Luxembourg financial regulator the CSSF has started identifying pilot projects to explore artificial intelligence applications based on a new Luxembourg-based cloud computing platform incorporating Google services. The move is seen in part as a way to cope with a long-standing difficulty in recruiting sufficient qualified staff.
The CSSF has signed a strategic agreement on artificial intelligence with Clarence. The firm is a Luxembourg-based joint venture between Tier IV data centre operator and fibre optic provider LuxConnect and telecom provider Proximus Luxembourg. The fact that the data will be held under Luxembourg’s jurisdiction is vital for Luxembourg’s ability to endorse the technology.
The firm positions itself as a leader in providing “ultimate sovereign cloud solutions,” enabled by Google’s Sovereign Cloud service. Sovereign clouds confine services within a specified border.
Data sovereignty
“The strategic objective of the Luxembourg government was to address the challenging needs of two key market trends,” said Pascal Rogiest, Clarence’s general manager, speaking to Investment Officer. “First, there is a growing and stringent demand for data sovereignty combined with disconnected cloud technology. Data sovereignty has become increasingly critical, largely driven by the geopolitical landscape we are navigating today.”
Clarence “offers a unique sovereign air-gapped cloud solution,” explained a CSSF press release. “Clarence’s solution will enable the CSSF to leverage and apply cutting-edge technologies to its sensitive data while ensuring confidentiality, complete control and full sovereignty.”
Air-gapping means that the data is physically isolated from unsecured networks. This is only used for the most sensitive data.
Fear of US Cloud Act
Historically, there has long been a strong reluctance in the Luxembourg financial centre to employ US-based cloud computing services, chiefly driven by fear of surveillance and loss of data control, especially given the US Cloud Act.
“Organisations across sectors are seeking disconnected sovereign cloud solutions for various reasons: ensuring total control over their data, leveraging it for sensitive purposes or intellectual property protection, and mitigating risks of cyber threats and external intrusions, whether from malicious actors or the implications of legislation like the U.S. Cloud Act,” explained Rogiest.
Luxembourg has extended confidentiality obligations typical of medical confidentiality to its financial centre.
A significant transformation
The financial centre has for many years been engaged in what is termed a “digital transformation”, from a largely paper-based system.
“This partnership with Clarence is a significant step in the CSSF’s digital transformation,” said Claude Marx, the CSSF’s director-general, in the release. “It enables us to better process an increasing volume of data, refine risk analyses, and generally increase the efficiency of our work. In the future, artificial intelligence will be key not only for the financial center under the CSSF’s supervision, but also for the CSSF itself.”
Clarence is set to support CSSF staff with technical assistance, offering “innovative tools and use cases based on Google’s advanced technologies, ensuring maximum security of the CSSF’s data.”
Zero involvement
Rogiest emphasised that Google’s role was limited to a “technical partnership,” because “Google has zero involvement in operations or corporate governance, ensuring full sovereignty for our clients.” However, he was clear that the factor which had pushed the project forward is the “very important aspect for a lot of people now to be able to enjoy AI and keep up with AI.”
Prior to Clarence, Luxembourg financial institutions were limited to using their own technology, which Rogiest described as “a bit limiting”, or they would have to do it in an incompletely sovereign environment. Data sovereignty, he explained, is required by national and international regulatory requirements.