alt Hacker NewsEurope built sovereign clouds to escape US control. Forgot about the processors
Comments
Doesn't encryption protect against these low level network backdoors? I'd think that encryption happens in the upper layers so by the time traffic goes through the ME, it is just gibberish. Someone with expertise enlighten me, please!
I don't think they "forgot" about processors. It was out of scope. Creating the pipeline to end up with a fully "sovereign" system end-to-end is a decades long process and hundreds of billions of euros. As others have pointed out, in this context "sovereign" meant data processing. This is also a fairly paranoid take. Not to say hardware isn't targeted, but there are other methods. So spending hundreds of billions and several decades to build the fabs to gain assurance... it's a waste of time.
The other day, I saw a clone of OpenRouter pitched as a "superior" alternative simply because they were "European" only to find out their entire stack was dependent on Cloudflare. That's why I'm always sceptical of providers who claim superiority just because they want to "escape" US control because that's rarely the case.
I'm surprised that nobody ever tells about Loongson
China already produces government and business computers with their homemade LoongArch architecture. The run on homemade Linux as well. Their point was not only to not be worried as much about backdoors and sanctions, but also to get a platform that their own universities and engineers can maintain and develop
This brand used to coproduce with the French, open source and Java apps work, it's under US sanctions for supplying the chinese government and military, export was restricted so that none land in Russia.
It took decades to make, commercial value is uncertain, but they did master the entire computing stack now
My company is involved in research and production of RISC-V-based chips in Barcelona, with partners. There is or was a partnership with Intel at some point, and I think NVIDIA collaborated in some tasks in one of the projects. But the idea that I heard from the presentations is to produce chips in EU with little dependency on US, China, etc.
https://catalonia.com/w/barcelona-supercomputing-center-laun...
https://www.bsc.es/join-us/excellence-career-opportunities/d...
I think there is a partition in our supercomputing facility for these new types of technologies, but since my work is running climate models, I only hear news from other teams like our AI factory, the quantum computer, or people involved with these new chips and some emulators (that I think work together).
Quite an odd thing for a British journal to pretend ARM doesn't exist...
Sovereignty is not necessarily about spying but about having control over their destiny.
These articles may as well be US industry plants. Clickbait title, useless content written to discourage people and hope they throw their hands up and abandon all efforts.
Sovereign clouds are an incredibly meaningful first step. Full independence takes decades. China still uses plenty of AMD and Intel chips, does it mean the amount of independence they've achieved is meaningless? That their stacks are just as dependent on the US as those of the EU?
Of course not and even a child could know that. You start with the very end of the chain and hopefully very gradually work your way upwards. Sovereignty is a float, not a bool. If it's a bool its valye is False for all of China, the US and Italy, where in reality each has very different degrees of tech sovereignty. So you do things in order of efficiency, i.e. compare effort needed and how much it moves the sovereignty needle and pick what has the best ratio at this time. Designing and producing your own processors is far down this list.
Programming languages and operating systems as well.
Even if open source, currently there is no European plan on how to take care of supply chain on those.
Huawei came up with a full stack, after the ties were closed, as an example. OS and languages.
> Goodacre told The Register he tested awareness of the Management Engine with various attendees at the CyberUK conference in April 2026. "Almost no one" knew about it, he reports.
That's surprising. I would've expected most people at a cybersecurity conference to have heard of it, for over a decade.
Is this conference not for people who understand the technology at all, but rather for purely management-track people who oversee the people who understand the technology?
Even if Europe could replace the dependence of Intel and AMD processor, for example with home grown RISC-V processor, where in Europe could such processor be manufacture in a secure and somehow cost effective way? Then there are other chips and components like memory chips, network components. How about secure European network routers which for networks and datacenters in Europe?
https://www.techspot.com/news/107073-researchers-uncover-hid...
Silicon level backdoors.
https://www.wired.com/2016/06/demonically-clever-backdoor-hi...
I think people miss the point about sovreignity.
Part of what got Microsoft into this position in the first place is that they built and sold software.
Now, they don't build and sell software, they sell services. Services means you're buying access to data.
The data is the problem.
