In this episode of Sovereign DBaaS Decoded, host Vinay Joosery dives deep into the intricacies of the Swedish cloud space with a distinguished panel: Fredric Wallsten from Safespring, Johan Christenson of Cleura, and Henrik Grankvist from Elastx. The trio brings a wealth of knowledge, discussing the pressing need for enterprises to diversify their cloud infrastructure and reduce their environment risks.

The conversation shifts to the advantages of local cloud service providers. Fredric, Johan, and Henrik highlight how these providers can effectively supplement or even replace the dominant hyperscalers in the market. They emphasize the unique value propositions local providers bring, from tailored solutions to enhanced data sovereignty and security.

Concluding the discussion, the panelists share insights on the evolving landscape of cloud services in Sweden. They underscore the importance of collaboration, innovation, and sustainability in driving the future of cloud computing in the region, and beyond.

Key Insights

Europe’s Struggle in the Cloud Space

Johan Christenson highlights the cultural and commercialization challenges Europe faces in the cloud domain. Despite having funding and technological advancements, Europe struggles to commercialize innovations from universities and research institutions. The continent has become accustomed to relying on US-based services, leading to a potential knowledge gap in understanding the full stack required for advancements like AI.

The Need for Diverse Cloud Providers

Vinay Joosery touches on the CIOs’ desire to streamline their number of providers for ease of management. However, the consensus is that enterprises should engage with multiple cloud vendors to avoid over-reliance on a single provider, ensuring robustness and flexibility in their operations.

Risks of Sole Reliance on One Country’s Ecosystem

The discussion delves into the potential risks of relying solely on one country’s cloud ecosystem. With Europe’s heavy reliance on US-based cloud services, there are implications for data sovereignty, geopolitical influences, and potential disruptions in service. The need for a diverse set of providers, both local and international, becomes evident.

Episode Highlights

00:00:51 Vinay Joosery introduces a panel of Swedish cloud founders to discuss how local providers can reduce environmental risk and supplement hyperscalers.

00:05:27 Johan Christenson explains that Europe’s struggle to build local clouds is largely cultural, as buyers often default to established U.S. vendors like Microsoft to avoid risk.

00:08:55 The panel discusses the Swedish government’s attempts to build internal IT platforms like SAFOS, emphasizing that sovereign capacity must be balanced with private market competition.

00:12:00 Fredric Wallsten argues that open source and open standards are the only reliable methods for enterprises to maintain data portability and avoid total vendor lock-in.

00:20:10 Johan Christenson describes digital sovereignty as a fundamental democratic requirement, noting that Europe must be able to build its own digital “roads” to be resilient in times of crisis.

00:31:00 The experts critique the enforcement of GDPR, highlighting how individual nations like Ireland may prioritize the tax revenue of large tech companies over European privacy soul.

00:51:00 Fredric Wallsten concludes that embracing open source development is the most significant opportunity for Europe to transform its IT landscape and reclaim its digital space.

Here’s the full transcript:

Vinay Joosery: Hello and welcome to this new episode of Sovereign DBaaS Decoded. I’m Vinay Joosery and this episode is brought to you by Severalnines. So today’s podcast is about reducing environmental risk for enterprises, right? So, how local CSPs can supplement and replace hyperscalers. So our guests today, we have a whole panel. It’s pretty much the cloud, the Swedish cloud space being well represented. Johan Christenson, founder of Cleura. Henrik Grankvist, founder of Elastx. And Fredric Wallsten, founder of Safespring. So welcome, gentlemen. Do you guys just want to introduce yourselves and tell us, you know, what are you up to? Who would like to start? Go on, Henrik.

Henrik Grankvist: So look, yeah, my name is Henrik. Thanks for having me here. I’m, as you mentioned, one of the founders here of Elastx. So we’re a Swedish-based cloud provider, you know. And I’m really passionate about cloud technologies. And I’ve been very fortunate now to be working in this space for, it’s about, you know, 15 years. And it’s good fun now to be an advocate of digital trends and, you know, the moves in this space. So happy to be here.

Vinay Joosery: Welcome, Henrik. Fredric.

Fredric Wallsten: Hello, thanks for being here, Vinay. I’m Fredric Wallsten, founder of Safespring. We started the business in 2014 when we saw there would be a position in between customers on-premise, data center, and hyperscalers global delivery model. So we focused on delivering compliance, open standard security to our customer base. So we’ve been investing in that since then. Obviously, GDPR has been a driver for us, but also, I think there’s a lot happening in the area on both the data center or data privacy arena, but also how people think about their data and how it’s handled. And I think we see, not least from EU, a lot of initiatives that are pushing in that direction. So it’s interesting times.

Vinay Joosery: Okay, welcome, Fredric. And finally, Johan.

Johan Christenson: So hey there, everybody. My name is Johan Christenson. And as the founder of Cleura, I’ve been working pretty much the last decade trying to solve one equation, which is, on the one hand, modern infrastructure, where, of course, you know, everything comes down to automation, right? But trying to be the foundation for large enterprises’ innovation journey, digital transformation. But on the other hand, also be able to deal with the complexity of laws, both existing ones and new ones that are coming on, and be able to translate that into our infrastructure to make sure that, you know, whether you’re a bank, insurance company, or a healthcare company, or even in the defense industry, how can you innovate and be very fast and deliver your digital assets, so to speak, and still make sure that you actually adhere to all the laws and so forth. It’s become a very, very complex world when it comes to delivering that, so to speak.

