S3NS
Thales-Google Cloud joint venture awarded a slot in the EU sovereign cloud framework despite US CLOUD Act exposure.
Last refreshed: 23 April 2026 · Appears in 1 active topic
Is S3NS genuinely sovereign cloud or French-branded Google with a Thales label?
Timeline for S3NS
Mentioned in: CISPE ships rival sovereign cloud badge
European Tech SovereigntyMentioned in: Brussels sovereignty summit opens without European AI builders
European Tech SovereigntyAwarded a slot in the sovereign cloud framework at minimum SEAL-2 data sovereignty tier
European Tech Sovereignty: Commission awards sovereign cloud slot to Google joint venture- What is S3NS and why is it controversial in the EU cloud framework?
- S3NS is a joint venture between Thales (France) and Google Cloud. It was awarded a slot in the EU sovereign cloud framework at SEAL-2, the minimum tier, while three other awardees achieved SEAL-3. Critics call it sovereignty washing because the US CLOUD Act gives American authorities power to compel Google to disclose S3NS-hosted data.Source: The Register / European Commission / CISPE
- Can the US government access data stored on S3NS?
- Potentially yes. The US CLOUD Act (2018) allows US authorities to compel disclosure of data held by US-domiciled cloud companies regardless of where the data physically sits. Since S3NS uses Google Cloud infrastructure, and Google is a US company, legal compelled disclosure cannot be ruled out — the same structural exposure Microsoft acknowledged to the French Senate.Source: CISPE / The Register
- What is SEAL-2 vs SEAL-3 in European cloud sovereignty?
- The Commission's Sovereignty European Assurance Level (SEAL) framework runs from SEAL-1 to SEAL-3. SEAL-2 is Data Sovereignty (minimum threshold, covering data residency and access controls); SEAL-3 is Digital Resilience (requiring operational independence from foreign technical dependencies). S3NS achieved SEAL-2; OVHcloud, STACKIT, and Scaleway achieved SEAL-3.Source: European Commission cloud sovereignty framework
Background
S3NS is a joint venture between French defence and technology group Thales and Google Cloud, created to offer cloud services to French and European public sector customers under a French sovereignty wrapper. On 17-20 April 2026, S3NS was included in the European Commission's €180m six-year sovereign cloud framework as part of the Proximus (Belgium) consortium — alongside Clarence and Mistral AI — achieving SEAL-2, the minimum Data Sovereignty tier. The three other awardees (Post Telecom/OVHcloud/CleverCloud, STACKIT, and Scaleway) all achieved SEAL-3 Digital Resilience .
CISPE Secretary General Francisco Mingorance publicly called the inclusion "clearly an own goal" and described it as "sovereignty washing". The structural concern is the US CLOUD Act (Clarifying Lawful Overseas Use of Data, 2018), which allows American authorities to compel US-domiciled cloud companies — including Google — to disclose data held anywhere in the world, including through European joint ventures. Microsoft acknowledged before the French Senate that it "could not guarantee French customer data would never be disclosed under US legal orders"; the same legal exposure attaches to any Google-anchored infrastructure.
S3NS was created specifically to address French public sector sovereignty concerns by placing Google Cloud infrastructure under Thales's operational control and French legal jurisdiction. The SEAL-2 certification reflects partial rather than full operational independence: S3NS cannot offer SEAL-3 Digital Resilience because its underlying infrastructure depends on Google's global cloud platform . The Commission's decision to award it a framework slot at SEAL-2 will serve as the reference contract for member-state tenders for six years.
