imaginaries. The analysed material consists of ‘documents and other verbal texts related to science, technology, and power – e.g. legal hearings, policy reports, […] political speeches [and] media reports’, but also images and visuals (Harvard Kennedy School n. d.). Since the three European cloud projects differ in their nature, scope, and involved actors, the range of material available must however necessarily differ as well. Yet, this divergence allows for a meaningful analysis and comparison. The study of the three examples of recent European cloud imaginaries will be based on document analysis to different degrees. For all of them, there are several media reports available. Microsoft Cloud Germany provides commercial material and for the Bundescloud and GAIA-X I can rely on policy documents and reports from the respective official institutions. GAIA-X is also particularly widely discussed in the media. I attended online seminars and practitioner and policy conferences (such as CIO meetings or GAIA-X summits) that mainly dealt with this initiative. Furthermore, I also rely on information that I obtained in interviews and informal talks with cloud professionals from the industry but also from administrations that work on these initiatives.¹ Most of the interviewees were selected based on their ability to influence decisions, their public representation and to achieve a range of insights from different companies and administrations. The interviews were conducted in person or online and followed a semi-structured questionnaire. For reasons of anonymity, the identity of the interviewees and affiliation cannot be revealed. Transcripts and field notes were qualitatively analysed following the elements of sociotechnical imaginaries developed above and their positioning towards the innovation/control nexus.

Microsoft Cloud Germany is Dead; long Live Microsoft Global Cloud

The first sociotechnical imaginary in the making in Europe stems from Microsoft’s cloud. It is called ‘in the making’ since it mainly relies on corporate actors. Microsoft is one of the biggest global cloud providers with data centres all over the world. However, Microsoft introduced a localised version of its cloud that received considerable attention. The analysis of this vision relies mostly on presentations, press briefings, and other material from Microsoft itself, but also media reports and interviews.

In 2015, Microsoft CEO Nadella presented Microsoft Cloud Germany (‘Microsoft Cloud Deutschland’, MCD) (Microsoft 2015). Then-CEO of Microsoft Germany, Stüger, described it as a cloud with German laws on German soil (Sagatz 2015). Microsoft decided to abolish the project in 2018.

The key selling point of this new cloud was that it openly addressed the security risk of Microsoft being an American (US) company: Microsoft Cloud Germany was legally and technically run by a German provider. Microsoft locked themselves out of their own cloud, meaning that they provided the software and technology for the data centre yet could not access the servers nor the data. Deutsche Telekom acted as separate data trustee overseeing the data centres and providing Microsoft services (Strassner 2015). This step was taken in order to uphold German/EU regulations excluding US government and intelligence agencies from accessing data stored in the separate Microsoft cloud. (Microsoft 2015; Strassner 2015). Higher security standards and the prevention of US access rendered Microsoft’s German cloud ‘[a] cloud you can trust’ (Strassner 2015).

In this vision of Microsoft’s cloud, both innovation and high security are important. Security is not only provided through technical means to remain in control of data and infrastructure but also through organisational features creating boundaries based on sovereignty.

Microsoft claims to provide for the growing demand for heightened security in cloud computing (Strassner 2015). Microsoft presents both its German and global cloud as following four principles: ‘Security, Data Protection, Transparency, Compliance’ (Microsoft 2015; Strassner 2015). However, Microsoft Cloud Germany is not integrated in Microsoft’s global cloud but technically separated. Cloud users need distinct setups, accounts, and user roles for the global and localised cloud. This contradicts standard cloud setups such as of Amazon Web Services where one of the main technical advantages is homogeneity: global cloud services provide the exact same services and functionality everywhere so that it is easy to move data and services voluntarily or in a local breakdown (Interview III.2, 2020).

The idea of enforcing territorial borders to the cloud by applying nationalities to companies and technology became important, and thus made the disintegrated German cloud particularly secure and controllable. This step is a progression from previous understandings of the cloud as a borderless and placeless innovation hub (see Mosco 2014). A technical border was erected between Microsoft’s globally interconnected data centres and Microsoft Cloud Germany, denying US officials access to the latter. The technical means to meet the risks of the cloud go beyond encryption and feature non-integrated clouds reflecting political concepts of borders.

