3JUN

Commission awards sovereign cloud slot to Google joint venture

5 min read

10:43UTC

The European Commission's €180m six-year sovereign cloud framework, named between 17 and 20 April, handed one of four provider slots to S3NS, a Thales-Google joint venture that cleared only the minimum SEAL-2 threshold.

← Back to Sovereignty arrives, minus Brussels Jump to analysis ↓

TechnologyDeveloping

Key takeaway

A sovereignty framework that treats SEAL-2 and SEAL-3 as interchangeable has collapsed its own distinction.

Between 17 and 20 April 2026 the European Commission named the four provider groupings selected for its €180m, six-year sovereign cloud framework . Post Telecom leads a Luxembourg consortium with CleverCloud and OVHcloud at SEAL-3; STACKIT, owned by the Schwarz Group, represents Germany at SEAL-3; Scaleway represents France at SEAL-3; and Proximus leads a Belgian consortium that includes S3NS, Clarence and Mistral AI, with S3NS rated at SEAL-2. the Commission's Sovereignty European Assurance Level framework grades contracts from SEAL-1 to SEAL-3, and SEAL-3 requires the operator to run the service without foreign technical dependencies. SEAL-2 requires only data-sovereignty minima. Three awardees cleared the higher bar; one did not.

CISPE's Francisco Mingorance told The Register the award was "clearly an own goal" and called the S3NS inclusion "sovereignty washing" . The objection is specific: S3NS is a joint venture between French defence group Thales and Google Cloud, and workloads running on Google infrastructure sit within reach of the US CLOUD Act, the 2018 law that lets American authorities compel disclosure of cloud data held anywhere in the world. Microsoft told the French Senate last year that it could not guarantee French customer data would never be disclosed under US legal orders; the same exposure attaches structurally to any Google-hosted workload regardless of where the data physically sits.

EU-native providers hold roughly 15 per cent of the European cloud market against around 70 per cent for the three US hyperscalers combined , and the Commission's counter-case rests on that arithmetic. Excluding every provider with any US linkage would have narrowed the tender to a field too small to be competitive, and the sovereign cloud market is forecast to triple to $23bn by 2027; a procurement logic that restricts the supplier base risks producing either no viable bidder or a single one. Hedged inclusion of S3NS at SEAL-2, alongside three SEAL-3 awardees, reads on that defence as a deliberate widening of the competitive field rather than a concession on sovereignty.

A €180m framework becomes the citation benchmark for every national cloud tender that follows, and member-state procurement Teams tend to cite the Commission's own designation as prima facie evidence of sovereignty compliance. Over six years the downstream contracts will be valued well above €180m, and a SEAL-2 provider sitting inside the same slot as a SEAL-3 one collapses two categories the framework was designed to separate. CISPE has the foundation for a legal challenge; Mingorance's keynote in Brussels this week on "Making Sovereignty Verifiable" suggests the challenge will come through an auditability argument rather than a tender-rules one.

Deep Analysis

In plain English

The EU runs its own computer systems on rented cloud infrastructure. This contract decides which companies can bid to provide that infrastructure for the next six years, with rules about how 'European' those providers must be. The controversy is that one of the four winners, S3NS, is a joint venture between French defence company Thales and Google. Critics say that because Google is an American company, EU data running on S3NS infrastructure could legally be accessed by US courts under a 2018 US law called the CLOUD Act. The Commission's response is that S3NS met the minimum sovereignty standard, and excluding it would have left too few suppliers in the competition.

Deep Analysis

Root Causes

Three structural factors make hyperscaler dependency difficult to escape. The managed services gap is the first: EU-native providers can match hyperscalers on raw compute and storage pricing but cannot yet replicate the depth of managed database, machine learning, networking and observability services that enterprise workloads depend on.

Migrating from Azure to OVHcloud or Scaleway requires rebuilding application dependencies against a shallower service catalogue, and the engineering cost is a real barrier for large organisations.

Network effects in procurement compound the problem: once a ministry or large enterprise runs on a hyperscaler, its staff develop platform-specific skills, its vendors integrate through that platform's APIs, and switching costs compound over time. Third, hyperscalers can cross-subsidise European market share from US revenue bases at a scale no European provider can match.

What could happen next?

Meaning
The first consequence is precedential: member-state procurement agencies will cite the Commission's own SEAL-2 award as justification for purchasing from S3NS and structurally similar Thales-Microsoft or Thales-Amazon joint ventures. If those downstream contracts follow, the practical effect of the EU's sovereign cloud framework over six years will be to channel public money toward hybrid US-European structures rather than toward EU-native providers. The second consequence is political: CISPE's public challenge delegitimises the framework before it has generated a single call-off contract. If the Commission does not respond with a published SEAL audit methodology, the 'sovereignty washing' framing will become the dominant description of the award in procurement guidance discussions across Europe.

Source Landscape

This story draws on neutral-leaning sources from United Kingdom and Belgium

United Kingdom

Belgium

Primary parallel: France's Andromède initiative of 2011-2012 stands as the most directly relevant precedent: a 150 million euro state-funded attempt to build domestic cloud champions through investment in two companies, Cloudwatt and Numergy. Both were wound down by 2019 after failing to compete with hyperscaler pricing and capability.

Counter-parallel: The French government's conclusion from Andromède was that pure national-champion approaches were unworkable at cloud scale, and that some form of industrial partnership with global providers was unavoidable.

The S3NS joint venture, a Thales-Google structure explicitly designed to provide a French sovereign wrapper around Google infrastructure, is the direct institutional descendant of that lesson. the Commission's SEAL-2 award endorses the Andromède POST-mortem rather than revisiting it.

