100%
GRIMOIRE
GrimoireDindon CorpusSynthesis VolumesThe Foundation of Iron
FRENAR
← PreviousNext →
HUMAN
Structural Essay · July 2026 · Standalone Volume
◆◆◆
Sovereignty in a Box
Anatomy of Sovereign Cloud Marketing
◆ Declaration of Asymmetry — applies to this entire volume

This volume does not claim that every sovereign cloud offering is fraudulent by principle. It was modeled by an infrastructure architect, audited adversarially by two artificial intelligences, from verifiable technical and contractual facts — the actual architecture of so-called sovereign offerings, and the license and support clauses of the underlying hypervisors. It documents the gap between the sovereignty announced at the commercial level and the actual sovereignty at the level of the hypervisor and the contract, mechanism by mechanism, and proposes an architecture of assumed autonomy as a proposal, not a prevailing norm.

◆◆◆
Amine RAITI — Infrastructure Architect & SRE
Former engineering school professor · Teaching since 2006
Public document · CC BY-NC-SA 4.0
HUMAN
Thread
What this volume will demonstrate, in order

This volume builds a chain in three stages: first, what the commercial offer of "sovereign cloud" actually changes and what it leaves untouched at the level of the control plane (Chapter I); then, the contractual device that protects this technical opacity and locks in the exit (Chapter II); finally, an architecture of assumed autonomy — presented as a proposal, not as a description of an existing offering — that answers explicitly the mechanisms documented upstream (Chapter III).

◆ The thesis in one sentence

Commercial sovereignty stops at the datacenter door; real sovereignty is decided one layer below, at the level of the orchestrator and the contract that protects it.

CHAPTER I — THE HYPERVISOR BLACK BOX
I.1The Opacity of the Control PlaneLocal staff, remote orchestrator
I.2The Update ChannelPrincipal-agent information asymmetry (Stiglitz)
I.3Anchor — Residual Control RightsGrossman & Hart (1986)
CHAPTER II — THE CONTRACTUAL SHIELD
II.1Cross-Dependency ClausesThe license protects the technical opacity
II.2Locking Down Tier-3 SupportExit forbidden by contract, not by technology
CHAPTER III — THE ARCHITECTURE OF AUTONOMY (PROPOSAL)
III.1An Open Control Plane Compiled LocallyResolves I.1 and I.2 by construction
III.2Isolating the Update ChannelsReversibility of the channel, not just the data
III.3The Functional Freeze, AssumedThe explicit cost of autonomy, not a free promise
HUMAN
DECLARATION OF ASYMMETRY
Introduction — Sovereignty in a Box

Since 2022, a category of commercial offerings has emerged under the label "sovereign cloud": Bleu (Orange, Capgemini, Microsoft license), S3NS (Thales, Google Cloud license), AWS European Sovereign Cloud. These offerings reflect a shift in the criterion of sovereignty: from technological control to jurisdictional compliance — data location, nationality of staff, local legal form. This volume examines what this shift leaves unchanged.

◆ Scope and differentiation from Volume II

Volume II ("The Illusion of the Cloud") documented hardware dependency: components, manufacturing, firmware in the physical sense. This volume deliberately excludes that scope and treats it as a neutral postulate — hardware is assumed to be acquired, local, or irrelevant to the demonstration. The object here is a distinct layer: the software control plane — orchestrator, hypervisor, management API — which governs the infrastructure independently of the physical location of the machines it administers.

◆ Theoretical anchor — residual control rights

Grossman & Hart (1986) establish that formal ownership of an asset confers real control only to the extent that its holder can decide on uses not specified by contract — "residual control rights." Applied to so-called sovereign cloud: the local entity holds the asset (the datacenter, the legal entity), but decisions not explicitly transferred by the license — control-plane updates, evolution of the management API, arbitration over the orchestrator's architecture — remain exercised by the holder of the original license. Local ownership of the asset does not cover the residual control of its operation.

