TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

64% Positive

Analyzed from 2299 words in the discussion.

Trending Topics

#arm#europe#chips#data#more#don#european#sovereignty#risk#own

Discussion (55 Comments)Read Original on HackerNews

embedding-shapeabout 1 hour ago
I guess there are two types of "sovereignty" people talk about here.

First is "data sovereignty", which is what the current (data) migrations are all about. As long as the data remains in place where it cannot be suddenly locked away by the US government, people don't care if the CPU was purchased from the US, as the government cannot suddenly disable those (as far as we know at least).

Second is "hardware sovereignty", which is what this article talks about, about the geographical locations where the hardware is designed and built. This is obviously much harder, but also less important at this very moment. That's why you're not seeing people suddenly rushing to fund EU fabs for silicon, there are more important things to focus on right now, with real implications.

The article kind of does everyone a disservice by mixing the two and not clearly separating which ones it's actually talking about. But to be fair, if they did that, then they've wouldn't have been able to publish this whole "Look how they aren't actually sovereign after all" article if they did so, here we are...

masfuerteabout 1 hour ago
The actual risk is that US spooks can use these hardware features to infiltrate European clouds. It's not just a theoretical concern about hardware sovereignty.
traceroute66about 1 hour ago
> The actual risk is that US spooks can use these hardware features to infiltrate European clouds.

If your threat model is clandestine government actors then I think it would be a rather odd decision to host on ANY cloud !

The main risk for most people is being subject to US CLOUD Act, US PATRIOT Act etc. etc. Which, despite what the sales-droids will tell you, still applies in the fake-EU clouds operated by the US providers.

If you are serious about EU data sovereignty then you absolutely want an EU OpCo that has nothing whatsoever to do with any US company. If OpCo has ties to a US company or IS a US company such as AWS or Microsoft, then you've lost the EU jurisdiction.

Spooky23about 1 hour ago
That’s a risk, but for most cases likely not the most material up front risk - there’s a million ways for the spooks to enter the building.

TBH, all of these entities are likely actively penetrated by US, Israeli and Russian human assets. You don’t need esoteric knowledge of CPU flaws or whatever if the dude holding the keys works for you.

adjejmxbdjdn42 minutes ago
It’s not. It’s a real concern.

But they are two different things.

You can’t solve all problems at once.

It’s reasonable to start by solving the problems which provide rrhe best improvement for the lowest effort and risk.

Prioritizing data sovereignty as the OP has done well naming it, seems like a good trade off to me.

moses-palmerabout 1 hour ago
Well, to be fair, then it's precisely a theoretical concern about hardware sovereignty.
PaulHoule43 minutes ago
Or any other country. It is not like you can keep that genie inside the bottle.
embedding-shapeabout 1 hour ago
Is this an actual risk? If I buy a Intel/AMD CPU today and chuck it into this "European cloud" I'm running, how exactly will that be used to infiltrate this cloud?

AFAIK, there is absolutely zero evidence either Intel or AMD CPUs are compromised, even less so that they're somehow remotely accessible by the US government...

akg_6735 minutes ago
> AFAIK, there is absolutely zero evidence either Intel or AMD CPUs are compromised, even less so that they're somehow remotely accessible by the US government...

The concerns are similar to US supplied fighters having the kill switch or remotely damaging centrifuges in Iran using software virus.

No one knows whether CPUs are compromised similar to no one knew beepers with explosives in Lebanon were compromised by Israel, allegedly during manufacturing. CPUs don't need to be accessed remotely, any compromised person locally will be enough.

These are fascinating cases to show how far state actors will go and how long the compromise can stay dormant.

tinychairabout 1 hour ago
The article does provide real world examples, as well as credible hypotheticals from academics. The 'compromise' is the built in features of the chips being discussed.
kinow3 minutes ago
My company is involved in research and production of RISC-V-based chips in Barcelona, with partners. There is or was a partnership with Intel at some point, and I think NVIDIA collaborated in some tasks in one of the projects. But the idea that I heard from the presentations is to produce chips in EU with little dependency on US, China, etc.

https://catalonia.com/w/barcelona-supercomputing-center-laun...

https://www.bsc.es/join-us/excellence-career-opportunities/d...

