As the exact framework for GAIA-X, that strives to “create the next generation of data infrastructure for Europe, its companies and its citizens”, has not yet been defined in detail, it is certain that GAIA-X is intended to provide users with secure and trustworthy, cloud-based data processing. The use cases developed clearly show that the issues will probably go beyond the usual topics of data protection and IT security.
One key success factor for GAIA-X is the accessibility of cloud computing to users that are unfamiliar with the related complexity of cloud solutions. To enable these users to trust in cloud solutions, it must be ensured that the requested or described features of the service used are guaranteed at all times. At the same time, it must be possible for cloud service providers to underpin this trust with appropriate efforts and to adhere to these standards by regular checks and verifications.
Together with our umbrella organization SRIW, SCOPE Europe gathered significant experience and expertise in developing industry-driven standards, in particular through codes of conduct. One key aspect thereby is that these standards or codes meet recognized and agreed criteria to enhance the level of trust. A core requirement here is the incorporation of appropriate verifications / monitoring schemes and complaint handling procedures.
Many organizations are involved in the development of standards on a daily basis. The special expertise of SRIW lies, among other things, in designing the necessary effective and therefore credible monitoring and complaint procedures to ensure accessibility to small and medium-sized enterprises (SMEs). On the one hand, this requires sensitivity in balancing what is really "necessary" with respect to the needs of SMEs. One the other hand, innovative solutions are needed in terms of the actual verification, e.g. what needs to be proven in concrete terms, with what frequency and based on what kind of evidence. Such a verification process should be aligned as far as possible on existing practical procedures.
This very special perspective, supplemented by the cloud-specific experience that SRIW and SCOPE Europe have been able to gain through their numerous projects, is represented by SRIW through Deputy Managing Director, Frank Ingenrieth, LL.M., who, in addition to legal issues, is mainly responsible for monitoring and auditing.