System status
Dominating the industry, hyperscalers are American companies that offer cloud services in the Canadian market. As an alternative to these giants, Micrologic has been offering Cirrus, a 100% Canadian-owned sovereign cloud solution, since 2014.
Cirrus is designed to meet the needs of public and private organizations requiring greater control and enhanced security to comply with regulatory requirements and address the increasing frequency of cyberattacks and data breaches.
As a result, more and more organizations are turning to the sovereign Cirrus cloud. At the same time, hyperscalers and other foreign companies have begun marketing so-called “sovereign” cloud services.
But are they truly sovereign?
Digital Sovereignty: A Clear Definition
Based on globally recognized standards, we define digital sovereignty through four key pillars:
- Data Sovereignty
Data is stored within Canadian borders with strict guarantees preventing any transfer to a foreign jurisdiction. - Operational Sovereignty
All operations are conducted from within Canada by personnel who are Canadian citizens and hold the necessary security clearances for the data they manage. - Legal Sovereignty
The cloud service provider (CSP) is a fully Canadian entity, registered in Canada or Quebec, and is not subject to any foreign laws. - Technical Sovereignty
Strict controls govern access to digital and physical assets, including data center security and the management of access rights granted to technology vendors.
Given these criteria, it’s clear that hyperscalers do not provide truly sovereign cloud solutions, as they fail to meet all fundamental principles of digital sovereignty.
However, considering point #4 above, if some of the technologies used by Micrologic are American, does that compromise the sovereignty of the Cirrus cloud?
Using Foreign Technologies Does Not Undermine Sovereignty
To build a cloud on a solid foundation, we have integrated technologies such as VMware and Red Hat OpenShift—proven and industry-trusted solutions that enhance Cirrus’s robustness, reliability, and security.
These solutions, however, are developed by American companies. Does this mean our cloud’s digital sovereignty is compromised, subjecting client data to U.S. laws like the CLOUD Act?
No.
____________________________
The CLOUD Act and FISA are U.S. laws that allow American authorities to access data stored by U.S. companies, even if that data is located in another country.
For a Canadian organization, using cloud services from American providers means their data could be subject to these laws, potentially compromising its confidentiality and sovereignty.
____________________________
The idea that a sovereign cloud cannot incorporate foreign technologies is a misconception. Using technologies like VMware or OpenShift does not grant their developers access to Cirrus’s infrastructure or customer data.
The CLOUD Act applies to providers of electronic communication and remote computing services that are based in the U.S. It does not apply to hardware vendors or software developers.
In other words, neither VMware, Red Hat, nor any other technology provider we work with can demand access to data stored in Cirrus. We maintain exclusive control over our infrastructure and enforce strict security measures to guarantee total data sovereignty.
Why Micrologic’s Sovereign Cloud is a Trusted Solution
U.S. providers such as Microsoft, Amazon, and Google cannot guarantee full sovereignty. Even if they offer Canadian data residency, their operations are run by personnel subject to U.S. laws, including the CLOUD Act and FISA.
This means their infrastructures remain vulnerable to legal demands from U.S. authorities, putting client data confidentiality at risk—an especially pressing concern in today’s geopolitical climate.
By choosing Cirrus, you are opting for real and proven sovereignty. Our infrastructure, operations, and contractual commitments ensure complete data protection under Canadian jurisdiction. The technology providers whose solutions we use have no oversight or control over how we operate or the data we host, and our clients have no contractual obligations with them.
So, let’s recap.
Cirrus integrates foreign technologies. Does that compromise its sovereignty? No.
Do the CLOUD Act or other U.S. laws apply to the data we host? No.
With Cirrus, sovereignty is not just a marketing promise—it’s a tangible reality.