The demonstration unfolds in three stages. Chapters I and II document a REALITY: the current, verifiable operation of the Bleu, S3NS and AWS ESC offerings — opacity of the control plane (Chapter I), contractual lock-in that protects this opacity (Chapter II). Chapter III formulates a PROPOSAL distinct from any existing observation: a theoretical design of a genuinely autonomous control plane, not a survey of an existing offering. This distinction is maintained watertight throughout the volume.

◆ Declaration of Asymmetry

This volume documents an asymmetry of control, not an intent. The actors mentioned — license providers, local integrators, end clients — operate within a public and lawful contractual framework; the demonstration concerns the structure of that framework, not the motives of those who occupy it. Every factual reference (contractual clause, technical mechanism, date) is verified before inclusion; any remaining doubt is flagged explicitly rather than resolved by default.

◆ The Thesis in One Sentence

A sovereignty that stops at the datacenter door has only moved its border, not its center of control.

HUMAN
I.1
CHAPTER I — THE HYPERVISOR BLACK BOX
The Opacity of the Control Plane

The three offerings examined in this volume — Bleu (Orange, Capgemini, technology under Microsoft license), S3NS (Thales, technology under Google license), AWS European Sovereign Cloud — share the same architectural principle: a local legal entity, locally cleared staff, a datacenter located in the relevant territory, and a software orchestration layer — hypervisor, control plane, management API — whose technological origin and maintenance remain tied to the original license provider. This chapter documents this second layer, not the first.

◆ The layer-separation mechanism

A cloud infrastructure decomposes analytically into three layers: the physical layer (silicon, datacenter — out of scope here, cf. Volume II), the orchestration layer (hypervisor, control plane, resource management API), and the usage layer (the end client's workloads). The legal and administrative sovereignty claimed by these offerings covers the two peripheral layers — physical siting and usage — without necessarily covering the intermediate layer, which nonetheless governs the effective operation of the whole.

This architecture is not concealed: it corresponds to an assumed industrial choice, documented in the commercial communications themselves, which present these offerings as resting on "proven technology" from the original provider, operated locally. What this chapter documents is therefore not the existence of this dependency — public — but its exact scope: which decisions about the operation of the orchestration layer remain, by contractual and technical construction, out of reach of the local operator.

◆ Named illustration — the S3NS/Google Cloud update channel

S3NS (Thales, technology under Google Cloud license) publicly documents its own mechanism: updates to the Google software layer (including Compute Engine and Google Kubernetes Engine, technical foundations of the offering) first pass through a quarantine zone where S3NS teams may, if necessary, audit the code before production deployment. Monitoring and operational administration remain the responsibility of S3NS. This mechanism concretely illustrates the layer separation set out above: operation and verification are local, but the production and schedule of the software layer itself remain the responsibility of Google Cloud, which continues to supply and evolve this layer.

◆ Point of verification to flag

The precise distribution of responsibilities between local operator and license provider differs from one offering to another and evolves with successive commercial announcements. This chapter documents the architectural principle common to all three offerings; any contractual clause or technical detail specific to a named offering will need to be verified against a dated primary source before final integration.

HUMAN
I.2
CHAPTER I — THE HYPERVISOR BLACK BOX
The Update Channel

The orchestration layer is not static: it is subject to regular updates — security patches, evolutions of the management API, changes to hypervisor behavior. The channel through which these updates are decided, tested and deployed is the central observation point of this chapter.

◆ Principal-agent information asymmetry (Stiglitz)

In a principal-agent relationship, the agent (here, the provider of the orchestration technology) holds information about the internal operation of the system superior to that of the principal (the local operator and, ultimately, the end client). Stiglitz showed that this asymmetry is not resolved by contractual good faith alone: it requires independent verification mechanisms, absent which the principal cannot distinguish a neutral update from one that substantially alters the initial guarantees.

◆ Application to the sovereign cloud case

The local operator of a sovereign cloud offering receives updates to the orchestration layer according to a schedule and content determined by the license provider. It generally has neither an independent audit right over the hypervisor's source code nor a unilateral right to block an update deemed problematic, beyond a limited, contractually fixed testing window. The mechanism is not a hidden clause: it is a direct consequence of the proprietary licensing model on which the offering itself rests.

