24/7 Support
FAQ
 Dashboard
Account Balance:    
Europe's Sovereign Cloud Framework Just Changed the Game—And Google Found a Loophole

Europe's Sovereign Cloud Framework Just Changed the Game—And Google Found a Loophole

Apr 28, 2026 cloud infrastructure eu regulation cloud sovereignty seal framework data governance european tech policy cloud computing digital resilience

The EU's Big Cloud Sovereignty Decision

On April 17, something quietly significant happened in Brussels. The European Commission handed out €180 million in cloud infrastructure contracts to four European consortia—and in doing so, finally answered a question that's been politically fuzzy for years: What does "sovereign cloud" actually mean?

The answer? It's not what purists wanted to hear.

Meet SEAL: The Sovereignty Scorecard

Instead of banning foreign technology or mandating an all-European tech stack, the EU introduced SEAL—a four-tier framework measuring cloud sovereignty from SEAL-0 (basically no sovereignty protections) all the way to SEAL-4 (complete EU supply chain control, hardware to software).

The baseline for these contracts? SEAL-2. Most winners hit SEAL-3.

This is important because it takes "sovereignty" out of the realm of political rhetoric and puts it into measurable categories. It's infrastructure policy, not ideology. And that changes how the entire European cloud market develops.

The Winners and the Narrative Shift

Four consortia won contracts:

  • Post Telecom + OVHcloud + CleverCloud (Luxembourg)
  • STACKIT (Schwarz Group's cloud division—yes, the Lidl and Kaufland company)
  • Scaleway (French telecom subsidiary)
  • Proximus + S3NS + Clarence + Mistral AI (Belgium-led)

Three reached SEAL-3. One (Proximus) landed at SEAL-2.

Notice anything? This isn't a homogeneous European monoculture. It's a mixed ecosystem of telecoms, retail groups, startups, and—here's the controversial part—a Google joint venture.

The Google Factor: Governance Over Hardware

This is where things get interesting (and contentious).

S3NS is a joint venture between Google Cloud and Thales, the French defense and tech contractor. This partnership is the vehicle through which Google's cloud technology operates under French law and governance, with Thales holding operational authority.

And it won a SEAL-3 contract.

The Commission's official position is blunt: "Non-European technologies, when operated within a strict and appropriate framework, can meet the minimum level of sovereignty required."

Let that sink in. The EU just said: We don't care if your underlying technology is American. We care that Europeans control the governance.

Why This Distinction Matters More Than You Think

If you're a European startup or enterprise concerned about data sovereignty, this is either reassuring or disappointing, depending on your perspective.

The optimistic read: Sovereignty is about control, not about reinventing the wheel. If your cloud infrastructure is governed by EU regulations, operates under EU legal frameworks, and is operationally controlled by European companies, you've achieved the goal. You're not dependent on US trade policy shifts, sanctions regimes, or executive orders. That's real resilience.

The skeptical read: This lets Google into Europe's sovereign cloud market through a carefully structured legal arrangement. Yes, Thales provides governance oversight. But Google still maintains the underlying IP, the engineering talent, and—some would argue—the actual control. It's sovereignty with a French accent on top of American machinery.

The transparency data is worth noting: Google and Google Cloud entities had 14 pre-award meetings with the Commission during the tender process. OVHcloud had 8. Thales had 6. Mistral had 6. Those meetings clearly shaped the final framework.

What This Means for Your Cloud Strategy

If you're building infrastructure in Europe, SEAL just became your roadmap.

The framework acknowledges a practical reality: Europe doesn't have homegrown equivalents for everything (yet—Mistral AI's inclusion suggests that's changing). Rather than mandate technical purity, the EU created governance requirements that actually work.

For developers and startups, this means:

  • Clearer criteria for what "sovereign" infrastructure actually requires
  • More options than the traditional European providers alone
  • Real data residency guarantees through governance, not just promises
  • Potential leverage when negotiating with cloud providers about compliance and control

The Five-Year Horizon

This €180 million contract framework runs across six years, but the real story is what it signals. Europe is serious about cloud independence—but it's willing to be pragmatic about it. Governance over hardware nationalism. Control over reinvention.

That's either the EU being smart about technology economics, or clever at selling sovereignty theater. Or maybe both.

The next five years will tell us which interpretation was correct.

What's your take? Is EU cloud sovereignty with American technology under European governance good policy, or a compromise that undermines the whole goal? Drop your thoughts in the comments—especially if you're evaluating cloud providers for European deployments.

Read in other languages:

RU BG EL CS UZ TR SV FI RO PT PL NB NL HU IT FR ES DE DA ZH-HANS