
Meet the Authors
Thales is the first strategic customer to adopt SAP RISE private cloud edition on S3NS, the trusted cloud it established with Google Cloud, deploying by H2 2026.
Data will remain stored, processed, and encrypted in France under French jurisdiction on the SecNumCloud-qualified PREMI3NS platform.
Thales is refounding its SAP ERP landscape on SAP's clean core principle, unifying finance, supply chain, manufacturing, and procurement.
It is one thing to sell a sovereign cloud. It is another to run your own ERP on it. Recently, Thales did both, becoming the first strategic customer to adopt SAP RISE private cloud edition on S3NS, the trusted cloud provider it established with Google Cloud. For SAP professionals in regulated industries, this is a rare case of a vendor eating its own cooking, and a preview of how sovereignty and clean core are converging.
What Was Announced
Under the partnership, SAP RISE private cloud edition will be deployed by SAP Sovereign Cloud on S3NS’s SecNumCloud-qualified platform, known as PREMI3NS, by H2 2026. Data will remain stored, processed, and encrypted in France under French jurisdiction while still accessing SAP’s full innovation stack, including AI-driven capabilities. The target sectors are those that have hesitated the longest to adopt public cloud: public administration, aerospace and defense, and operators of vital services.
The more instructive detail is what Thales is doing internally. As the first SAP customer on the S3NS trusted cloud, Thales is undertaking what it calls a transformational refoundation of its SAP ERP landscape, adopting SAP’s clean core principle to ensure long-term agility and future readiness, and unifying finance, supply chain, manufacturing, and procurement on PREMI3NS. This is not a lift-and-shift. It is a rebuild.
Why Sovereignty Plus Clean Core Is The Real Headline
SAP’s Thomas Saueressig, Chief Customer Officer and Executive Board member, framed the deal as allowing customers to combine SAP’s innovation and scalability in an environment that meets the highest regulatory requirements, enabling transformation without compromise. Thales CFO Pascal Bouchiat called running SAP on a trusted platform a natural step, delivering the security, resilience, and compliance the Group requires.
The market context makes this urgent. SAPinsider’s RISE with SAP 2025 benchmark, based on 122 community members and published in January 2026, found the migration conversation has shifted from “why move?” to “how fast?” as the 2027 end-of-maintenance deadline approaches. But speed is exposing a governance gap. SAPinsider’s Securing RISE with SAP 2025 benchmark found that only 45% of organizations follow the shared responsibility model for SAP Cloud ERP Private security, meaning most are not fully applying SAP’s hardening requirements. Thales’s choosing a SecNumCloud-qualified environment is a direct answer to that exact risk.
The clean core piece is what turns this from a hosting decision into a strategy. By refounding on clean core, Thales is betting that keeping the core standard, with extensions on the side, is what makes both continuous SAP innovation and sovereign compliance sustainable at once.
What This Means for SAPinsiders
Separate the hosting decision from the sovereignty decision. Thales did not just move to cloud; it moved to a SecNumCloud-qualified, French-jurisdiction cloud. For regulated data, where and under whose law SAP data is processed can matter more than the cloud’s raw capability. For organizations operating in defense, the public sector, or critical infrastructure, SAPinsiders should add jurisdiction and certification (such as SecNumCloud) as hard requirements in their RISE evaluation, not nice-to-haves.
Treat RISE migration as a clean core reset, not a relocation. Thales is refounding, not lifting and shifting. Carrying custom code and technical debt into RISE preserves the very fragility an organization is trying to escape, and undercuts future innovation. CIOs should use their RISE move to inventory custom code, push extensions out of the core, and set a clean core target before go-live.
Close the shared-responsibility gap now. With only 45% of organizations following the shared responsibility model, most RISE adopters are under-securing their environment. A trusted platform does not absolve IT leaders of their half of the security contract. They must map exactly which controls SAP owns and which the organization owns under RISE, and confirm that the hardening obligations are met before migrating critical workloads.



