I always snarked at clueless CEOs bent on forcing me to sign NDAs while the entire infra _and_ data was living in US from the get go. Like, what's so sensitive I'm going to disclose that wasn't voluntarily disclosed by yourself already?
Part of what got Microsoft into this position in the first place is that they built and sold software.
Now, they don't build and sell software, they sell services. Services means you're buying access to data.
The data is the problem.
There's a certain amount of soft power you have when you can disallow access to data and services for foreign officials[0] arbitrarily.
The old world order would of course permit us to sanction new sales of things, but in the new world: this is crucially tied with current access to services.
I think the easiest way to think about it is:
Would you depend on another nation selling you the parts to build a power plant, or would you prefer to depend on them supplying you the power- in fact it's worse than that because not only are you buying power you're also giving up a lot of information on who uses it, how it's used, and enough control to cut it off for an individual person.. totally crazy.
the EU itself was designed around the idea that if you are crucially tied in this way then war becomes unthinkable. But that only works when you're equivalently sized entities. The US uses this position to bully the world.
The biggest share of imports to EU by value is "mineral fuels, oils, distillation products". It's 17% of all imports.
https://tradingeconomics.com/european-union/imports-by-categ...
https://www.techspot.com/news/107073-researchers-uncover-hid...
Silicon level backdoors.
https://www.wired.com/2016/06/demonically-clever-backdoor-hi...
And as commented elsewhere, ARM
There is the NanoIC research line at imec (2nm), CEA-Leti incomming 7nm FD-SOI pilot lines, and in terms of full production lines, Global Foundries Dresden (12 nm), ESMC (12 nm, in construction), and the various FeRAM/FMC projects I can't keep track of (Neumonda for example).
I would be more worried about designs, because outside of ARM (and Imagination Tech, both in the UK), I don't know any competitive European designs. (about routers NXP already makes router chips with accelerators on top of ARM cores, used for example in the Mono Gateway, but they are fabbed on old TSMC nodes)
First is "data sovereignty", which is what the current (data) migrations are all about. As long as the data remains in place where it cannot be suddenly locked away by the US government, people don't care if the CPU was purchased from the US, as the government cannot suddenly disable those (as far as we know at least).
Second is "hardware sovereignty", which is what this article talks about, about the geographical locations where the hardware is designed and built. This is obviously much harder, but also less important at this very moment. That's why you're not seeing people suddenly rushing to fund EU fabs for silicon, there are more important things to focus on right now, with real implications.
The article kind of does everyone a disservice by mixing the two and not clearly separating which ones it's actually talking about. But to be fair, if they did that, then they've wouldn't have been able to publish this whole "Look how they aren't actually sovereign after all" article if they did so, here we are...
AFAIK, there is absolutely zero evidence either Intel or AMD CPUs are compromised, even less so that they're somehow remotely accessible by the US government...
TBH, all of these entities are likely actively penetrated by US, Israeli and Russian human assets. You don’t need esoteric knowledge of CPU flaws or whatever if the dude holding the keys works for you.
If your threat model is clandestine government actors then I think it would be a rather odd decision to host on ANY cloud !
The main risk for most people is being subject to US CLOUD Act, US PATRIOT Act etc. etc. Which, despite what the sales-droids will tell you, still applies in the fake-EU clouds operated by the US providers.
If you are serious about EU data sovereignty then you absolutely want an EU OpCo that has nothing whatsoever to do with any US company. If OpCo has ties to a US company or IS a US company such as AWS or Microsoft, then you've lost the EU jurisdiction.
nasretdinov•55m ago
dijit•45m ago
1) An ISA licensor, with no capability to create its own CPUs
and
2) Owned by Softbank in Japan, not European
shaokind•40m ago
Aromasin•36m ago
I'd also argue that while Softbank has capital ownership of the company, the leadership structure and how that capital is allocated is still done within the UK with standard board oversight. I know a few of the leadership team personally, and they have a wide remit, almost more so than a public company might do.
dadoum•15m ago
wvbdmp•13m ago
gehsty•10m ago
mathisfun123•9m ago
hannob•44m ago
You could start running things on ARM, but, almost certainly, that comes with a lot of extra friction. (Not saying that isn't a bad idea, it'd probably improve the ecosystem as a whole and flush out architecture-specific assumptions in server software. But it's not someting trivial to do.)
therockhead•39m ago
Sytten•38m ago
Hikikomori•36m ago
tlb•34m ago
novos•32m ago
hanwenn•31m ago
Aromasin•43m ago
anonym29•33m ago