And as far as myself goes, it’s been 10 years of a lot of technologies, and certainly that’s super important. But I think what drives me today is that, you know, we have China and the U.S. that are two phenomenal countries that have brought so much innovation, you know, in particular in the digital space, right? And I think Europe has been a little complacent in that. And I hope that I, us, we can be a little bit of a factor in actually evening the playing field, even if it feels like an uphill battle at this point.

Vinay Joosery: Yeah. Well, welcome, Johan. Welcome, gentlemen. It’s great to all have you here. And this is a pretty, you know, there’s lots of experience on this panel. So thank you for joining. So, the first question, and actually, Johan, as you alluded to a bit of geopolitics there, I mean, missing the wave, in a way, I mean, why non-US countries have struggled to build robust local clouds, right? Probably with the exception of China. China has their own cloud vendors, Alibaba, Tencent, Huawei. And at least they show up on the Gartner Magic Quadrants, right? The U.S. obviously has the huge massive providers. Europe is advanced technologically, but why are we not further ahead? I mean, is it funding? You know, AWS had an internal customer to justify such a huge buildup. I guess the same goes for Alibaba. I mean, in China, you know, you have massive funding from the state anyway. What are your thoughts?

Johan Christenson: I can jump in on that and just say that. I think it’s much more cultural. The funding is there. EU comes out with billions of euros. We’re not great at utilizing that money to commercialize things. We have a lot of things going on at universities and so forth, but taking it all away to commercial product is not maybe our strength at this point. I also think culturally, over the last 50 or so years, we’ve been used to buying these services. I think you’ve all heard, nobody’s been fired for buying IBM. You know, today it’s like, nobody’s been fired for buying Microsoft, you just name a U.S. company, right? So we’ve kind of been, I don’t want to say lazy, but it’s been easy for us to just continue down that track.

And the further down that track you go, of course, it actually becomes more and more difficult to compete with them. Not only lock-in factors and lobbying and everything else that goes on in and around that, but at this point, it’s almost impossible to unlock that, so to speak. And I think that started early on and we just continued on that track. So it’s very much a cultural thing. We do not necessarily heavily invest in those types of difficult long-term play. Infrastructure is a long-term play. A lot of our CEOs are very quarterly based. You know, if you look at somebody like Jeff Bezos, I mean, what was it, 10, 12 years? And he just said to the market, wait, wait. And I don’t think we have that culture to go through the hardship it really is to actually come up with something that’s there. So culture, I think, has been an inhibitor.

Fredric Wallsten: I think the U.S. has a culture and a history of investing in software. I mean, infrastructure is also software. And if you look at the European software market compared to the U.S., it’s a fraction. For many, many decades, U.S. have invested in software companies. And obviously, funding has been available for driving those innovations, so. So, I think that’s part of the answer.

Henrik Grankvist: No, I agree. And I think European IT companies, they’ve been more or less extorted into using U.S. hyperscalers. And as you’d say, Johan, the lobbying has put us into this position. And I think we have robust clouds. That is not the problem, but the problem is scale, and the history, basically, of being dependent on U.S. providers for IT. And also, we really need the consistency with the… you know, we need like a long-term plan to deal with this.

Vinay Joosery: Now, let me add something here. And now I was reading the other day that the Swedish Social security, as the IT provider of the government, so to speak, right? They have this SAFOS cloud platform, right? And that’s… I mean, it just got me thinking, I mean, if you have all this government workload, and all of that is going to like… you know, like the Social Security IT department to supply that, I mean, why not give this to cloud providers that already exist, that already has, you know, IaaS, that can put up these, you know, chat, these sort of collaboration apps to basically replace, I guess, Microsoft 360. I mean, what are your thoughts? I mean, is that an example of where maybe we are sort of missing the boat?

Johan Christenson: Well, listen, Sweden as a state, we’ve been doing these big reports for the last eight years. I think 2015, Pensionsmyndigheten had the first go at seeing what the state should do, right? At this point, we’ve had a few of those. And the last one came out to say that, you know, a few government agencies should take lead in actually trying to supply certain things, right? At the same time, some of those government agencies, of course, have done a great job in trying to make sure that one, show the path, that there is a path without the same Microsoft 365, And also try to encourage, of course, a lot of the private sector in the sense of, come on, we are here, we would like to buy.

I think both Fredric and I, we’ve had dialogues with those people that are driving some of these efforts, and it is a balancing act, right? If in case now the government goes out and says, listen, if Försäkringskassan or the Social Security agency has the right stuff, let’s all go in there, we very quickly probably will kill the private market. Because we somehow have to see that there’s enough money to do the investments to really put that into it. At the same time, you’re talking over 10 billion Swedish kronas that we put into some of these collaboration tools just in the public sector, right? So there’s a massive amount of money in it. So if you can share that and you can have a strategy that allows for some of that to be derived from within, so to speak, like the social services agent, then it could be okay. But I’m afraid that if that goes too far, that’ll kill off any initiatives that they work so hard to make sure that there’s a competition, right?

Because the key here is that we want competition and diversity. Nobody’s not liking Microsoft or Amazon here, but we don’t like monopolies, we don’t like oligopolies, right? And if you don’t like that, you also don’t want the same thing from the government, right? Then you miss the point of driving competition, driving diversity, and I think we have to think differently. When we consume these, we probably need to get used to. It’s not just one suite that we use within a government agency of 15,000 employees. Most likely, it’ll have to be several ones, so to speak. So, yeah, balancing act, that’s going to be very difficult.