Innovation, not control and security, however, seems to remain the main advantage of the cloud. Microsoft stressed that the Microsoft Cloud Germany also provides ‘an innovative, scalable and consistent cloud computing platform’ (Microsoft 2015). Microsoft argued that its localised cloud was just as innovation friendly as non-localised models (Strassner 2015). A localised cloud allegedly offers the same flexibility and benefits as the global cloud and all Microsoft cloud services share an ‘obligation for innovation’ (Strassner 2015, own translation).

All in all, the sociotechnical imaginary in the making of a modern Microsoft Cloud Germany included a refined two-fold vision of the cloud, specifically, it combined innovation and progression with the highest degree of control requires (e.g., technical separation of clouds, data trustee security regime, and data sovereignty). By looking at how Microsoft stresses Microsoft Cloud Germany’s innovativeness despite being non-integrated, it becomes clear that control and innovation are perceived as partially contradictory, and that Microsoft must argue against this narrative.

In 2018, only three years after its launch, Microsoft abandoned its German Cloud and announced the construction of two new data centres. The data centres were physically based in Germany but fully integrated in Microsoft’s global cloud and applicable to the US CLOUD Act. It is noteworthy that Microsoft intentionally adapted the vision of the cloud as combining innovation with control. They did not return to earlier cloud representations focusing on innovation alone. Put simply, Microsoft adhered to the same imaginary even though they were now promoting a cloud which was far less controllable than the original one. These German data centres within Microsoft’s global cloud were presented as ‘empower[ing] more organisations and businesses’, offering ‘full functionality’ and ‘enterprise-grade security’. They were said to follow changing customer needs since the isolation of Microsoft Cloud Germany ‘imposes limits on its ability to address the flexibility and consistency customers desire today’ (Microsoft 2018).

Microsoft did not want to or could not change the overall character of the sociotechnical imaginary of innovative and controllable cloud futures. Control is kept in the vision, however, changing its notion from sovereignty to a less political inspired notion along with less effective forms of control. All elements that concern control and its technical implementation now highlight rather general concepts of data security rather than data sovereignty or technical borders.

The Bundescloud – Modern IT for a Modern Country

Since 2017, the Bundescloud has been building a separate, highly secure cloud infrastructure to be used and run by the German government alone. Through this, they aim to modernise and consolidate the administrative IT infrastructure. The Bundescloud does not make use of private cloud providers but instead relies on a distinct, separate infrastructure. This German project is not the only government cloud project; there are many other European initiatives and the US government issued a ‘cloud first’ guideline for US administrations (see Haeberlen, Liveri, and Lakka 2013; Office of the Federal Chief Information Officer n.d.). In analysing this imaginary, I rely mostly on interviews with professionals, publicly available material on the Bundescloud, and media reports.

A modern IT infrastructure was desirable and needed to prepare the administration for the future, which is subsumed under the cloudification idea. ITZBund, the IT service provider of the German government, states that ‘cloud-solutions promise flexibility, cost efficiency, speediness and standardisation’ (ITZBund 2019b, 18, own translation) and that the demand for cloud services within the administration is rising enormously. The description of the Bundescloud on the websites of ITZBund are filed under ‘innovative projects’ and state ‘[t]he modern administration of Germany needs […] an IT setup as foundation for their tasks that is fit for the future. A cloud is the ideal solution’ and the Bundescloud ‘the standard for the future’ (ITZBund 2020, own translation).

In spite of this demand, public cloud solutions are not available for the administration due to a lack of control in the form of security and sovereignty considerations (the named risks include threats to IT security in general, but especially confidentiality, data protection of personal data as well as data sovereignty). Therefore, the Bundescloud provides another example of coupling innovation and control. The modern IT technologies developed and offered by private IT industries are not enough. Governments need to stay in control even when profiting from the cloud which is why only a secure state-owned cloud system can satisfy the needs of a modern administration (ITZBund 2018, 2019b, 18).

