Nantes, France — Clever Cloud, a European cloud provider, announces the public beta launch of Clever Kubernetes Engine (CKE) on April 27, 2026, in the afternoon. The product will be previewed at Devoxx starting April 22, where attendees will be able to test it directly at the Clever Cloud booth.

Built for production and scalability

Kubernetes has become the standard for container orchestration. Clever Cloud spent two years developing a managed, sovereign version designed to integrate naturally into the Clever Cloud ecosystem and operate with the same simplicity as the platform's other services. CKE is built to handle real production workloads, with high scalability and predictable behavior at scale.

To achieve this, Clever Cloud developed Materia etcd, a reimplementation of Kubernetes' internal consistency layer built on FoundationDB. This foundational work — invisible to the end user — is what guarantees CKE's robustness and stability in production, notably through native auto-scaling and auto-healing capabilities.

CKE integrates natively with existing Clever Cloud services — Cellar object storage (S3-compatible), managed databases, IAM as a Service, Network Groups — and remains accessible via standard industry tools: kubectl, Helm, or GitOps.

Sovereign by design

Hosted and operated in Europe by Clever Cloud on its public cloud, CKE offers organizations a concrete alternative to the Kubernetes offerings of major American platforms, without compromising on performance or legal data control. CKE can also be deployed on the customer's own on-premises infrastructure.

Access details

The public beta is open to all Clever Cloud customers from April 27, 2026, via feature activation performed by the user. Notably, some customers have already had access through a private test for over six months, allowing the product to be refined before this general release.

"Clever Cloud has long developed alternatives to Kubernetes. Our customers expressed a clear need for this technology, and we decided to build it alongside them, with the level of technical excellence and sovereignty that defines our platform." — Quentin Adam, CEO of Clever Cloud

Learn more

A concrete response to sovereignty challenges and a new benchmark for European cloud

In a context of increasing reliance on non-European technologies, this decision highlights the ability of these three players to deliver concrete, competitive solutions aligned with European values.

Through this selection, the Commission demonstrates that technological performance can be combined with strategic control. It also confirms a multi-vendor approach, aimed at strengthening resilience and avoiding dependency on a single provider.

A European consortium serving the EU’s strategic autonomy

The selected consortium brings together leading and complementary European players, meeting the highest standards in terms of sovereignty, security and performance.

OVHcloud provides, through its OPCP platform, a standardized, scalable and operational cloud solution designed to deliver massive compute resources and enable rapid large-scale deployment via OPCP Core.

Clever Cloud contributes an advanced orchestration layer — including PaaS, containerization and managed services — enabling the management, automation and unification of complex environments. This approach supports hybrid architectures combining public cloud, private cloud and dedicated infrastructures with a high level of flexibility.

DEEP contributes both its hosting capabilities and its expertise in cloud, cybersecurity and artificial intelligence.

A strong signal for Europe’s digital future

This framework raises the bar for sovereignty requirements, encourages the adoption of European standards, and paves the way for more balanced competition in cloud and AI.

It also reflects strict alignment with the European Commission’s Cloud Sovereignty Framework, which sets high standards in terms of strategic and legal control, security and European compliance, dependency transparency, technological openness and environmental performance.

Octave Klaba, CEO of OVHcloud, said:“We are very pleased with the trust placed by the European Commission in our consortium. This project proves that strong alternatives exist in Europe, capable of meeting the highest standards. It also shows that when European players join forces, they make a difference.”

Quentin Adam, CEO of Clever Cloud, added:“We are very proud to have been selected. This is the result of significant collective work carried out with OVHcloud and DEEP. We have built a robust response capable of meeting the requirements of European institutions. What is interesting here is that technological sovereignty is no longer just a concept: it takes shape through infrastructures, platforms and players capable of operating together in production. It also proves that European players can cooperate effectively and strengthen the entire ecosystem.”

Sébastien Genesca, Managing Director of DEEP by POST Group, concluded:“We thank the European Commission for the trust placed in our consortium. Together with OVHcloud and Clever Cloud, we have carried out demanding and exciting work with a shared objective: to build a sovereign cloud offering by combining the best of our technological expertise, while sharing common European values.”

About OVHcloud

OVHcloud is a global player and the leading European cloud provider, operating more than 500,000 servers across 46 data centers on 4 continents, serving 1.6 million customers in over 140 countries. A pioneer of trusted and sustainable cloud with a competitive performance-to-price ratio, the Group has relied for over 20 years on an integrated model that ensures full control over its value chain — from server design to data center construction and operation, including the orchestration of its fiber optic network. This unique approach enables OVHcloud to independently cover all customer use cases, while promoting a responsible model with efficient resource usage and one of the lowest carbon footprints in the industry. Today, OVHcloud delivers next-generation solutions combining performance, price predictability, and full data sovereignty to support customers’ growth with complete freedom.

About DEEP by POST Luxembourg Group

DEEP by POST Luxembourg Group is an entity of POST Telecom S.A., a subsidiary of POST Luxembourg, bringing together all the Group’s telecom and ICT expertise to support the digital transformation of businesses and organizations. With more than 750 employees, DEEP is a leading partner for professional digital services in Luxembourg, the Greater Region, and internationally.

DEEP offers a comprehensive portfolio of services and solutions across seven technological domains, with Cloud, Cybersecurity, and Artificial Intelligence playing a key role. As both a Luxembourg-based player and a provider of critical services for the national economy, DEEP delivers solutions designed and operated by its own teams.

DEEP relies on some of the most advanced and resilient telecom and data center infrastructures in the country, recognized among the most robust in Europe. The convergence of telecom and ICT expertise enables DEEP to cover the entire value chain, from connectivity needs to data valorization.

More information: www.deep.eu – www.postgroup.lu

About Clever Cloud

Clever Cloud was founded in 2010 in Nantes, France, and specializes in cloud hosting and automation. Its platform enables applications to be deployed in just a few clicks, on public cloud environments as well as on customer infrastructures, without having to manage scaling or maintenance. At the same time, it ensures a high level of security and data control, in line with sovereignty requirements. Its customers include Airbus, Great Place to Work, MAIF, Docaposte, Fairphone, Solocal, and Limagrain.

Over the past 15 years, we built Clever Cloud to avoid that trade-off, to offer a versatile European platform with managed services, on infrastructure we control, from partners or yours. Where your application always runs the way you designed it.

A complete platform, not a compute layer

What sets Clever Cloud apart is not any single feature — it is the breadth of what runs natively on the platform, managed by our team, on our infrastructure.

Deploy applications in 18 runtimes: Node.js, Bun, Python (with uv), Java (Gradle, Maven, WAR), PHP, FrankenPHP, Ruby, Go, Rust, .NET, Elixir, Scala, Haskell, V, Meteor.js, Docker, and two static runtimes — one based on Static Web Server/Caddy with automatic SSG detection (Hugo, Astro, Docusaurus, Zola, VitePress, Nuxt, MkDocs, mdBook, Storybook), the other on Apache with .htaccess support for SPAs and rewrite rules. If none of these fit, push a Dockerfile — full filesystem, TCP/UDP ports, multiple processes, your rules.

But compute is only the beginning. The platform includes managed PostgreSQL (versions 14–18, 40+ extensions, replicas, Pgpool-II), MySQL, MongoDB, Redis, Elastic Stack, and Materia KV — a serverless key-value store built on FoundationDB, replicated across three datacenters, with a Redis-compatible API. S3-compatible object storage with Cellar. Persistent filesystem with FS Buckets. Distributed pub/sub messaging with Apache Pulsar. An API gateway with Otoroshi. Identity management with Keycloak. Business intelligence with Metabase. Privacy-respecting analytics with Matomo. Git hosting with Heptapod. Transactional email with Mailpace. Easy ways to deploy preview applications from GitLab or GitHub.

Every database can be encrypted at rest with LUKS2/AES-XTS. Every service is provisioned as a managed add-on — one click, environment variables injected, integrated with your applications.

Co-built with open-source partners, integrated as managed services

Several of these services — Otoroshi, Keycloak, Metabase — are not just products we bundle. We co-build them with their respective communities, contribute, and operate them as fully managed offerings on our infrastructure. When we add a feature to Otoroshi or work on Keycloak's deployment model, that work benefits the open-source project and every Clever Cloud customer.

This approach extends beyond software. We are building an ecosystem of partners — resellers, system integrators, and technology partners — who bring domain expertise on top of the platform. Our academy trains teams to operate confidently on Clever Cloud, from onboarding to production. The goal is not to lock anyone in, but to create a network of people and organisations who know how to build well on European infrastructure.

Request flow: a programmable middleware chain

HTTP traffic on Clever Cloud does not go straight from the internet to your application. It passes through our Rust-based load balancer Sōzu and you can configure a chain of middleware — the Request Flow — that you control with a single environment variable.

Set CC_REQUEST_FLOW to compose a pipeline from built-in services: Varnish for HTTP caching, Redirection.io for URL rewrites and SEO-friendly redirects, OAuth2-Proxy for authentication, Otoroshi Challenge for request verification. Or plug in your own reverse proxy with CC_REQUEST_FLOW_CUSTOM, the platform handles port allocation automatically.

Need to cut public HTTP access entirely while keeping private networking alive? Set the flow to block. The platform returns a 200 OK to health checks while refusing all other traffic. Your application stays reachable through Network Groups, but invisible from the internet.

This is not a feature you find on most PaaS. Typically, you either get a fixed reverse proxy you cannot configure, or you set up your own Nginx/Caddy/HAProxy and manage it alongside your application. On Clever Cloud, the middleware layer is a first-class platform service.

Mise: one config file for tools, tasks, and environments

Every Clever Cloud runtime comes with Mise and can automatically add tools before the build phase. Drop a mise.toml at the root of your project, and Mise handles tool versions, environment variables, and build/run tasks declaratively.

This means you can install Deno on a Node.js runtime, get Bazel to build your project, pin a specific Hugo version on a Static runtime, or define build commands that work identically on your laptop and in production — without writing shell scripts or customising buildpacks. On the Linux runtime, Mise tasks are first-class: the platform checks for CC_BUILD_COMMAND/CC_RUN_COMMAND first, then Mise tasks, then Makefile targets.

Private networking with WireGuard and Tailscale

Network Groups create encrypted WireGuard overlay networks between your applications, add-ons, and external peers. Each member gets internal DNS resolution (<memberID>.m.<ngID>.cc-ng.cloud), all ports are accessible within the private network, and traffic never touches the public internet. Build microservice topologies where services communicate privately and only the API gateway faces the public.

For teams already using Tailscale, the integration is native: set TAILSCALE_AUTH_KEY and each application instance joins your Tailscale network as CC-<NAME>-<INSTANCE_NUMBER>. Use TAILSCALE_LOGIN_SERVER to point at a self-hosted Headscale control server. Accept DNS settings, advertise routes — it works the way you expect.

