A vendor slides a deck across the table. ISO 27001. SOC 2 Type II. BSI C5. Gaia-X member. DORA-ready. Every badge is real, independently audited, and correctly displayed.
And not one of them answers the only question that actually decides whether you can put your data there: can a foreign government compel access to it?
There is exactly one European framework that tests that question. It does so not with a security control but with a number — and the number is 24%.
If you buy cloud or AI in a regulated European industry, this is the most useful thing you can learn this year: certifications prove practice. Only one of them tests ownership. Here’s how to read them — and why the framework everyone will be arguing about by 2027 isn’t a certification at all.
The 24% rule: why most “sovereign cloud” certifications don’t test sovereignty
ISO 27001. SOC 2. BSI C5. Gaia-X. Every badge real, audited, correctly displayed — and not one answers the question that decides the deal: can a foreign government compel your data? Exactly one European framework tests that. It does it with a number.
C5 does cover place of jurisdiction, data location & disclosure obligations. It requires you to declare which law reaches you. C5 tells you the gun is in the room.
Requires that no non-EU law can reach you at all — enforced by the ownership cap. SecNumCloud requires there be no gun. That’s the whole difference.
The proposed Cloud and AI Development Act (COM(2026) 502) would set four Union assurance levels for public procurement. Its own recitals concede the point: Cybersecurity Act certification “is not suited for addressing sovereignty concerns.” National labels won’t be banned — but a SecNumCloud provider would still need separate Article 17 recognition. If it passes, the badge on the vendor’s website stops mattering and the assurance level starts. Meanwhile ANSSI + BSI have jointly committed to common criteria specifying where failure is disqualifying.
Microsoft showed the gap better than any critic: May 2025 — encryption makes access “technically impossible.” One month later — cannot guarantee immunity from US authorities. Thirty days between the marketing and the law. SecNumCloud doesn’t ban American technology — it forces a change of control over it (hence S3NS = Thales+Google, Bleu = Capgemini+Orange on Azure). Is it also protectionism? Partly, yes — and that critique is exactly why EUCS High+ died. Both things are true. Don’t ask if a provider is “sovereign” — the word has been marketed into meaninglessness. Ask the arithmetic: who owns you, and what law reaches you? Then check whether the answer is above or below 24% — including for the European champions nobody has asked.
The distinction that organizes everything
Sort the alphabet soup into two piles and it stops being confusing.
Pile one — how you operate. ISO 27001, SOC 2, BSI C5, and (mostly) EUCS certify practice: access controls, encryption, incident response, business continuity, audit trails. They ask “do you run this competently and securely?”
Pile two — who you are. SecNumCloud is the outlier. It asks “who ultimately controls you, and what law can reach you?”
The consequence is blunt, and worth quoting to any vendor who waves a badge at you: a certification proves security practices; it does not change legal jurisdiction. Amazon can hold every certificate in the catalogue. It remains an American company subject to American courts. A BSI C5 attestation does not make the CLOUD Act go away.
Everything below is a footnote to that sentence.
European sovereignty cloud certification
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
SecNumCloud, precisely
SecNumCloud is issued by ANSSI, France’s national cybersecurity agency. Created in 2016, now running on referential version 3.2 — over 360 criteria across 14 themes spanning technical, organizational, operational, and legal requirements.
A detail most coverage misses: it isn’t a certification in the ISO sense. It’s a qualification. ANSSI issues it after an audit by a PASSI-accredited evaluator, and the distinction matters commercially — the qualification commits the French State to the security level of the service. That’s not a private auditor’s opinion. It’s a government standing behind a claim. Valid three years, with a mandatory surveillance audit every 18 months.
It’s built on ISO 27001 but far more prescriptive, and it adds the thing nothing else has: legal sovereignty. The requirements include EU legal domicile, EU-only data storage, audited key custody, and immunity from non-EU extraterritorial law.
And then there’s the rule that does the actual work:
Capital and voting rights held by companies not based in the European Union must not exceed 24% individually, or 39% collectively.
That’s it. That’s the sovereignty test. Not a control, not a policy, not an encryption scheme — an ownership cap, expressed as arithmetic, checkable from a cap table.
It’s also brutally hard. Scalingo’s CEO put the difficulty in perspective: if the complexity of achieving ISO 27001 is a 1, SecNumCloud is a 10. As of mid-2026, roughly nine or ten providers hold an active qualification, with about a dozen more in the pipeline — OVHcloud, 3DS Outscale (Dassault), Oodrive, Worldline, Numspot, Cloud Temple, Scaleway’s dedicated IaaS among them.
It isn’t optional either. Under France’s Cloud au Centre doctrine (2023), SecNumCloud is mandatory for hosting sensitive French public-sector data, and ANSSI is pushing it toward Operators of Vital Importance and, via NIS2, Operators of Essential Services. That’s hundreds of health, energy, finance, and transport firms.

