European organizations are finally getting a concrete way to balance the raw power of global AI with the strict demands of local law. On April 13, 2026, OpenText, the Waterloo-based data management giant, announced a strategic partnership with S3NS and Google Cloud to launch a hybrid sovereign cloud solution based in France. The move is a direct response to the growing tension between the need for hyperscale cloud innovation and the non-negotiable requirements of European data residency.
Here's the thing: for years, European firms have been stuck in a bind. They want the cutting-edge tools provided by US-based tech giants, but they can't risk their most sensitive data leaving the continent or falling under foreign jurisdiction. This new alliance aims to break that deadlock by creating a "trusted cloud" architecture. It allows companies to keep their "crown jewels"—the most sensitive workloads—within a locally governed environment while still tapping into global cloud services for everything else.
The heavy lifting behind this is handled by S3NS, a specialized venture fully owned by the French cybersecurity powerhouse Thales. S3NS isn't just another cloud provider; it's built specifically to meet the SecNumCloud standard, which is essentially the gold standard for security in France. By pairing this level of local certification with OpenText's enterprise software, the partnership creates a sanctuary for data that simply cannot afford a leak or a regulatory breach.
The Blueprint for a Hybrid Sovereign Cloud
The technical core of this partnership revolves around the PREMI3NS platform. This isn't a one-size-fits-all approach. Instead, the partners are deploying a hybrid architecture that splits data based on its sensitivity. For those managing high-stakes information—think patient health records or national security data—the setup offers a Dedicated Private Cloud. This environment will host OpenText Content Management and Documentum Content Management, ensuring that sensitive data never leaves the secure perimeter.
For slightly less critical but still regulated workloads, there is a "Sovereign SaaS" component. This includes OpenText Core Archive for SAP Solutions, delivered as a multi-tenant service. The twist is that while it's a shared service, it maintains strict European data residency. It's a compromise that gives businesses the efficiency of the cloud without the anxiety of where their data is actually physically sitting.
The regulatory framework here is dense. The solution is designed to satisfy not just the General Data Protection Regulation (GDPR), but also the specific SecNum 3.2 requirements. To put this in perspective, this is the same level of rigor used for government-grade cloud environments. OpenText is bringing a lot of baggage here—in a good way—drawing on its experience with FedRAMP in the US and Protected B deployments in Canada to ensure the French environment is airtight.
Why Sovereignty Matters Now
Shannon Bell, Chief Digital Officer and CIO of OpenText, made it clear that this isn't just about software; it's about trust. In a statement released on April 13, Bell noted that organizations across Europe are desperate for innovation that doesn't require them to surrender control. "OpenText is delivering on that need by pairing hyperscaler innovation with an independently governed operating model," Bell explained.
This perspective reflects a broader shift in the tech world. For a long time, the narrative was "move everything to the cloud." But turns out, that didn't work for the most regulated sectors. Banks, hospitals, and government agencies found that the risk of using a standard public cloud was too high. This partnership represents a pivot toward "sovereignty by design," where the governance is baked into the architecture from day one.
Industry insiders see this as a strategic play to fend off the increasing pressure from EU regulators who are wary of the "cloud act" and other US laws that might allow foreign governments to access data. By using S3NS as the local anchor, Google Cloud can effectively "localize" its presence in France, making its technology palatable to the most skeptical of government auditors.
Future Implications for the European Market
What happens next? While the initial rollout focuses on content management and archiving, the partners have already signaled that more solutions will be evaluated for inclusion. The real goal is a "secure AI at scale." AI requires massive amounts of data to train and operate, but if that data is sensitive, it can't be tossed into a generic public cloud. This hybrid model provides the secure pipe needed to run AI workloads without compromising sovereignty.
If this model proves successful in France, it's likely we'll see a ripple effect across the rest of the EU. Other nations with strict data laws—like Germany—could look at this Thales-Google-OpenText triangle as a blueprint for their own sovereign clouds. It shifts the conversation from "Can we use the cloud?" to "How do we use the cloud without losing our autonomy?"
Frequently Asked Questions
What exactly is a "sovereign cloud" in this context?
A sovereign cloud is a cloud computing environment that allows a country or organization to maintain full control over its data, including where it is stored and who can access it. In this partnership, it means using S3NS's French-governed infrastructure so that data remains subject to French and EU laws, rather than being subject to the laws of the country where the cloud provider is headquartered.
How does the SecNumCloud certification affect users?
SecNumCloud is a rigorous security qualification issued by ANSSI in France. For users, this means the platform has passed an extreme level of scrutiny regarding its operational security and technical controls. It provides a guarantee to highly regulated industries—like finance and healthcare—that the cloud environment is safe enough for their most sensitive citizen or patient data.
What is the difference between the Dedicated Private Cloud and Sovereign SaaS?
The Dedicated Private Cloud is a siloed environment for the highest-risk data, utilizing OpenText Content Management and Documentum. In contrast, the Sovereign SaaS (like OpenText Core Archive for SAP) is a multi-tenant service, meaning multiple customers share the infrastructure, but the system still ensures the data physically resides within Europe to meet residency laws.
Why is Google Cloud partnering with a French company like Thales/S3NS?
Google Cloud provides the massive scale and innovative AI tools, but as a US company, it cannot always meet the strict "sovereignty" requirements of French government agencies on its own. By partnering with S3NS (owned by Thales), Google can offer its technology through a locally owned and operated entity that satisfies national security and regulatory standards.
Sihle Tana
I am a journalist with a passion for covering daily news in Africa. My work has taken me across the continent, reporting on significant events and stories that impact communities. I strive to bring insightful and comprehensive news coverage to my readers.
hybrid cloud is the only way this actually works for gov agencies because they can't just dump everything on a public instance and hope for the best. the split between dedicated private for the crown jewels and sovereign saas for the rest is a solid architecture
This is such a great step forward for everyone! :)
yeah right like google cares about sovereignty. they just want a way to get their foot in the door with french gov contracts by hiding behind thales. its just a fancy way to say they're renting space to avoid being banned
The ontological shift here is the transition from mere data residency to actual digital sovereignty. We're seeing a decoupling of the utility layer-provided by the hyperscaler-from the governance layer, which remains localized. This creates a synthetic environment where the teleology of the cloud is no longer centered on US jurisdiction but is instead refracted through the prism of European regulatory frameworks, specifically the SecNumCloud standard. It is an attempt to reconcile the dialectic between global scalability and local autonomy, ensuring that the epistemic control over sensitive datasets is not surrendered to a foreign entity. By implementing this hybridity, they are essentially creating a legal firewall that prevents the extraterritorial application of the Cloud Act. This is not just a technical deployment but a strategic repositioning of power dynamics in the digital age, where the architectural design becomes the primary mechanism for enforcing political will. The use of S3NS as a proxy is a clever move to bypass the inherent mistrust of US-based corporations. It essentially treats the cloud as a commodity while keeping the sovereignty as a premium, managed asset. In the long run, this could lead to a fragmented internet, or a 'splinternet,' where regional silos are the norm rather than the exception. However, for highly regulated sectors, this fragmented approach is the only viable path forward to avoid systemic risk. The integration of OpenText's content management ensures that the metadata and the actual payloads remain within the sovereign perimeter, effectively neutralizing the risk of foreign subpoenas. It is a fascinating exercise in regulatory engineering.
totaly fake. thales just taking google money and calling it secure lol. wont stop the us gov from just asking for the data anyway
Actually, the SecNumCloud certification is a huge deal in the industry! It's basically the gold standard for operational security in France, so the technical guardrails here are way tighter than your average AWS region. It's all about that air-gapped feel while still having the API flexibility of a hyperscaler 🌟
I find it quite interesting how the partnership leverages the PREMI3NS platform to create this tiered access system, because if you look at it from a technical perspective, the distinction between the Dedicated Private Cloud and the Sovereign SaaS is crucial for balancing cost and security, especially since the Core Archive for SAP allows for a multi-tenant efficiency that would be impossible if every single regulated entity required their own physically isolated hardware, which would just be a nightmare to scale and maintain in the long run while still keeping the data residency strictly within the EU borders as required by GDPR.
absolute joke. why do they think a french company can stop google from snooping. its all a scam to make people feel safe while their data is still basically in the us
hope this laely helps the hospitals in france keep thier data safe
Pretty cool to see the US and France collaborating like this. It's a win-win for the tech side and the legal side.
If you're looking for the technical specifics, the SecNum 3.2 requirements are what really set this apart from standard cloud offerings. It's not just about where the server is, but who has the keys and who manages the hypervisor 🛡️💻
Why do we always trust the 'partnership' label? It's just corporate speak for 'we found a loophole' :)
this seems like a chill way to handle the data laws :)
This is exactly the kind of innovation we need! Let's push for more of these sovereign models across the globe!
The drama of it all! A US giant basically asking for permission to enter the French fortress. Absolute cinema.
While this is an acceptable start, it is laughable that the world relies on such rudimentary partnerships to achieve basic data sovereignty. India has far more robust potentials for indigenous cloud stacks that would render such clumsy alliances with Google unnecessary.
It is very encouraging to see such a professional implementation of security standards. I believe this will benefit many.
Love seeing this kind of teamwork 🚀 the future looks bright for data privacy!
The integration of the Core Archive for SAP via a Sovereign SaaS model is a key value prop here. It optimizes the TCO while maintaining the compliance posture required for EU residency.
I believe this approach provides a very stable foundation for those who feel hesitant about the cloud. It is truly a supportive move for the industry