Vinay Joosery: All right, all right. And talking about not liking monopolies, that’s when we look at a little bit, there are potential risks there, right? When there is dominance, such dominance from the major hyperscalers, right? And is it fair to say that if we look at how cloud workloads are deployed today, is it fair to say that an application workload runs mainly on one cloud? So, although a company might be using multiple clouds, any specific application would be deployed just on one cloud. Now, what are the issues with that? I mean, we all are talking about multi-cloud as this way of not being reliant too much on one cloud. But if each application anyway just relies on one cloud, and maybe uses the services from that particular cloud, right? Then what do you guys think there?

Henrik Grankvist: I mean, being dependent on or using just one cloud provider is, you know, as bad as being dependent on one single customer. I think an open source and open standards is the only way forward to, you know, to avoid lock-in, and together with, you know, having a business model to avoid lock-in. And also, I think it’s a good sanity check to be able to switch cloud provider, Or, you know, because anything can happen in this game, both on a compliance level and also… but for the most, on the geopolitical level, actually, I would say.

Johan Christenson: I mean, listen, multi-cloud is one thing, you know, you use multiple providers for various reasons, I mean, a business decision, you know, putting all eggs in one bath is not super great, you know, for a lot of reasons, right? But some of the questions, some of the… Parts of that question, you know, is also technical, right? If you run your web service out in California and then you’re going to run, you know, your database somewhere, there are technical limitations in asking why one particular workload might run in one particular provider. I think that’s going to persist to a large extent, right?

Because the speed of light is not going to change anytime soon. So there are certain aspects that make sense for one workload to do so. I think if you look from a strategic perspective for any type of enterprise, it’ll never be just one cloud or anything like that. It’s going to be hybrid. There’s going to be on-premise. There’s a little bit of that wave as well, right? We’re looking at, oh, you know, 30% cost increase. Please swallow that, you know? People want to have a better control in general. So there’s going to be a multi-cloud, but a hybrid thing where on-premise is going to be there as well, right?

And you see technologies now like Kubernetes and so forth, that at least makes it easier for you to say that one workload that was on AWS particularly, or something like that, can be moved somewhere else. Like, it’s becoming a little bit more cloud agnostic. We’re abstracting away certain infrastructure layers and so forth. So technology will bring us there where it makes it easier to do so. And in the sense of moving something, but not necessarily having it spread all over the world, right? Because certain data needs to have access to certain speed and so forth. So I think it’s more of a business decision to say, do we want to have just one cloud? Most likely not, just from a business side of things, right? And how do we leverage then the best technologies out there and still feel like we have some form of control?

Fredric Wallsten: And that’s where I think the European digital strategy is playing into the customer’s hand when we talk about data portability and ownership and control over the data. By utilizing open standards, it’s predictable for customers to move into a cloud platform, and also very predictable how you move your data to another provider, so. So that’s the non-vendor lock-in strategy is beneficial for customers.

Johan Christenson: Very little of that is happening. I mean, you look at OpenShift, you look at a lot of the popular technologies today, to be honest with you, the way I see it is that the easier you make the choice for the CIO of an enterprise today, to not have to make choices, right? Because it’s awesome what you’re saying, but all of a sudden you have choices all over the place. What am I using for CI/CD? What am I using for the database, right? Lots of choices, and in my experience, the more choices, it just seems like, wow, we need knowledge internally now, it’s almost better that IBM or Red Hat or somebody just tells me, this is what you should use, and we go all in there, right. So I see very little fear of that lock-in that we’re talking about. They’re supposed to be so bad, you know, which I agree is…

Henrik Grankvist: I mean, the question is like, are we back, maybe to square one? You know, nobody’s been fired for using IBM. You know, from a CIO level, it’s like, you want to have this safe strategy, you know, help us. And then you can blame the supplier. It goes pear-shaped. So I think probably they’re looking for someone to blame as well. But it’s really hard to do that. You know, I think it was easier when you’re outsourced to IBM, because then you were paying the price as well if things got pear-shaped. But now it’s, I mean, if you look at the terms and conditions, and I mean, the liability, if you’re running on an American cloud provider, that’s basically like, it’s harder to get that safe harbor.

Johan Christenson: You touched on something there, though, just to touch. When you mentioned IBM, remember how we all bought that and we thought it was good? Yeah. The difference for Europe today is that, you know, back in those days, a lot of the research was actually done in Europe. Like, a lot of things happened here. And I think that’s how we got into this complacency thing, right? We were also developing along IBM, right? A lot of stuff was happening here, and particularly the research stuff, right? Today, of course, with the cloud, it’s all happening somewhere else. And you know, we have janitors that pull out disks, right? So we’re losing a lot of the knowledge and talent that are required in the full stack, right? You know, Europe keeps talking about, we’re going to be best at AI. Europe’s never going to be best at AI unless we actually understand the full stack, right? But that’s quickly escaping us as we simply just become more and more, you know, used to just using other people’s innovation in a cloud.

Henrik Grankvist: You know what happened there, imagine if we would have like an Ericsson Cloud or a Nokia Cloud today. Wouldn’t that have been quite nice?

Johan Christenson: Yeah, we’ve been beaten there, no doubt. you know.

Henrik Grankvist: Yeah, I know.

Johan Christenson: That’s the thing. Don’t forget the one thing that actually makes this happen, right. It’s easy to knock on the U.S. or China, or something like that. The very first thing we have to recognize is they’re damn good at providing a lot of these services. It’s good stuff, right? So therefore, we kind of got into it. And then from there on, of course, lobbying and a lot of other things have come, but it’s also very good software that they provide.