There's a certain amount of soft power you have when you can disallow access to data and services for foreign officials[0] arbitrarily.
The old world order would of course permit us to sanction new sales of things, but in the new world: this is crucially tied with current access to services.
I think the easiest way to think about it is:
Would you depend on another nation selling you the parts to build a power plant, or would you prefer to depend on them supplying you the power- in fact it's worse than that because not only are you buying power you're also giving up a lot of information on who uses it, how it's used, and enough control to cut it off for an individual person.. totally crazy.
the EU itself was designed around the idea that if you are crucially tied in this way then war becomes unthinkable. But that only works when you're equivalently sized entities. The US uses this position to bully the world.
The GPU situation is even more concentrated. NVDA data center was $39B last fiscal year — roughly 90% of their total revenue. No European alternative exists for AI compute workloads.
So what is the solution? Can Europe start building the next gen fab now already? And if it can technically, and if it can politically, even at great expense, should it?
I don't think the HN crowd realize how much the whole political EU Cloud is another edition of a money grab by a group of insiders that happen every few years.
Please read about the previous initiatives like Cloudwatt involving the same actors (Thales, etc.) [0]
I have been forced to consider them about 10 years ago and realized at the time that the French telco Orange (who acquired it in 2015) just transferred all control to Huawei (datacenters in France but controlled by Huawei). So all the organisations who put their precious data in a sovereign EU cloud was now in the hand of the Chinese. It took me a while to understand because they would hide it first and strangely the wikipedia article does not mention it.
So it was fun while the initial public money was flowing but right after that they just throw their "client" under the train.
If you want an European cloud, companies like Hetzner are good. But please do not get to excited by all the other announcements.
Now this is a perfect time to be just a little patient. After Trump literally threw Taiwan under the incoming Chinese bus, during his recent trip in the area, the chip design and building ought to change. And not in the direction of "build in America (as in MAGA one)" direction.
So what's being proposed here? Why bother and just use US clouds?
Francillon seems very dismissive of the risk, citing his "castle walls", but there's a flaw in his thinking, partially described in the article. Francillon seems to anticipate adversarial traffic only flowing in, not out. Sure, he can block packets before they ever reach CSME or PSP. But there are several embedded assumptions in there which are unsupported: that the behavior of these systems is known, auditable, or understood well enough to assume that they're not sending outbound communications as a covert C2 channel, and that attackers reaching in need to send packets directly to these systems, rather than surreptitious delivery mechanisms to the main OS that CSME and PSP can observe, like a certain WLAN name broadcast from a wireless radio, or certain device firmware being present, or even a specific targeted ad being served to a browser running in the main OS. The claim that these criticisms make the entire framework he designed worthless is obviously untrue, but it's also a strawman. The true claim isn't that it makes the framework worthless, but rather, it makes the framework incomplete. This is inconvenient for Francillon because it tasks him with addressing a class of problem that may be partially possible to detect, but impossible to solve, in practice. And you can't have a conclusion that there is an unsolvable problem, even if it's true.
>Europe is pouring more than €2 billion into sovereign cloud initiatives designed to reduce exposure to US legal reach.
This is laughable, since US cloud platforms invested trillions. Also, US companies benefit from greater efficiency, know how, cheaper energy and less regulations.
If EU wants to compete with the US, they have to do what US does.
[dead]
[dead]
I guess there are two types of "sovereignty" people talk about here.
First is "data sovereignty", which is what the current (data) migrations are all about. As long as the data remains in place where it cannot be suddenly locked away by the US government, people don't care if the CPU was purchased from the US, as the government cannot suddenly disable those (as far as we know at least).
Second is "hardware sovereignty", which is what this article talks about, about the geographical locations where the hardware is designed and built. This is obviously much harder, but also less important at this very moment. That's why you're not seeing people suddenly rushing to fund EU fabs for silicon, there are more important things to focus on right now, with real implications.
The article kind of does everyone a disservice by mixing the two and not clearly separating which ones it's actually talking about. But to be fair, if they did that, then they've wouldn't have been able to publish this whole "Look how they aren't actually sovereign after all" article if they did so, here we are...