A 180 million euro framework spread across four providers over six years averages 7.5 million euros per provider per year, smaller than a single AWS or Azure enterprise regional contract. Synergy Research Group's Q1 2026 data puts AWS, Azure and Google at approximately 72 per cent of the European cloud market, a market valued at roughly 45 billion euros annually by 2025.

The sovereign cloud segment is forecast to reach 23 billion euros by 2027 globally. A 30 million euro annual EU institutional contract represents less than 0.1 per cent of that market, but its SEAL certification will be cited in procurement guidance documents across 27 member states whose aggregate cloud spend is orders of magnitude larger.

Member-state procurement Teams routinely cite Commission-level designations as prima facie evidence of compliance, making the SEAL-2 precedent a template rather than an exception.

Consensus view: CISPE's Secretary General Francisco Mingorance has argued consistently that a sovereignty framework which certifies US-linked providers at any tier provides legal cover for procurement decisions that defeat the framework's purpose. His position, set out at the Brussels summit, is that the SEAL tier structure must include independent technical audit against CLOUD Act exposure, not merely a contractual assertion of data sovereignty.

The French Andromède experience of the early 2010s, where a state-backed sovereign cloud was abandoned partly because French procurement officials found the restrictions commercially unworkable, underpins CISPE's concern that the Commission has again chosen political expediency over structural rigour.

Counter-view: Several GAIA-X board members and European cloud operators take the counter view, arguing that pragmatic hybrid models are the only politically deliverable path given that EU-native providers hold 15 per cent of the market. On this reading, a SEAL-2 award to S3NS is a deliberate design choice to maintain competitive tension in the provider field rather than a concession on sovereignty.

The Synergy Research Group's quarterly European cloud market data consistently shows AWS, Azure and Google at or above 70 per cent combined share; without a viable hybrid tier, any EU sovereignty framework simply excludes three-quarters of the market's existing infrastructure.

Key tension: Whether the SEAL tier system functions as a genuine graduated standard or as a marketing label that different providers can claim at different thresholds without meaningful operational distinction is the unresolved question.

A SEAL-2 provider and a SEAL-3 provider winning slots on the same framework contract, as happened here, means procurement Teams face no practical pressure to prefer the higher standard. CISPE's audit-based remedy, if pursued as a legal challenge, would need to establish that the SEAL-2 designation materially misrepresents the sovereignty status of a Thales-Google joint venture in a way that damages competing SEAL-3 bidders.

First Reported In

Update #3 · Sovereignty summit, minus the sovereigns

The Register· 23 Apr 2026

Read original →

Causes and effects

Caused by

EU awards first sovereign cloud deal

The naming of four provider groupings including S3NS directly advanced from the initial framework award in ID:2617; the S3NS inclusion and CISPE criticism emerged as the names became public.

Occurred 17 Apr 2026

Read story →

EC opens DMA cloud probes against AWS and Azure

The DMA cloud gatekeeper probes against AWS and Azure that prompted the US Section 301 response created the political context in which the Commission built a sovereign cloud framework including a US-linked provider.

Occurred 1 Oct 2025

Read story →

This Event

Commission awards sovereign cloud slot to Google joint venture

The first pan-EU institutional sovereign cloud contract now carries a US-anchored joint venture inside its reference provider set. Because member-state tenders will cite this framework as a procurement benchmark over the next six years, the Commission's definition of "sovereign" for a €180m pilot will shape considerably larger downstream contracts.

Led to

CISPE ships rival sovereign cloud badge

CISPE's sovereignty framework launched directly in response to its criticism of the S3NS SEAL-2 award as 'sovereignty washing', operationalising Mingorance's Making Sovereignty Verifiable keynote.

Occurred 24 Apr 2026

Read story →

Different Perspectives

European Central Bank

The ECB's digital euro pilot drew more than 50 PSP applications and is naming 10 to 30 participants in July, advancing on its own monetary mandate without requiring a Commission act. Its trajectory this week is the inverse of CAIDA's: the sovereignty instrument that restricts no US firm is the only one keeping its published calendar.

United States (Ambassador Andrew Puzder / Steptoe LLP)

Puzder named CAIDA a red line inconsistent with the EU-US trade framework on 25 May; Steptoe warns US firms spend up to USD 50bn a year on DMA and DSA compliance and that CAIDA's Buy European tilt threatens the Turnberry truce. The Google fine delay is read in Washington as evidence that Commission enforcement bends to diplomatic pressure.

France (G7 chair and Mistral AI)

France chaired the 29 May G7 Bercy ministerial and produced a communique that omitted cloud sovereignty entirely, while its national AI champion Mistral won five-year Airbus and BMW engineering contracts commercially the day before. Paris is advancing sovereignty through the market and retreating on it at every multilateral table.

Germany (federal government)

Berlin maintained College silence that forced CAIDA's scope to public-sector tenders, protecting the automotive sector from a US Section 301 claim while simultaneously allowing BMW to contract Mistral for safety-critical crash-simulation work. German corporate procurement and German trade policy are running in opposite directions.

Netherlands (minister Willemijn Aerdts)

Aerdts blocked Kyndryl's EUR 100m Solvinity acquisition on 26 May, the first US deal ever stopped under Dutch screening, on the specific ground that the US CLOUD Act could compel disclosure of DigiD and MijnOverheid data. The decision is a direct demonstration that national screening achieves CAIDA's public-sector objective without waiting for EU law.

European Commission

The Commission is presenting CAIDA adoption on its fourth scheduled date as a sovereignty milestone, with Henna Virkkunen due to brief the Telecom Council on 9 June. The narrowed public-sector-only scope is the concession written in to secure adoption; whether the Commission presents it as a floor or a ceiling for future revision is the open question.