The image of the cloud helped to make the Bundescloud project possible. In an interview, a leading Bundescloud professional stated that in the beginning, nobody knew what the Bundescloud would bring or look like. However, the promise of modernity and a smart IT that comes with the magic word ‘cloud’ guaranteed funding and prioritisation – compared to other administrational projects of re-organisation (which, according to the interviewee, nobody likes) or boring projects like consolidation (Interview II.2, 2019).

But what are the technical advantages of a government cloud? An early ministerial presentation concluded that cloud computing has real innovative effects for administrations. They argued that clouds will not only make administration more efficient but will also allow for consolidation of the government’s IT, making the administration more agile and quicker (see Gehlert 2016, 6, 9, 10). New services can be deployed centrally without the need to adapt to old and specific environments. A centralised and integrated cloud is not only cheaper, it allows for a quicker provision and development of tools that many administrative bodies request (Gehlert 2016). Further, with the Bundescloud, practices known from start-ups such as sprints in agile software developments made it into the IT services of a governmental administration (ITZBund 2019a).

According to a high-ranking interviewee of the German administration, all is seemingly better compared to the old distributed and unmanaged IT system that the administration has been relying on so far – if the technology remains within national borders. One of the innovative aspects of the cloud is using IT remotely. This has the image of being insecure in its standard setup. However, it is exactly this innovation that also allows for heightened security. ‘We […] are convinced that it is easier to secure one cloud than to try to secure roughly 400 federal administrational bodies separately’ (Interview II.1, 2019, own translation). This centralised system, where everything follows the same rules and is centrally administered, is allegedly the only system where irregularities can be easily detected and thorough security checks completed. When every administrational office is responsible for updating their computers and servers and shielding the network from attacks, errors can be made. Less expertise is available if it is not done by professional IT security experts – who are remotely available in a cloud for the whole system. This allows for the system to be more easily updated and does not allow every computer to run its own software setup (Interview II.1, 2019).

The sociotechnical imaginary in the making that is put forward here clearly picks up common elements of such imaginaries like a modern and progressive future. The term ‘in the making’ is used since the collective at hand is rather small and mainly the administration. Again, this vision does not only focus on innovation but links it to the non-negotiable aim of data security and control of the cloud. Therefore, the second big trope deals with control and security of the IT infrastructure and data it is processing. Sovereignty and territoriality of data are also key since government data cannot leave the borders of the country under any circumstances. In the interviews, it was mentioned several times that standard public cloud instances are not secure enough for sensitive governmental usage. One interviewee stated that reading the requirements for an administration to use public cloud services makes one not want to deal with all the hassle (Interview II.2, 2019). This is also one of the reasons why the Bundescloud is an in-house project and the private setup (i.e., the availability only within government-run networks and from government-owned data centres) is stressed (see ITZBund 2020). This means that the cloud servers are not (co-)hosted in big data centres of providers, but on government premises. The separation of all data and technology from the internet highlights the idea of territoriality in data storage and processing.

To summarise, the sociotechnical imaginary in the making clearly includes the concept of territoriality and sovereignty besides innovation. It seems that in this case the government did not have to emphasise the element of control, as it is already widely assumed within this imaginary. Yet in order to complete a cloud imaginary, they had to highlight the innovative features of their initiative as few people expect governmental IT to be at the peak of innovation. Within the vision of a sovereign and modern administration, the image put forward by the German government concerning the Bundescloud resembles the imaginary of a progressive cloud future – ‘the functional advantages of a cloud’ compared to old-fashioned IT ‘are obvious’ (Interview II.1, 2019, own translation). This also includes taking advantage of agile software development and quick and cost-effective service deployments thanks to cloud technologies. But for this progress to be possible, the German government pictures a clear need for data security and data sovereignty achieved through territoriality and separation. They overcome the image of the cloud as being technologically risky by separating the technologies and by using the security advantages of a centralised in-house cloud system. Through the Bundescloud, the German federal administration allegedly becomes not only more modern, efficient, and productive, but also even more secure than without a cloud environment. One can again observe an imaginary not only of innovation, but of innovation plus ‘absolute’ (i.e., in-house) control through data sovereignty without compromises.

