Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
In recent months, a question has been emerging with increasing insistence on European corporate boards: is the US cloud really safe for all companies? Especially for those operating in strategic sectors or with economic, industrial, or geopolitical interests not aligned with those of the United States , the issue is no longer merely technological, but profoundly legal and political .
We discussed this in a recent article titled “What if tomorrow the US goes wrong and shuts down our cloud? Europe? Paralyzed in 2 seconds,” analyzing how data sovereignty and the extraterritoriality of US laws are pushing more and more European organizations to rethink their infrastructure choices. Today, that debate is no longer theoretical: it’s starting to translate into concrete decisions .
It is in this context that Airbus’s reflection fits in. The French aeronautics and defense giant is preparing to face one of the most complex IT decisions of recent years : the migration of its mission-critical digital systems to a fully European cloud. This infrastructure must not only be high-performance and resilient, but also legally sovereign , free from external regulatory interference and fully under European control.
A choice that could set a significant precedent for the continent’s entire industrial ecosystem.
The issue of digital sovereignty in Europe has intensified with Donald Trump’s return to the White House. His policies have reintroduced instability into international trade and politics, prompting European companies to increasingly consider their dependence on American technology platforms. Even if a service operates in Europe, legal ties to the United States remain a risk factor.
Major cloud providers (Microsoft, AWS, and Google) are trying to address these concerns by offering specialized hosting and data management solutions. However, doubts persist. The main obstacle is the US Cloud Act , which allows US authorities to request access to information even if it is physically stored outside the country . Last summer, Microsoft explicitly admitted in a French court that it cannot guarantee complete data protection under this law.
Zhesten expects a clearer position from European regulators: is it possible to create an infrastructure truly protected from extraterritorial requests, and is there a risk of service disruptions for political reasons? These questions have become increasingly abstract following the International Criminal Court (ICC) case. According to media reports, Microsoft’s chief prosecutor, Karim Khan, lost access to Microsoft’s email service following US sanctions imposed for criticizing Israeli Prime Minister Benjamin Netanyahu. The company denies suspending services to the Court, but the signal is quite alarming.
Airbus estimates its chances of finding a suitable supplier are rather conservative. However, the aircraft manufacturer wants to “change course” and has already expanded its server infrastructure, even though it has long relied on cloud-based tools like Google Workspace.
A further, even more daring, phase is planned: it involves moving the core systems of most operations away from on-premise data centers. These include enterprise resource management platforms, production environments, customer databases, and the digital spaces where product lifecycle data, including aircraft design, is stored and processed.
It is this level of information that is considered the most vulnerable.
According to Catherine Jesten , Head of Digital at Airbus, the need for a sovereign cloud isn’t dictated by fashion or political slogans . Some data is directly linked to the interests of individual countries and Europe as a whole , so the company wants to ensure that control over it doesn’t extend beyond the European legal system . The question isn’t just about server location, but also which laws could ultimately prevail over contracts.
The enterprise software market is creating further pressure. Major developers, including SAP, are increasingly releasing new features exclusively for the cloud versions of their products. For customers, this means a simple choice: migrate or remain locked into older platforms. In the case of Airbus, this transition inevitably impacts the entire IT systems architecture.
The request for proposals will open in early January, and the company expects to make a final decision by the summer. The contract is estimated to be worth over €50 million and will last up to ten years. Airbus emphasizes from the outset that it’s not just the technology that’s important, but also the predictability of prices, with no unforeseen issues during operation.
Even leaving aside US legislation, another problem remains: scalability.
European cloud providers are still significantly behind their global competitors in terms of infrastructure capacity and service resilience. Airbus is openly skeptical: the problem lies not only in legislation, but also in the ability to guarantee the required level of reliability. Therefore, the likelihood of success in the tender is currently being assessed with certainty.
The situation is pushing the European market towards cooperation : individual players may not have the resources necessary to meet the demands of such a customer.
Whether they will be able to unite and meet Airbus’s deadline remains an open question.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