We also support IPSec and OpenVPN for environments that require them. Dedicated outgoing IP addresses are available for firewall whitelisting.

API first, AI ready

Clever Cloud is exposed as an API, built with Infrastructure-as-Code in minde. We built our own integrations on top of it. From the web Console to Terraform provider and major tools such as Kubernetes Operator, the Clever Tools CLI and its amazing AI Skills.

To ease AI usage, we provide LLMs.txt documentation summary, all pages are provided in Markdown format when requested by your favorite tools. Want to explore a deployed application ? clever ssh gives you a shell on your production instances, but you can also use clever ssh --command 'any command' and directly get the results. A great feature when you need Claude Code, Codex, Gemini or OpenCode to debug a running application.

Observability: Grafana, Warp 10, and custom metrics built in

Every service comes with a Grafana dashboard. CPU, RAM, disk, network, and requests per second are collected automatically. Pre-configured dashboards live in a "Clever Cloud" directory, and you can create your own, including alerts that notify you when consumption crosses a threshold.

Under the hood, metrics are stored in Warp 10, a geospatial time-series database with microsecond precision you can query with WarpScript — a stack-based language.

For custom instrumentation, push to StatsD on port 8125 or expose a Prometheus endpoint on localhost:9100. The platform collects over 170 Telegraf metric classes, all labelled with owner_id, app_id, host, and deployment_id. Blackfire profiling and New Relic integration are available for deeper application-level analysis.

Most platforms charge extra for observability, limit retention to hours or days, or require you to set up external tooling from day one. On Clever Cloud, logs are retained for 7 days with regex search, access logs come in multiple formats (CLF, JSON with geolocation and TLS version), and log drains forward to Syslog, Elasticsearch, Datadog, or New Relic without per-gigabyte surcharges.

Otoroshi: API gateway, WAF, and LLM gateway in one

Otoroshi is not just a reverse proxy. It is a managed API gateway that includes a Coraza WAF running OWASP Core Rule Set in WebAssembly — detection or prevention mode, custom rules per domain, audit logs for compliance. No "Enterprise tier required" caveat.

The LLM extension turns Otoroshi into a unified gateway for large language models, exposing an OpenAI-compatible API that routes multiple providers: OpenAI, Anthropic, Mistral, Cloud Temple, DeepSeek, Gemini, Groq, HuggingFace, Ollama, OVHcloud, Scaleway and others. Semantic caching reduces redundant calls. Quota management controls costs. Automatic failover switches providers transparently when one is down. Prompt fencing prevents sensitive information leakage. MCP (Model Context Protocol) support lets you build tool-using agents.

This runs as a managed service on your Clever Cloud account — no separate vendor, no per-token markup. It's the tool we chose to build the technology at the core of Clever AI.

Clever Tasks: run, pay, stop

Not every workload is a web server. Clever Tasks are applications that execute a command and shut down. Define any application as a Task, set CC_RUN_COMMAND="python manage.py migrate", trigger with git push or clever restart, and the scaler runs for exactly as long as the command takes. You pay for build and execution time, per second.

Use them for database migrations, test suites, file conversions, data processing, compilation jobs — anything that should not run on an always-on instance. Chain multiple commands with && or wrap them in a script. Every environment variable from your application is available.

This is fundamentally different from cron-based schedulers with 10-minute minimum intervals, 5-task limits, and "execution is expected but not guaranteed" disclaimers. A Clever Task runs when you tell it to, for as long as it needs to, and stops when it is done.

European infrastructure, real sovereignty

Clever Cloud runs on infrastructure we operate across many regions: Paris, Gravelines, Roubaix, London, Warsaw, Montreal, Singapore, and Sydney. We partner with European providers — OVHCloud, Scaleway — and do not depend on a single US hyperscaler. Our approach to sovereignty is structural: 100% French capital, European-only hosting, no exposure to extra-territorial legislation.

Several regions carry HDS certification (Hebergement de Données de Santé), the French regulatory standard for hosting health data. This applies to all managed databases in those regions — PostgreSQL, MySQL, MongoDB, Redis, Elastic Stack — not just a subset. It is not an add-on with a monthly surcharge; it is built into the infrastructure. For organisations requiring the highest level of qualification, we also offer SecNumCloud-grade options within our cloud offer.

Data stays in the region you choose. There is no "default to us-east-1" behaviour, no background replication to a jurisdiction you did not select, no fine print about processing data in another country for operational purposes.

Predictable pricing

Billing is per second, based on instance size and runtime duration. Not per invocation. Not per request. Not per edge cache hit. Not per million operations on a key-value store. Your monthly bill varies by roughly ±5%, because it tracks actual compute usage — not traffic spikes multiplied by unit rates you did not notice in the pricing page.

Log drains do not cost per gigabyte. Grafana dashboards and Warp 10 metrics are included. Databases backups are included. Observability is included. You do not need to budget for six line items just to see how your application is performing.

What we are building next

We know where the platform needs to grow and listen to market needs Clever Kubernetes Engine is our current development priority. But we also work on many new features and services. Feel free to tell us what you expect the most.

This transformation is taking place within a context of cost reduction, rationalization of existing infrastructures, and the pooling of IT resources.

In this constrained environment, the question is not only which provider or technology to choose, but which application execution model is best suited to the project at hand. PaaS (Platform as a Service) is one of the available options, provided its benefits, limitations, and applicable frameworks are clearly understood.

Challenges and issues specific to the public sector

Public organizations face structural constraints that directly influence their technical decisions. Budget pressure is constant, with explicit objectives to control or even reduce IT operating costs. Technical teams are often understaffed, with recruitment challenges for specialized roles such as system administrators, developers, cybersecurity experts, and cloud or DevOps engineers.

In addition, public organizations often rely on a heterogeneous and sometimes aging application landscape, built on technologies or environments that are no longer maintained or are difficult to evolve. Security, availability, and regulatory compliance requirements are high, while project timelines must remain aligned with the operational needs of administrations, local authorities, and public institutions.

How PaaS can address these challenges in the public sector

Using a cloud platform can address part of these challenges, without being a universal solution. One of its main benefits is the reduction of operational workload. In practice, this means that operating systems, application runtimes, deployment processes, restarts, and monitoring mechanisms are managed at the platform level. Technical teams no longer need to handle day-to-day infrastructure management and can focus on developing, improving, and maintaining applications.

From a security and update perspective, an application hosting solution also helps maintain technical environments more consistently up to date. In the public sector, where legacy management is a key concern, this reduces risks associated with obsolete systems, unmaintained dependencies, and delayed security patching. While this approach does not eliminate existing legacy systems, it helps structure their operation and supports gradual modernization without requiring a full overhaul of the information system.

In this context, a PaaS for public services can be a relevant lever, provided it is selected for clearly identified use cases.

Not all public projects fall under the same deployment framework

Public sector digital projects vary widely. An internal business application, a citizen-facing digital service, a data platform, or a research project do not involve the same constraints or levels of requirements.

Some contexts, particularly those related to defense or the processing of sensitive information, require enhanced guarantees in terms of security, control, and sovereignty. In such cases, specific qualification frameworks such as SecNumCloud may be required, limiting the available technical options. PaaS is therefore not suitable for all scenarios, and its use must be assessed based on data sensitivity and applicable regulatory requirements.

Existing public frameworks for deploying PaaS

Contrary to common belief, public sector organizations already have operational frameworks to access compliant cloud and application hosting services.

For administrations and public institutions, using UGAP provides access to a national purchasing body with pooled and legally secure contracts.

At a regional level, initiatives such as La Fabrique IA Territoriale, led by GIGALIS, offer local authorities and institutions in the Pays de la Loire region a structured framework to access digital and cloud services, with a focus on mutualization and support.

In the healthcare sector, hospitals can rely on Resah, which references solutions tailored to the specific requirements of healthcare environments.

These frameworks do not define technical use cases but provide concrete access points to services compliant with public procurement regulations.

When PaaS is particularly relevant

A managed cloud model is especially well suited when the goal is to build a new application without the need to handle system administration. It is also relevant for modernizing or refactoring existing applications, where the main objective is to simplify operations while improving reliability and security.

For application projects requiring fast deployment cycles, better cost predictability, and reduced administrative overhead, a cloud offering for public sector organizations can be a consistent choice, provided the functional and regulatory scope is clearly defined.

Key considerations before making this choice

Before choosing a PaaS, several factors must be carefully evaluated: the actual scope of platform responsibility, reversibility conditions, data location and protection, and alignment between data sensitivity and the guarantees provided. These elements determine whether the model is appropriate and sustainable over time.

Are you working on an application project within a public service and wondering whether a PaaS model is relevant in your context?

Identifying the right contractual framework helps save time and ensures compliance with public sector digital projects.

Or access Clever Cloud directly via public platforms:
UGAP for administrations and public institutions, La Fabrique IA Territoriale for organizations in the Pays de la Loire region, and Resah for healthcare institutions.

For years, cloud has been discussed primarily in terms of cost, scalability, and developer experience. Today, geopolitical risk is forcing a different conversation. Those dimensions matter. But geopolitical instability is forcing a different conversation — one about resilience, continuity, and control.

Geopolitical instability is now a cloud risk

Recent events in the Gulf have made this tangible. When regional tensions affect energy systems, logistics routes, and physical infrastructure, the consequences extend beyond ports and shipping lanes. They reach data centers, cloud platforms, and application availability. Both private and public actors may find their ability to operate significantly impaired.

Digital infrastructure is never purely virtual

The point bears repeating: digital infrastructure is physical. Cloud resilience starts with a simple fact: digital services depend on physical infrastructure, legal jurisdictions, supply chains, and people on the ground. Data centers, connectivity, power supply, and maintenance all depend on local conditions, local access, and local stability. When those conditions deteriorate, digital dependence becomes operational exposure.

Strategic digital autonomy deserves to be treated as a matter of preparedness, not ideology.

This does not mean isolation or withdrawal from international partnerships. It means ensuring that critical capabilities remain under trusted legal, technical, and operational control, particularly when the external environment becomes volatile.

For governments, regulated industries, and strategic enterprises, the question has evolved. It is no longer only about where workloads are hosted. It is about whether essential services can remain available when a region becomes unstable, when connectivity is degraded, when legal exposure shifts, or when infrastructure concentration creates systemic risk.

Resilience depends on control, not only scale

Scale brings clear advantages. But scale, resilience and control are not the same thing. Global platforms can also create dependencies that are easy to underestimate in stable times: single-provider concentration, single-region exposure, external jurisdiction, and logistical fragility. A major disruption does not need to take down an entire system. It only needs to affect enough of the stack to slow or paralyze operations.

In other words, cloud risk is no longer just a cybersecurity or procurement issue. It is also a matter of continuity, jurisdiction, and concentration. This is why sovereign and trusted cloud models should now be considered core elements of resilience planning.