GAIA-X: The Pacha Mama of Europe’s Struggle for Reconnaissance

GAIA-X was presented in October 2019 by Germany and France as an attempt to build a European cloud ecosystem, inviting companies and European countries to participate in the ambitious project. The initiative started with the observation that the dominant cloud providers are non-European and that Europe should not give up its position in the world in terms of trade and industry. Therefore, Europe needs an infrastructure following European values which also keeps data and innovation within Europe (Weiss 2019). I analyse this vision by looking into media coverage on GAIA-X, policy documents, conducting interviews as well as through participating in online webinars and policy/IT conferences.

The aim of the project GAIA-X is to act as the ‘cradle of an open, digital ecosystem’, ‘where data and services can be made available, collated and shared in an environment of trust’ (BMWi 2019, 2, 45). It is not meant to replace hyperscalers like Amazon Web Services, Microsoft, or Google. Instead, it intends to create a platform where European companies and users can book and connect to cloud services adhering to European regulation. This standardisation and interoperability are meant to prevent lock-in effects (i.e., the dependence on one specific cloud environment).

The sociotechnical imaginary of a European cloud future that accompanies GAIA-X integrates known elements of sociotechnical imaginaries such as innovation and creating boundaries. Boundaries are drawn around the European continent, following state borders and creating a ‘we vs. them’-idea along so-called European values. This sociotechnical imaginary creates borders invoking European digital sovereignty. Interestingly, innovation and boundaries are not presented as contradictory concepts but as mutually reinforcing. GAIA-X is seen as Europe’s last chance to catch-up in the world through technological progress – another often-seen element of sociotechnical imaginaries.

Innovation and a bright cloud future for Europe are clearly dominant in the imaginary. The description and vision of the European cloud ecosystem GAIA-X highlights economic catch-up, progress by efficiency, and the use of big data and analytics. Yet, it links the imaginary to security and sovereignty. However, the depicted use cases mostly focus on efficiency gains and not on security or sovereignty (see BMWi 2019).

GAIA-X aims at building an ecosystem for innovation and promoting cloud services for a broad public (Weiss 2019). The image of an innovative Europe is directly linked to artificial intelligence and GAIA-X as its foundation. For instance, it is said that the word Gaia – rather than playing on the mythical personification of the Earth – stems from ‘General Artificial Intelligence Architecture’. Previously, the project had been named ‘AI Airbus’ (Dachwitz, Biselli, and Rudl 2019; Weiss 2019) – drawing a connection to a successful European technology project that decreased the dependence on non-European airplane industries. This link to the ‘futuristic’ and ‘innovative’ recent hype of AI is, however, not only a metaphorical one but has its technical reasons since Big Data needs cloud systems (Amoore 2016).

Furthermore, the GAIA-X initiative is often linked to a catch-up race and Europe’s ‘last chance’. Europe, in this imaginary, is about to lose the technology, hence also economically and socially compared to non-European actors, and therefore, needs to invest quickly in cloud technologies in order to regain its position in the world. When the German and French ministers of economic affairs presented the current status of GAIA-X developments on 4 June 2020, GAIA-X was described as Europe’s ‘moon shot’ (GAIA-X 2020) – a more significant event that stands for technological success is hardly imaginable.

The president of the German interest group of IT users ‘VOICE’, Popp, argues that Europe must try to overcome the huge technological backlog it experiences: ‘If a ship springs a leak, everybody starts bailing and nobody questions the payoff’ (Conference observation 10/03/2020, own translation). Breit, head of the German initiators of the project GAIA-X, adds that pursuing GAIA-X ‘is not only the right step to take, but the only one that Europe can still take’ (Conference observation 10/03/2020, own translation). Europe, according to him, suffers from bad preconditions for innovation compared to other innovation hubs like the Silicon Valley. He argues that Europe can only create such a space for innovation digitally, which is what GAIA-X intends to do (Conference observation 10/03/2020).

