Skip to main content
artificial intelligence

S3NS Has 200 Employees. SAP's First Sovereign ERP Deployment Needs 1,000.

By Priya Nair

How SecNumCloud Became a Hiring Engine

S3NS, the Thales-Google Cloud joint venture, received SecNumCloud 3.2 qualification from France's National Cybersecurity Agency (ANSSI) in December 2025, clearing all four milestones. The certification covers PREMI3NS, its full IaaS, PaaS, and CaaS portfolio built on Google Cloud infrastructure. That matters for hiring because SecNumCloud is the strictest cloud security standard in Europe, and France is currently the only country that mandates it for sensitive public-sector data.

ANSSI's process runs through four formal stages (J0 through J3), each demanding documented evidence of physical security, logical isolation, supply-chain control, and immunity from non-European extraterritorial laws. S3NS filed its application in July 2024 and cleared the final stage roughly 18 months later. During that window, the company staffed teams to build and operate a cloud environment where every Google Cloud update passes through a quarantine zone, gets analyzed and validated by S3NS employees, and only then enters production — all within French data centers administered exclusively by S3NS personnel.

That operational model turns a compliance milestone into a workforce signal. SecNumCloud-qualified providers must demonstrate that their staff are not just technically competent but cleared, trained, and structurally insulated from foreign legal reach. The ANSSI public registry lists roughly a dozen qualified providers, most offering narrow IaaS-only catalogs. S3NS's qualification covers a broader service portfolio (Compute Engine, Cloud Storage, Cloud SQL, Google Kubernetes Engine, BigQuery) which means the company needs engineers who can operate managed services at Google Cloud's cadence while meeting ANSSI's audit requirements.

Christophe Salomon, deputy CEO for secure information and communication systems at Thales, said the qualification "opens up new opportunities for the entire French and European market" and that Thales itself chose S3NS for its internal IT and sensitive engineering work. When the parent company becomes a customer, the hiring case writes itself: S3NS now needs the people to serve not just Thales but the roughly 30 early-adopter customers already on the platform (MGEN, Matmut, Qonto, Club Med, EDF), plus the pipeline those references unlock.

The qualification also resets the competitive baseline for European cloud jobs. Before S3NS, a French or European engineer who wanted to work on a cloud platform with the full Google Cloud service catalog inside a SecNumCloud framework had no option. Now there is one, and it is scaling. That single fact starts to pull demand for security architects, compliance engineers, and platform operators away from the U.S. hyperscalers' European divisions and toward a French-law company with a different risk profile and a different career trajectory.

SAP's Production Bet

SAP chose S3NS as the platform for its first sovereign-cloud ERP deployment in France, and Thales (the defense and aerospace group that co-owns the joint venture) signed on as the inaugural customer. The deal puts SAP RISE private cloud edition on PREMI3NS, with a target of H2 2026 for deployment. That timeline is not a pilot window. It is a production commitment.

Thales is not running a test instance. The company is refounding its entire SAP ERP landscape on PREMI3NS, unifying finance, supply chain, manufacturing, and procurement under SAP's "clean core" principle. Pascal Bouchiat, Thales's chief financial officer, said the move delivers "the security, resilience, and compliance the Group requires" — language that signals a regulated enterprise treating sovereign cloud as infrastructure, not experiment.

For the hiring market, this converts a compliance framework into a labor demand curve. SAP's Thomas Saueressig called the partnership "a major step forward for our customers in France" that sends "a strong signal across Europe." Martin Merz, president of SAP Sovereign Cloud, was more direct: Thales choosing this setup means "sovereign cloud is becoming a reality at scale." When SAP — the enterprise application vendor whose install base runs the back offices of half the Fortune 500 — puts a sovereign-cloud ERP deployment on a SecNumCloud-qualified platform, it tells every large enterprise and public-sector body in Europe that the regulatory path to cloud migration now exists.

That path needs people to walk it. A production SAP RISE deployment on a SecNumCloud platform requires cloud engineers who understand both Google Cloud's infrastructure stack and ANSSI's security framework. It needs security architects who can design for data that must stay under French jurisdiction, encrypted and processed on French soil. It needs compliance specialists who can map SecNumCloud 3.2 controls onto enterprise audit requirements. And it needs the integration talent to connect a legacy ERP landscape to a sovereign platform without breaking the business processes that run on it.