In practice, that means protecting critical workloads on infrastructure that can be governed with confidence. It means reducing single-provider dependency, designing architectures that withstand degraded conditions, aligning legal jurisdiction with strategic interests, and investing in local skills, local operators, and local capacity.

In peacetime, these choices can appear redundant. In a crisis, they become the difference between disruption and continuity.

What is unfolding in the Gulf today confirms a broader trend: digital infrastructure now belongs to the same strategic tier as energy, logistics, and communications routes. The same geopolitical shock that disrupts supply chains and industrial activity can disrupt cloud availability in parallel.

What policymakers and executives should now assess

This should lead policymakers and executives to ask more direct questions. Who controls the infrastructure we depend on? Under which jurisdiction does it operate? How quickly can critical workloads be moved or isolated? Can essential services continue under degraded conditions? Do we genuinely control our continuity plan, or have we outsourced too much of it?

Cloud strategy is no longer an IT discussion. It is a matter of economic security and strategic independence.

For critical services, resilience must now be designed into the cloud strategy itself. The question is no longer whether to adopt the cloud. It is who remains operational when stability can no longer be taken for granted.

The bill extends to major local authorities the data protection obligations introduced by the SREN Act, thereby reinforcing the “cloud-first” doctrine. It also provides for derogation mechanisms for projects already underway or in cases of technical difficulties or significant additional costs. These provisions underline the need for pragmatic implementation while maintaining the central objective of effectively securing sensitive public data.

As an engaged actor within the French cloud ecosystem, we welcome this initiative, which aims to involve all stakeholders in the public debate on securing digital public procurement.

The Law Committee will examine the bill on 25 February. At the initiative of Philippe Latombe, Member of Parliament for Vendée (1st constituency) and rapporteur of the text, a roundtable discussion organised on 20 February will bring together several cloud providers operating in France, including Clever Cloud, OVHcloud, Orange Business Services, Scaleway, Outscale, Cloud Temple and Numspot.

Cloud obligations extended at the territorial level

Article 31 of the Act of 21 May 2024 on securing and regulating the digital space (SREN Act) already governs the use of cloud services by the State and its operators when processing sensitive data. It requires that such data be effectively protected against any access by foreign public authorities not authorised under European Union law.

The bill inserts Article 31-1 to make this mechanism applicable to regions, départements, municipalities with more than 30,000 inhabitants, urban communities, metropolitan authorities, and other major inter-municipal public establishments.

This provision builds upon Article 31 of the SREN Act and aligns with broader European developments, notably the entry into application of the Data Act in September 2025. It aims in particular to limit public authorities’ exposure to the effects of extraterritorial legislation, thereby extending to the territorial level a mechanism previously centred on the State.

A collective responsibility

Clever Cloud welcomes the opportunity to contribute to the parliamentary work on this bill.

“This hearing reflects a crucial awareness: the protection of public data can no longer be considered solely at the level of central government. Local authorities hold and process significant volumes of sensitive data that are essential to the continuity of public services and the protection of citizens. Supporting them in adopting solutions that ensure genuine legal security is not optional — it is a collective responsibility,” said Quentin Adam, CEO of Clever Cloud.

Clever Cloud intends to actively contribute to the legislative debate and to support local authorities in implementing technically reliable and legally secure solutions.

Since its launch, the UP Programme has supported early-stage and growing technology companies at various levels of maturity, with a strong focus on technical robustness, cloud infrastructure mastery, and the ability to scale a product over time.

Previous selections have welcomed startups from a wide range of sectors, including data, Green IT, fintech, healthtech, and legaltech. To discover them:

• Clever Cloud welcomes the first startups of the UP Programme
• UP Programme: Who are the newly selected startups?
• UP Programme: Discover the startups from the third cohort

The startups selected for this fourth edition

Moustache AI – Custom AI conversational agents

Moustache AI develops customised conversational and voice-based AI agents designed to adapt to the specific business use cases of each organisation.

The solution automates a large share of incoming requests while maintaining a high level of control over data, hosting, and regulatory compliance. Agents can be deployed quickly and integrated into existing tools, without heavy technical dependencies.

Diag n’Grow – Valuation of intangible assets

Diag n’Grow provides a platform for the financial valuation of companies’ intangible assets, such as software, patents, trademarks, data, or know-how.

The solution targets startups as well as SMEs and mid-sized companies facing challenges related to financial management, taxation, restructuring, or fundraising. Its goal is to deliver a clear, documented view of the real value of these assets, which are often underestimated in traditional financial statements.

Swily – Business software for self-employed nurses

Swily is a software solution designed to simplify the day-to-day work of self-employed nurses. The platform enables the management of patient rounds, medical records, billing, and electronic transmission, through an application built for field usage.

Developed in close collaboration with healthcare professionals, the solution addresses strict requirements in terms of reliability, data security, and service continuity, which are critical in the medical sector.

LeCoffre.io – Secure document exchange for notaries

LeCoffre.io is a secure document exchange and collection platform designed by and for notaries.

The solution aims to replace sensitive document exchanges via email, relying on advanced encryption and traceability mechanisms. Data is hosted in France and complies with strict requirements in terms of data sovereignty and regulatory compliance.

Expert-Flow.ai – AI platform for judicial experts

Expert-Flow.ai develops an artificial intelligence platform dedicated to judicial experts, designed to automate and structure the entire expert assessment process, from judicial requisition to final report delivery.

The solution significantly reduces the time spent on administrative tasks through automatic data extraction, interview preparation assistance and guided report drafting. Built for sensitive use cases, the platform meets high standards of security, confidentiality and regulatory compliance.

A new selection reflecting the supported ecosystem

The startups joining the UP Programme today operate in demanding environments, where technology lies at the very core of the product.

Artificial intelligence, finance, healthcare, or legaltech: these projects are already in production or in acceleration phases, facing concrete challenges related to performance, security, compliance, and scalability. These are issues commonly encountered by startups once infrastructure becomes a structuring concern. This is precisely the context in which their integration into the UP Programme takes place.

The UP Programme: a structured support framework

The UP Programme has been designed to support technology startups beyond the initial deployment phases. It combines cloud credits, technical support, access to Clever Cloud teams, regular exchange sessions, and increased visibility, enabling founders and product teams to focus on what matters most: building and evolving their solution.

Are you a startup and looking to join the UP Programme?

The next UP Programme selection will take place on May 16, 2026. Startups wishing to apply can already submit their application and start discussions with the Clever Cloud teams.

Founded in 2010 in Nantes, France, Clever Cloud has established itself as a prominent player in the European cloud computing landscape, specializing in innovative Platform as a Service (PaaS) solutions. Our core mission is to empower developers by providing a reliable, scalable, and secure infrastructure that enables seamless application development, deployment, and management. Clever Cloud is firmly committed to the principles of digital sovereignty, European values while advocating for a resilient and strategically autonomous digital ecosystem. We believe that Europe must prioritize its digital ecosystem to ensure that businesses and public authorities can operate independently without reliance on inadequate non-European solutions. Our expertise, underscored by a workforce composed of over 70% developers and engineers, positions us as a company of experts dedicated to both technical excellence and strong ethical European values.

As an active participant in the European legislative framework, Clever Cloud engages with critical initiatives aimed at enhancing Europe’s digital sovereignty. We contribute to the development of key frameworks such as the Digital Markets Act (DMA), the EU Cybersecurity Act and of course the forthcoming EU Cloud and AI Development act among others... Our involvement in organizations like Eurosmart, European Alliance for Industrial Data, Edge & Cloud, France Digitale, the Open Internet Project, and CISPE reflects our commitment to advocating for robust European certification schemes and ensuring that the cloud infrastructure respects and protects user rights. Through partnerships with leading European technology firms while preserving market freedom. In fact, we are building a cohesive digital ecosystem that fosters innovation, real free competition  while preserving individual freedoms. Our dedication to creating and contributing to open-source projects further demonstrates our belief in collaboration as a means to strengthen Europe’s digital sovereignty.

At Clever Cloud, we recognize that true digital sovereignty is essential for economic resilience and technological independence. By championing strategic policies and fostering a community of like-minded stakeholders, we are committed to shaping a future where Europe’s digital landscape remains robust, secure, and innovative. Since 2019, Clever Cloud is highly concerned about the future economic prosperity of Europe. 

As a matter of fact, in the realm of the revision of the EU Public Procurement rules,  we do call for a Small Business Act as well as a clear Buy European Tech Act  within public procurement at the EU Level. Not just a speech act but clear deeds to leverage European SMEs innovation. That could finally serve the interest of the whole European Union.

Introduction : A Strategic Moment for Europe

A Strategic Moment for Europe: From Declaratory Sovereignty to Strategic Action

Unless we act, Europe is entering a decisive geopolitical and economic moment—one that increasingly verges on  economic warfare. Recent developments make one fact unmistakably clear: the era in which the European Union could rely on implicit alignment, goodwill, or regulatory influence alone has come to an end. Power is once again being exercised explicitly—through markets, technology, and industrial policy.

This shift was made explicit in the United States National Security published in November, which signals a profound change in how Europe is perceived. No longer framed primarily as a strategic partner, Europe is increasingly presented as a market to be shaped, influenced, and brought under greater U.S. economic influence. The document does not merely identify European vulnerabilities; it incorporates them into a broader geopolitical strategy aimed at opening European markets to U.S. goods and services, re-engineering Europe’s internal trajectory, and ensuring that Europe “stands on its own feet” — but explicitly in ways aligned with U.S interests.

With regard to technological policy, the European Union’s Digital Acquis has come under sustained and increasingly explicit attack. This shift has not remained confined to abstract debate; it has been echoed publicly by influential private actors. Following the enforcement of the Digital Services Act (DSA) and the investigation into X, Elon Musk openly called for the abolition of the European Union, directly challenging the legitimacy of Europe’s democratic institutions and regulatory authority.

This episode underscores a broader reality: when Europe’s regulatory power is not matched by economic resilience, technological capability, and coherent strategic choices, it tends to invite confrontation rather than cooperation.

In theory, the European response has been firm. President of the EU Commission, Ursula von der Leyen made it crystal clear that European democracy, elections, and institutional choices are not open to external interference. Sovereignty, she underlined, belongs to European citizens alone. At the same time, she acknowledged a deeper truth: the transatlantic relationship is changing because Europe itself is changing. The articulation of a coherent and resolute political stance is insufficient in itself; it must be matched by the European Union’s ability to act decisively to protect its interests.

In practice, yet public declarations, however necessary, are no longer sufficient. As history repeatedly reminds us, sovereignty without instruments is vulnerability. On 25 September 1956, Konrad Adenauer warned: “Unless we act, events that we Europeans will be unable to influence will overtake us.”

Following the Maastricht Treaty and for decades, Jacques Delors captured the European project through a powerful triad: “Competition that stimulates, cooperation that strengthens, and solidarity that unites”. In fact, this model delivered peace, prosperity, and integration. But today, it no longer fully addresses the realities of a world shaped  by technological concentration, geopolitical rivalry, and strategic procurement.

