TL;DR
A new analysis of European cloud and AI certifications finds that mainstream badges such as ISO 27001, SOC 2, BSI C5 and Gaia-X test security practice but not ownership or jurisdiction. Only France’s SecNumCloud framework tests whether a foreign government can compel access to data, using a hard cap: non-EU entities may hold no more than 24% of capital individually or 39% collectively. The proposed EU Cloud and AI Development Act (CADA) could replace the current patchwork of labels with four Union assurance levels for public procurement.
A widely cited stack of cloud certifications — ISO 27001, SOC 2 Type II, BSI C5 and Gaia-X membership — does not answer the question that decides regulated European cloud and AI deals: whether a foreign government can compel access to customer data. That is the central finding of an analysis published on 16 July 2026 by Thorsten Meyer AI, which identifies France’s SecNumCloud qualification as the only European framework that tests ownership rather than practice — through a rule capping non-EU capital and voting rights at 24% individually and 39% collectively.
According to the analysis, certifications fall into two distinct categories. ISO 27001, SOC 2, BSI C5 and, in its current draft form, the EU Cybersecurity Certification Scheme (EUCS) certify how a provider operates — access controls, encryption, incident response and audit trails. BSI C5 goes furthest among them by requiring disclosure of the place of jurisdiction, but it does not confer immunity; buyers must still document residual CLOUD Act risk in their data protection impact assessments. Gaia-X, meanwhile, is an interoperability initiative whose members include AWS, Microsoft Azure and Google, not a security audit.
SecNumCloud, administered by France’s ANSSI, is described as the outlier. Version 3.2 imposes more than 360 criteria — roughly ten times the complexity of ISO 27001 — including EU domicile, EU-only storage, audited key custody and the ownership cap. Only around nine to ten providers hold the qualification, among them OVHcloud, Outscale, Scaleway, Numspot and Cloud Temple. AWS, Azure and Google are structurally ineligible in their native form, which is why joint ventures such as S3NS (Thales and Google) and Bleu (Capgemini and Orange, on Azure) were created to change control over American technology rather than exclude it.
The analysis also flags AI-specific exposure: the Cohere–Aleph Alpha combination sits at roughly 90% Canadian ownership, about four times over the individual cap, while Mistral’s non-EU venture capital share has never been publicly tested against the threshold.
The 24% rule: why most “sovereign cloud” certifications don’t test sovereignty
ISO 27001. SOC 2. BSI C5. Gaia-X. Every badge real, audited, correctly displayed — and not one answers the question that decides the deal: can a foreign government compel your data? Exactly one European framework tests that. It does it with a number.
C5 does cover place of jurisdiction, data location & disclosure obligations. It requires you to declare which law reaches you. C5 tells you the gun is in the room.
Requires that no non-EU law can reach you at all — enforced by the ownership cap. SecNumCloud requires there be no gun. That’s the whole difference.
The proposed Cloud and AI Development Act (COM(2026) 502) would set four Union assurance levels for public procurement. Its own recitals concede the point: Cybersecurity Act certification “is not suited for addressing sovereignty concerns.” National labels won’t be banned — but a SecNumCloud provider would still need separate Article 17 recognition. If it passes, the badge on the vendor’s website stops mattering and the assurance level starts. Meanwhile ANSSI + BSI have jointly committed to common criteria specifying where failure is disqualifying.
Microsoft showed the gap better than any critic: May 2025 — encryption makes access “technically impossible.” One month later — cannot guarantee immunity from US authorities. Thirty days between the marketing and the law. SecNumCloud doesn’t ban American technology — it forces a change of control over it (hence S3NS = Thales+Google, Bleu = Capgemini+Orange on Azure). Is it also protectionism? Partly, yes — and that critique is exactly why EUCS High+ died. Both things are true. Don’t ask if a provider is “sovereign” — the word has been marketed into meaninglessness. Ask the arithmetic: who owns you, and what law reaches you? Then check whether the answer is above or below 24% — including for the European champions nobody has asked.
Why Ownership Now Decides European Cloud Deals
For buyers in regulated European industries — finance, health, public administration — the distinction between practice and ownership is becoming a procurement filter, not a technicality. A provider can pass every security audit and still be reachable by extraterritorial foreign law, and no encryption control changes who can be served a legal order. The analysis argues that sovereign infrastructure sitting under a non-EU-controlled SaaS layer is not a sovereign stack, making the ownership question relevant at every layer of an AI deployment, from compute to model provider.