S3NS already serves more than sixty customers and offers 30 managed services, with 30 more planned over the next twelve months. Adding SAP's ecosystem to that stack multiplies the addressable market for every one of those services. Hélène Bringer, president of S3NS, called the SAP partnership "a strong endorsement of our trajectory" and "an important step in expanding our ecosystem of leading software publishers."

Any enterprise that runs SAP and operates in a regulated sector (public administration, aerospace, defense, health, operators of vital services) now has a qualified migration path. Each migration needs a team. The SAP-S3NS deal does not just validate a platform. It creates the demand signal that turns sovereign cloud from a policy goal into a hiring plan.

Why Neither Parent Could Do This Alone

S3NS exists because neither Thales nor Google Cloud could build a sovereign cloud workforce on its own. Thales brings defense-grade security engineering and the operational culture of running critical systems for governments. Google Cloud brings hyperscale infrastructure talent and the platform stack that enterprise customers already use. The joint venture is the mechanism for combining those two labor pools into something neither company's HR department could recruit for independently.

The structure makes this explicit. S3NS runs on Google Cloud's IaaS, PaaS, and CaaS technologies (the same infrastructure Google operates globally) but the entity itself is a French-law company with three datacenters in France, staffed and managed under Thales's security framework. The German expansion announced in May 2026 follows the same model: a new German entity, legally and operationally independent from Google Cloud, staffed by local German personnel, with Thales owning and controlling it outright. Google Cloud's press release stated that "no third party, including non-European entities, can access the data stored or processed within it."

That operational separation is a workforce statement as much as a legal one. Thales in Germany employs 2,300 people across nine sites, with a presence dating back to 1880. Its engineers come from defense, aerospace, and critical infrastructure — sectors where security clearance and compliance discipline are baseline requirements. Google Cloud's talent, by contrast, is built around platform-scale engineering: Site Reliability Engineers who operate GCP, Customer Engineers who architect on top of it, Cloud Support Engineers who manage SLOs and SLAs at volume. S3NS's own careers page lists all three of those roles as open hires, alongside positions that require the kind of security-domain expertise Thales has spent decades accumulating.

The result is a workforce that can speak both languages. Engineers who understand SecNumCloud 3.2 requirements and can still operate Borg. Compliance architects who know C5 and the new C3A framework and can also design for Google Cloud's service architecture. That combination is rare, and it's the reason the JV structure matters more than the technology stack. Google Cloud's platform is available through any partner. Thales's security credentials are not transferable. The joint venture is the only vehicle that puts both under one roof with a single hiring pipeline.

Bringer, who also serves as Vice-President for Critical Information Systems at Thales, framed the German expansion as proof the model scales: the two regions aim for both SecNumCloud and C5-C3A certifications simultaneously, which she called the first time a sovereign cloud targets different local certifications at once. That multi-region ambition means the workforce has to replicate — not just in headcount but in the specific blend of security-domain and platform engineering talent that makes the French operation work. The German entity will need its own local hires who carry both skill sets, or S3NS will need to transfer enough people from the French operation to seed the new region without hollowing out the original team.

For engineers watching the European cloud market, the signal is clear: the jobs that matter in sovereign cloud sit at the intersection of hyperscale platform operations and national-security-grade compliance. S3NS is building the team that proves those jobs can exist outside the U.S. hyperscaler structure.

The Hyperscaler Talent Squeeze

The S3NS joint venture doesn't just add another sovereign-cloud option in Europe. It reshapes the talent market that AWS, Microsoft Azure, and Google Cloud's own European sovereign divisions depend on. For years, U.S. hyperscalers have recruited European cloud engineers by offering global scale, brand recognition, and compensation packages tied to Silicon Valley pay bands. S3NS undercuts that pitch on the one dimension hyperscalers can't easily replicate: a workforce that holds active French and EU security clearances and operates inside a SecNumCloud-certified perimeter from day one.