I think there is a partition in our supercomputing facility for these new types of technologies, but since my work is running climate models, I only hear news from other teams like our AI factory, the quantum computer, or people involved with these new chips and some emulators (that I think work together).

hinata0816 minutes ago
I'm surprised that nobody ever tells about Loongson

China already produces government and business computers with their homemade LoongArch architecture. The run on homemade Linux as well. Their point was not only to not be worried as much about backdoors and sanctions, but also to get a platform that their own universities and engineers can maintain and develop

This brand used to coproduce with the French, open source and Java apps work, it's under US sanctions for supplying the chinese government and military, export was restricted so that none land in Russia.

It took decades to make, commercial value is uncertain, but they did master the entire computing stack now

neilv18 minutes ago
> Goodacre told The Register he tested awareness of the Management Engine with various attendees at the CyberUK conference in April 2026. "Almost no one" knew about it, he reports.

That's surprising. I would've expected most people at a cybersecurity conference to have heard of it, for over a decade.

Is this conference not for people who understand the technology at all, but rather for purely management-track people who oversee the people who understand the technology?

onemoresoop43 minutes ago
Sovereignty is not necessarily about spying but about having control over their destiny.
deaux4 minutes ago
These articles may as well be US industry plans. Clickbait article, useless fearmongering content.

Sovereign clouds are an incredibly meaningful first step. Full independence takes decades. China still uses plenty of AMD and Intel chips, does it mean the amount of independence they've achieved is meaningless? That their stacks are just as dependent on the US as those of the EU?

Of course not and even a child could know that. You start with the very end of the chain and hopefully very gradually work your way upwards. The EU approach of doing things is the way to go.

nasretdinovabout 2 hours ago
Quite an odd thing for a British journal to pretend ARM doesn't exist...
Aromasinabout 1 hour ago
The author is a Dutch journalist with no technology background. I wouldn't jump to get my information from this source. As a person who works in the UK semiconductor industry, I noticed 4 or 5 glaring holes in the article in just the first couple of paragraphs.
dijitabout 1 hour ago
ARM is:

1) An ISA licensor, with no capability to create its own CPUs

and

2) Owned by Softbank in Japan, not European

Aromasinabout 1 hour ago
They are pivoting to become a fabless chip company as of last year (the decision happened a few years back): https://www.wired.com/story/chip-design-firm-arm-is-making-i...

I'd also argue that while Softbank has capital ownership of the company, the leadership structure and how that capital is allocated is still done within the UK with standard board oversight. I know a few of the leadership team personally, and they have a wide remit, almost more so than a public company might do.

shaokindabout 1 hour ago
Is 1) accurate with ARM creating their own CPUs directly? https://www.cnbc.com/amp/2026/03/24/arm-launches-its-own-cpu...
dadoumabout 1 hour ago
ARM design IP blocks, they can make their own CPU (and now they are making one), eevn though that means competing with your customers.
wvbdmpabout 1 hour ago
They still don‘t fab them though, AFAIK they go through TSMC.
hannobabout 1 hour ago
As far as cloud service servers are concerned, I don't think ARM CPUs have any meaningful marketshare, right?

You could start running things on ARM, but, almost certainly, that comes with a lot of extra friction. (Not saying that isn't a bad idea, it'd probably improve the ecosystem as a whole and flush out architecture-specific assumptions in server software. But it's not someting trivial to do.)

Syttenabout 1 hour ago
AWS runs a lot of ARM server and they are pushed heavily since they are cheaper and faster. And with Apple running ARM it is just easier to fully transition now.
hanwennabout 1 hour ago
AWS graviton, Google Axion? ARM has better performance per watt, which translates to better performance per $.
jandrewrogers1 minute ago
The reality is more complicated than this.