Henrik Grankvist: Yeah. Yeah, for sure.

Vinay Joosery: Okay. All right. And now, I mean, looking a little bit at what you mentioned, the number of providers. So I think this is true. CIOs, actually, they want to reduce the number of providers out there, right? They can’t do business with zillions of providers. So as few providers as possible, easier to manage. But my understanding is that enterprises are expected, they are expecting to actually do business with, multiple providers, at least in terms of the cloud tech. You know, they need multiple cloud vendors. They can’t just rely on one of them. But moving a little bit to the sort of, you know, geopolitics arena. So we talk about multi-cloud, we talk about, you know, the dominance of the large providers. I mean, what are the implications relying solely on one country’s ecosystem? I mean, we can say a lot of the European business, those using clouds, I mean, it’s solely reliant on pretty much the U.S. ecosystem. If you look at all the tech companies, all the big cloud providers, what are your thoughts on that?

Johan Christenson: You’re opening Pandora’s box there, right? I mean, it’s a big answer. I think that we’ve been okay with that for multiple years and thought, not so much of it, right? And then, you know, as things have changed, you know, it kind of started with, you know, AWS came out 2006. We were just thinking automation. How do we use this cool technology? You know, upload data wherever it lives in on the internet, as long as it works, it’s all beautiful, right? Then, you know, like 2012 or so, we started realizing that data, shit, you know, it’s the new Black, right? So it’s got a lot of value.

But we also realizing like, your data in the wrong hands is like super dangerous all of a sudden, right? So GDPR and some other laws came up, and a lot of people still feel like, oh, GDPR, why do we have that? Even though, like in the US, California, a lot of states are realizing it. The U.S. is about to ban TikTok because of privacy issues, which leads to national security. But Europe is still kind of naive in that, right? But now we’re starting to understand, so that’s moved to a new area like the digital sovereignty, where we’re seeing that while having the capability and capacity to do certain things ourself, kind of like, should we be able to build roads in Europe still, you know? That’s a given, right, because we kind of have to do that. Now, that is digital, like everything is going digital, so if we can’t even build the roads of digital, so to speak, where does that put us in the case of crisis?

And of course, you know, with COVID, you know, chip crises, lots of those things, never mind a war, right? We’ve learned that, well, what happens if Biden wants to use all the servers for AI? Because now we’re in a real war or something like that, right? On top of that, we see the vulnerability of the society, right? In particular, in Sweden, we’ve seen small things happen. One app goes down, the country stops. So we have those aspects as well. And I think the third part of this equation is that, at least from my reflection, is that, you know, we’re starting to see that, well, if we don’t have some of this talent here locally, we’re not going to be in the same competitive situation that we’ve been.

Like, I’ve grown up where Europe has actually been very competitive, Germany with their cars, you know, we could actually kick butt in all kinds of places, right? But if you have a BMW controlled by Google, you can’t even drive it without Google. Where do we end up from a competitive perspective if we cannot make the intelligence of things, right? So I think that in Sweden, the government agencies are starting to see some of these things more from a concern perspective, not so much from the competitive perspective. But politicians are not.

I was down in Berlin a couple of weeks ago and got a chance to talk to some politicians there. And I think that there is more the politics that is actually getting it, like digital sovereignty is the big thing, right? Because we believe, you know, this is going to put us in a situation where we don’t want to be in going forward. So it’s a very broad question, and I think it’s easy to see today that we need to be competitive within digital. We can’t just be lazy and just consume, because at some point, that consumption might come to an end.

Henrik Grankvist: But I especially think, and I think this has risen just now in the last couple of years with the geo political risks, as you say you want, especially like trade the disputes. And I mean, there’s been a couple of, you know, incidents with capacity, you know, clouds running out of capacity, and outages, and so on. And I think it’s important to realize that, you know, just because you’re buying cloud, it’s everything. It’s not happy epidemic, you know, everything is up and running, and you can still have some major outages. And I think those clouds are also a extra targeted risk, of course, from a cybersecurity and cyber threat point of view. And that’s why I think you should be able to have that architecture. So you definitely need the business continuity plan. And being able to move between having another country, you know, not having everything locked into one country, like the ecosystem, that is.

Johan Christenson: And this is the balance, too, right? You know, you can say what you want to say about SAFOS, right? SAFOS, whatever you want to call it, from the social insurance agency. They have this mandate, right? And then, on the one hand, we probably should, you know, cheer that on and say, great, we’re starting to get some form of own capacity within our government, right? And it certainly hasn’t been us, the private company, delivering any of that, right? Because we’ve been knocked out by a lot of the big giants, so there’s nothing left, to be honest with you. So that’s why I think that while we in the private could very quickly, you’ve seen some reactions to that, oh, now the private market is gone, blah, blah, blah, right? And that is a balance that I think we all have to find where I think the government might want to have some data centers. Not in Sundsvall, above ground. Unfortunately, I think it’s more like military installations for the core data that the country needs. It needs to go more like national security, military style, where you use caves to do that.

Henrik Grankvist: I agree.

Vinay Joosery: Actually, this brings one more interesting point here. The U.S. is sometimes accused of monetizing the dollar. They don’t need sanctions from the UN to actually… They can themselves decide to impose sanctions themselves because they control the dollar. And I think there have been… There’s been a fair bit of criticism that they have weaponized the dollar. And Johan, what you’re saying is sort of we could end up in the same situation tomorrow as the U.S. clouds become the de facto standards in a way, and then everybody relies on them, and then you have this one country suddenly that maybe decides to unilaterally take certain decisions and maybe impose sanctions as they see fit.