Europe was once an innovator. It then became a follower. Today, in key digital and technological sectors, it risks becoming merely a consumer—dependent on external platforms, infrastructures, and standards. This evolution is not ideological; it is structural. And no amount of rhetorical commitment can reverse it without concrete action.

Procurement as Europe’s Strategic Lever

The European Commission’s Call for Evidence on the revision of the Public Procurement Directives therefore comes at a pivotal moment. It represents more than a technical consultation; it is a window of opportunity to address a two-level challenge: 

• A geopolitical turning point, marked by the explicit strategic repositioning of the United States and the increasing instrumentalisation of economic dependencies;
• A structural imbalance, characterised by the domination—if not colonisation—of European digital markets by non-European hyperscalers, reinforced by procurement practices that unintentionally favour incumbency, scale, and lock-in.

Public procurement represents nearly 15% of EU GDP. It is the single most powerful demand-side instrument available to the Union. Yet today there are still matters of concentration, dependency, and market asymmetry  instead of fostering innovation, contestability, and resilience. 

This paper intends to argue that Europe now possesses the legal, economic, and institutional tools to change course—but must choose to use them.

Europe’s Procurement Trinity: From Principles to Results

To move from declaratory sovereignty to strategic autonomy, procurement reform must be structured around three mutually reinforcing pillars:

• A European Small Business Act for Public Procurement, introducing clear quantitative targets for SME participation and ensuring that Europe’s primary innovation engine—its SMEs and scale-ups—can access public markets and scale.
• A Buy European Tech Act, establishing objective, WTO-compatible preference mechanisms for European companies in strategic sectors, ensuring that European public money contributes to European technological capacity and resilience.
• A simplification agenda, reducing administrative burdens, standardising procedures, and embedding the “Think Small First” principle into procurement design.

Together, these three axes form a coherent response to both the geopolitical moment and the structural weaknesses of the current system. They do not seek protectionism. They seek capacity. They do not close markets. They restore contestability. And they do not undermine Europe’s values. They operationalise them. In other words, a market deeply rooted from the outset of what classical liberalism should be. 

The revision of the public procurement directives is therefore not a procedural update. It is a strategic choice about what Europe wants to be—and whether it intends to shape its future, or merely adapt itself to decisions made elsewhere.

Think Small First: Putting European SMEs Back at the Centre of Public Procurement

1.  A Historic Window for EU Procurement Reform

1.1  Political Context 2024 - 2029 

The EU agenda is particularly interesting since we are facing a rare convergence of favorable factors. In fact, The European Union entered the 2024–2029 cycle at a decisive strategic moment. In her Political Guidelines for the new Commission, President Ursula von der Leyen announced an ambitious revision of the EU public procurement directives, recognising that procurement policy is no longer a purely administrative matter but a strategic instrument for strengthening Europe’s competitiveness, technological leadership, and economic security.

This revision aligns with several core priorities of the new Commission :

• A stronger European preference in public procurement, especially in strategic sectors such as digital infrastructure, cloud services, cybersecurity, green technologies, and critical supply chains.
• Reinforcing European sovereignty, by reducing dependencies on external suppliers and ensuring the resilience of essential technologies and public services.
• Radical simplification and modernisation of procurement rules, making procedures faster, more coherent across Member States, and more favourable to SMEs.
• Using public procurement as a tool for strategic investment, supporting industrial policy objectives, innovation ecosystems, sustainability, and the competitiveness of European companies.

These priorities are grounded in the Commission’s Call for Evidence published by DG GROW in late 2025, which highlights clear shortcomings in the current framework. In her 2025 State of the Union address, President von der Leyen explicitly confirmed the ambition to introduce “Made in Europe” criteria in EU public procurement. Executive Vice-President Séjourné emphasised the need to simplify and modernise the existing rules. Hence there is a clear need to turn public procurement into a cornerstone of Europe’s investment strategy. Which is essential to strengthening the EU’s competitiveness, resilience and technological autonomy.

These political signals point to an unprecedented window of opportunity.

The 2026 revision of the public procurement directives is not a technical adjustment, but a structural moment to redefine how Europe leverages public spending — representing roughly 15% of EU GDP — to foster innovation, enable SME growth, and strengthen its long-term strategic interests.

This context provides the foundation for proposing a European Small Business Act for Public Procurement, designed to rebalance access to public contracts, foster the rise of innovative SMEs, and support the emergence of sovereign European technologies — including in the digital and cloud sectors.

1.2 Why a real paradigm shift concerning SMEs is needed ?

Public procurement represents one of the European Union’s most powerful economic instruments. Accounting for over EUR 2.6 trillion annually, or roughly 15% of EU GDP, public procurement has the potential to shape markets, stimulate innovation, strengthen industrial competitiveness, and reinforce Europe’s technological sovereignty. 

Risks of market concentration and insufficient competition

As highlighted in the Commission’s 2025 evaluation and the DG GROW Call for Evidence, a significant portion of high-value public contracts tends to be awarded to a limited number of large incumbent operators. Excessively large tenders, insufficient use of lot division, and burdensome qualification requirements could favour established multinationals and disadvantage SMEs, particularly in strategic sectors such as cloud computing, digital infrastructure, cybersecurity, AI and data services.

This structural concentration reduces contestability and weakens the innovation dynamics that should underpin the Single Market. It could also increase the EU’s vulnerability to external dependencies, particularly when public authorities rely on technologies or services subject to extraterritorial legislation.

Despite representing 99% of all European companies,and being a major pillar of employment, with 77.5 million people employed—almost 48% of the total workforce in enterprises. SMEs still face persistent barriers that limit their participation in public procurement:

• Procedures can be seen as being too complex & costly,
• Insufficient lot division preventing them from competing on equal terms,
• And low levels of cross-border participation, despite the Single Market’s promise.

The EU needs procurement that supports innovation, resilience by clearly prioritizing small  businesses on a long term basis that could then be digital champions.  Today’s geopolitical and technological environment demands a new approach. In other words securing our SME’s Europe must ensure :

• Innovation leadership in digital and industrial technologies,
• Resilient supply chains,
• Security and sovereignty in key digital infrastructures,
• and the ability to grow European champions capable of competing globally.

Public procurement is uniquely positioned to deliver these outcomes. When strategically designed, it can:

• Create early markets for innovative SMEs,
• Support the scaling of European technologies, including cloud and digital services,
• Reduce dependency on non-European providers in sensitive sectors,
• And align public spending with the EU’s industrial, sustainability and digital transition objectives.

Unlocking the strategic potential of public procurement

The revision of the procurement directives offers a historic opportunity to transform public procurement from a procedural exercise into a strategic policy instrument:

2.  A Historic Window for EU Procurement Reform

2.1 Commission findings : Structural Barriers for SME’s

Despite years of reforms, goodwill and political commitments, the European Commission’s evaluation of the 2014 public procurement directives (2014/2025), together with the SME Strategy (COM(2020)103), confirms that SMEs still face systemic barriers preventing them from fully participating in public procurement across the Single Market.

Excessive complexity: a disproportionate burden for SMEs

The Commission’s SME Strategy explicitly highlights that : “Complying with regulations, standards, labels (including product labels) and administrative formalities affects SMEs more than larger companies, due to their limited financial and human resources”.   As a matter of fact :  The Single Market — despite being the main reference market for European SMEs — remains fragmented by persistent obstacles.

As the strategy notes:

• The Single Market accounts for 70% of the export value of SME goods,
• 80% of exporting SMEs sell within the EU,
• Yet only 17% of SMEs in manufacturing export within the Single Market,
• Because SMEs are the most affected by remaining barriers and regulatory inconsistencies across Member States.

This asymmetry directly impacts public procurement participation. High administrative requirements, complex procedures, and diverging national interpretations of EU rules create a de facto barrier to entry, disproportionately excluding SMEs and young companies.

Insufficient lot division: large tenders that could  exclude SMEs

One of the central objectives of the 2014 directives was to encourage lot division to make procurement accessible to SMEs.

However, the Commission notes that in practice:

• Lot division remains insufficient,
• Many contracting authorities still publish tenders that are too large or too aggregated,
• and SME participation has not significantly increased.

Oversized tenders function as structural barriers: they require financial capacity, resources, or compliance structures that only large incumbents possess, effectively locking out SMEs even when they offer superior innovation or value for money.

Missing pathways for start-ups and scale-ups

Start-ups and fast-growing scale-ups are central to Europe’s technological renewal. Yet the Commission acknowledges that the procurement framework provides almost no institutional pathways for these companies to access public demand. The current system lacks :

• Mechanisms to support early adoption of innovative technologies,
• procurement models adapted to young companies (e.g., agile procurement, challenge-based tenders, innovation partnerships),
• And structured entry points for firms that do not yet meet the traditional administrative or financial thresholds.

As a result, many promising European tech companies — including in advanced cloud, data, or AI infrastructure — cannot rely on their home market to scale, unlike their competitors in the US or Asia.

2.2 Why do these limitations require a Small Business Act — paired with a Buy European Tech Act ?

The issues identified above are not isolated technical problems; they reflect a systemic imbalance that only structural reforms can correct.

A European Small Business Act for public procurement is needed to:

• Rebalance access to public contracts,
• Ensure SMEs and start-ups receive real opportunities to grow,
• Break structural lock-in and reduce market concentration,
• And align public spending with Europe’s strategic interests (innovation, resilience, sovereignty).

However, in strategic sectors — digital, cloud, data, cybersecurity — a Small Business Act is insufficient on its own. It must be paired with a European preference mechanism, a modern Buy European Act, ensuring that:

• European SMEs and tech providers are systematically considered,
• Strategic technologies remain anchored in the EU,
• Public data and infrastructures are not dependent on extraterritorial powers.

Together, these two instruments form the basis of a new procurement paradigm: one that supports innovation, strengthens sovereignty, and enables European SMEs to become the next generation of global champions.

2.3 The Economic Rationale of Agionomics: A Schumpeterian Approach (Aghion, Nobel Prize 2025)

The case for a European Small Business Act is not only political or administrative . It is  fundamentally economic. The findings of the European Commission converge with the work of Nobel Prize laureate Philippe Aghion, whose research on innovation, growth and industrial dynamics provides a rigorous theoretical foundation for rebalancing public procurement toward SMEs.

Innovation as the engine of modern economic growth

Aghion, building on Schumpeterian growth theory, demonstrates that innovation is the primary driver of long-term prosperity. Technological leadership, especially in digital industries such as cloud computing, AI, data infrastructure and cybersecurity, is now the key determinant of economic power. Aghion’s “three pillars of economic power” are:

1. Monetary and financial strength,
2. Commercial strength through control of value chains,
3. Technological leadership — the most decisive in today’s economy.

The United States illustrates this dynamic: Its dominance in cloud, AI, semiconductors and biotech reinforces both its global commercial influence and the strength of the dollar. For Europe, this means that technological sovereignty and the ability to innovate domestically are now existential economic priorities.

