TL;DR
- Gaia-X is a non-profit, member-driven initiative — originally Franco-German — that defines a federation framework and trust labels for European cloud and data services.
- It is not a cloud platform itself; it is a set of specifications, policy rules, and conformance criteria.
- The Gaia-X Trust Framework defines labels (Standard, Label Level 2, Label Level 3) reflecting increasing sovereignty and transparency requirements.
- Membership and label conformance signal to EU buyers that a provider commits to European data-protection and transparency standards.
What Gaia-X Is#
Gaia-X was launched in 2019 by the French and German governments and has since grown into a Brussels-headquartered AISBL (international non-profit association) with several hundred members across Europe and beyond. Its mission is to define how European cloud and data services can federate — interoperate technically and contractually — while preserving European values around data protection, transparency, and supplier choice.
It is not a competitor to AWS, Azure or GCP. It is a layer of specifications, a trust framework, and a conformance regime that any participating provider can adopt.
The Trust Framework#
Gaia-X publishes a Trust Framework that codifies expectations for participants. The framework defines compliance criteria across three label levels:
| Label | Focus |
|---|---|
| Standard / Label Level 1 | Baseline transparency, ISO 27001 + GDPR alignment, declared sub-processor list. |
| Label Level 2 | Adds stronger requirements on data location, contractual transparency, and customer right-of-audit. |
| Label Level 3 | Sovereignty — the provider must demonstrate immunity from non-EU extraterritorial law, EU-only headquarters and key staff, EU-only operations. |
Federation Services#
The technical side of Gaia-X is delivered by the Gaia-X Federation Services (GXFS) — open-source reference implementations of identity, credential, and catalogue services that participating providers can adopt to interoperate.
- Identity and Trust — verifiable credentials based on W3C standards.
- Federated Catalogue — discoverable description of services and data offerings.
- Sovereign Data Exchange — protocols for compliant cross-organisation data sharing.
- Compliance — automated checks against the Trust Framework rules.
Why Buyers Care#
Gaia-X labels are increasingly named in EU procurements, particularly in regulated sectors (automotive, healthcare, energy) and in publicly-funded data spaces (Catena-X for automotive, Mobility Data Space). A Label Level 2 conformance certificate is becoming a useful differentiator; Label Level 3 is positioned as the sovereign-cloud signal.
Gaia-X conformance and EUCS certification are complementary, not duplicative. EUCS is the statutory certification scheme for cloud security; Gaia-X is the federation and sovereignty framework. Most EU sovereign-cloud strategies expect a provider to hold both.
Common Misunderstandings#
- Gaia-X is not a single cloud platform you can buy compute from.
- Gaia-X membership is not a label — it is a precondition for getting labelled.
- Gaia-X labels are not statutory — they have weight in EU procurement but do not by themselves grant regulatory compliance.
- Hyperscalers may participate at Label Level 1 or 2 but typically cannot reach Label Level 3 because of CLOUD Act exposure.
Where Yobitel Sits#
Yobitel maintains Gaia-X-aligned descriptions for our EU-region services so that they can be listed in federated catalogues alongside European partners. Customers requiring full Label Level 3 sovereign deployments are delivered via partnerships with EU-headquartered providers under joint contract.
References
- Gaia-X Association · Gaia-X AISBL
- Gaia-X Trust Framework · Gaia-X
- Gaia-X Federation Services · GXFS