Johan Christenson: Let me broaden that just two seconds. Let me ask you a question back to the panel, saying, if you rely on one country where we know there’s extraterrestrial laws, China and US, they impose that on just about everything, will somebody in Europe even be able to create their own laws. Like, this is about our democracy even, right? So I don’t think we’re going to be able to do our own laws. Like, GDPR doesn’t work if you use Amazon and that. Let’s just say that.

As long as somebody can take your data legally, I mean, it’s kind of like a joke, and we still try to somehow find a way. But the seriousness part of that might not just be the implications of that particular piece of data, but next law we want to do is like, are we going to go and ask, please, would you mind changing your laws over there so we can actually create our laws over here? So it’s a matter of democracy. Then, of course, you can talk about the dollar and so forth. And the one thing we can say there is that it used to be like 75% of the transactions were in dollars. And that’s down to below 50% at this point, right?

So it has been used, and I think that the fact that it has been used is that a lot of countries do not necessarily like that power. So you’re seeing a big drive today to minimize the effect of the dollar, right? But even with the dollar, if you look at Russia and some of these things that have happened, we see how difficult it is to use sanctions, right? And the other thing of the world is that not everybody agrees with the, let’s say, Western values, whether it’s Europe or the US, right? So a lot of big countries now say, well, listen, we’ll support that other side. So even with that, it becomes less and less forceful of power, so to speak, to do anything of diplomacy, rather than, you know, using weapons for real.

Vinay Joosery: Okay, switching gears here. We touched upon the GDPR. So let’s just dive a little bit deeper into this. So the GDPR is about, what, five years old? And we’ve seen, you know, it had a slow start, right? But we’ve seen some pretty large finds. I was looking at the stats. Spain issued the most fines, about 650. Sweden, during that time, issued about 30 fines. A big country like France, about 32 fines. So it seems to be quite uneven. Sweden issued fines for about 15 million euros in total. Ireland issued for a total of 2.5 billion euros, right? Which included…

Fredric Wallsten: Reluctantly.

Vinay Joosery: Reluctantly.

Fredric Wallsten: They were forced to.

Vinay Joosery: You know, 1.2 billion euro, fine, you know, to Meta for transfers of personal data to the U.S, right? Yeah. So, large fines aside. I mean, has the GDPR delivered on its promise?

Fredric Wallsten: First of all, I think GDPR is like nine years old. Wasn’t it established already in 2014? came into effect 2016, and the grace period to implement it until 2018. So I think it’s been there for quite some time. And previous to that, I mean, already 2003, 2004, there were European concerns around Safe harbor, which was the agreement between Europe and the US. So it’s old news that data transfer to the U.S. is jeopardizing is jeopardizing your both sovereignty and your information, of course, and control over data. But I think it’s a lot of aspects that play into effect, both culturally, we’re close to each other. We have trust and I think technology is very abstract for general audience. So you need someone to trust, and it has been, you’ve trusted your managed hosting provider delivering your VMWare and Windows solutions, and now you trust the likes of AWS and Microsoft. So that comes from a cultural thing to use those solutions. But then I think, where am I going? I lost the track of where I was heading.

Johan Christenson: We can jump in there, Fredric. I think you’re touching on a dilemma here, right? So why are these DPAs not pushing this, right? I mean, just take any European country and say, like Microsoft 365, we know it doesn’t work with GDPR. I mean, let’s just be open about it. And then you have the cities of, say, Sweden or the government agencies. They feel like there’s no option. They feel like they’re coming back to our DPA, saying, Oh, you tell us then what should we do, right? And with that, we show our vulnerability, right? Like, we don’t even know how to change. Never mind, do the hard work to change. We’re not changing. That kind of stuff takes time and so forth, right? So that probably leaves the DPAs.

Because if they were to say, no, no, none of this, no Google, no Azure or whatever, you know, then what would happen? Should we start finding every city? Because they’re not going to be able to move from them, right? We already know today that the social service agency, the tax authority, you cannot use Azure and deliver service to them because they bluntly say, no, it doesn’t work. They’ve tried, they’ve negotiated with Microsoft for three years and they couldn’t come to terms. We have laws in Sweden. We cannot uphold them if we do it this way. How do we find a way? There’s been lots of work to try to find a way. And as long as those extraterrestrial laws that we talked about are imposed on European nations, it’s not going to happen.

So on the one side is the vulnerability the other side and littleness of Europe, because we have no solution. Then you have Ireland, which Fredric is, of course, you know, jumping a little bit here. They are so dependent. If you look at GDP per capita, why is Ireland at the top of that? It’s not because Guinness is there and we drink all their beer. I promise you, you know, I don’t think we can mention three other things that we buy from Ireland. Nothing against Ireland, it’s beautiful and great. But one thing that I detest about it, and it becomes our weakness again as a union, when a DPA in Ireland is going to protect all the American companies because they are so dependent on the tax money.

First off, we give away all our tax money, and the little tax money that they get left, which is still big money for Ireland, it’s of course when they employ people, you know, that helps them greatly, and there’s lots of taxes being paid. I mean, they’re selling out the soul. It’s like having the heart in Europe being sold out and the other DPAs can’t do anything. It’s gone so far now that the central DPAs are thinking, we’re gonna have to do something here with Ireland because otherwise it doesn’t matter. So Ireland, instead of what the U.S. does, there they join and say, let’s ban TikTok. I’m not saying that’s right. But that’s how they’re thinking, to be forceful about privacy. And the U.S. gives billions and billions of dollars in fines if you mess with any privacy type of stuff.

