| SOV-1 Strategic Sovereignty | SEAL-3 | |
| SOV-2 Legal & Jurisdictional Sovereignty | SEAL-3 | |
| SOV-3 Data & AI Sovereignty | SEAL-3 | |
| SOV-4 Operational Sovereignty | SEAL-3 | |
| SOV-5 Supply Chain Sovereignty | SEAL-3 | |
| SOV-6 Technology Sovereignty | SEAL-3 | |
| SOV-7 Security & Compliance Sovereignty | SEAL-3 | |
| SOV-8 Environmental Sustainability | SEAL-3 |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-1.1 | EU/EEA legal entity control | 4. Entirely within the EU | 125/125 | SEAL-4 | high | eu_entity (French company, HQ Puteaux, subsidiary of Euronext-listed Neurones SA, no non-EU parent) -> opt4. SecNumCloud 3.2 requires EU HQ and EU-majority capital (src: https://www.cloud-temple.com/en/press-releases/secure-temple-cloud-temples-iaas-offering-is-secnumcloud-qualified/). |
| SOV-1.2 | Change of control risk | 5. Very unlikely | 125/125 | SEAL-4 | high | Owned by French listed Neurones; SecNumCloud 3.2 caps extra-EU capital at 24% and bars foreign control, so takeover by a non-EU sovereign entity is very unlikely while qualified. |
| SOV-1.3 | Control over roadmap | 3. Governance bodies exist with EU actors participation | 83/125 | SEAL-3 | medium | EU-controlled provider; participates in Gaia-X and the CANUT public-sector framework giving EU actors governance channels -> opt3 (no formal customer roadmap-control body evidenced). |
| SOV-1.4 | Financial independence from non-EU capital | 5. Entirely EU-based funding | 125/125 | SEAL-4 | high | Funded by French parent Neurones and EU revenues; SecNumCloud 3.2 requires EU-majority capital (extra-EU <24%), so funding is essentially entirely EU-based. |
| SOV-1.5 | EU economic contribution | 5. Fully in the EU | 125/125 | SEAL-4 | high | All data centres, ~300 staff, revenue (EUR 52M 2024) and operations in France; economic contribution fully in the EU. |
| SOV-1.6 | Participation in EU strategic programs | 4. Strong participation | 94/125 | SEAL-4 | high | Gaia-X member (first European player certified Gaia-X Label Level 3) and winner of the French public-sector CANUT trusted-cloud framework; strong participation in EU/national sovereignty programs. |
| SOV-1.7 | Alignment with EU industrial strategies | 3. Measured achievement and dedicated governance | 83/125 | SEAL-4 | medium | Explicit sovereignty strategy with measured achievements (SecNumCloud 3.2 across IaaS/PaaS/bare metal/object storage, Gaia-X L3) and dedicated governance. |
| SOV-1.8 | Resilience to cut-off | 5. Full autonomy and continuity | 125/125 | SEAL-4 | medium | own_stack (software stack developed entirely in-house: OpenIaaS XEN-fork hypervisor, native S3/object storage, K8s; three France DCs) + SecNumCloud-mandated reversibility/exit plan -> vertically integrated EU provider with full autonomy & continuity -> opt5 (residual commodity x86 hardware only). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-2.1 | Primary legal jurisdiction | 3. Exclusively EU law | 167/167 | SEAL-4 | high | French legal entity governed exclusively by French/EU law; SecNumCloud 3.2 requires an EU entity not subject to non-EU jurisdiction -> opt3. |
| SOV-2.2 | Extraterritorial laws exposure | 5. Verified legal immunity, non-EU laws unenforceable | 167/167 | SEAL-4 | high | immunity (ANSSI SecNumCloud 3.2 designed to make CLOUD Act/FISA 702/EO 12333 unenforceable via EU-only ownership, jurisdiction and operations) -> opt5 verified legal immunity (src: https://www.cloud-temple.com/en/press-releases/cloud-temple-first-in-france-to-obtain-secnumcloud-qualification-for-a-paas-offering/). |