The cloud ecosystem that GAIA-X is expected to become is presented as fulfilling two main goals. Firstly, with a more territorialised cloud infrastructure, Europe will become less (technologically) dependent and increase its sovereignty and autonomy. Secondly, with a strong competitive cloud ecosystem, Europe can (again) become a key player economically and compete technologically with Asia and the US.

Control over technology is once more translated into sovereignty as a means of control. Popp explains this as follows: only if one can control one’s own technologies and is not reliant on foreign technologies, can one maintain agency (Conference observation 10/03/2020). He adds that ‘nowadays, the oligopolies [of cloud and platform technologies] are in the wrong hands’. Since we do not know ‘who will be friend or enemy in the future’ we need to become sovereign again (Conference observation 10/03/2020). Another speaker even called this issue ‘war-deciding’ (Conference observation 10/03/2020), unmistakably underlining the urgency and marking the boundaries (to all outside Europe). The CEO of the GAIA-X Association Ahrens focused in his keynote for the GAIA-X Summit 2021 on sovereignty and its enabling effects for Europe’s industrial strength and the survival of European companies (Conference observation 18/11/2021).

Technically, this cloud infrastructure is mainly built on the promise of interoperability, federation, and clear policy guidelines for the architecture. All actors participating in GAIA-X need to be certified and must follow the common rules and policies. The ecosystem is designed in a way that cloud providers and users can be easily matched via the ‘honest broker’ GAIA-X, overcoming the current isolation that stems from the lock-in effects of existing cloud providers with their own rules (see BMWi 2020). For instance, since GAIA-X clearly defines and standardises storage and service functionalities, it will be easier for a company to move its data from one cloud provider to another. Likewise, it will be easier to combine several services from provider A and B even if data is stored on the servers of provider C. Innovation and data sovereignty are thus meant to be supported by the technical architecture. Thereby, circumventing some of the downsides of current cloud systems (e.g., lock-in effects and unclear regulatory status as globalised infrastructures).

The connection of sovereignty and innovation within the imaginary is successful also with regard to its acceptance by existing global cloud providers. The representative of Amazon Web Services (AWS), one of the most innovative and successful public cloud providers, stated that ‘data security and data sovereignty rank first. Without this we would lose our business model. It is in our DNA’ (Conference observation 10/03/2020). AWS, together with Google and many other cloud providers, is participating in the development process of GAIA-X. The CEO of Microsoft Germany, Bendiek, initially dismissed the GAIA-X proposal, comparing it to a ‘state cloud’ lacking innovation (Krempl 2019; see also Kühl 2019). Two months later, Bendiek announced in one of the biggest German newspapers that Microsoft would join the GAIA-X working group since the question of ‘how to reasonably unleash and use existing data treasures is one of the big challenges of innovation policy in times of artificial intelligence’ (Bendiek 2020, own translation). Bendiek advocated for quickly making use of the potentials of AI for the industry, public administration, and healthcare. These require an agile and functional cloud infrastructure adhering to data protection and data sovereignty considerations (Bendiek 2020).

Further, political support in Europe has been growing considerably. The European Commission assures its support for GAIA-X. President of the Commission von der Leyen and commissioner Breton include GAIA-X as an important pillar in their communications and the Commission included the initiative in its recent data strategy (European Commission 2020c). The response by many European countries is very positive and ‘welcoming a long-awaited’ push forward (Interview III.1 2020, own translation).