Concentration suppresses innovation: the structural problem

A central insight from Aghion’s work is that innovation slows down when markets are too concentrated.

When a limited number of large firms dominate procurement:

• Fewer new entrants can emerge,
• Innovative SMEs struggle to scale,
• “Creative destruction” is weakened,
• And productivity growth stagnates.

This is precisely the point  identified by the European Commission: large aggregated tenders and rigid procurement systems entrench incumbents and exclude challengers, especially in the digital and cloud sectors. Aghion’s analysis of economies transitioning from catch-up growth to innovation-driven growth — including France after the “Trente Glorieuses” or the UAE’s current trajectory  showcases the same pattern: When resources concentrate in a small number of large actors, the innovation ecosystem becomes fragile.

Public procurement becomes a perpetuation mechanism rather than a transformation mechanism.

The role of the State: opening markets, not choosing champions

Aghion’s work is often misinterpreted as endorsing industrial policy through national champions. In fact, his conclusion is the opposite: “I am not in favour of governments choosing champions”. Per his theory : The State should open markets, foster competition through innovation, and allow small firms to become big.

In procurement terms, this means:

• Removing structural barriers to entry,
• Breaking up risks of oligopolistic dependencies,
• Fostering contestability,
• Favouring innovation and experimentation,
• And providing space for SMEs and mid-sized firms to compete.

A Small Business Act for public procurement operationalises this logic: it opens markets, ensures contestability, and allows the innovation engine of the European economy — its SMEs — to scale and compete.

Creative destruction requires institutional flexibility and competitive intensity

Aghion’s comparative work (US, Europe, UAE, France, etc.) highlights two conditions for innovation:

1. Institutional flexibility — the ability to adapt regulations and systems to technological change.
2. Competitive intensity — the pressure that pushes firms to innovate or be replaced.

A Small Business Act creates the institutional flexibility needed by:

• forcing contracting authorities to allot tenders,
• lowering administrative thresholds,
• testing SME participation
  

2.4 Copenhagen 2025 SME Assembly  

During the three days of high-level discussions of the Copenhagen 2025 SME Assembly, On November 10, 11, 12 one theme dominated: Reinforcing SMEs is indispensable to reinforcing Europe’s competitiveness. In fact, The Assembly focused on the major structural challenges the EU faces :

• Strategic dependencies, particularly in digital infrastructure, cloud computing, biotechnology and advanced manufacturing;
• The need to build resilient value chains in an increasingly turbulent geopolitical environment;
• The urgency of accelerating the digital transition across the full SME landscape;
• The importance of sustainability, circular economy models and green innovation;
• The call for smarter regulation, reducing administrative burdens and improving the coherence of the Single Market.

Against this backdrop, a European Small Business Act emerges as a particularly well-suited policy instrument to address these challenges in a structural and sustainable manner.

3 Proposal : A European Small Business Act For Public Procurement 

3.1. General Objective

The overarching objective of a European Small Business Act (SBA) for public procurement is to structurally rebalance access to public contracts in favour of SMEs, in order to unlock growth, stimulate innovation, and strengthen Europe’s technological and economic sovereignty. Public procurement is one of the European Union’s most powerful market-shaping instruments: it determines which firms are able to scale, which technologies become de facto standards, and which value chains Europe controls over the long term. 

Embedding an SBA within the revised procurement framework would therefore operationalise the “Think Small First” principle by ensuring that procurement design, award criteria, and contract structures systematically enable SME participation, rather than treating it as a residual objective.

This ambition is not new. As early as 2008, the European Commission explicitly recognised the central role of SMEs through its Communication “Think Small First – A Small Business Act for Europe” (COM(2008) 394). That initiative established a comprehensive policy framework built around ten guiding principles, including the need to facilitate SMEs’ access to public procurement, reduce administrative burdens, adapt public policy tools to SME realities, and embed the “Think Small First” principle across EU policymaking. The 2008 SBA marked a decisive political shift: SMEs were no longer to be treated as an exception, but as the backbone of the European economy and a key driver of innovation, employment, and resilience.

However, while the 2008 SBA successfully anchored SME considerations in policy design and regulatory principles, it deliberately relied on soft-law instruments, guidance, and best practices. In the field of public procurement, this approach has proven insufficient to overcome structural barriers such as oversized tenders, incumbent bias, administrative complexity, and market concentration. The current revision of the public procurement directives therefore represents a unique opportunity to move from principle to outcome.

Building on the political foundations laid by the 2008 Small Business Act, a renewed  European SBA for public procurement must go further by introducing clear, measurable, and enforceable objectives—most notably quantitative SME participation targets. Such targets would not replace the “Think Small First” philosophy; they would finally give it operational force. 

 3.2. Quantitative Targets

To deliver concrete and measurable outcomes—not merely recommendations—the SBA should introduce clear quantitative objectives for SME participation in public procurement.

A. 25% SME participation target (all sectors) : At least 25% of the total annual value of public and private procurement contracts, at both EU and Member State level, should be awarded to SMEs. This creates a visible and trackable benchmark that can be monitored through annual reporting and EU-wide scoreboards. The target is consistent with international practice—most notably the U.S. federal system—while being adapted to European procurement structures and the Single Market.

B. 35% target for cybersecurity, digital and technological procurement Given the strategic importance of digital infrastructure the SBA should introduce a reinforced target for digital and technology procurement. At least 35% of the annual value of public and private procurement in digital and technological markets should be awarded to European SMEs, individually or within consortia. This strengthened target should explicitly cover :

• Cloud computing (IaaS/PaaS/SaaS),
• Cybersecurity,
• Artificial intelligence,
• Data infrastructure and data platforms,
• Health Data Hub
• High-performance computing (HPC),
• Digital public services,
• Critical software and platform technologies.

3.3 Economic Justification 

This proposal is grounded in strong economic evidence and policy coherence.

A. Innovation is driven by SMEs and new entrants : Aghion, Schumpeter, and the broader “creative destruction” framework show that innovation is driven primarily by new entrants, not entrenched incumbents. SMEs and scale-ups tend to innovate faster, experiment more, adopt disruptive technologies earlier, and drive sectoral transformation. A procurement system that structurally favours incumbents therefore weakens the EU’s innovation engine by restricting market entry and limiting the ability of new firms to scale.

B. Concentration in procurement produces inefficiency : The Commission’s diagnosis of procurement outcomes repeatedly points to problems such as oversized tenders, insufficient lot division, dominance of large contractors, and limited cross-border participation by SMEs. These trends reduce contestability and create allocative inefficiency: public money systematically flows toward incumbent suppliers, discouraging innovation and locking public buyers into dependency.

C. Sovereignty requires supporting European technology providers : In strategic digital sectors—cloud, data, AI, cybersecurity—Europe faces a structural dependency on a small number of non-European hyperscalers. In Aghion’s framework, technological leadership is now the decisive pillar of economic power. Europe cannot build long-term sovereignty while depending on external actors for the backbone of its digital infrastructure.

D. Alignment with EU industrial and digital strategies : The SBA aligns with the EU’s strategic architecture: SME Strategy, industrial policy objectives, Digital Decade ambitions, cybersecurity requirements, and current digital regulation. It converts these objectives into concrete market outcomes by using procurement to shape demand, competition, and scaling pathways.

E. SME Assembly 2025 mandate : The SME Assembly 2025 delivered a clear political message: “Successful SMEs, Competitive Europe.” This strengthens the legitimacy of pro-SME procurement reforms and of measurable participation objectives, particularly in strategic sectors where market concentration and dependency risks are growing.

4. Legal Foundations and Policy Coherence

4.1 Compatibility With International Law (WTO/GPA)

A European Small Business Act (SBA) introducing quantitative objectives for SME participation in public procurement is fully compatible with WTO and EU law when properly designed.

The WTO Government Procurement Agreement (GPA) prohibits discrimination based on nationality (Article IV), but it does not prohibit differentiation based on objective economic criteria, such as company size. SME-focused measures therefore fall outside the scope of prohibited discrimination, as they apply equally to all suppliers meeting the SME definition, regardless of origin.

Crucially, an SBA does not impose rigid, tender-by-tender exclusions. Instead, it establishes aggregate participation targets, monitored ex post at EU and Member State level, and implemented through procurement design tools: systematic lot division, proportionate qualification requirements, simplified procedures, innovation-friendly instruments, and SME access mechanisms. These measures enhance competition and contestability without restricting market access.

Multiple GPA members already operate SBA-type systems:

• United States: 23% federal small business goal; never challenged at WTO.
• Canada: Indigenous Business set-asides.
• South Korea: SME preference programs.
• Japan and the UK: extensive SME frameworks.

The OECD Recommendation on Public Procurement further confirms SME participation as a legitimate policy objective, supported through access-facilitating tools rather than discriminatory rules.

In short, an SBA with quotas is lawful because it is:

• Size-based and objective,
• Nationality-neutral,
• implemented through aggregate targets,
• Grounded in procurement design, not exclusion.

Two-tier legal architecture

This enables a clear and robust legal structure:

Tier 1 — Small Business Act

Size-based targets, OECD-style access tools, aggregate monitoring

GPA-compliant under Article IV

Tier 2 — Buy European Tech Act

Limited to strategic digital sectors, based on jurisdiction and security

Justified under Article III (essential security interests)

SMEs address market access and competition; digital and cloud procurement addresses security and sovereignty.

4.2 Compatibility with EU Law - EU Legal Basis

EU law basis for SME quotas: Article 173 TFEU (Industrial Policy)

Article 173 TFEU explicitly mandates the Union to:

• Ensure conditions for EU competitiveness : “Speeding up the adjustment of industry to structural changes”
• Foster SME development : “Encouraging an environment favourable to initiative and to the development of undertakings throughout the Union, particularly small and medium-sized undertakings”
• Address structural barriers to market access.”:   “Fostering better exploitation of the industrial potential of policies of innovation, research and technological development”

As a matter of fact… Public procurement 1. represents ~15% of EU GDP and is a core instrument shaping market structure. In addition to that it turned out that If SMEs are structurally underrepresented. Hence, corrective quantitative objectives are legally justified as:

• Market-balancing measures,
• Not distortions.

Introducing SME quotas in the 2026 procurement revision is therefore:

• An  implementation gap closure, not a policy shift.
• fits the Public Procurement Revision priorities,
• is fully GPA/WTO compatible,
• is grounded in TFUE 173 article  and GPA Article III and does not contradict with article 4
• Aligns  with OECD best practices,
• Operationalises  the SME Strategy,
• Reinforces  sustainability, innovation, economic security,
• And creates conditions for European tech providers—especially SMEs—to scale.

II. The Buy European Tech Act - Introducing Quantitative : Procurement Targets to Scale European Technology

1.Why a Buy European Tech Act ?