The finding also reframes vendor due diligence. The analysis recommends asking any vendor for its ultimate parent and place of incorporation, the exact percentage of capital and voting rights held by non-EU entities, who holds encryption keys and whether the provider can be compelled to produce them. If a vendor cannot answer the ownership questions immediately, it says, the rest of the meeting is theatre.
ISO 27001 cybersecurity certification
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
How SecNumCloud Became the Sovereignty Benchmark
The debate over certification gaps predates this analysis. The EU’s EUCS scheme originally contemplated a “High+” sovereignty tier, but that tier was stripped out during drafting — a decision the analysis links directly to accusations of protectionism from industry and trade groups, including the Cross-Border Data Forum and CISPE. As drafted, EUCS High does not equal CLOUD Act immunity, and the scheme remains unadopted.
Microsoft illustrated the gap in mid-2025, according to the analysis: in May 2025 the company said encryption made access to data technically impossible, then roughly one month later acknowledged it could not guarantee immunity from US authorities. The piece concedes that SecNumCloud is partly protectionist in effect — but argues both things can be true at once, and that the word “sovereign” has been marketed into meaninglessness.
“Cybersecurity Act certification is not suited for addressing sovereignty concerns”
— CADA recitals, COM(2026) 502
Unanswered Questions on Mistral and CADA’s Fate
Several points remain open. Mistral’s non-EU ownership share has never been publicly tested against the 24% cap, and the analysis frames this as an open question drawn from public information — not an assertion of non-compliance. The same applies to other European AI champions whose cap tables have not been scrutinised against the threshold.
The legislative picture is equally unsettled. CADA is a proposal, not law, and its four Union assurance levels exist only on paper. How national labels such as SecNumCloud would map onto the new Article 17 recognition process — and whether the final text keeps the recital language dismissing existing certification for sovereignty purposes — is still to be decided. EUCS, meanwhile, remains unadopted with its sovereignty tier already removed.
CADA Vote and Joint ANSSI-BSI Criteria Ahead
The immediate milestone is the fate of the Cloud and AI Development Act (COM(2026) 502). If adopted, it would establish four Union assurance levels for public procurement, and the badge on a vendor’s website would stop mattering in favour of the assigned assurance level. National labels would not be banned, but even a SecNumCloud-qualified provider would need separate Article 17 recognition under the new framework.
In parallel, ANSSI and Germany’s BSI have jointly committed to developing common criteria that specify where failure is disqualifying — an effort that could harmonise the French and German approaches before CADA lands. The analysis predicts the assurance-level rulebook, not any existing certification, will be the framework the industry argues about by 2027. Buyers are advised to obtain legal counsel rather than treat any of this as settled compliance guidance.
Key Questions
What is the 24% rule?
It is SecNumCloud’s sovereignty test: capital and voting rights held by companies not based in the EU must not exceed 24% individually or 39% collectively. Because it is an ownership cap rather than a security control, it can be checked directly from a provider’s cap table.
Do ISO 27001 or SOC 2 certification prove data sovereignty?
No. According to the analysis, those frameworks certify security practice — controls, processes and audits — and say nothing about jurisdiction or which government’s law can reach the provider. Only SecNumCloud among European frameworks tests ownership.
Which providers currently hold SecNumCloud qualification?
Roughly nine to ten providers, including OVHcloud, Outscale, Scaleway, Numspot and Cloud Temple. AWS, Microsoft Azure and Google are structurally ineligible in their native form and participate only through European-controlled joint ventures such as S3NS and Bleu.
What is CADA and how would it change procurement?
The proposed Cloud and AI Development Act (COM(2026) 502) would create four Union assurance levels for public procurement. Its recitals state that existing Cybersecurity Act certification is not suited for addressing sovereignty concerns. If passed, assurance levels would displace today’s patchwork of national labels, though providers with national qualifications would still need separate recognition.
Is SecNumCloud a form of protectionism?
Partly, the analysis concedes — and that critique is exactly why the EUCS “High+” sovereignty tier was removed. But it argues the ownership test also reflects a genuine legal exposure, since no technical control overrides a foreign legal order served on a provider’s parent company.
Source: Thorsten Meyer AI