If the processor is mostly idle or running minimally optimized software, which is most software, then ARM offers better performance per watt. If the processor is running highly optimized code at max throughput all the time then x86 offers better performance per watt.

This is an intrinsic tradeoff. To make low-utilization workloads more power efficient you have to make high-utilization workloads less power efficient and vice versa. ARM and x86 differentiate themselves by taking opposite ends of that tradeoff spectrum.

It depends on the code.

tlbabout 1 hour ago
Linux on Arm works great. I barely notice the difference except everything is a bit faster. Most SaaS companies can and should switch.
Kon5ole41 minutes ago
Arm has been growing fast for years, recent stories claim ARM is at 50% for hyperscalers (google, amazon and microsoft are making their own designs) and 25% for general servers according to stories from this year, and the share is growing fast.

x86/64 is looking more and more like the next Alpha or MIPS in many ways.

therockheadabout 1 hour ago
AWS Graviton has been steadily gaining share, a quick Google search says it's up to 20% now.
novosabout 1 hour ago
Surely having AWS Graviton in service for nearly a decade will mean it's not that much friction.
Hikikomoriabout 1 hour ago
More than 50 % of new CPU capacity on AWS is arm. Most of their own stuff uses it, nitro co processors are also arm. Anyone caring about cost of AWS has or is transitioning.
anonym29about 1 hour ago
ARM has the exact same problem via TrustZone. Different technical implementation, slightly different known capabilities, but fundamentally, still an unauditable, unremovable ring -3 subsystem that cannot be controlled by the legitimate, lawful owner of the hardware.
leonidasrupabout 1 hour ago
Even if Europe could replace the dependence of Intel and AMD processor, for example with home grown RISC-V processor, where in Europe could such processor be manufacture in a secure and somehow cost effective way? Then there are other chips and components like memory chips, network components. How about secure European network routers which for networks and datacenters in Europe?

https://www.techspot.com/news/107073-researchers-uncover-hid...

Silicon level backdoors.

https://www.wired.com/2016/06/demonically-clever-backdoor-hi...

dadoumabout 1 hour ago
In general, in Europe there is research infrastructure that I think could be used at a medium scale for important applications (but I am not a professional).

There is the NanoIC research line at imec (2nm), CEA-Leti incomming 7nm FD-SOI pilot lines, and in terms of full production lines, Global Foundries Dresden (12 nm), ESMC (12 nm, in construction), and the various FeRAM/FMC projects I can't keep track of (Neumonda for example).

I would be more worried about designs, because outside of ARM (and Imagination Tech, both in the UK), I don't know any competitive European designs. (about routers NXP already makes router chips with accelerators on top of ARM cores, used for example in the Mono Gateway, but they are fabbed on old TSMC nodes)

dhdueii18about 1 hour ago
If they can make the EUV machines I doubt it’s beyond Europe to do the manufacturing at higher levels.

And as commented elsewhere, ARM

cenamusabout 1 hour ago
Also Siemens/Infineon. Although that's a vastly different node size, but still, there's some expertise present
nereye15 minutes ago
And ST (with similar considerations for node size etc.).
jeffrallenabout 1 hour ago
As a European, enjoying the environmental quality of life our regulations provide, I'm ashamed to admit it might be impossible to make chips here, as it's probably a dirty industry that Europe prefers to keep offshore.
dadoum38 minutes ago
And you are wrong to think that in my opinion, chip manufacturing in Europe was huge 25-30 years ago (there was high-end memory chips manufacturers, high-end GPU manufacturing and cutting edge nodes in Europe at the time).
disgruntledphd237 minutes ago
We make lots of chips (for mostly US based companies) in Europe, so that ship has sailed.
dijitabout 1 hour ago
I think people miss the point about sovreignity.

Part of what got Microsoft into this position in the first place is that they built and sold software.

Now, they don't build and sell software, they sell services. Services means you're buying access to data.

The data is the problem.

There's a certain amount of soft power you have when you can disallow access to data and services for foreign officials[0] arbitrarily.

