Home › Compliance › SecNumCloud

SecNumCloud compliance software for sovereign cloud providers.

Q: What is SecNumCloud?

SecNumCloud is the ANSSI qualification scheme for sovereign cloud services in France. The 3.2 referentiel sets strict requirements on EU governance, data localisation, RGS-grade cryptography, and immunity from extra-EU extraterritorial law. Required for sensitive French state, healthcare, OIV and SIIV workloads.

ANSSI SecNumCloud 3.2 referentiel pre-loaded: sovereignty declaration, EU-only data localisation, RGS-grade cryptography inventory, BYOK/HYOK options, 24x7 SOC use-cases, PASSI-ready evidence pack. Built for cloud providers serving sensitive state, healthcare, OIV and SIIV workloads.

Open the portal See pricing

What is SecNumCloud?

SecNumCloud is the qualification scheme operated by ANSSI for sovereign cloud services in France. Version 3.2 of the referentiel - published in March 2022 - layers tight sovereignty, localisation and immunity requirements on top of ISO 27001/27017/27018. It is the French answer to the question "how do we make sure data hosted in the cloud cannot be compelled out of EU jurisdiction?"

Who needs to comply

Cloud providers selling into French state, defence and OIV / SIIV operators
Healthcare cloud providers handling sensitive medical data alongside HDS
Managed-service providers wanting to bid for sensitive French public contracts
SaaS vendors building on top of a qualified IaaS to inherit the qualification chain

Key SecNumCloud controls covered by Dazr

SouveraineteEU capital + governance. Annual transparency report and immunity analysis.

LocalisationData, support, logs all confined to EU. Region whitelist enforced in IaC.

Cryptographie RGSCrypto policy referencing RGS / RGCN. BYOK and HYOK options for sensitive customers.

PersonnelBackground screening, recurring training, phishing-simulation cadence.

Supervision 24x7SOC use-cases mapped to MITRE ATT&CK. IR runbook with CERT-FR contact.

Audit PASSI3-year cycle with annual surveillance. Booking calendar + remediation tracker.

What auditors look for

A PASSI auditor walks the referentiel control-by-control, with particular emphasis on the sovereignty chapter (who controls the keys, who controls the company, who can compel data) and the cryptography chapter (RGS-aligned, key-management lifecycle). Dazr keeps both audit-ready year-round.

How Dazr helps with SecNumCloud

Pre-loaded controls for every chapter of the 3.2 referentiel
Sovereignty declaration template + annual transparency-report reminder
Crypto inventory mapped to RGS profiles
Run SecNumCloud alongside ISO 27001, HDS and BSI C5 for evidence reuse
Hand the PASSI auditor a read-only view or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

SecNumCloud questions, answered.

What is SecNumCloud?

The ANSSI qualification scheme for sovereign cloud services in France. The 3.2 referentiel sets strict requirements on EU governance, data localisation, RGS-grade cryptography, and immunity from extra-EU extraterritorial law.

How is the audit performed?

By an ANSSI-approved PASSI auditor. Cycle is three years with an annual surveillance audit.

Does Dazr itself hold SecNumCloud?

Dazr is built in Europe and hosted on EU-only infrastructure. We do not currently hold the qualification ourselves; the platform helps you, the cloud provider, prepare for it.

Where is data hosted?

European Union only. AES-256-GCM at rest.

Ready to start your SecNumCloud program?

Free for one user. Pro €29/mo and Enterprise €299/mo self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks