“Bleu and S3NS exist thanks to the ‘cloud at the center’ circular. […] EDF is merely implementing the state’s strategy as laid out by the ministers of the time.”
Alain Garnier, head of Jamespot, expresses a certain fatalism about the industrial group’s decision to rely on these two suppliers as a way to complement its private cloud.
Yann Lechelle, former CEO of Scaleway, echoes this view. He sees in Bleu and S3NS coercive joint ventures that benefit the “trusted cloud” model announced in 2021 by Bruno Le Maire. “The arrangement meets the terms of reference, which provide only a (very) partial answer to our situation,” he adds. He also contends that while data sovereignty is guaranteed (assuming the SecNumCloud qualification is achieved), technological sovereignty is not.
SecNumCloud doesn’t solve everything…
Alain Issarni shares this line of argument. “How can we speak of sovereignty when the underlying technology remains so controlled by the GAFAM?” asks the former head of NumSpot. EDF, he believes, aligns with the French state that, “with the Health Data Hub, refused for five years any exit from Azure.” He fears the group could fall into “the same trap” as the US Navy, which recently admitted it would take three years to disentangle itself from Microsoft’s cloud due to a lack of real reversibility.
A SecNumCloud qualification alone is not enough to erase structural dependencies, insists Alain Issarni: what happens if Google or Microsoft decides to stop updating? And how can we guarantee the sovereignty of the “digital escorts” (level-3 access), even as the United States Department of Defense has condemned this model, deeming Microsoft incapable of maintaining control?
… notably exposure to FISA
“The plan I imagined is taking shape,” comments Tariq Krim. The founder of Netvibes and former vice-president of the National Digital Council refers to a post he published in June 2025: “How the State Confiscated the Digital Sovereignty Market.”
In that post, Tariq Krim argues that by the end of Emmanuel Macron’s first term, three crises (“Covid, Trump I polarization, and the controversy around hosting the HDH at Microsoft”) served as a pretext for the State to retake control of “sovereignty” by sidelining the historical players. A semantic shift from “digital sovereignty” to “trusted cloud” neutralized the geopolitical dimension. Three poles then shaped the current doctrine, “each according to its own interest”:
- The DGE and the ANSSI drafted SecNumCloud, which locked market access
- Paris followed the recommendations of the big groups, who demanded a sovereign Office 365
- The presidency aims to keep supporting a start-up nation that remains highly dependent on the GAFAM
The “trusted cloud,” as promoted by the State, does not protect against FISA (Foreign Intelligence Surveillance Act), declares Tariq Krim. He points to the recent expansion of the scope of this American law, which now covers surveillance of infrastructures in addition to any software connected to a network, including when deployed on-site. During a Senate hearing, the ANSSI explained that it has a solution to guarantee immunity, but it has not performed a public demonstration.
Michel-Marie Maudet notes that EDF itself puts quotation marks around “trusted cloud.” “That is not incidental,” states the managing director of LINAGORA. He laments both a “disastrous message sent to the market” and a major strategic misstep for the CSF “Software and Digital Trust Solutions.”