Modes of Thinking for Qualitative Data Analysis
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
BSI C5, precisely — and the nuance everyone gets wrong
BSI C5 — the Cloud Computing Compliance Criteria Catalogue — came from Germany’s BSI in 2016. It’s an attestation scheme: government-backed, but demonstrating that controls are implemented rather than qualifying the provider. It layers cloud-specific controls onto IT-Grundschutz, and it’s been a required baseline for German federal procurement since 2022. C5 High is roughly equivalent to EUCS Substantial in rigour. It is a genuinely good, mature security standard.
Now the nuance, because “C5 ignores jurisdiction” is the lazy version and it’s wrong.
C5 does include controls covering place of jurisdiction, data location, information-disclosure obligations, and full service description. It doesn’t ignore the question at all.
It requires you to disclose your jurisdiction. It does not require you to be immune from it.
That’s the entire difference between the two frameworks, and it’s the sentence to take into your next procurement meeting. Disclosure versus immunity. C5 tells you the gun is in the room. SecNumCloud requires there be no gun.
Practically: a C5-attested provider with a US parent still leaves you documenting and accepting residual CLOUD Act risk in your DPIA. C5 is a security floor, not a sovereignty ceiling.
Which is exactly why AWS’s European Sovereign Cloud — generally available since January 2026, entirely within the EU, physically and logically separate from all other AWS regions — carries its own dedicated C5 report. That separation is real engineering, and the C5 attestation is real. And Amazon Inc. remains subject to US law. Both statements are true simultaneously, and any honest analysis has to hold them together.

Falari Security Hat Baseball Cap – Gold or White Embroidery Security Front, Bill & Back – Adjustable Size – White (1pk)
- Embroidery Color Options: Gold or White 'Security' embroidery
- Full Coverage Branding: Embroidery on front, bill, and back
- Adjustable Fit: Back strap for customizable sizing
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
The joint-venture workaround — the 24% rule working as designed
Because US hyperscalers are structurally ineligible for SecNumCloud in native form, they’ve done the only thing the rule permits: change who’s in control.
S3NS — a Thales–Google venture, qualified in late 2025, with Thales holding operational control. Bleu — Capgemini and Orange, running on Microsoft Azure, with its J0 milestone validated in April 2025 and commercial availability targeted for the second half of 2026.
Read that correctly, because it’s the most interesting thing about the whole framework. SecNumCloud doesn’t ban American technology. It forces a change of control over it. You can have the Azure stack — but a French entity has to hold the keys, the operations, and the majority. The rule isn’t “no US tech.” It’s “no US control.“
Whether that’s principled or protectionist is the argument. That it works is not in dispute.
SecNumCloud certified cloud provider
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What the hyperscalers offer instead — and its honest limit
AWS publishes its own Sovereign Reference Framework (ESC-SRF) through AWS Artifact, covering governance independence, operational control, data residency, and technical isolation. It’s SOC 2 attested, with third-party validation expected during 2026. It is worth reading, and it represents serious engineering.
And its scope is precisely bounded: operational sovereignty — what AWS does, not what law applies to Amazon Inc. It is not equivalent to SecNumCloud, and AWS doesn’t claim it is.
Microsoft demonstrated the size of that gap better than any critic could. In May 2025 it stated that encryption features would make access to its European sovereign cloud technically impossible. One month later, it acknowledged it could not guarantee complete immunity from US authorities.
Thirty days between the marketing and the law. Keep that sequence in your back pocket for the next vendor meeting.
EUCS: the sovereignty tier that got deleted
The EU’s answer was supposed to be EUCS — the European Cybersecurity Certification Scheme for Cloud Services — with three levels (Basic, Substantial, High) and mutual recognition, so a provider certified in Germany wouldn’t have to repeat the whole audit in France.
There was going to be more. A “High+” tier carrying sovereignty requirements — EU ownership, no foreign-law exposure — modelled directly on SecNumCloud. France, backed by the CNIL, pushed hard for it.
Other member states and US industry called it discriminatory. Successive drafts stripped the capital-ownership criteria out under that pressure. As of mid-2026 the dossier is, in the French phrase, enlisé — stuck.
The consequence is the single most important thing to know about EUCS: an EUCS “High” certification does not immunize you against the CLOUD Act. A US-parent cloud can achieve EUCS High and still receive a CLOUD Act order. EUCS certifies security controls. It does not certify legal sovereignty, because the part that would have done so was removed.
So the sovereignty requirement didn’t die. It migrated — out of certification, into procurement.
CADA: the thing to actually watch
This is the part almost nobody in the AI conversation has caught up with yet.