| SOV-2.3 | Data access pathways for non-EU authorities | 5. Requests always rejected by the provider | 167/167 | SEAL-4 | high | immunity, no foreign_parent (SecNumCloud-qualified French provider, no non-EU parent): not subject to compelled access and would reject such requests -> opt5 (src: https://www.cloud-temple.com/en/press-releases/secure-temple-cloud-temples-iaas-offering-is-secnumcloud-qualified/). |
| SOV-2.4 | Export control restrictions | 5. Part of offer shielded from restrictions towards EU MSs/intl orgs | 167/167 | SEAL-4 | medium | EU-owned SecNumCloud sovereign offer for EU/French public and regulated sectors; shielded from non-EU export-control restrictions toward EU MSs and intl orgs -> opt5. |
| SOV-2.5 | Origin of IP | 3. Mixed within/outside the EU | 84/167 | SEAL-4 | medium | Platform IP mixed: in-house open-source IaaS (OpenIaaS/XEN) EU-developed, but PaaS (Red Hat OpenShift) and AI (IBM watsonx) IP originate outside the EU -> opt3. |
| SOV-2.6 | IP holder jurisdiction | 3. Mixed law, some EU | 84/167 | SEAL-3 | medium | Own software held under French law, but licensed components (Red Hat/IBM, VMware) held by US-jurisdiction IP holders -> mixed law, some EU -> opt3. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-3.1 | Customer control over encryption keys | 5. Customer exclusive control - provider cannot read data | 200/200 | SEAL-4 | high | Sovereign KMS with HSM hardware root of trust inside the SecNumCloud enclave enabling customer-exclusive key control so the provider cannot read data -> opt5. |
| SOV-3.2 | Transparent data flows & access logs | 4. Full customer-controlled visibility, not real-time | 150/200 | SEAL-3 | medium | SecNumCloud mandates customer-accessible access/audit logging stored in the enclave; full customer-controlled visibility, real-time independent auditability not explicitly evidenced -> opt4. |
| SOV-3.3 | Secure deletion & proof of erasure | 4. Deletion technically verified with access logs | 150/200 | SEAL-3 | medium | SecNumCloud 3.2 requires verifiable secure deletion with access logging; technically verified, independent third-party erasure proof not specifically documented -> opt4. |
| SOV-3.4 | Data location strictly in EU/EEA | 5. Exclusively EU, no third-country fallback | 200/200 | SEAL-4 | high | eu_exclusive (all processed data hosted in three certified French data centres, no third-country fallback, as required by the SecNumCloud sovereign offer) -> opt5 (src: https://www.cloud-temple.com/en/press-releases/secure-temple-cloud-temples-iaas-offering-is-secnumcloud-qualified/). |
| SOV-3.5 | AI services sovereignty | 4. EU-led AI, foreign accelerators | 150/200 | SEAL-3 | medium | In-scope AI runs in the SecNumCloud sovereign enclave on NVIDIA GPUs and, via watsonx.ai, serves EU-origin/open-weight models (notably Mistral) under EU jurisdiction -> EU-led AI on foreign accelerators -> opt4 (seal 3), consistent with the cluster's SecNumCloud peers (src: https://www.cloud-temple.com/en/press-releases/cloud-temple-offers-secure-ia-on-a-secnumcloud-qualified-sovereign-cloud-with-watsonx-dibm/). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-4.1 | Portability & interoperability | 4. Formal migration services available | 125/167 | SEAL-4 | medium | Standards-based open-source IaaS/PaaS (XEN/OpenIaaS, K8s/OpenShift, S3) with documented export/migration services; positioned as a sovereign migration target -> opt4. |
| SOV-4.2 | Ability to operate without foreign dependencies | 5. Entire stack managed by fully EU-based team | 167/167 | SEAL-4 | high | eu_ops (SecNumCloud 3.2 requires the entire stack operated by EU-based teams under EU jurisdiction; operations managed by a fully France-based team) -> opt5. |
| SOV-4.3 | Skill availability in the EU | 4. All EU staff | 125/167 | SEAL-3 | medium | All staff based in France; SecNumCloud requires EU staffing with vetting; no explicit claim of full security clearance for 100% of personnel -> opt4. |