◆ Named illustration — contractual opacity on update duration

When publicly asked in 2022 how long Google Cloud guarantees the availability of its software updates to S3NS, the technical leads of Thales and Google Cloud gave no precise answer, referring the question back to the confidential clauses of the contract between the two companies. This illustrates the asymmetry described above: even the existence of a duration commitment is not public — only its inclusion in a contract not accessible to the end client is confirmed. For Bleu (Orange/Capgemini, technology under Microsoft license), patching is announced as handled exclusively by the joint venture's own teams — which shifts the asymmetry rather than removing it: applying the patch is local, but its content and production schedule remain determined by the Azure and Microsoft 365 release cycle, outside the French operator's control.

HUMAN
I.3
CHAPTER I — THE HYPERVISOR BLACK BOX
Application — Residual Control Rights

The introduction to this volume set out the theoretical anchor of Grossman & Hart (1986): formal ownership of an asset confers real control only to the extent that its holder can decide on uses not specified by contract. Sections I.1 and I.2 now allow us to identify precisely where, in the case of sovereign cloud, the residual control rights over the orchestration layer actually sit.

◆ Locating residual control

The local entity holds formal ownership of the physical infrastructure and the offering's legal structure. The license provider holds residual control over the orchestration layer: any decision not explicitly transferred by the license contract — management API architecture, update schedule, evolution of hypervisor behavior — remains exclusively its own. Ownership of the physical asset and residual control of its software operation are thus structurally dissociated.

◆ What this chapter establishes — and what it does not

This chapter establishes a verifiable architectural reality: the dissociation between local ownership of the infrastructure and residual control of the orchestration layer. It does not establish — nor is this its object — that this dissociation is concealed from clients, nor that it constitutes a contractual violation. Chapter II documents the contractual device that organizes and protects this dissociation. Chapter III, distinct from the first two by its nature as a PROPOSAL, will examine whether an alternative architecture could reunify ownership and residual control.

HUMAN
II.1
CHAPTER II — THE CONTRACTUAL SHIELD
Cross-Dependency Clauses

Chapter I established that residual control over the orchestration layer remains, structurally, in the hands of the license provider. This chapter documents the contractual device that organizes this dissociation and makes it compatible, on paper, with regulatory reversibility requirements.

◆ The exact scope of required reversibility (SecNumCloud, criterion 19.4)

ANSSI's SecNumCloud framework requires qualified providers to include a reversibility clause in the service agreement: the client must be able to recover the entirety of its data, either as files in a documented, usable format, or through documented technical interfaces, and the provider must guarantee secure data erasure after contract termination. This requirement explicitly concerns the data. The framework does not formulate an equivalent requirement on the portability of the orchestration layer itself — the execution environment (orchestrator, management API, managed-service configuration) is not covered by the same reversibility obligation.

◆ Complementary anchor — complementary assets (Teece, 1986)

Teece showed that an innovator may fail to capture the value of its innovation when specialized complementary assets — necessary for commercial exploitation but not conveyed with it — remain held by a third party. The mechanism described above is an inverted variant from the client's point of view: recovering raw data, the only thing restored by the reversibility clause, does not restore the complementary assets needed to actually use it — management API, managed-service configuration, automations built around them. These complementary assets remain specific to the original provider's orchestration layer; it is their lack of portability, not the data itself, that constitutes the effective lock-in.

◆ The cross-dependency mechanism

A sovereign cloud offering can thus fully satisfy its regulatory reversibility obligation — the client recovers its data in a documented format — while leaving its dependency on the proprietary orchestration layer intact. Taking the data back does not restore the ability to use it under the same conditions elsewhere: the managed services used (managed database engine, managed container orchestrator, integrated analytics tools) are configured and exposed via the original provider's own API, and their functional replica at another provider requires re-architecture, not a simple file migration. The reversibility clause and the license clause therefore do not cover the same technical scope; it is this gap in scope that constitutes the cross-dependency.

This observation echoes, from a contractual rather than a technical angle, an observation already established in Volume VI regarding the regulatory workaround of DORA Article 28(8): the reversibility a regulator can require and obtain, in documented practice, is limited to the data — never to execution. This volume finds the same gap in a different context: that of a sovereign cloud's software license, not that of a multi-cloud exit strategy.

