How Thales and Google Cloud are responding to growing demands for resilience, compliance and digital sovereignty with a sovereign cloud solution in Germany
The debate surrounding digital sovereignty has undergone a fundamental shift in Europe in recent years. What was long regarded primarily as a political or regulatory issue is increasingly becoming a strategic infrastructure question for business, government and operators of critical infrastructure. In particular, geopolitical tensions, stricter compliance requirements and the growing importance of cloud and AI technologies mean that questions of data control, operational independence and resilient infrastructure models are coming to the fore.
Against this backdrop, the partnership between Thales and Google Cloud, which has now been announced, takes on particular significance. Both companies aim to establish a sovereign cloud solution in Germany that is specifically tailored to the requirements of highly regulated sectors and public institutions. This is not merely a matter of technological capability, but above all a combination of hyperscale cloud technology, local control and regulatory protection against extraterritorial access.
Digital sovereignty is becoming an infrastructure issue
The debate surrounding sovereign cloud models is closely linked to the increasing dependence of European organisations on international cloud platforms. Today, companies, public authorities and KRITIS operators require highly scalable digital infrastructures; at the same time, however, the demands regarding data protection, compliance and legal control are rising.
From a European perspective, the potential reach of non-European legislation over stored or processed data is particularly problematic. This is precisely where the approach of the new cloud structure comes in. The planned solution is to be operated on a dedicated infrastructure managed by an independent German company under the full control of Thales.
According to the companies, this new entity is to be organised as a legal and operationally independent entity from Google Cloud. Furthermore, it is to be operated and managed exclusively by German staff. The aim is to ensure that sensitive data remains protected from extraterritorial access.
Hyperscale technology under local control
The partnership highlights a fundamental shift within the European cloud market. Whilst European organisations rely on modern AI, data and cloud technologies, there is a growing desire for local control over critical digital infrastructure.
The new model seeks to combine precisely these two requirements: the scalability and speed of innovation of a hyperscaler with the security and sovereignty requirements of regulated European markets.
This is by no means a purely technical issue. Rather, cloud sovereignty is increasingly becoming an economic and security policy factor in location decisions. Germany in particular plays a central role here, as many companies and public authorities place high demands on data protection, traceability and regulatory compliance.
C5 and C3A as regulatory benchmarks
A decisive factor for the acceptance of such models lies in regulatory interoperability. The new solution is to be designed to meet requirements such as the BSI C5 standard and the new German C3A framework.
Particularly in the public sector and in highly regulated industries such as healthcare, finance or critical infrastructure, such certification and compliance requirements are increasingly regarded as a prerequisite for cloud transformations.
This is simultaneously changing the competitive landscape in the cloud market. Market opportunities are no longer determined solely by computing power or scalability, but increasingly by the ability to credibly meet regulatory and sovereignty-related requirements.
European geo-redundancy as a resilience strategy
The planned establishment of a geo-redundant sovereign cloud architecture between Germany and France deserves particular attention. The new German region is set to form a pan-European infrastructure model in collaboration with PREMI3NS from S3NS – Thales’ sovereign cloud subsidiary in France.
This creates a cross-border disaster recovery approach within Europe, designed to address high demands on sovereignty and operational resilience simultaneously.
This combination is becoming increasingly important, particularly for KRITIS operators or organisations with high availability requirements. Today, resilience is no longer defined exclusively by physical redundancies, but increasingly by digitally secured, geographically distributed operating models.
The planned structure exemplifies how European cloud strategies are increasingly geared towards resilience, reliability and regulatory control.
Healthcare and the financial sector as drivers
Reactions from regulated sectors highlight just how great the demand for such models has become. The healthcare and financial sectors, in particular, are under intense pressure to innovate, whilst simultaneously facing particularly high regulatory requirements.
Cloud and AI technologies are regarded there as the central foundation for future digitalisation projects – for instance, for data-intensive analyses, modern administrative processes or intelligent assistance systems. At the same time, control over sensitive data remains a critical factor.
University hospitals, health insurers and financial market players in particular require highly scalable digital platforms without incurring regulatory or data protection risks. Sovereign cloud structures are designed to close precisely this gap.
Cloud sovereignty as a prerequisite for AI transformation
The partnership also demonstrates how closely cloud and AI strategies are now intertwined. Modern AI applications require enormous computing capacities, scalable data platforms and highly available cloud infrastructures.
This is precisely why the question of sovereign, AI-capable cloud architectures is becoming increasingly important. European organisations want to utilise modern AI technologies whilst retaining control over sensitive data and critical processes.
The new model thus addresses a core conflict of digital transformation: enabling innovation and regulatory control simultaneously.
The market for sovereign cloud is consolidating
This development also points to a structural shift within the cloud market. Whilst traditional public cloud models have long been dominant, a hybrid market comprising sovereign, regulated and locally controlled cloud structures is increasingly establishing itself.
This is giving rise to new cooperation models between global hyperscalers and European technology and security firms. The aim is to combine the speed of innovation with regulatory trustworthiness.
Companies such as Thales in particular are benefiting from their many years of experience in security-critical sectors such as defence, aerospace, digital identities and cybersecurity. This expertise is increasingly becoming a decisive factor for sovereign cloud offerings.
Europe seeks digital autonomy
The strategic significance of such partnerships extends far beyond individual cloud projects. Europe is increasingly seeking to strengthen its digital autonomy in the face of geopolitical and technological dependencies.
Cloud infrastructures are evolving into critical components of governmental, economic and societal resilience. The ability to operate data, AI processes and digital operational structures under one’s own regulatory control thus becomes a matter of strategic sovereignty.
The cooperation between Thales and Google Cloud exemplifies the direction in which the market is moving: away from purely globalised standard cloud models, towards regionally controlled, regulatory-compliant and resilience-oriented infrastructure architectures.
For Europe in particular, this could become a decisive model for the next phase of digital transformation – especially at a time when cloud technology, AI, cybersecurity and geopolitical stability are becoming increasingly intertwined.