| SOV-4.4 | Support channels | 4. All support staff in EU | 125/167 | SEAL-3 | medium | Support delivered by France-based teams under SecNumCloud EU-operations requirements, no non-EU escalation; formal clearances for all support staff not documented -> opt4. |
| SOV-4.5 | Documentation & knowledge transfer | 4. EU-only primary repositories | 125/167 | SEAL-4 | medium | SecNumCloud sovereign French provider: documentation/knowledge held within EU/France, EU-only primary repositories with no evident non-EU exposure -> opt4. |
| SOV-4.6 | Subcontractor & supplier jurisdiction | 4. Ability to source alternatives or internalise | 125/167 | SEAL-3 | medium | Subcontractors EU-based per SecNumCloud; in-house open-source IaaS reduces lock-in giving ability to source alternatives or internalise -> opt4 (continuity). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-5.1 | Origin of components (physical parts) | 3. Transparent with exceptions | 72/143 | SEAL-3 | low | Operates from certified French data centres with supply transparent under SecNumCloud audit, but underlying server hardware is foreign with exceptions -> transparent with exceptions -> opt3. |
| SOV-5.2 | Manufacturing location | 3. Mixed sourcing, EU audit rights | 72/143 | SEAL-3 | low | Servers on foreign-designed commodity x86 (Cisco UCS/Dell/IBM/Juniper) integrated under SecNumCloud EU audit rights -> mixed sourcing, EU audit rights -> opt3. |
| SOV-5.3 | Embedded code/firmware provenance | 2. Partial disclosure | 36/143 | SEAL-4 | low | Firmware/microcode on commodity servers from foreign OEMs/chip vendors with only partial disclosure; SecNumCloud audits give some visibility but full firmware provenance not published -> opt2. |
| SOV-5.4 | Origin of software | 3. Core/essential parts maintained by EU teams | 72/143 | SEAL-3 | medium | Core IaaS software (OpenIaaS XEN-fork, orchestration, S3) maintained by EU teams; PaaS/AI add-ons (OpenShift, watsonx) foreign-origin but not the core -> core/essential parts EU-maintained -> opt3 (no foreign_core for the IaaS core). |
| SOV-5.5 | Software build/release jurisdiction | 4. EU control & execution | 107/143 | SEAL-3 | low | Cloud Temple controls and executes builds/releases of its own platform in France under SecNumCloud governance -> EU control & execution -> opt4. |
| SOV-5.6 | Single point of dependency | 4. Few non-EU in non-critical services, documented | 107/143 | SEAL-3 | medium | own_stack core IaaS: remaining non-EU dependencies are residual commodity hardware (documented, non-critical to continuity) -> few non-EU non-critical, documented -> opt4. |
| SOV-5.7 | Supply chain transparency | 4. Most suppliers auditable | 107/143 | SEAL-3 | medium | SecNumCloud 3.2 supply-chain requirements make most suppliers auditable; ANSSI audits the provider and critical subcontractors -> opt4. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-6.1 | Interoperability & open interfaces | 4. Standards-based and broadly compatible | 150/200 | SEAL-3 | medium | Standards-based, broadly compatible technologies (Kubernetes/OpenShift, S3-compatible storage, XEN/OpenStack) with documented APIs and portability -> opt4. |
| SOV-6.2 | Open standards compliance | 4. Policy for most core services | 150/200 | SEAL-3 | medium | Adopts open standards (S3, Kubernetes, SQL via managed MariaDB/PostgreSQL/Kafka) as a policy across most core services -> opt4. |
| SOV-6.3 | Open source availability | 3. Open source, centralised governance | 100/200 | SEAL-3 | medium | Core IaaS built on open-source software (OpenIaaS/XEN, Kubernetes, PostgreSQL, MariaDB, Kafka); open source with centralised/vendor governance rather than independent EU governance -> opt3 (EU-maintained core, not foreign_core). |