The compliance bar for European defense, intelligence, and critical-infrastructure workloads has moved past what a U.S.-headquartered cloud can satisfy through local partnerships alone. France's SecNumCloud framework requires that data remain under the legal jurisdiction of an entity incorporated in Europe and insulated from foreign extraterritorial laws like the U.S. CLOUD Act. AWS and Azure have both announced sovereign-cloud initiatives in Europe, but those programs still route through U.S. corporate parents. S3NS, by contrast, is a French-law joint venture structured so that sovereign control sits with the European entity.

Engineers who want to work on classified or regulated European workloads increasingly face a choice: join a U.S. hyperscaler's European sovereign division and operate under a compliance model that still answers to a U.S. parent, or join S3NS and work inside a perimeter that ANSSI has already certified. For security architects, DevSecOps engineers, and compliance specialists with active clearances, the second option removes a career friction point — they no longer have to navigate the legal ambiguity of a U.S. parent's subpoena exposure.

Google Cloud's own involvement in the JV adds a layer of competitive tension. Google is simultaneously supplying infrastructure talent and technology to S3NS while competing against it in the broader European cloud market. That means Google Cloud's European hiring teams are now competing with their own joint venture for the same pool of engineers who understand both Google's cloud stack and European security frameworks. Some of those engineers will choose S3NS precisely because it offers a mission (sovereign European infrastructure) that a U.S. corporate division can't match, even with equivalent pay.

The hyperscalers aren't standing still. AWS's sovereign-cloud push and Azure's EU Data Boundary are both attempts to close the compliance gap that S3NS exploits. But those programs are still in build-out, and neither has yet achieved SecNumCloud certification for a production ERP deployment of the kind SAP is running on S3NS. Until they do, the JV holds a first-mover advantage in the talent market for engineers who want to work on workloads that European governments and defense ministries will actually trust with sensitive data. That advantage compounds: every certified deployment S3NS lands makes the next hire easier, because engineers can point to a production track record rather than a roadmap.

From 200 to 1,000: The Workforce Design Problem

S3NS sits at roughly 200 employees today — a headcount that reflects a JV still in build-out mode, not one operating at the scale its market requires. Getting from there to 1,000 is not a linear hiring problem. It is a workforce design problem, and SecNumCloud qualification plus SAP's deployment dictate the shape of the solution.

Organizations that plan in job titles rather than skill sets create rigidity that breaks under pressure. S3NS cannot afford that. The roles coming online sit at the intersection of defense-grade security and hyperscale infrastructure — a combination that barely exists in the European labor market today. The JV has to build as much as it buys.

SAP running its first strategic ERP deployment on S3NS is the trigger. One production tenant at that tier requires sustained engineering support: platform reliability, tenant isolation, continuous compliance monitoring, and incident response with French-government audit trails. Multiply that as other ISVs onboard, and the headcount need compounds fast.

The 800-person gap breaks into three rough buckets:

Category Approximate Share Core Skill Sets
Cloud infrastructure & platform engineering 40–50% Kubernetes, GKE, Terraform, network architecture, SRE
Security & compliance architecture 30–35% SecNumCloud audit, ANSSI controls, encryption-at-rest, IAM, incident response
Customer delivery & partner integration 20–25% SAP ERP deployment, ISV onboarding, pre-sales, technical account management

The security and compliance slice is the hardest to fill. Indeed listings for cloud security compliance engineers typically demand 7+ years of experience; Glassdoor shows over 9,000 open roles for that function in the U.S. alone. Europe's supply is thinner, and S3NS needs people who understand ANSSI's specific control framework — not just generic SOC 2. Thales has that talent internally, but not at the volume a scaled sovereign cloud requires.

The borrow-versus-buy tension

The JV's structure gives it a third option most standalone cloud companies lack. It can borrow from its parents. Thales seconded defense-security engineers to S3NS at launch; Google Cloud can do the same with infrastructure specialists. But secondment is a bridge, not a destination. Borrowed talent eventually returns, and the institutional knowledge leaves with it.

The real trajectory depends on how fast S3NS can convert borrowed capacity into owned headcount — hiring people who chose S3NS, not people assigned to it. That conversion requires compensation competitive with Google Cloud's own European engineering bands and career paths that do not dead-end inside a 200-person subsidiary. If S3NS cannot offer both, it will spend 2026 and 2027 replacing departures instead of growing net headcount.

