To understand why such a mechanism is necessary, it is enough to look at what has already happened. In 2023, a French data-management software vendor with more than fifteen years on the market was acquired by an American investment fund specialising in technology assets. A perfectly legal transaction, yet one that illustrates a risk few organisations anticipate: the moment a European technology player comes under non-European control. For customers who had made this choice partly for reasons of legal proximity or data governance, the acquisition raised a question their existing contracts did not address. Not the portability of data, but the durability of sovereignty.
This case is not isolated. It is structural.
For several years, public administrations, critical sectors and strategic players have sought to reduce their technological dependencies by favouring European providers. Hosting in Europe, workforce, decision-making headquarters and most R&D in Europe, European jurisdiction, control of capital: these criteria have become reflexes. Legitimate and necessary.
But they all answer the same question: who is this provider today?
Rarely another, equally essential one: who will it be tomorrow?
Sovereignty assessed at a single point in time
When an organisation chooses a European cloud provider, it generally checks where the data is hosted, which jurisdictions apply, who controls the company, and which certifications are held. These criteria make it possible to assess the present situation.
But the digital industry is structurally marked by constant consolidation. A company that is independent today may change hands within five years. In that scenario, the guarantees originally sought can shift profoundly, without the physical infrastructure changing by a single byte.
The servers stay in Europe. The data continues to be stored there. The contracts remain in force. But the centre of decision-making, the strategic direction and effective control of the technology can move outside the European perimeter.
An economic model that amplifies the risk
The issue is also macroeconomic. Part of the sovereignty risk comes not only from the technology, but from how certain digital companies are funded and valued.
European players, sometimes backed by public funding, innovation support schemes or the confidence of national institutions, can be built with an implicit trajectory of resale to private equity funds or non-European groups. In that scenario, the management of critical data, initially presented as a sovereign service, gradually becomes a marketable asset that can be transferred to non-European interests.
The Ultimate Sovereignty Clause is not intended to prohibit such transactions or to impose a general constraint on the market. Its purpose is to introduce an explicit and verifiable commitment that distinguishes companies genuinely committed to sovereignty over the long term from those whose model ultimately rests on the possible sale of a strategic dependency.
What conventional reversibility does not cover
The usual answer to digital dependency is reversibility: assuring customers they can retrieve their data if they decide to change provider. This is a necessary protection, and it can be sufficient for data of low sensitivity. But as criticality rises, reversibility alone is no longer enough. It must be paired with guarantees set at a credible level of proportionality, meaning commitments whose strength matches the sensitivity of the data involved.
A digital platform is more than the data it hosts. It runs on software, deployment tools, orchestration mechanisms, operating procedures, documentation and configurations. In many cases, retrieving the data without access to this technical environment is not enough to rebuild a working service.
The real dependency is not on the data. It is on the ability to operate the platform as a whole.
The Ultimate Sovereignty Clause
To address this, Clever Cloud has designed a new contractual mechanism for contracts covering critical or sensitive public services: the Ultimate Sovereignty Clause.
The principle is simple. If control of a European provider passes to a non-European entity, the mechanism triggers automatically, with no formality or external approval. Concretely, if Clever Cloud were to come under the control of a non-European player, the continuity rights defined in the contract would become exercisable by the designated public beneficiary: a government body, a local authority, a public institution or a European public operator. Where the takeover requires specific technical expertise, this beneficiary can appoint an authorised European operator, bound by the security and confidentiality requirements set out in the contract.
Within this framework, the technical elements identified as necessary to resume the service (certain software components, deployment scripts, orchestration elements, technical documentation and operating procedures) can be mobilised to organise temporary continuity or a controlled migration to a European solution.
One important clarification: the Ultimate Sovereignty Clause does not replace existing guarantees, it extends them. A SecNumCloud-qualified or GDPR-compliant provider already offers solid sovereignty guarantees during the term of the contract. What these schemes do not cover is what happens after a change of control, and that is precisely the risk the Ultimate Sovereignty Clause addresses. It does not make Clever Cloud’s code open source and involves no general handover of production keys or secrets.
A logic of resilience, not portability
The distinction matters. Conventional reversibility is a logic of exit and migration: it sets the conditions under which a customer can leave a provider or move their service to another. The Ultimate Sovereignty Clause is a logic of continuity: it ensures the service can keep running within a controlled framework, even in a scenario of major disruption. It does not seek to prohibit an acquisition or to call into question the freedom of capital transactions: an acquirer can buy the company, but cannot use that acquisition to block or capture a sovereign dependency built around public services.
This approach is part of current debates on digital resilience, alongside requirements of security, compliance and availability. The Ultimate Sovereignty Clause raises a further question: can an organisation maintain its operational autonomy if its provider changes structurally?
A mechanism designed to become a standard
Clever Cloud designed this mechanism for its own contractual commitments. But the ambition goes further.
The Ultimate Sovereignty Clause is designed to be replicable by any European provider that wants to ground its customer relationships in lasting trust. It is meant to fit into existing digital-resilience frameworks, supplier-dependency assessment criteria, and the sovereignty doctrines advanced by institutional bodies in each sector.
A company that accepts this kind of commitment sends a clear signal: its value does not rest on the prospect of a future sale to a foreign player, but on a long-term model built on service continuity and trust.
Digital sovereignty is not measured only by where the data sits today. It is also measured by the ability to ensure that critical infrastructure remains controllable, whatever the ownership future of those who operate it.