The proposed Cloud and AI Development Act (CADA) — COM(2026) 502 final — would establish four Union assurance levels for cloud sovereignty in EU public procurement. Its own recitals say the quiet part with unusual candour: certification under the Cybersecurity Act “can address technical cybersecurity criteria but is not suited for addressing sovereignty concerns that go beyond these technical elements.”
Translation: Brussels has conceded that certification can’t solve sovereignty, and is moving the test into procurement law.
The mechanics matter. National labels wouldn’t be banned — but they wouldn’t automatically satisfy CADA either. A SecNumCloud-qualified provider would still need separate recognition under CADA’s Article 17. Level 1 would be the minimum for general public-sector work; Levels 2, 3 and 4 would apply to activities tied to preserving public order, based on risk assessment. And CADA’s scope is explicitly broader than cybersecurity: legal control, jurisdictional risk, data residency, supply-chain control.
If it passes in something like its current form, the badge on your vendor’s website stops being the thing that matters and the Union assurance level starts. Every sovereignty claim in European AI marketing right now is written against a rulebook that’s about to be replaced.
Meanwhile the Franco-German floor is being poured underneath it: ANSSI and BSI have issued a joint statement on cloud sovereignty criteria, committing to draft common criteria and — the operative word — a methodology specifying where failing to meet them is disqualifying. Strict data localization, exclusive application of European law, no access by non-European third parties. That’s two national agencies deciding not to wait for Brussels.
Gaia-X: why it stopped meaning anything
Founded jointly by France and Germany in 2019 and still cited in vendor decks, Gaia-X is about interoperability, portability, and transparency — not cybersecurity depth. A Gaia-X label means a provider participates in the federation and declares its data policies. It is not a security audit framework, and it is emphatically not a sovereignty test.
It also admitted AWS, Azure, and Google Cloud as members. One assessment of the result is hard to improve on: once Microsoft, Google, and AWS were inside Gaia-X, the initiative lost its purpose.
If a vendor’s sovereignty story leans on Gaia-X membership, that tells you something — just not what they intended.
The steelman: is this protectionism?
It deserves a straight answer: partly, yes — and the critique is serious enough that it killed EUCS High+.
The argument, made forcefully by the Cross-Border Data Forum and others: SecNumCloud’s ownership rules are explicitly protectionist and discriminatory; they breach the EU’s own trade commitments on non-discrimination and national treatment; France certified only French companies for years; and the practical effect — as with China — is to force foreign firms into local joint ventures to reach the market. Note that S3NS and Bleu are exactly that. The critics predicted the outcome correctly.
The counter is equally strong. The CLOUD Act is not hypothetical: it permits US authorities to compel US-incorporated providers and their subsidiaries to produce data in their possession, custody, or control regardless of where it physically sits, it bypasses Mutual Legal Assistance Treaties, and it provides no European judicial review. The EDPB has been clear that EU-law-bound providers can’t base transfers on a CLOUD Act request alone. If a foreign law can reach your data wherever you put it, then an ownership test isn’t protectionism — it’s the only control that actually works. Encryption doesn’t fix it; Microsoft said so itself, thirty days after saying the opposite.
Both things are true. It is simultaneously a legitimate security control and an industrial policy that advantages European vendors. Adults can hold that. What you shouldn’t do is pretend it’s only one of them.
The awkward arithmetic
Now the part that should make everyone in this debate uncomfortable — including me, because it tests a claim I made in this publication last week.
The 24/39 rule tests EU ownership. It does not test “non-American ownership.” Those are different things, and the difference has just become extremely relevant.
Cohere–Aleph Alpha. Europe’s newly anointed sovereign AI champion is roughly 90% owned by Cohere’s shareholders, and Cohere is Canadian. Canada is not the US, so the CLOUD Act genuinely doesn’t reach it — that’s real and it matters. But SecNumCloud doesn’t ask “are you American?” It asks “are you EU-controlled?” And 90% non-EU ownership blows through a 24% individual cap by a factor of nearly four.
There’s a layer nuance worth stating carefully: SecNumCloud qualifies services (IaaS, PaaS, SaaS, CaaS), not corporate groups. STACKIT — German-owned, Schwarz-controlled — could plausibly pursue qualification for its infrastructure. Cohere, as the SaaS/model layer sitting on top, on that ownership structure, could not. So the sovereign stack would be sovereign underneath and non-EU-controlled at the layer that touches your data. Whether that passes is a question for ANSSI and counsel, not a blog post — but the arithmetic is public and it isn’t close.
And Mistral? Here’s where I have to test my own framing. I wrote last week that Mistral “wins on the letter.” Does it?