Unlike many other cloud projects, the official reports of the project do not use a cloud as a logo. Instead, they initially depicted a digitalised tree (see Figure 1). In a promotion video on the GAIA-X website, a giant tree, made of data items, grows above a futuristic city, and is joined by a circle of the 12 stars from the European flag. A futuristic blue landscape with data streams is painted in the video, resembling science fiction films like ‘Avatar’. Meanwhile, the speaker in the video imagines a ‘secure, open and sovereign use of data’ in Europe in the future (GAIA-X n.d.). Trees have lately been suggested as new metaphors for platforms (van Dijck 2021). A tree can be associated with stability rather than agility, being deeply rooted in a specific location yet steadily growing. The different leaves symbolising nodes in the network are not well interconnected. Rather, they are merely in a parallel fashion to the trunk and roots of the tree. This could be interpreted as rooting the cloud, giving it a location, tying it back to the territory, or – paraphrasing the words of Microsoft’s CEO – even into the ‘soil’ (Sagatz 2015).

Figure 1. Cover Image. The project GAIA-X. A Federated Data Infrastructure as the Cradle of a Vibrant European Ecosystem (BMWi 2019) (Licence: CC BY-ND 3.0 DE, https://creativecommons.org/licenses/by-nd/3.0/de/).

In sum, the sociotechnical imaginary at play takes up key elements of sociotechnical imaginaries. What is striking is how central Europe is in these narrations: the future shall be based on European values, built by European companies and organisations, made with European data and all is done on European territory. Furthermore, innovation and control are linked differently here than in the other two examples. GAIA-X’s take on these imaginaries is that ‘data sovereignty and data availability are key for digital innovations and the foundation for the competitiveness of Germany and also Europe’ (Altmaier 2019, own translation). The theme of Europe not reaching its potential or even losing its global standing is underlined by referring to former projects of European industrial success (like Airbus). Similarly, it is emphasised that the symbols of the age of industrialisation (where Europe was strong), are now being succeeded by the ‘second wave of digitalisation’ (Altmaier 2019, own translation). This resembles the catch-up theme that was already observed in analyses of sociotechnical imaginaries (e.g. Yang, Szerszynski, and Wynne 2018). Once more, we observe an imaginary that plays with innovation plus control, but here the two aims are not presented as antagonistic. Rather, data sovereignty as a means of control is seen as a necessity for success, progress and even European agency. Therefore, one can summarise this imaginary as innovation through data and digital sovereignty.

Conclusions

This paper analysed how the cloud as a new IT technology was taken up and performed within visions and sociotechnical imaginaries in three different European contexts: Microsoft Cloud Germany, Bundescloud, and GAIA-X. The concept of sociotechnical imaginaries provided the conceptual tool to trace and make visible the combination of different elements of cloud imaginaries. In all three cases, these imaginaries were used to prescribe desirable and collective cloud futures, considering the materiality and technicality of cloud infrastructures and their role and need for change in order to bring about these futures. To guide this analysis, I ascertained three core elements of sociotechnical imaginaries, namely innovation, identity building by boundary making and technology.

By application of Jasanoff and Kim’s (2009, 2015) concept of sociotechnical imaginaries to cloud initiatives in Europe, this paper demonstrated that a coupling of progress and innovation is a key imaginary linked to cloud futures. At the onset of this technology, the imaginary of advancing whole societies was ‘predominant’ (Mosco 2014), almost hegemonic.

Interestingly so, the three European examples refer to the imaginary of progress and innovation, yet they adopt control as a second trope, sometimes as a fix to innovation. This crucial second element of the cloud imaginary is linked to innovation in different ways, which help to understand sociotechnical imaginaries in the politics of the cloud in multiple layers:

In the first instance, the Microsoft case, innovation and control were understood as antagonistic. The corporation prioritised innovation but since their implementation of control was too limiting, they cancelled their own cloud project. The project was quickly replaced by another cloud, attempting to bridge the two elements – this time with less focus on control. In the first project, control was interpreted as an exertion of sovereignty, rather than in technical terms. A European provider was meant to run the cloud so that the US company Microsoft did not have control over the data in their own data centre. Since Microsoft failed to bridge innovation and control, in the latter project Microsoft maintained the vision of a secure and controllable cloud future. However, Microsoft altered it to place less emphasis on sovereignty and national borders and gave up on the technical implementation thereof. Still, it does add control to innovation.