1.1  A constructive way to respond to the Buy American Act

At a time of heightened geopolitical tensions, intensifying technological competition, and growing exposure to strategic dependencies, the way public demand is designed and deployed directly influences industrial structure, global supply chains, market dynamics, and Europe’s long-term economic resilience.

The United States has long internalised this reality. Through the Buy American Act, reinforced by successive executive orders and, more recently, by the Inflation Reduction Act, U.S. public procurement has been deliberately used as a tool to support domestic industry, accelerate innovation, and secure critical supply chains—while remaining a full member of the WTO Government Procurement Agreement (GPA).

Europe now faces a comparable moment. The revision of the EU public procurement directives announced in the Commission’s 2024–2029 Political Guidelines explicitly opens the door to a more strategic use of procurement, including the possibility to introduce “Made in Europe” criteria for critical technologies, to secure the supply of vital services, and to transform procurement into an instrument of strategic investment rather than a purely procedural exercise.

A Buy European Tech Act should be understood in this context: not as a protectionist reflex, but as a rules-based response to an increasingly asymmetrical global procurement landscape.

1.2 The risk of a structural dependency model 

Europe’s increasing reliance on non-European suppliers in strategic digital sectors does not stem from a shortage of technological capacity. On the contrary, the Union is home to a rich and dynamic ecosystem of SMEs, scale-ups, and mid-sized technology firms that are fully capable of delivering high-quality, secure, and EU-compliant solutions.

Yet European public and private buyers increasingly rely on non-European suppliers for:

• Cloud infrastructure and PaaS,
• Data and AI platforms,
• Cybersecurity tools,
• Core digital public services.

This paradox is structural. Several mechanisms could in fact  reinforce this dependency.

As Margrethe Vestager has repeatedly emphasised in the context of EU competition policy, the Union must prevent powerful incumbent firms from distorting competition and entrenching market dominance, and ensure that markets remain open and competitive so that firms have a diversified supply base for key inputs — a principle that is equally relevant to the design of public procurement frameworks. At national level, in France,  President Emmanuel Macron has explicitly called for a Buy European Act, arguing that Europe cannot remain the only major economic bloc without a strategic procurement doctrine. Former French Minister of the Economy and GAIA-X pioneer Bruno Le Maire has similarly advocated that a significant share—between 40% and 60%—of public procurement should be oriented toward European companies in strategic sectors.

1.3 Procurement as strategy, not protectionism

A Buy European Act does not imply closing markets or excluding non-European suppliers. Its purpose is to structure demand, not to eliminate competition. Like the U.S. Buy American framework, a European approach would:

• Operate through aggregate policy objectives,
• Rely on objective eligibility criteria (establishment, governance, jurisdiction, compliance),
• Remain fully compatible with WTO/GPA obligations,
• And preserve competition while correcting structural asymmetries.

In short, the Buy European Tech Act is not about “buying European at any cost”. It is about ensuring that European public money does not systematically build non-European industrial capacity, while Europe remains exposed to strategic dependencies in critical technologies. 

In the context of the 2026 revision, the question is no longer whether procurement should serve strategic objectives but in fact whether Europe is willing to use the same instruments that its global partners already deploy.

2. The American Precedent: A Functional Procurement Arsenal

2.1 Function and Scope 

Adopted in 1933 in the aftermath of the Great Depression, the Buy American Act (BAA) established a foundational principle of U.S. federal public procurement: when the federal government purchases goods, preference must be given to products manufactured in the United States. The US Chamber of Commerce reported in 2023 that 97% of U.S federal contracts by value were awarded to U.S firm from 2014 to 2019 on average

The Buy American Act is not a quota-based system. Instead, it operates through explicit domestic content requirements, obliging federal agencies to procure goods that are manufactured in the United States and composed of a minimum share of U.S origin components. While waivers are possible, they are narrowly framed and must be justified on specific grounds such as public interest, non-availability, or unreasonable cost.

Over time, this domestic preference framework has been progressively strengthened and operationalised, notably through:

• Reinforced domestic content thresholds;
• Tighter waiver procedures and transparency requirements;
• Sector-specific application in strategically sensitive domains, including energy infrastructure, digital technologies, defence, cybersecurity, and critical supply chains.

More recently, successive executive orders and legislative initiatives—particularly in the context of industrial resilience, supply-chain security, and strategic autonomy—have expanded the scope and enforcement of Buy American rules, ensuring that public procurement functions as a tool of industrial policy and economic security.

Crucially, the United States has implemented and continuously reinforced the Buy American Act while remaining a full member of the WTO and the Government Procurement Agreement (GPA). The Buy American regime has never been successfully challenged under international trade law, demonstrating that domestic preference mechanisms grounded in public interest, security, and industrial resilience can coexist with international procurement commitments.

The Buy American Act therefore illustrates a central lesson for Europe: strategic procurement based on domestic preference is legally feasible, economically effective, and politically decisive provided it is designed as a structured preference framework rather than a blanket exclusion of foreign suppliers.

2.2 National preference principle is compliant with Security Interest basis of the WTO/GPA rules

Crucially, the United States:

• Remains a full member of the WTO Government Procurement Agreement (GPA);
• Has never had its Buy American framework successfully challenged under WTO dispute settlement;
• Consistently justifies procurement preferences through national interest, security considerations, and legitimate industrial policy objectives.

This establishes an important precedent: strategic procurement is not incompatible with open trade, provided that measures are transparent, proportionate, and grounded in recognised public policy objectives. For Europe, the implication is unambiguous. A Buy European Act designed as an aggregate policy framework, rather than rigid per-tender exclusion, falls squarely within the same legal space already occupied by other GPA members.

2.3 The risk of an imbalance market  in Europe

While the United States has actively used procurement to consolidate its technological leadership, Europe has largely maintained a position of procedural neutrality—despite growing evidence of structural imbalance. In fact, Several indicators highlight the urgency of corrective action:

• U.S. hyperscalers currently control approximately 72% of the European cloud market, creating a situation of quasi-oligopolistic dependence in a sector that underpins virtually all digital public services.
• Chinese cloud providers, notably Alibaba Cloud and Tencent Cloud, still represent a limited share today (around 6% globally), but projections from the CAICT (China Academy of Information and Communications Technology) suggest that their presence could triple by 2027 if current trends persist.
• An Accenture study shows that 62% of European businesses would prefer to rely on European solutions rather than third-country providers, provided that viable and competitive alternatives are available and accessible. 

2.4 Structural procurement failure — not a capability gap

Europe’s growing dependency on non-European digital suppliers is not the result of technological inferiority. On the contrary, When it comes to the tech sector the European Union, U.K as well as EFTA countries hosts a dense and competitive ecosystem of :

• Cloud infrastructure providers,
• Platform-as-a-Service (PaaS) specialists,
• cybersecurity firms,
• AI and data infrastructure companies,
• SMEs, scale-ups, and mid-sized technology firms with proven operational capacity.

3. Core Proposal : A Buy European Tech Act

3.1 Fundamental Basis of the Buy European tech Act

The central objective of the Buy European Tech Act, which would specifically aim the tech sector”, is straightforward: When it comes to some strategic technological procurement dealing with Cloud & Edge, cybersecurity, and others tech sectors that are dealing with matters of security interests,  whenever public authorities procure strategic digital and technological solutions, European suppliers should be systematically prioritised where they are available and capable. In sectors that are foundational to public administration, economic security, and technological sovereignty, public procurement should no longer default to third-country providers when equivalent European alternatives exist.

This policy does not seek to exclude foreign suppliers as a matter of principle. Rather, it establishes a clear presumption in favour of European companies—defined by objective criteria of establishment, governance, jurisdiction, and regulatory compliance—whenever a choice arises between a European provider and a third-country entity in designated strategic sectors. The purpose is to ensure that European public spending consistently contributes to the development, scaling, and resilience of Europe’s own technological ecosystem.

By applying this preference through clearly defined targets and annual monitoring, the Buy European Tech Act transforms procurement from a passive purchasing function into a deliberate instrument of industrial policy. It ensures that, in critical digital domains, public demand strengthens European capabilities, reduces long-term dependency risks, and anchors essential technologies within the European legal and economic order.

In essence, the Act operationalises a simple principle: in strategic technologies, Europe should buy European—systematically, transparently, and where it matters most.

3.2 Scope of application: Strategic Digital and Technological Procurement

The Buy European Tech Act would apply to clearly delineated strategic digital and technological procurement segments, where risks of dependency and market concentration are most acute, and where European technological capabilities already exist but remain structurally constrained by demand-side barriers.

The scope of application would cover, in particular:

• Cloud computing and Platform-as-a-Service (PaaS), including infrastructure services, orchestration layers, application platforms, and managed cloud services;
• Cybersecurity services and solutions, encompassing security operations, identity and access management, encryption technologies, and cyber-resilience tools;
• Artificial intelligence and data infrastructure, including data platforms, analytics systems, AI development environments, and trusted data processing services;
• Digital public platforms, such as e-government solutions, digital identity systems, and platforms supporting health, social, and administrative public services;
• Critical software, middleware, and enabling technologies, essential to the operation, interoperability, continuity, and security of public digital infrastructures.

These sectors share a set of structural characteristics that justify targeted procurement intervention. They are marked by strong network effects, high switching costs, long-term vendor lock-in dynamics, and elevated strategic sensitivity for public administrations. As a result, procurement choices in these domains have long-lasting consequences for competition, resilience, and technological sovereignty, making them particularly suitable for a structured European preference framework.

To translate political ambition into measurable outcomes through interoperability, the Buy European Tech Act would introduce aggregate policy targets, inspired by international benchmarks and adapted to the European market structure. These targets would apply at EU and Member State level, not at the level of individual tenders.

European technology participation target : At least 60% of the total annual value of strategic digital and technological public procurement should be awarded to real European companies, defined by objective establishment, governance, and jurisdictional criteria. Hence, These targets would:

• be monitored annually through reporting by contracting authorities,
• be aggregated at national and EU level,
• feed into a public European scoreboard managed by the Commission.

4. Definition of “European”

4.1 A clear Label and Objective eligibility criteria 

To operationalise these criteria, the Buy European Tech Act could rely on or contribute to the creation of a European technology label or certification, acting as a trusted reference for public buyers.  A company would qualify as “European” and fulfill the Made in Europe Label for the purposes of the Buy European Tech Act if it meets criteria such as:

• Establishment and headquarters within the European Union, with effective and substantive economic activity in one or more Member States; 
• Governance and strategic decision-making under EU jurisdiction, ensuring that operational control, strategic choices, and risk management are subject exclusively to EU law;
• No exposure to extraterritorial legal control incompatible with EU law, in particular foreign surveillance or disclosure regimes that conflict with: the GDPR (notably Article 48), EU fundamental rights, the EU public security requirements as well as the Digital Acquis. 
• As a matter of fact, there is a need for Full compliance with the EU regulatory acquis, including: General Data Protection Regulation (GDPR),NIS2 Directive, Cybersecurity Act (CSA) and related certification schemes, AI Act (where applicable), and other sector-specific EU rules.

These criteria ensure that “European” status reflects legal accountability, regulatory alignment, and operational sovereignty, rather than formal ownership alone. 

4.2 Sector-specific application: the case of cloud and digital infrastructure

In strategic digital sectors—particularly cloud computing and digital infrastructure—the definition of “European” must be applied with additional precision, reflecting the sensitivity of data, infrastructure, and supply chains. In this context, eligibility should require that :

• The provider is headquartered and operationally established in the EU;
• Ultimate voting control and ownership are predominantly European;
• The company is not subject to extraterritorial legal obligations that could override EU law;
• The full technology stack and critical supply chain (infrastructure, software layers, control planes) are either European or demonstrably free from non-EU legal control;
• Compliant with the The Cloud Sovereignty Framework metrics,
• Compliant The upcoming the Cloud and AI Development act, the forthcoming definition of an innovative european enterprise and with the upcoming   future CSA revisions.

4.4 Essential Security Interests provide an additional legal shield (Article III GPA)

For strategic technologies — especially cloud, AI, data, cybersecurity — the legal basis is even stronger than the small business act.

Article III GPA allows procurement measures necessary to protect:

Essential Security Interests – GPA Article III (Cloud and Digital Services) : A Buy European Tech  Act for Cloud or critical digital services is justified by Article III GPA, which allows exceptions. As a matter of fact topics such as:

• national security,
• critical infrastructure,
• protection of essential public services,
• services involving sensitive data.

Could  be defined as security interests

Cloud services used by public administrations handle:

• health data,
• tax data,
• social security systems,
• identity infrastructure,
• justice or interior workflows.

Which are as well matters of security interests

In addition to that, exposure  to extraterritorial legislation (CLOUD Act, FISA 702, Patriot Act, Chinese Personal Information Protection Law of the People's Republic of China law.. The list goes on… ) is a documented security risk. As a matter of fact, a preference framework for European sovereign cloud providers is a security measure, not a trade restriction.

III. Simplify Access for SME

1.  The need for holistic reforms

1.1 A structural approach to reinforce synergy between candidates

The OECD Report on the implementation of the OECD Recommendation on Public Procurement issued on June 19 2025 alongside the OECD (2024), the Survey on Public Procurement made it quite clear about what should be done at the OECD level. Even though most of the policies and recommendations are actually already at some point implemented at the EU Level. In fact it turned out that the main priorities were : 

• dividing processes into lots (63%);
• developing capacity-building initiatives (50%); 
•  Reinforcing  dynamic purchasing systems tools (48%)

Simplified administration was also considered as one of the most optimal policy measures that should be taken by 40% of the respondents.  As a matter  of fact, these reports showed the need for clear holistic reforms to facilitate access SMEs to public procurement.

1.2 SME Compliance Test

The purpose of this test is not to impose additional administrative burden, but to embed the “Think Small First” principle directly into procurement.  Such system could be a structured ex-ante assessment

For procurement procedures above a defined strategic or financial threshold, contracting authorities would be required to conduct an ex-ante SME Compliance Test addressing matters such as : 

• Has the contract been divided into lots? If not, what objective justification is provided?
• Are administrative, technical, and financial requirements proportionate to SME capacities and resources ?
• Have innovation-oriented procurement instruments been considered (e.g. pre-commercial procurement, innovation partnerships… )?
• Is the procedure accessible to SMEs across borders within the Single Market?

As a matter of fact, that measure would reinforce Transparency, market intelligence, and policy feedback

Beyond compliance, the SME Compliance Test would generate significant additional value for public authorities and policymakers.

1.3 Trainings & Workshops for SME’s

Structural reforms should also include workshops and training to make sure that SME have the necessary knowledge to candidate. European SME Procurement Excellence Programme, aimed at ensuring that no innovative SME is left behind due to a lack of procedural or administrative capability.

This programme would provide targeted training and practical support to help SMEs understand, access, and successfully deliver public procurement contracts—especially at EU and cross-border level. Its objectives would be to Improve SMEs’ understanding of EU public procurement rules and procedures while supporting SMEs in transitioning from local or national markets to EU-level procurement.

To ensure fairness and cohesion, the programme should also be deployed across the entire European Territory, in coordination with national and regional administrations, SME Envoys, Enterprise Europe Network and the various  Chambers of commerce and sectoral organisations.

The objective is to avoid geographic or structural bias, ensuring that SMEs—regardless of location, size, or prior exposure to public procurement—have equal access to the tools needed to compete.

Certification and recognition :  As an outcome, the programme could lead to a European SME Procurement Readiness Certification / Label, awarded to companies that have completed the training and demonstrated a clear understanding of procurement requirements. Such certifications do already exist but that would be necessary to reinforce them. 

By strengthening SMEs’ ability not only to bid, but also to deliver at institutional scale, this approach ensures that procurement reform translates into tangible outcomes. 

1.4 Innovation partnership

Innovation Partnerships, introduced under Article 31 of Directive 2014/24/EU, already provide the European Union with a powerful and fully lawful procurement instrument specifically designed to address situations where no market-ready solution exists. Yet, despite their relevance, they remain underused—particularly in strategic technology domains. 

The revised procurement framework should therefore systematically strengthen, generalise, and simplify the use of Innovation Partnerships, notably by reducing participation thresholds, lowering administrative and financial barriers, and improving guidance for contracting authorities. Enhanced communication and dedicated awareness campaigns are essential to ensure that public buyers and SMEs fully understand and trust this mechanism. Innovation Partnerships are especially well suited to emerging and fast-evolving sectors such as cloud and edge computing, data infrastructure, ePrivacy, cybersecurity, and artificial intelligence, where innovation cycles are rapid and European capabilities must be scaled early. When deployed at scale, Innovation Partnerships offer a robust demand-side tool to co-develop sovereign European technologies, accelerate SME innovation, and align public procurement with Europe’s long-term technological and strategic objectives.

1.5  Reinforcing the SME Envoys Network

The SME Envoy Network must be significantly reinforced and given a clear implementation mandate. Beyond its current advisory role, SME Envoys should be explicitly tasked with monitoring SME participation in public procurement at national level, including access to tender information, success rates, and structural barriers.

They should also coordinate targeted communication roadmaps on public procurement, organise workshops and capacity-building initiatives for SMEs, and ensure consistent dissemination of opportunities across Member States. By acting as a permanent interface between the Commission, national administrations, and SME ecosystems, strengthened SME Envoys would provide accountability, comparability of performance across countries, and practical feedback loops—ensuring that “Think Small First” translates into measurable outcomes in procurement markets rather than remaining a policy principle.

2. Operational measures

2.1 DPS - Dynamic Purchasing System - Simplification 

The proposed reinforcement of Dynamic Purchasing Systems is fully grounded in the existing legal framework of Directive 2014/24/EU, in particular Articles 31 and 34. Article 34 explicitly establishes Dynamic Purchasing Systems as open, fully electronic procedures designed to facilitate broad and continuous access to procurement markets, notably for SMEs, by allowing economic operators to join at any time during the system’s validity and by enabling proportional selection criteria, including categorisation to reflect varying contract sizes and capacities.

The recommended measures—late entry, SME-friendly participation thresholds, flexible consortium formation, and proportional financial requirements—directly operationalise these provisions and strengthen their practical impact. In parallel, Article 31 on Innovation Partnerships provides the legal basis to integrate DPS with phased testing, pilot projects, and co-development approaches, allowing innovative SMEs and scale-ups to participate even when solutions are not yet fully market-ready. Linking DPS mini-competitions with innovation partnerships enables contracting authorities to combine market openness with innovation-driven procurement, particularly in strategic digital sectors. Together, Articles 34 and 31 already provide the legal architecture required to support SME participation, innovation, and ecosystem development; the proposed recommendations do not create new obligations but ensure that these existing instruments are used to their full potential in line with the objectives of competitiveness, innovation, and strategic autonomy.

2.2 Mandatory Division in Lots

Article 46 of Directive 2014/24/EU was designed to make public procurement more accessible to SMEs by encouraging the division of contracts into lots. 

Article 46 should be strengthened by making division into lots mandatory by default for large procurement procedures, with any decision not to divide requiring a clear, written, and verifiable justification. 

Making lot division is mandatory rather than something that should be justified in case that this is not the case should be the rule. It is the single most effective structural reform to ensure that public procurement genuinely supports SMEs, innovation, and competition within the Single Market.

Conclusion : 

 The European Union is entering a phase where sovereignty can no longer be declared; it must be exercised. In an environment where major powers deploy procurement, standards, and technological ecosystems as instruments of influence. If public procurement continues to reward scale, incumbency, and lock-in, it will keep consolidating external dependencies and accelerating the transformation of Europe from innovator to mere consumer.

A European Small Business Act for Public Procurement is therefore not an “SME-friendly add-on”; it is a strategic correction. By introducing measurable participation objectives and enforceable access mechanisms, it restores contestability, unlocks SME-driven innovation, and ensures that public demand becomes a genuine scaling pathway for Europe’s technology base. In doing so, it strengthens resilience and competitiveness without closing markets: it simply ensures that Europe’s primary industrial fabric—its SMEs and scale-ups—can compete on fair terms.Combined with a Buy European Tech Act for strategic sectors and a simplification agenda that reduces administrative burdens, the SBA completes Europe’s procurement triad: a practical route from principles to results. The revision of the procurement directives is thus the moment to align Europe’s spending power with its strategic interests—so that Europe not only regulates the digital world, but can also build, supply, and sustain it. By these three political and economical tools the EU can leverage the public procurement framework as a real strategic tool. At this stage, we must ask ourselves: Can Europe become again the continent of innovators it once was? Yes. Unless we fail to act.

This is especially true at a time when digital sovereignty has moved to the very center of the European debate. The question is no longer whether Europe needs digital sovereignty, but how it can be achieved in a concrete, pragmatic, and credible way. The challenge now is to move from principles to actual capabilities: controlled infrastructures, competitive European technology providers, native regulatory compliance, and sustainable economic models.

Diagnosis: European Cloud Sovereignty in a Fragmented Digital Landscape

The internet, once envisioned as a unified global commons, is increasingly polarized. We observe a clear divergence between an open, data-driven model, often characterized by its focus on attention capture, and increasingly closed, state-controlled models, as seen in countries like Russia and China. This fragmentation is underscored by reports of declining internet freedom globally, indicating a steady erosion of online rights and a more fractured digital sphere.

Geopolitics now profoundly influences technology policy. Export controls, data-localization rules, and platform restrictions have become common instruments of statecraft. For instance, the United States has tightened export controls on advanced computing and AI-related semiconductors, demonstrating the intricate link between technology and foreign policy.

Within this evolving landscape, cloud computing stands as a critical backbone for digital transformation. However, Europe faces a significant dependency challenge in this sector. European cloud providers currently hold only around 15% of their own regional cloud market, with the majority of growth captured by non-European hyperscalers. This imbalance highlights a broader threat to Europe’s digital sovereignty.