The old world order would of course permit us to sanction new sales of things, but in the new world: this is crucially tied with current access to services.

I think the easiest way to think about it is:

Would you depend on another nation selling you the parts to build a power plant, or would you prefer to depend on them supplying you the power- in fact it's worse than that because not only are you buying power you're also giving up a lot of information on who uses it, how it's used, and enough control to cut it off for an individual person.. totally crazy.

the EU itself was designed around the idea that if you are crucially tied in this way then war becomes unthinkable. But that only works when you're equivalently sized entities. The US uses this position to bully the world.

leonidasrupabout 1 hour ago
EU is for example quite comfortable to be dependent on energy imports.

The biggest share of imports to EU by value is "mineral fuels, oils, distillation products". It's 17% of all imports.

https://tradingeconomics.com/european-union/imports-by-categ...

Spooky2338 minutes ago
Those integrations are needed in the long term because only through interdependence can you have peace. You need peace because the consequence of war post WW2 are too high.

The problem with the right wing authoritarian types, regardless of regime is that their thirst for power is harmful to all stakeholders. The tragedy of the Iraq War wasn’t Iraq — it was kicking off decades of inevitably escalating conflict. And doing so for nothing.

We, as in citizens of the world, need strong trade ties with China, Europe, the United States and the developing world. I don’t want my sons getting killed by some PRC drone, nor do I want them killing people in service of the dreams of fat old men.

Europe butchered two generations a century ago. Their model makes sense, and can integrate with the world.

clearstackabout 1 hour ago
The GPU situation is even more concentrated. NVDA data center was $39B last fiscal year — roughly 90% of their total revenue. No European alternative exists for AI compute workloads.
wood_spiritabout 1 hour ago
So what is the solution? Can Europe start building the next gen fab now already? And if it can technically, and if it can politically, even at great expense, should it?
Advertisement
netfortiusabout 1 hour ago
Now this is a perfect time to be just a little patient. After Trump literally threw Taiwan under the incoming Chinese bus, during his fervent trip in the area, this while chip design and building ought to change. And not in the direction of "build in America (as in MAGA one)" direction.
sauercrowdabout 1 hour ago
So what's being proposed here? Why bother and just use US clouds?
anonym29about 1 hour ago
Don't let 'perfect' be the enemy of 'progress'.
lstoddabout 1 hour ago
Exactly. Why bother and own yourself?

I always snarked at clueless CEOs bent on forcing me to sign NDAs while the entire infra _and_ data was living in US from the get go. Like, what's so sensitive I'm going to disclose that wasn't voluntarily disclosed by yourself already?

anonym29about 1 hour ago
Francillon seems very dismissive of the risk, citing his "castle walls", but there's a flaw in his thinking, partially described in the article. Francillon seems to anticipate adversarial traffic only flowing in, not out. Sure, he can block packets before they ever reach CSME or PSP. But there are several embedded assumptions in there which are unsupported: that the behavior of these systems is known, auditable, or understood well enough to assume that they're not sending outbound communications as a covert C2 channel, and that attackers reaching in need to send packets directly to these systems, rather than surreptitious delivery mechanisms to the main OS that CSME and PSP can observe, like a certain WLAN name broadcast from a wireless radio, or certain device firmware being present, or even a specific targeted ad being served to a browser running in the main OS. The claim that these criticisms make the entire framework he designed worthless is obviously untrue, but it's also a strawman. The true claim isn't that it makes the framework worthless, but rather, it makes the framework incomplete. This is inconvenient for Francillon because it tasks him with addressing a class of problem that may be partially possible to detect, but impossible to solve, in practice. And you can't have a conclusion that there is an unsolvable problem, even if it's true.
DeathArrow34 minutes ago
>Europe is pouring more than €2 billion into sovereign cloud initiatives designed to reduce exposure to US legal reach.

This is laughable, since US cloud platforms invested trillions. Also, US companies benefit from greater efficiency, know how, cheaper energy and less regulations.

If EU wants to compete with the US, they have to do what US does.