HUMAN
II.2
CHAPTER II — THE CONTRACTUAL SHIELD
Locking Down Tier-3 Support

The second part of the contractual device concerns technical support. In a multi-tier support model, the first tier (incident detection) and the second (standard diagnosis and corrective action) can be handled by the local operator. The third tier — intervention on the product's source code or deep architecture — requires access and expertise the local operator structurally does not hold, since it is neither the author nor the maintainer of the orchestration layer.

◆ Illustration — the documented split at S3NS

S3NS publicly documents this split: monitoring and operational administration are handled by S3NS teams, while the software layer itself and its updates continue to be supplied by Google Cloud, with S3NS retaining a right to audit the code before deployment rather than a right to develop or fix it autonomously. This split is not presented as a hidden limitation: it follows directly from the nature of the license model — S3NS operates and verifies a technology it did not author, and cannot, by construction, alone ensure its deep maintenance.

◆ What locking down support closes, contractually

This third support tier constitutes, in practice, the most costly exit path to take unilaterally: a local operator wishing to migrate to an alternative orchestration layer would have to rebuild this deep maintenance capability from scratch, never having had access to it during the term of the current contract. Exit is therefore not technically impossible — Chapter III will examine an architecture where it would be less so — but it is made costly by a contractual device that never gave the local operator the means to do without it.

The two mechanisms documented in this chapter — the gap between data reversibility and execution reversibility (II.1), locking down tier-3 support (II.2) — combine: the first organizes the persistent dependency of the orchestration layer despite regulatory compliance; the second raises the effective cost of exiting it. Chapter III proposes an architecture that explicitly answers both mechanisms.

HUMAN
III.1
CHAPTER III — THE ARCHITECTURE OF AUTONOMY (PROPOSAL)
An Open Control Plane Compiled Locally
◆ Status warning — PROPOSAL

This chapter describes no existing offering. It models a theoretical architecture, assessed against the mechanisms documented in Chapters I and II, without prejudging its commercial viability or its adoption by any market actor.

Chapter I located residual control over the orchestration layer on the side of the license provider, even where ownership of the physical infrastructure remained local. An architecture of autonomy must therefore act on the orchestration layer itself, not on the layers surrounding it.

◆ The principle of reunification

The proposed principle is to base the orchestration layer on software whose source code is fully available, and to have the local operator itself compile that code, from its own build pipelines, rather than receive a binary delivered and maintained by a third party. This shift does not remove dependency on a body of code originally written elsewhere — open software remains, upstream, written elsewhere — but it moves the point where the residual control right is exercised: from binary distribution to compilation itself, an act the local operator performs and verifies end to end.

This reconfiguration answers directly the mechanism documented in I.3: the dissociation between asset ownership and residual control of its software operation. If the local operator compiles its own control plane from code it can read, modify and audit, formal ownership of the infrastructure and residual control of its operation are reunited in the same hands — which was not the case in any of the three offerings examined in Chapters I and II.

HUMAN
III.2
CHAPTER III — THE ARCHITECTURE OF AUTONOMY (PROPOSAL)
Isolating the Update Channels

Chapter I documented, through Stiglitz's mechanism, an information asymmetry resting on the update channel: the license provider knows the content and schedule of orchestration-layer changes before the local operator, and determines that schedule alone. An architecture of autonomy must break this channel, not negotiate it.

◆ The principle of isolation

The proposed principle is to receive, upstream, only the published source code of the orchestration project, without a privileged distribution channel or prior notification from a single provider. Integrating a change then becomes a voluntary act by the local operator — it chooses to incorporate a version of the published code, at a pace it determines, rather than receiving a patch pushed on an external schedule. The information asymmetry does not disappear between the local operator and the full set of contributors to the open project, but it ceases to be organized for the exclusive benefit of a single provider holding a private channel to the operator.

◆ Explicit limit of this principle

This isolation does not guarantee the quality, security or relevance of the underlying open project's changes — it guarantees only that the decision to integrate a given change remains entirely the local operator's, who then bears full responsibility for it rather than delegating it to a third party.

