Today the Swiss not-for-profit DFINITY Foundation announced that a European subnet has launched on the Internet Computer Foundation (ICP), providing GDPR-aligned infrastructure for decentralised applications (dApps).
The ICP is a decentralised cloud 3.0 protocol that allows developers to build and run services and enterprise systems directly on a public, blockchain network with unprecedented scalability.
Services running on top of ICP are tamper-proof and can negatively interact with the outside world in a trustless manner, both with traditional Web 2.0 services and with other blockchains.
The subnet created by the NNS is one of the world's largest DAOs that governs the Internet Computer.
And I have to say it's great to see a functioning DAO with enough active participants to make decisions that lead to community-led initiatives like this subnet.
With this new infrastructure, developers on the subnet now have access to tools that can be leveraged to release dApps in the European market that protect personal and financial data under stringent and established regulator practices.
Dominic Williams, Founder and Chief Scientist of DFINITY, commented:
“Web3 builders can now create innovative and compliant decentralised experiences that benefit millions of users in the EU and beyond.”
Why this European subnet matters
On the Internet Computer network, a subnet operates as a collection of nodes that run the same computations, hold the same data, and are set in the same state.
The European subnet is the first subnet of its kind on the Internet Computer and is geographically bounded, meaning that all the nodes in the subnet are located within the EU. This ensures data is processed and stored within the EU to align with GDPR’s jurisdictional requirements.
The European subnet also provides the platform with the tamperproof infrastructure necessary to build GDPR-compliant applications. Specifically:
- Unlike traditional blockchains, where all data is visible to everyone, the Internet Computer allows developers to choose whether to make their data public or private. Private data is encrypted and can only be accessed by authorised parties.
- Data amendment and deletion are possible: The Internet Computer supports data mutability, meaning developers can update or delete data as needed. This allows them to comply with GDPR’s right to rectification and right to erasure principles.
- Dapps have full data and access control. Developers can also use canister smart contracts, autonomous software units on the Internet Computer, to enforce data security and integrity.
- Node providers undergo a rigorous vetting process before being voted in by token holders.
Also in development are VetKeys, which will allow distributed decryption, where no single node holds the complete decryption key. This approach enhances data security, preventing unauthorised access.
Also planned for release in late 2024 is an AMD secure encrypted virtualisation launching later in 2024 which aims to secure the boundary node Virtual Machine, isolating it from potential external threats.
This technology creates a digital boundary around data, ensuring that all node machines within the European subnet are shielded from all unauthorised access, keeping data secure and highly confidential.