Thales's May 2026 announcement of a German sovereign-cloud expansion signals that the parent companies see the multi-region path as real. Each new region multiplies the compliance surface and the engineering load. Two regions do not require twice the headcount of one, but they require more than 1.5x, because cross-region orchestration, data-residency enforcement, and separate national audit regimes add complexity that does not linearly scale.

The ramp in practice

Projecting a clean 200-to-1,000 line over 24 months assumes the talent pool cooperates. It will not. European cloud-engineering hiring already runs at 42–60 days time-to-fill for technical roles; compliance-specialized positions take longer. S3NS will likely hit 400–500 within 18 months if SAP and the ISV ecosystem generate sustained demand, but the push to 1,000 depends on whether the German expansion lands production customers at the same cadence France did.

The specific roles opening now and over the next two quarters tilt heavily toward platform and security engineering: SecNumCloud audit owners, Kubernetes cluster operators with clearance-grade isolation experience, encryption architects, and SAP integration engineers who can map ERP workloads onto a constrained sovereign environment. Customer-facing roles (pre-sales, technical account management, partner solution architecture) scale later, once the platform has enough reference deployments to sell against.

S3NS will not reach 1,000 by hiring alone. Some will come from Thales transfers who convert to permanent S3NS roles. Some will come from Google Cloud engineers who want European sovereign work. And some will come from AWS and Azure teams in Paris and Frankfurt who see a competitor building something they cannot build inside a U.S.-headquartered compliance framework. The mix matters more than the number.

What Engineers and Operators Should Watch

Sovereign cloud is hiring, and the roles look different from a standard hyperscaler job description. S3NS's careers page lists openings for Site Reliability Engineers, Cloud Support Engineers, and Customer Engineers — all built on Google Cloud infrastructure but wrapped in SecNumCloud compliance requirements. LinkedIn data shows 86 S3NS-related jobs worldwide, with 25 posted by Thales, 17 by Devoteam, and 10 by SFEIR, spanning entry-level through executive grades.

For engineers, the near-term opportunity clusters around three profiles. First, GCP-fluent infrastructure engineers who can operate Borg-based systems inside a French regulatory perimeter — S3NS's SRE listings explicitly ask for this. Second, security and compliance specialists who understand SecNumCloud, IDP architecture, and Blue Team operations; S3NS posted a confirmed Blue Team analyst role in Paris within the past week. Third, AI and data engineers who can build on sovereign infrastructure — Devoteam is hiring "AI Native Cloud Engineer" and "AI Native DevOps Engineer" roles in Levallois-Perret, a direct spillover from the S3NS ecosystem.

For operators and hiring managers, the geographic spread matters. The bulk of S3NS-linked roles sit in Île-de-France and Brussels, with a growing cluster in Berlin — Thales posted a Field CTO for Trusted Cloud Germany and a Sovereign Cloud Product Manager there in the past two weeks. Google itself is hiring Partner Development Manager roles for Sovereign Data Partnerships in Zurich, Frankfurt, Berlin, and Munich, which signals that even the U.S. parent is staffing up a European sovereign-cloud sales and partnership motion.

For career planners, salary benchmarks from adjacent AI roles give a floor. AI Engineers in the European market command roughly $120,000–$160,000, Solutions Architects $130,000–$180,000, and AI Security Specialists around $100,000–$140,000, based on 2025 market data. Sovereign-cloud roles at the JV likely sit at a premium to these because they layer French defense-security clearance requirements on top of standard GCP skills — a thinner talent pool means higher compensation.

The practical move: if you hold GCP certifications and can work in French or German, S3NS and its partner ecosystem (Devoteam, SFEIR, Thales's own cloud division) are the most direct entry point into a workforce that is scaling from roughly 200 heads toward a four- or five-digit headcount. If you are a U.S.-based engineer, the sovereign-cloud track is still mostly a European play — but Google's own sovereign-data hiring in Zurich and Berlin suggests the skill set is becoming transferable.


Working in AI? Zero G Talent tracks the openings: browse AI jobs, openings at Databricks and Anthropic, and the people building the field.

Ready to Start Your Space Career?

Browse artificial intelligence jobs and find your next opportunity.

View artificial intelligence Jobs