Now, on the other side, of course, FBI and the NSA and so forth, as you’ve seen the scandals the last couple of weeks, they even spy on the American citizens themselves. So this whole thing with data, it’s a surreal thing. It’s like you buy a car and there’s a speed limit of 60 miles per hour, we kind of have some respect for that because there’s going to be police out there. But with data, we’re still not that mature. So we’re still trying to find a way. How do we do this? We know it’s dangerous if we just leave it. But how do we find our way in doing this in a mature way? And how does the EU and the U.S. for real, come up with something?

I mean, this whole thing with von der Leyen and Joe Biden trying to get another piece of paperwork. I mean, I’m ashamed of being an European when we, for the third time, are going to, please, please let us find some way that we at least on paper, we know you take our data, but on paper, we do this. And then we pretend nothing happened. And then it’s going to go to the Court of justice. And two years from now, we’re going to be back to square one. And the problem with that is that it’s going to be another three, four, five years lost.

Now, at least some nations, including Germany, are starting to see the reality of where we’re heading. Let’s use that momentum. Let’s talk to Ireland and say, Hey, Ireland, we understand you’re dependent on this. So are we. But let’s look at us as an internal market to see how do we do this in a good way. We don’t want to take everything away from Ireland, but you can’t sell out Europe’s soul for money. So it’s a huge question. Huge question. But it’s a lot of work that we need to jump on now. It’s going to take 20 years. But if we don’t jump it on now, it’s going to be 30 years.

Henrik Grankvist: So which one would you prefer, Johan? Or who do you think does the most surveillance on their citizens, like the U.S. or China?

Johan Christenson: Listen, I think they’re both very good at doing that. And I think we should not be naive to think that Europe doesn’t want to do that. We have FRA in Sweden, for example. They want to do all kinds of things, right? So I think the difference is that we live and work here. So we have to abide by the laws here. Same thing if you’re a U.S. citizen. Of course, you’re going to have to abide by the laws there, right? And surveillance is something everybody does. It’s just a matter to what extent, right? So they’re doing it. They’re also the powerhouses of the world, right? So they feel like they need to stay safe. It really comes down to national security and all these things, right? And of course, as you know, privacy is something that is extremely important and is in our founding laws, because it’s that important.

I mean, before digital, kind of privacy was a given, right? You wanted to have privacy in certain ways. You don’t want the governance to snoop or come into your home and start taking things or whatever. That privacy is kind of easy to understand. This privacy becomes much more murky, right? I click on Facebook and I say, yeah, sure, take my stuff. Until I lost my… you know, somebody stole my digital identity, then I started understanding, but that was not good. Just like I don’t want the government maybe to walk in my door and start snooping around in my closet, right? But here it happens in a different way. And I think we’re still 10 years out from understanding the complications of that and the implications of that.

Henrik Grankvist: Yeah, that’s right. I agree. But I think, you know, you mentioned the BMW and I’m so happy I’m driving a Volvo. You know, this is Swedish, it’s safe. But it’s just funny because I didn’t sign a DPA for running my Volvo. I just think it’s funny, you know, with the Chinese, all the internet of things, and also with the Android. It would be interesting to see the type of data that they collect.

Fredric Wallsten: I’m sorry, Henrik, but isn’t Volvo a Chinese car?

Vinay Joosery: Yeah. Right.

Fredric Wallsten: You should, for sure, sign a DPA.

Henrik Grankvist: Yeah, that’s right.

Vinay Joosery: Right. So moving just a little bit, we talked about Island, you know, Meta being… yeah, you know, getting a pretty big fine. Now, in the light of maybe, you know, we can say that there’s more enforcement lately regarding the GDPR. But do you guys think there will be more enforcement? And are enterprises who are running on hyperscalers, are they at risk? Because if you run in a hyperscaler, there will be data transfer to the U.S., so will enterprises carry a risk there?

Johan Christenson: I think it’s a huge risk, you know. I mean, I think the writing is on the wall. It’s just that the DPAs are in that dilemma we spoke about, right? And how do we change that dilemma? I mean, if they go forcefully at this, I mean, take Helsinger in Denmark. they cracked down on one school and all of a sudden they realized that, well, shoot, Google ChromeBooks cannot be used, nor the applications. What happened in that city? They had like 60,000 ChromeBooks for sale the next day, and the schools barely knew how to conduct lessons. So there’s this huge implication, which I think the DPAs are very worried about, right? If they go too hardcore, you know, what happens?

So somehow, I think the right thing would be for us to realize it and try to work towards solutions where, you know, we don’t throw our hands up and say, well, listen, if there’s no Microsoft 365, we might as well lay down and die, you know? So how do we do that? How do we do this from a positive perspective, you know, not necessarily just enforcing? I would hope that we can take it from that angle instead, right? Enforcement needs to be there, right? I for one, if there are no speed limits on the roads, I probably would drive a little bit faster than I do today. So there is something to be said for that. But it’s like the tax authority says, if we don’t follow the laws, why should anybody have their tax declaration in on time?

So the law is incredibly important, but here we put ourselves in such a weak position that you could disrupt a society if you just, boom, tomorrow, you’re not allowed to use any of these things. Look at Australia, right, when Google started to hint at potentially pulling out. I mean, just Google Maps, I don’t know if I can find my way to the next meeting without it, right? So we’re at that level where I think we have to look at it more broadly and say, let’s start working on this. And this is what eSam in Sweden is doing. They’re trying to encourage from the right perspective, encourage movement towards other solutions, and encourage providers to say, hey, listen, there’s going to be money here if you guys come up with a solution.