The Bundescloud example illustrates how a European government seeks to participate and hold a share of the innovation imaginary among global competitive corporations. However, European governments cannot compromise on control and security politically and must set strong limits to the technical possibilities of the cloud. Sovereignty plays a considerable role in achieving the aim of control and (IT) security. These understandings of digital sovereignty translate the traditional political concept to the governance of IT infrastructures. They also suggest that the political concept of sovereignty can and needs to be mirrored in technological design. In the case of cloud infrastructures, this mainly translates to a territorialisation and localisation of data and technology. When data is stored on technology that sits within (national) borders, sovereignty is expected to remain guaranteed. This imaginary still conceives of innovation as belonging to the private sector and control to the public sector, but combines them to achieve a modern and innovative administrational infrastructure governance.

GAIA-X overcomes the seemingly dichotomy between control and innovation. Here, innovation has the dominant role, but control is understood as the way to support sustained European innovation, by keeping data under European control. The private and public sector of Europe both profit from a merger of innovation and control. A political understanding of control in the way of sovereignty and territoriality allows to bridge the opposition to innovation. While the free flow of data and lack of regulation constraints was seen as a driver of innovation and rigid control of data as hindrance, the GAIA-X case shows that keeping data and infrastructure under European control and within European borders translates to potential for innovation and economic strength. Sovereignty over data and infrastructure therefore leads to innovation supporting economic power which again leads to sovereignty in the traditional political sense. Although being technological concepts, data security and localisation (rather than the often portrayed ‘European value’ of individual privacy) become political concepts, since they allow for innovation and support European sovereignty and autonomy.

A core element of sociotechnical imaginaries of the cloud, as analysed in this paper, is the creation and enforcement of boundaries. Innovation in these cloud imaginaries cannot work without the reference to ideas of control. Control acts as an umbrella term that represents different ways of controlling data and infrastructure. Depending on the case, it includes basic IT security elements such as encryption to achieve confidentiality or integrity. What can be observed, however, is a politicisation of forms of control in these imaginaries and a departure from a purely technical understanding of control in the sense of IT security. Especially the perceived geopolitical threat of US-American or Asian technology supremacy influences the understandings of what forms of control are envisioned. State actors and cloud providers address the necessity of control and security by referring to and technically implementing political concepts of sovereignty and territoriality.

The politicised concept of control of data and infrastructure needs to be translated to technology. Sociotechnical imaginaries are more than metaphors, but socio-political means of exerting and challenging control and digital sovereignty. Control of technology is not achieved solely by technical means but also through translated political ideas like digital sovereignty. Thus, for instance, protection of data and its confidentiality is linked to the idea of territory, of keeping data within borders of an allegedly ‘global’ infrastructure, and of adding a location to the cloud. The cloud as a nebulous image of complexity allows for imaginations of progress and futurism, yet, recently, imaginaries of cloud infrastructures have been strongly tied back to traditional concepts of governance, namely, of location and territory. With these European imaginaries of the cloud, we can observe another instance of the attempt to render IT and data both more visible and tangible.

The cloud and its imaginaries are contributing to political attempts to reintroduce territory and sovereignty in (digital) globalisation (cf. Lambach 2020; Möllers 2021). GAIA-X’s image of the tree, in particular, in which the data and connections are embodied, shows how the connection between the sky, where the ‘cloud lives’, and the soil, where territory and political sovereignty resides, is embedded in the imaginaries. The tree can connect to and grows into the sky, but it is strongly rooted in its soil, in the territory and legal framework where it has been planted.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Additional information

Funding

This work was supported by the Ministry of Science, Research and the Arts of Baden-Württemberg through the project [digilog@bw] and by the Federal Ministry of Education and Research of Germany through grant no. [16KIS1380].

Notes

1. List of primary sources besides informal talks: interview I.1, 2019; interview I.2, 2020; interview II.1, 2019; interview II.2, 2019; interview III.1, 2020; interview III.2, 2020; conference observations, 10–11/03/2020, 18–19/11/2020, 18/11/2021.