Layered on top of these trends is the accelerating AI industrial revolution. Projections indicate AI could add trillions to the global economy by 2030, with private investment in generative AI soaring. The rapid adoption of AI across organizations signals a paradigm shift, disrupting well-established parts of the Information and Communication Technology (ICT) sector and fundamentally reshaping business and society.

Pathways for Remediation: Rebuilding European Cloud Sovereignty

Europe's response to these challenges is rooted in its core values, offering a pragmatic and hopeful path forward:

Privacy as a Competitive Edge: The GDPR Effect

To secure digital sovereignty, Europe must reinforce its domestic tech ecosystem. This requires a pragmatic and proportionate approach, facilitating easier access to public procurement for European innovators, increasing scale-up finance, and implementing targeted industrial policies for strategic technologies such as cloud, AI, and semiconductors.

The goal is not protectionism, but closing capability gaps so European firms can compete on value, reliability, security, and regulatory alignment—ensuring Europe remains a source of digital innovation rather than merely a consumer of others’ advancements.

Strengthening the Home Base: A Pragmatic, Proportionate Approach

To secure digital sovereignty, Europe must reinforce its domestic tech ecosystem. This requires a pragmatic and proportionate approach focused on opening doors for European SMEs and scale-ups, limiting structural barriers to market access, facilitating participation in public procurement, increasing scale-up finance, and implementing targeted industrial policies for strategic technologies such as cloud, AI, and semiconductors. The goal is not isolation, but to close capability gaps, enabling European firms to compete on value, reliability, security, and regulatory alignment. This will ensure Europe remains a source of digital innovation, rather than solely a consumer of others' advancements.

Being the World’s Bridge: Connecting Ecosystems

Europe is uniquely positioned to connect diverse digital ecosystems rather than contribute to their fragmentation. Leveraging its network of economic relationships, Europe can align digital standards, security, and interoperability across continents. This approach aligns with the European Union’s Digital Partnerships with like-minded countries such as Japan, South Korea, Canada, and Singapore, which aim to foster trusted digital cooperation and shared standards globally.

Rebuilding European cloud sovereignty also requires relying on European cloud and PaaS providers that operate under EU jurisdiction and align infrastructure, governance, and compliance by design.

Building Cultural and Technological Bridges for Cloud Sovereignty

At Clever Cloud, a European cloud and PaaS provider, these principles translate into concrete choices: operating infrastructure under European jurisdiction, supporting open technologies, and designing cloud services aligned with GDPR and European regulatory frameworks.

This also highlights the need for a clear, credible, and widely recognized label defining what qualifies as a sovereign cloud solution in Europe. Today, multiple initiatives and certifications coexist, but none fully provides a shared, legitimate reference at the European level. Establishing such a framework is essential to bring clarity to users, guide public procurement, and strengthen trust in genuinely sovereignty-aligned cloud solutions.

In my role as VP International Growth at Clever Cloud, my responsibility is to make Europe’s digital leadership tangible on the ground. I work to translate this human-centric vision—championed by our CEO, Quentin Adam—into concrete practices that support local ecosystems and long-term digital autonomy.

There is another path to technological acculturation—one that prioritizes mutual understanding, long-term trust, and local empowerment over one-size-fits-all expansion models.

Local partnerships, acculturation, and shared value

When I enter a new market, I don’t arrive with a prefab playbook. I start by partnering with local providers, integrators, and universities; I listen, adapt to regulations and languages, and align with how business is actually done. This approach creates a two-way exchange of knowledge and trust, which is the only way cloud adoption becomes sustainable. My goal is to empower communities to advance their own strategic autonomy and data sovereignty—while staying connected to a global network.

Local Money—because sovereignty needs roots

I invest locally whenever I can: local data centers, local talent, and fair value-sharing. As I like to say, “Ain’t sovereignty if it ain’t your money.” Practically, that means helping customers and partners keep control of their data, costs, and roadmaps—without sacrificing global interoperability. If our presence doesn’t strengthen the local digital economy and create durable growth, we’re not doing it right.

Distributed R&D and talent development

I’m building a truly multi-national innovation network by establishing R&D capabilities where we operate. I focus on training the next generation of engineers locally and connecting them across borders. This doesn’t just create high-skilled jobs or reduce brain drain; it injects diverse ideas straight into our product roadmap, making our platform more robust and relevant worldwide. The synergy that emerges when talent from different cultures works on the same hard problems is one of the most powerful forces for progress I know.

This bridge-building mindset is pragmatic and hopeful. Today, I’m collaborating across Morocco, Nigeria, Kenya, Côte d’Ivoire, working with partners in Thailand, Malaysia, South Korea, Japan, and engaging with Canada, and Brazil. I’m not interested in picking sides; I’m interested in raising the floor for reliability, resilience, and sovereignty-friendly cloud everywhere we operate.

A Diplomatic, Builder’s Mindset for European Cloud Sovereignty

Europe’s path is neither laissez-faire nor lock-down. A human-centric approach must combine trustworthy rules, real industrial capability, and international cooperation.

That means making trust a feature—from GDPR today to accountable AI governance tomorrow. It means backing European builders—SMEs and scale-ups—through smarter procurement and financing. And it means bridging continents by aligning interoperable standards so innovation flows both ways.

If policymakers, businesses, and civil society embrace this approach together, Europe will not only navigate a polarized, AI-accelerated world—it will help shape it. That is the standard I set for my work: technology that improves lives, strengthens connections, and turns fragmentation into collaboration.

At the same time, in its  summary published earlier this year, the cybersecurity body CERT-FR, operated by the French National Cybersecurity Agency (ANSSI), reports that 218 cyber incidents were handled in 2024 involving local authorities. In its 2024 activity report,
ANSSI also describes the cyber threat as “systemic” for the public and social sectors.

In this context, choosing a secure cloud solution for public administrations has become a central concern for CIOs, CISOs, and digital project managers.

The objective is not simply to select a high-performance infrastructure, but to ensure that the chosen cloud solution meets the legal, regulatory, technical, and operational requirements specific to the public sector.

Understanding what cloud security means in the public sector

The data handled by public administrations — personal data, health data, financial information, and sensitive data related to public infrastructures — are subject to strict regulatory frameworks, notably enforced by the CNIL and the GDPR. In addition, the public sector is expected to rely on recognised security certifications, such as ISO/IEC 27001, HDS for health data, and, for the most critical environments, SecNumCloud.

These requirements demonstrate that a secure cloud goes far beyond firewalls or encryption alone. It requires a comprehensive, structured, and auditable approach to security.

Digital sovereignty: a criterion that has become essential

For a public administration, it is essential to know where data is hosted and under which jurisdiction it falls, in order to comply with the GDPR and to properly govern any potential data transfers outside the European Union.

A sovereign cloud implies not only that data is hosted within the European Union, but also that it is not subject to extraterritorial legislation, such as the US Cloud Act (2018), which allows a foreign government to request access to data stored by a provider under its jurisdiction.

Digital sovereignty also contributes to the resilience of information systems. By limiting technical, contractual, or legal dependencies on a single provider, public administrations retain the ability to react quickly when constraints arise—for example, by changing providers or relocating a service when regulatory, operational, or strategic conditions require it. This margin of manoeuvre is an important factor in maintaining control and ensuring the long-term sustainability of public digital services.

Sovereignty is therefore a key differentiating criterion when choosing between a European provider and a US-based provider.

Beyond compliance: essential technical requirements

To ensure a level of security appropriate for the public sector, a cloud solution must provide strong isolation between environments, systematic encryption of data in transit and at rest, host hardening, as well as continuous monitoring mechanisms (logs, metrics, alerts).

Identity and access management (IAM), multi-factor authentication, and the application of the principle of least privilege are part of a Zero Trust approach, now recommended by ANSSI to reduce the attack surface.

Security also relies on operational resilience: service continuity, recovery capabilities, high availability, and fault-tolerant architectures.

The role of automation in risk reduction

Automation is often seen as a convenience for developers; in the public sector, it is above all a lever for reducing human-related risks.

Automated deployments, automatic scalability, and self-healing mechanisms help limit operational errors, which account for a significant proportion of security incidents.

By reducing the number of manual operations, organisations lower the risk of misconfiguration and improve the overall availability of services.

Total cost of ownership and governance

Choosing a secure cloud is not just a matter of comparing list prices.

Public sector organisations must take into account the notion of total cost of ownership (TCO):

• Infrastructure costs,
• Internal staffing costs,
• Operational complexity,
• Maintenance,
• Time spent handling incidents,
• Effort required to migrate a service or ensure its reversibility.

A platform that automates most operational tasks and enables reproducible environments can significantly reduce internal workload, and therefore the overall cost.

How to objectively assess market solutions

To evaluate a cloud solution intended for the public sector, it is essential to rely on factual criteria: the level of sovereignty, available certifications, technical capabilities, reversibility, the availability of private cloud or on-premise options, the existence of air-gapped environments, the quality of support, and compatibility with existing tools.

The most common mistakes include choosing a provider out of habit, focusing solely on price, or confusing data localisation with legal sovereignty.

Another recurring mistake is overestimating the complexity of migration. In many cases, a test or a Proof of Concept is sufficient to validate feasibility.

A simple method for choosing the right cloud solution

The most effective approach consists in:

This approach provides a balanced view of security, compliance, performance, and sustainability.

What Clever Cloud brings to these challenges

Clever Cloud is a European hosting provider certified ISO/IEC 27001:2022 and HDS, offering public cloud, private cloud, on-premise and air-gapped environments. For highly regulated requirements, a zone already qualified SecNumCloud is available on request through our partnership with Cloud Temple. This makes it possible to meet “trusted cloud” requirements while benefiting from the Clever Cloud platform.

The platform follows a security-by-design approach based on environment isolation, system hardening, strong authentication, and built-in observability.

Automated deployments, automatic scaling (auto-scaling), and self-healing mechanisms reduce operational effort and limit human error.

Data remains hosted in Europe, and data portability is ensured, with no proprietary lock-in.

Support is human-led and provided from France.

Finally, for public organisations that rely on pooled public procurement frameworks, it is worth noting that Clever Cloud is listed on the “Nuage Public” (UGAP) framework. Public administrations can therefore subscribe to our services within an already validated public purchasing framework, simplifying administrative procedures and accelerating service deployment.

Towards a secure, sovereign, and sustainable public cloud

For a public administration, choosing a secure cloud solution means finding the right balance between sovereignty, compliance, technical security, productivity, and cost control.

By relying on clear criteria and official reference frameworks (ANSSI, ISO, GDPR, HDS), it becomes possible to select a solution genuinely suited to the needs of the public sector—one that can ensure both service continuity and the protection of citizens’ data.

Would you like to evaluate a sovereign and automated cloud platform?

Contact us