And the cool thing is, they’re looking beyond that, right? So you have protocols like matrix and so forth. Today, of course, if you use Teams, you’re only going to be able to chat with people that use Teams, right? But why is it like that? It’s like email. If I send an email today, does it matter what technology I have in the background? No, of course, I expect that email to be read by you, Vinay, regardless of what tech you have in the background. Why is it not like that in all those other things? Like a video conferencing or a chat, or whatever it might be, or even a Word document, right? If we keep messing with that protocol too much, it’s going to be a factor that makes the government say we need Word because we can’t use Open Office, because it doesn’t look exactly the same, right?

There’s a lot of those things that I think we can, from a positive perspective, standardize and also encourage us to move forward. With that, it’ll be a little easier also for the DPAs to impose the fines, whatever they need to do to encourage people to move in the right direction. But it needs to be a little firmer than it is today. I mean, because without that, unfortunately, I think it’s only the laws and this digital sovereignty that will make Europe move any step in that direction. Yeah. Because otherwise, it’s too easy for us to continue to be lazy and just consume. Our generation has had it really good. We got some money. Let’s just buy it. You know, why should we do the hard work? So we got that journey. Let’s look at it from the positive side, and not necessarily just from the enforcement side.

Fredric Wallsten: And I mean, we’re in a very early stage, still in digitalization. And there will be a lot of regulations that are coming our way, and a lot of talk of regulation. Just recently, the chat enforcement regulation and AI regulations, and I think it’s necessary to regulate because you can do good or bad with all types of technical solutions. So, to some extent, it’s necessary to regulate it. I think also it’s different for government who have a different assignment than your business enterprise. For an enterprise, it’s a business risk to decide on which platform you use. For a government, it’s essential to have control over your data. It’s, like Johan mentioned earlier, a factor of democracy and sovereignty. So I think we see a lot of regulation coming now our way from Europe with all good intentions, but we’ll see where it fans out.

Johan Christenson: And that’s where the opportunity lies, right, for a lot of us. It’s going to be a complex world, just like it has been before. If you want to work with a bank, there’s certain rules and regulations there. It’s always been right. I mean, we as citizens of Europe, or wherever country, we kind of appreciate that. If my money is there, yeah, please make sure my money is there tomorrow as well, right. And whether that’s Bitcoin or whatever. There are certain things we want to have a trust in because it’s part of our society. So we need to make sure that that’s there. Same thing about things we don’t understand. Privacy, we don’t necessarily yet understand completely. Therefore, it’s kind of cool, actually, that the EU was so early to see this. Everybody’s going to have a GDPR. There’s no doubt, we need it.

I know it’s a tough thing for us to handle. It’d be easier if we can all just move around, and do whatever we wanted to. But in it, democracy, we need laws, because otherwise it goes south so to speak, right? And take that like the lack of acting. We have something called bank ID in Sweden, it’s four banks getting together, creating something, great stuff. I mean, nobody can complain about anything. But how does the government allow four banks to kind of control the whole country, you know? So, I mean, are we not going to do anything there in improving our stability, resiliency and so forth? Or are we going to just say, hey, two private companies can kind of sort of control everybody’s login for everything that they do digitally, right? So it’s a broad question and we need to start working on it very quickly.

Fredric Wallsten: When you talk about it like that, it’s crazy how we ended up in such a situation that the identity of the citizens are in control of private companies. But I think that’s where we have ended up when innovation outpays regulation and strategy. I mean, if we take Sweden, for example, we haven’t had a solid strategy for IT from governmental side for decades.

Henrik Grankvist: Yeah, but I mean, that’s just crazy, heading down that lane, I guess, how the government have been doing their tenders. It’s all about per hour for developing this, and you have all these large, important projects for public sector that’s gone pear-shaped. And I really don’t understand why this hasn’t been dealt with earlier. So that’s obviously holding us back on innovation, I would say, as well, because the system is so stale.

Vinay Joosery: Right. So we’ve spoken a bit, well, quite a lot about laws, legislation, right? And I guess I think it was a model for the rest of the world, in a way. Now, to what extent? Companies have used the GDPR to rethink their cloud strategies. It is still to be, you know, I mean, I guess we’re not convinced on this panel because the GDPR hasn’t really had teeth in a way. It’s quite hard to forbid things because there’s no alternatives. So looking at the national, let’s say, EU cloud business, right? I mean, beyond, how are you guys taking advantage of this situation where, you know, in a way, there are the laws and, you know, some regulations. Companies know that it is an issue to run on a hyperscaler, but many of them are already stuck in there, right? So how are you guys taking advantage of this situation or dealing with that situation?

Henrik Grankvist: You know, I think, first of all, it’s about the… and we’re experiencing that amongst the different companies here out there, you know, they have… you know, they’re looking for enhanced security and for making sure, staying in control of their data, basically, you know, because that’s what we do. Obviously, we process our customers’ data, and we don’t use any sub-processors whilst doing that. So that’s definitely one core aspect. And then I think it’s a good thing also for us, I mean, just the three of us here having this discussion, you know, we’ve been in the running, we have the consistency. That’s important.

And also, we’re both like partners, but also obviously competitors, you know? So to making sure that we have a competitive and offerings and pricing and features, and so on, so it keeps us on our toes. And as you know, we’re advocates, all of us, for no binding contracts and avoiding lock-in. And that makes we have a pretty good, you know, offerings and many on the table compared to the hyperscale. And, I would say with support actually, that we’re finding as well that companies, these enterprise companies running this really sensitive data, you know, their support is really key for them once they run into, you know, stuff.