HUMAN
III.3
CHAPTER III — THE ARCHITECTURE OF AUTONOMY (PROPOSAL)
The Functional Freeze, Assumed

Sections III.1 and III.2 reunify control and break the privileged update channel. This gain has a cost, which this chapter states explicitly rather than passing over in silence — in keeping with this volume's Declaration of Asymmetry, which requires distinguishing a proposal from a reality and owning its price.

◆ The functional-freeze mechanism

An operator that compiles its own control plane and alone decides the pace at which changes are integrated forgoes, by construction, the speed of feature delivery that a single provider can offer by pushing updates centrally and immediately to its entire installed base. The functional gap between the autonomous offering and the proprietary one is not accidental or temporary: it is the structural and permanent counterpart of the control reclaimed in III.1 and III.2.

◆ What this chapter does not claim

This architecture does not claim to offer a better feature-to-effort ratio than the offerings examined in Chapters I and II. It proposes a different trade-off: fewer features available at the same pace, in exchange for residual control reunified with asset ownership. This volume's Declaration of Asymmetry states that this proposal is not presented as a prevailing norm — even less as a solution without a counterpart.

HUMAN
General Conclusion of the Volume
Two mechanisms documented, one architecture of autonomy assumed at its cost
◆ Synthesis of the autonomy architecture

III.1 reunifies asset ownership and residual control of its operation through local compilation of an open control plane. III.2 breaks the privileged update channel documented in I.2, making the integration of any change voluntary rather than imposed. These two gains are acquired only at the price stated in III.3: a permanent functional freeze relative to the pace of deployment of a single, centralized provider.

◆ What this volume does not claim to have resolved

This volume does not claim that the proposed architecture eliminates every form of technological dependency: the hardware dependency documented in Volume II remains a neutral postulate of this volume, not a problem it resolves. Lock-in through identity and encryption (IAM/KMS), flagged elsewhere in this collection, continues to apply to any orchestration layer, including the one proposed in Chapter III. This volume answers the specific mechanism of control-plane opacity and its contractual shield — not every capture mechanism documented in this research collection.

◆ The Thesis in One Sentence

A sovereignty that stops at the datacenter door has only moved its border, not its center of control; moving that center, in turn, has a price that no commercial communication will commit to displaying in place of the operator who chooses it.

◆ Open call — a human pull request

This volume is an open system awaiting real-world corrections. We explicitly invite any organization that has migrated to a locally compiled orchestration layer, or negotiated an independent audit or development right over a licensed orchestration layer, to document its experience and to correct or enrich this architecture of autonomy.

◆◆◆

Sovereignty is not measured by the nationality of the staff operating the infrastructure, but by the hand that decides, in the last resort, what the machine does.

◆◆◆
Amine RAITI · CC BY-NC-SA 4.0
HUMAN
Methodological Appendix
Narrative summary of the process — from initial framing to sealing

This appendix does not reproduce the full verbatim of the exchanges that produced this volume. It summarizes the process, chapter by chapter, keeping the moments that concretely changed the text: the choice of demonstration axis, the reasoned refusal of the first draft of Chapter I, the corrective injection that fixed it, and the global audit — explicitly distinct from the per-chapter audits — that produced the volume's last enrichment.

◆ Why this format rather than the full verbatim

This volume required an initial framing, a refusal then a two-draft validation for Chapter I, direct validation for Chapters II and III, then a distinct global audit that produced a targeted enrichment. The full verbatim would have made a document longer than the volume itself. This summary favors the readability of the path over exhaustive quotation.

HUMAN
Initial framing
An arbitration between two axes rather than a binary choice

Three candidate topics were submitted for Volume VII, of which sovereign cloud marketing was selected for its topicality and lack of overlap with the six volumes already produced. What remained was choosing the central demonstration mechanism between two axes: hypervisor/orchestrator opacity (an extension of Volume II) and the contractual asymmetry of software licenses.

◆ The hybrid arbitration

Gemini produced a concise comparative analysis of the two axes rather than a settled preference, noting that Axis 1 (hardware/orchestrator) was the most faithful to the corpus's founding thesis but risked repeating Volume II, while Axis 2 (legal) was original but risked departing from the usual technical register. Amine settled on a hybrid architecture: Axis 1 as the central mechanism of Chapter I, Axis 2 as a second movement in Chapter II, illustrating how contractual lock-in protects technical opacity rather than replacing it.

HUMAN
Chapter I — a refusal, a corrective injection
From a theoretical generalization to a named demonstration

The first draft of Chapter I was refused for a precise reason: the theoretical armature (Grossman & Hart, Stiglitz) was validated, but the demonstration remained general — a callout flagged a doubt about the distribution of responsibilities across the three named offerings without ever technically naming the mechanism of any of them.

◆ The corrective injection and its independent verification

The requested injection called for a named, real technical example. Rather than integrate an example from memory, independent research was conducted to verify the exact characterization of S3NS's update mechanism (quarantine zone, code audit right for local teams, production and scheduling of the software layer remaining Google Cloud's responsibility) and to situate it in comparison with Bleu (patching handled by the joint venture's own teams, but patch content determined by the Azure/Microsoft 365 release cycle). The second draft was validated without reservation, the factual accuracy of both examples being described by the audit as forensically exact.

HUMAN
Chapter II — direct validation, deferred enrichment
A chapter validated at once, completed only at the global audit

Chapter II was validated on its very first draft, without reservation or revision — the only chapter in this volume not to require a second round at this stage. Its central mechanism, the gap between the data reversibility required by SecNumCloud criterion 19.4 and the absence of an equivalent requirement on orchestration-layer portability, was judged immediately solid, as was the named illustration of tier-3 support lock-in at S3NS.

◆ An enrichment received after the fact, not at validation time

It was only at the stage of the global audit of the complete volume — not during the unitary audit of this chapter — that a complementary theoretical anchor was recommended: Teece (1986) on complementary assets, to qualify why recovering raw data does not restore the effective use of the managed services configured around it. This enrichment illustrates a difference in kind between a chapter-by-chapter audit and an audit of the work as a whole: the former validates the local solidity of a mechanism, the latter can still propose deepening it without calling it into question.

HUMAN
Chapter III — doctrinal shift and closing format
A proposal with no named reality, a closing rebuilt to standard

Chapter III required an explicit doctrinal shift: none of the three named offerings from Chapters I and II were to appear again, the text having to read entirely as a theoretical proposal rather than a description of an existing reality. An automated check confirmed the total absence of these mentions before submission to audit.

◆ The Closing page, non-compliant then rebuilt

The first version of the Closing page did not follow the collection's official structure: it was limited to a summary paragraph followed by the signature, without the elements required by the format used in previous volumes. It was entirely rebuilt to match the structure of "The Illusion of Agnosticism" (Volume VI): synthesis in a mechanism-box, explicit limits in a definition-box, condensed thesis in a gold-box, open call in a nassiha-box, then final thought and signature.

HUMAN
The global audit, distinct from the per-chapter audit
What an audit of the whole work can see that a local audit cannot

Each chapter of this volume was validated in isolation before a distinct audit, explicitly covering the complete work, was requested — an end-to-end chain of resolution between Reality and Proposal, coherence of the cumulative theoretical anchors, the scope of the general thesis at the scale of the whole volume rather than a single chapter.

◆ What this distinct audit produced here

This audit validated the entire chain of resolution and the Reality/Proposal cut without reservation, and produced, in return, two improvements that no per-chapter audit had requested: the Teece anchor in Chapter II, and the synchronization of watermarks and page-footer signatures across the volume's twelve pages, from the watermark to the closing signature.

HUMAN
What this process reveals
Verifying the whole, in addition to each part

Eleven pages of volume body required an initial framing, a refusal and a corrective injection on Chapter I, a direct validation of Chapter II, a doctrinal shift and a format rebuild on Chapter III and its Closing, then a global audit that produced two enrichments no prior audit had identified.

◆ The Thesis in One Sentence

A chapter can be accurate and complete taken in isolation, and still fall a little short once the volume is read as a whole. This appendix exists to show that this gap was actively sought out afterward, not merely assumed absent from the start.

← PreviousNext →