Mistral AI SAS is French — good. ASML is Dutch, therefore EU, so its ~10% doesn’t count against the cap — good. But Mistral has raised somewhere between $3 billion and $5.5 billion, and the cap table includes a16z, General Catalyst, Lightspeed, Nvidia, Cisco, IBM, Salesforce, and DST Global — every one of them non-EU. Does the collective non-EU holding exceed 39%?
I don’t know. The cap table isn’t public. And that is precisely the point of this article: the loudest sovereignty claims in European AI are being made by companies whose compliance with Europe’s own sovereignty arithmetic has never been publicly tested. Nobody is asking. Everybody should be — including of the company I defended a week ago.
The buyer’s decision tree
Strip it to what you actually do on Monday.
Step 1 — name your threat model. Not “sovereignty” in the abstract. Which of these keeps you up: a foreign subpoena? A service cut-off under export controls? A competitor reading your engineering data? Political leverage? An outage? They have different answers, and only some of them are about jurisdiction.
Step 2 — decide whether jurisdiction is dispositive. If a foreign legal order compelling your data would be a catastrophe rather than an inconvenience, you are in ownership-test territory and security certifications cannot help you. If it wouldn’t be, ISO 27001 / C5 / SOC 2 are appropriate and the hyperscalers hold them all.
Step 3 — apply the DPIA test. Can you document and accept residual CLOUD Act risk? If yes, C5-class is fine. If no, only SecNumCloud-class qualifies — today.
Step 4 — check the layer. Sovereign infrastructure under a non-EU-controlled SaaS layer is not a sovereign stack. Ask which layer holds your data and which layer is qualified.
Step 5 — plan for CADA. Whatever you buy now will be re-scored against Union assurance levels. Ask for the roadmap.
The six questions to ask any vendor
- Who is your ultimate parent, and where is it incorporated?
- Will you state in writing that you are not subject to non-EU extraterritorial law? (Watch what happens.)
- What percentage of your capital and voting rights is held by non-EU entities?
- Who holds the encryption keys, and can you be legally compelled to produce them?
- Which of your certifications tests ownership, and which tests practice?
- What is your CADA recognition roadmap?
If a vendor can’t answer #1 and #3 immediately, the rest of the meeting is theatre.
The take
The European sovereignty market has produced an enormous amount of marketing and a very small amount of arithmetic. Badges are proliferating; CISPE launched yet another framework in April 2026, accusing the Commission’s own of favouring the incumbents it’s meant to constrain. DORA now designates AWS, Azure, and Google Cloud as Critical Third-Party Providers under direct EU supervision. Everyone is certifying everything.
Through all of it, one distinction holds: practice versus ownership. ISO, SOC 2, C5, Gaia-X, and EUCS-as-adopted all test how a provider behaves. SecNumCloud tests who controls it. Only one of those can survive a foreign court order, and the vendors know exactly which one — which is why they build joint ventures instead of arguing.
So don’t ask whether a provider is sovereign. That word has been marketed into meaninglessness. Ask the arithmetic question: who owns you, and what law reaches you? Then check whether their answer is above or below 24%.
And hold your own side to it too. If European AI sovereignty is worth defending — and I think it is — then the champions making the claim should be the first ones asked to show the cap table. Read the certificate, not the press release. Then read the shareholder register.
Sources: SecNumCloud referential v3.2, the qualification process, the 24%/39% non-EU capital and voting-rights caps, and the qualified-provider list via ANSSI’s official catalogue and analyses by Legiscope, Scalingo, Feel Agile and SoftwareSeni; the Cloud au Centre doctrine (2023) and NIS2/OIV/OES scope via the same; BSI C5 scope, jurisdiction-disclosure controls, the 2022 federal procurement baseline and the AWS European Sovereign Cloud C5 report (GA January 2026) via BSI and AWS’s own compliance documentation; AWS Sovereign Reference Framework via AWS Artifact; the Microsoft May–June 2025 sequence via SoftwareSeni; EUCS levels, the removal of capital-sovereignty criteria and the stalled High+ tier via sota.io, Legiscope and euCloudCost; CADA (COM(2026) 502 final) Union assurance levels and Article 17 recognition via the CADA proposal and cadafaq.com; the ANSSI–BSI joint statement on cloud sovereignty criteria via BSI’s published statement; Gaia-X scope via sota.io; the protectionism critique via Cross-Border Data Forum; DORA Critical Third-Party Provider designations (November 2025) and CISPE’s April 2026 framework via euCloudCost and SoftwareSeni; S3NS (Thales–Google) and Bleu (Capgemini–Orange/Azure) status as reported. CADA is a proposal and EUCS is not yet adopted — both may change materially. Ownership questions raised about specific companies are open questions based on public information, not assertions of non-compliance. Not legal advice: jurisdictional and procurement questions require qualified counsel. Analysis and framing are the author’s.