| SOV-6.4 | Service architecture transparency | 3. Some public insight | 100/200 | SEAL-3 | medium | Public documentation and architecture insight for its sovereign offerings plus deep audit access under SecNumCloud/Gaia-X -> some public insight -> opt3. |
| SOV-6.5 | HPC sovereignty | 2. EU-hosted, foreign stack | 50/200 | SEAL-3 | low | No EU-sovereign in-scope HPC; AI acceleration uses EU-hosted foreign (NVIDIA) stack within the French enclave -> EU-hosted foreign stack -> opt2 (seal 3). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-7.1 | Security certification (EAL) | 4. EAL3 | 107/143 | SEAL-3 | medium | SecNumCloud 3.2 (plus C5, ISO 27001, HDS) maps to EAL3-equivalent assurance per the key -> opt4 EAL3 (seal 3) (src: https://www.cloud-temple.com/en/press-releases/cloud-temple-first-in-france-to-obtain-secnumcloud-qualification-for-a-paas-offering/). |
| SOV-7.2 | EU regulatory compliance (GDPR/NIS2/DORA) | 5. Fully compliant to all, independently audited | 143/143 | SEAL-4 | high | ANSSI SecNumCloud 3.2 (IaaS/PaaS), ISO 27001, HDS, C5 and Gaia-X L3, all independently audited; full GDPR alignment and strong NIS2/DORA readiness -> opt5. |
| SOV-7.3 | EU-based SOC & incident handling | 4. Entire lifecycle by EU teams, EU threat intel | 107/143 | SEAL-3 | medium | SecNumCloud-required EU-operated security with France-based SOC/incident handling and EU threat intel; full lifecycle by EU teams (explicit ENISA sharing not documented) -> opt4. |
| SOV-7.4 | Control over security monitoring/logging | 4. Full direct access, logs stored in EU | 107/143 | SEAL-3 | medium | Customers get direct access to security logs stored in the French enclave under SecNumCloud; full access, EU-stored (tamper-proof immutability not explicitly claimed) -> opt4. |
| SOV-7.5 | Disclosure of incidents | 4. Partial compliance, monitored flow, SLAs | 107/143 | SEAL-3 | medium | SecNumCloud/GDPR/NIS2 require monitored incident disclosure with defined SLAs and national CSIRT notification; real-time sharing not explicitly stated -> opt4. |
| SOV-7.6 | Maintenance autonomy | 3. Moderate autonomy (notice + testing, except zero-day) | 72/143 | SEAL-4 | medium | Operates its own sovereign platform with notice-and-testing maintenance windows under SecNumCloud change-management -> moderate autonomy -> opt3 (seal 4). |
| SOV-7.7 | Auditability | 5. Full independent audit by any entity | 143/143 | SEAL-4 | medium | audit_rights: the SecNumCloud-qualified sovereign offer affords full audit rights to the contracting authority and independent EU bodies -> opt5 full independent audit. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-8.1 | Energy efficiency (PUE) | 3. PUE < 1.5 + roadmap | 125/250 | SEAL-4 | low | Modern certified French data centres with efficiency/carbon commitments; PUE <1.5 with a roadmap is a reasonable estimate, no provider-specific figure published -> opt3 (seal 4). |
| SOV-8.2 | Hardware reuse & recycling | 3. Documented program | 125/250 | SEAL-3 | low | CSR commitments and certified data centres with circular practices; a documented hardware reuse/recycling program is evidenced -> opt3 documented program (seal 3). |
| SOV-8.3 | Environmental impact reporting | 4. Detailed EU methodology | 188/250 | SEAL-3 | low | Backed by Neurones (CSRD-reporting Euronext-listed group) with a detailed EU sustainability methodology and stated carbon trajectory -> detailed EU methodology -> opt4 (seal 3). |
| SOV-8.4 | Energy supplies | 4. Only EU energy supplies (high renewable) | 188/250 | SEAL-4 | medium | Data centres on the low-carbon French grid (heavily nuclear/renewable, ~50 g CO2/kWh); only EU energy supplies with high low-carbon content -> opt4. |