Tech dependencies & sovereignty

Fundamental often-ignored distinction: French hosting = physical server located in France (AWS Paris still subject to US law via Cloud Act), digital sovereignty = French company + French host + tech chain without GAFAM (complete legal protection). FileVert = French company, Scaleway/OVH France hosting exclusively, no US tech dependency, guaranteed Cloud Act protection. Server location ≠ real legal protection.

US Cloud Act (Clarifying Lawful Overseas Use of Data Act) 2018: law allows US government to demand access to data held by US company, regardless of physical server location (AWS Paris = subject despite France datacenter), bypasses European GDPR protection, no user recourse if secret requisition. Concrete impact: WeTransfer (AWS), Dropbox, OneDrive = exposed even with declared EU hosting. FileVert = French company, French infrastructure, French jurisdiction = total Cloud Act immunity.

Yes, verifiable complete sovereignty: French company (SARL under French law), Scaleway France and OVH France hosting exclusively (Paris/Roubaix datacenters), open-source tech stack without GAFAM dependency, no US cloud service in chain (neither AWS, nor Azure, nor Google Cloud), total GDPR compliance with French DPO. Unlike "French" competitors using AWS/Cloudflare under the hood, FileVert = total transparency with public consultable infrastructure.

No, dangerous false sovereignty: French company + AWS = Cloud Act exposure despite France/EU server location, AWS remains US company subject to US legislation overriding GDPR, US government requisition can force Amazon to disclose data without user information. Market examples: Smash (AWS), Lockself (AWS mix + others), TransferNow (CloudFlare + Google) = all exposed. True sovereignty requires French host (Scaleway, OVH, Outscale) + French company = FileVert.

Sovereignty verification checklist (priority order): 1) Check ToS/legal mentions = legal company nationality, 2) Verify declared infrastructure (often security/infrastructure section), 3) Look for certifications/labels (ANSSI SecNumCloud = French gold standard), 4) Contact support requesting exact hosting clarification, 5) Beware marketing "data in France" without specifying host. Red flags: lack of hosting transparency, undeclared Cloudflare/AWS use, French headquarters but vague infrastructure. FileVert = total public transparency.

Real legal and business risks: industrial espionage exposure via foreign government requisitions, GDPR non-compliance if transfer outside EU/US without guarantees (fines up to 4% global revenue), sensitive data confidentiality violation (finance, health, defense, HR), loss of control over company IP/strategic data, compliance audit difficulties with opaque solutions. Critical sectors (health, finance, defense, government) = strict sovereignty requirement. FileVert solves these risks radically.

Certification process underway: ANSSI SecNumCloud file (French sovereignty strict reference) preparation 2025, existing complete GDPR compliance with dedicated DPO, infrastructure compliant with France Relance digital sovereignty criteria, Scaleway/OVH hosts ISO 27001 certified, HDS (Health Data Hosting) possible via OVH infrastructure. Immediate transparency: public consultable tech stack, infrastructure declared in ToS, no opaque third-party service. Formal certifications = external validation of already applied approach.

Yes for majority sensitive uses: confidential business data (contracts, strategy, finance), sensitive HR documents (contracts, payrolls, evaluations), R&D projects and intellectual property, non-pathological health data (with AES-256 encryption in transit), strategic internal communications. Limitations: National Defense/Defense Secret require specific dedicated infrastructure (outside standard FileVert scope), pathological health data require specific HDS certification (in progress). FileVert sovereignty = maximum business sensitive data protection vs exposed US solutions.