Johan Christenson: The one key I think all of Europe has to understand is that there’s one driver here, and that’s innovation, right? So we can talk about a lot of unique selling points and so forth, right? But if you don’t have what is required, and it’s really coming down to automation, making sure the right services are on top so that you can do whatever you need to do. Whether it’s AI or IoT, ML, there’s so many things that you might want to do. So the innovation aspect is number one, and that’s where we struggle, right? The feeling of having enough features and so forth.

Keep in mind, 90% of AWS revenue is like the basic services, right? But 90% of the talk is about AI and this, and so forth. Yeah. So that’s like the number one thing. So you always have to strive to make sure that that you can complete that journey for an enterprise. So you got to go up to, let’s say, container levels and that kind of stuff you want to talk if you want to talk technical there. But from our perspective, no doubt, we’ve had a strategy the whole time to be the best European company when it comes to interpreting all the laws. Because we speak a lot about GDPR here, right? That’s one basic first step.

If you’re a bank, bank secrecy, you know, you have Basel II, III, you have Solvent II, III, you know, you have, of course, every nation’s secrecy laws, right? And they differ, right? So Germany is slightly different from Sweden and so forth. You have, if you’re in media, you have your laws. If you’re in automotive, you have your laws. So being able to interpret that, do a good job of that. For those people that are serious and really want to do right by the laws and the regulations, I think we’ve come very, very far in how you interpret that into an infrastructure. And can actually prove that.

So if you have a DPA, for example, or if you have the financial people coming to check on things, or like social studies in Sweden, checks for healthcare, for example, How do you prove that all the way? From the agreement, or from the data center, and then, of course, the people, the type of checks that they have to have and so forth, to be able to be allowed to be part of the processing. That is quite a challenge today, and it’s becoming more and more complex. Yeah. And it will actually be driven now. You saw ENISA that coming out with NIS2. They’ll probably in NIS3 where we’re going to say, Europe needs to be more resilient. So we need to drive security, security, security, and a lot of the regulation comes to protecting citizens data in some sort, right? So it’s going to be a driver thing for all of the European companies.

Because, frankly, I don’t see anybody, you know, out innovating Amazon or something like that. We have an SAP in Germany, right? Which is a huge software company. But aside from that, tier one, two, three are all dominated by foreign companies. So we have that long journey and I think the regulatory side, unfortunately, I’ll say, because it doesn’t sound like that much fun. We’ll have to be a little bit of a driver for us in the sense of staying competitive. But I do think that there are a lot of providers today. It’s so easy to say we have to go Azure because we’re people, we follow other people, right?

There are plenty of providers today where you can do your full innovation journey, nevermind laws and so forth, full innovation journey, and maybe better. Because sometimes the lack of features where you have to choose your own CI/CD, for example, also forces you to have a little bit more knowledge. You have to feed your employees, your colleagues more knowledge. That, I think actually allows you to be the bigger innovator. And of course, when you use some of those tools that are on the side, and not necessarily in the cloud, it allows you to be less of a lock-in factor. So more knowledge and less lock-in is probably a good strategy for a company overall.

Fredric Wallsten: Yeah, but I think you’re onto something there. Innovation, but also cost are the two factors. And I think the route for both Sweden and Europe is to fully transform to work with open source, community developed applications instead of vendor proprietary solutions. I don’t know if you saw the Google article where they concluded that not even Google could compete with open source development, that they should position themselves as a thought leader in various fields and drive the open source agenda for those fields. So I think the biggest opportunity, but also requires the biggest transformation to say, embrace open source development, which has a little bit of a bad name, but perhaps in various parts of the community.

Johan Christenson: And isn’t it funny, Fredric, that, you know, and again, I don’t want to knock too much on whatever. So I’m on the board of Open Infrastructure Foundation. There’s a summit actually in Vancouver right now. You know, it’s interesting to see. You’d think that Europe would be all over open source, right? Because in my mind, it’s the only route.

Fredric Wallsten: Should be. Yeah, yeah.

Johan Christenson: Yeah, it should be, right? But not even there. You know, like China or Asia, and North America still dominates open source as well, in addition to having all those things. So I hope that we get a much more of a mentality into open source, like universities, instead of taking the 100 coupon from Amazon and let them use that, start coming up with classes and so forth to see how can we become a bigger part of that. Because that is, I think, the only chance out of this, so to speak. And plus, I think it’s a great career, right? Because everything is made out of open source today, whether it’s Azure or AWS, or Tencent and Alibaba. I know we don’t speak so much about the Chinese providers here, but same thing there, they’re heavily engaged in open source.

Henrik Grankvist: But now we have Open Infra Europe, so let’s reclaim Europe, right?

Fredric Wallsten: Indeed.

Vinay Joosery: Okay, folks, we are kind of running out of time here, but, you know, this was a great discussion. I mean, I think we have a lot of issues, right? This whole cloud space has developed very fast. It’s, you know, companies have moved towards it. We’ve had some people just kind of, you know, run away with it in a way. But we do have an ecosystem here, right? In Sweden, in Europe, we do have quite a few local companies. And I think there were some good ideas on this panel. But folks, thank you all for joining. And I think we’re done here. So see you folks for the next episode.

Check out our other podcast episodes for more insights into what data sovereignty means for the enterprise and how companies can reliably scale their database operations through a sovereign infrastructure.