France’s National Assembly launched a parliamentary inquiry in March 2026 to investigate the government’s widespread use of American digital tools like Microsoft and Google, citing serious risks to national sovereignty and data security. The commission, led by deputy Cyrielle Chatelain, will examine how foreign technology dependence affects critical sectors including health and education, with a final report expected in July 2026.
The commission will zero in on several high-profile cases that exemplify France’s technological dependency. Among them is the Health Data Hub, which is currently transferring French citizens’ health data from Microsoft’s cloud services to a national solution, according to La Tribune. The Ministry of National Education’s extensive use of Microsoft tools will also face scrutiny, while the Directorate General of Public Finances offers a contrasting success story, having recently migrated from Microsoft to the open-source Linux operating system.
Three Critical Risks Identified
French authorities have identified three major risk categories stemming from reliance on American technology giants. The legal dimension centers on the conflict between U.S. legislation like the CLOUD Act and European data protection standards. The Court of Justice of the European Union’s Schrems II ruling invalidated previous data transfer mechanisms with the U.S., placing French entities using American cloud services in a precarious legal position, La Tribune reported.
National security concerns are equally pressing. The CLOUD Act compels U.S.-based service providers to disclose data to American authorities regardless of where it’s stored. In response, France has reinforced its Cloud au Centre doctrine, mandating that sensitive state data be hosted either internally or on sovereign cloud solutions qualified as SecNumCloud by the cybersecurity agency ANSSI, according to a Senate report.
The third risk involves operational dependency and vendor lock-in. The widespread adoption of integrated suites like Microsoft 365 and cloud platforms from AWS, Azure, and Google makes any potential migration extremely complex and costly. A National Assembly report warned that this technological dependency erodes the state’s operational control over its information systems.
Government Opts for Gradual Change
A July 2023 parliamentary commission chaired by Philippe Latombe proposed radical measures, including an outright ban on Microsoft and Google cloud offerings for public administrations and a mandatory two-year migration to SecNumCloud-qualified solutions. However, the government has chosen a more cautious path.
Ministers rejected an immediate ban on tools like Microsoft 365, citing the risk of paralyzing public services, La Tribune reported in 2023. Officials argue that no European alternative currently offers the same level of integrated functionality as Microsoft’s suite, which millions of public agents use. A full-scale migration would cost billions of euros and require extensive training.
Instead, the government has opted for a gradualist approach, issuing a circular that prohibits using Microsoft 365 for sensitive data while encouraging sovereign alternatives. This pragmatic strategy acknowledges the immense technical, financial, and operational hurdles while attempting to gradually strengthen France’s digital independence.
Sources
- latribune.fr
- senat.fr
- assemblee-nationale.fr
