Officially, the French state promotes free software and European cloud providers. Yet in day-to-day reality, it is the Ministry of Education that has extended a major agreement with Microsoft, effectively sidestepping its own digital strategy. The move has been met with disbelief across France’s IT community and among privacy campaigners - and it raises questions that are highly relevant to Germany too.
Four-year extension, up to 152 million euros
At the heart of the decision is a framework agreement the French Ministry of Education reconfirmed with Microsoft in March 2025. The term now runs for a total of four years, with a maximum value of 152 million euros excluding tax.
“Around one million computers and servers in the education sector will therefore remain directly dependent on Microsoft services.”
The impact goes well beyond school back offices and reaches essentially the entire national education IT estate:
- central services of the Ministry
- regional education authorities
- universities and higher education institutions
- research centres and affiliated bodies
The biggest cost item is licensing. According to the procurement documents, the cap for Microsoft licences alone sits at around 130 million euros. Service and supporting work make up the remainder of the budget.
Ignoring its own rules: free software required, Microsoft purchased
The controversy is less about the headline sum than the clash with the French government’s stated approach. A number of texts set out a clear preference for free and sovereign software within the public sector.
In fact, the education sector is meant to prioritise open-source solutions under law. A relevant provision in the French education code explicitly calls on higher education to use free software as a first choice, with the aim of limiting dependency on US technology giants.
On top of this, internal government guidance largely rules out cloud services from providers such as Microsoft and Google for sensitive data. France’s central government digital directorate had already warned in 2021 that Microsoft’s Office and cloud bundles did not align with the state’s own “cloud-first” requirements.
Sensitive data is not meant to sit in US clouds
Shortly before the renewal - in late February 2025 - the Ministry’s digital unit issued a pointed instruction to regional education authorities. Under that direction, all sensitive data is to be stored only on infrastructure holding a national security certification known as “SecNumCloud”.
The problem is that neither Microsoft 365 nor Google Workspace meets those requirements. Officially, that makes them unsuitable for particularly sensitive information - such as health data, assessment records, disciplinary files, or research data with security implications.
“The Ministry forbids its own authorities from using certain cloud services - while at the same time buying licences for those very products at scale.”
An MP in the French parliament has now raised this contradiction formally. In a written question, he asked how the Ministry intends to square its practice with the state’s digital strategy. The issue has become emblematic of a broader and increasingly political debate about digital sovereignty.
Digital sovereignty - an appealing phrase, difficult in practice
“Digital sovereignty” has appeared for years in government documents in France and Germany alike. The idea is a state’s ability to avoid having its data, infrastructure and key technologies dependent on a small number of foreign corporations.
In reality, two worlds collide:
| Ambition | Reality |
|---|---|
| Public-sector requirements for free software and European clouds | Ongoing contracts with US firms such as Microsoft |
| Protecting sensitive data in certified infrastructures | Use of global cloud offerings within a complex legal environment |
| Independence from single vendors | Deep entrenchment of Microsoft products in everyday administration |
In education, this dependency feels particularly sensitive. Pupil and student data is inherently delicate, while the software used shapes habits for whole generations. If learners rely on Microsoft tools throughout school and university, they often carry them into working life - a substantial competitive advantage for the US supplier.
Geopolitical risks and legal grey areas
This Microsoft agreement is not merely a technical procurement choice. It comes at a time of visibly heightened geopolitical tension. Europe is trying to position itself more independently in digital terms versus the US and China, and cloud infrastructure is one of the key levers.
A central point of friction is the relationship between European data protection law and US legislation. US-based companies can, in theory, be compelled to hand over data even when it is hosted in European data centres. The so-called Cloud Act plays a pivotal role in this discussion.
“The more public bodies rely on services from US tech giants, the greater the risk of political and legal tensions.”
SecNumCloud is designed to address exactly this vulnerability. It demands assured control over data and clear limits on access by third countries. Many large international providers still do not meet these conditions, or do so only in part.
Why doesn’t the Ministry of Education simply switch?
The obvious question follows: if policy calls for free software, why don’t authorities just move to alternatives? The candid answer is that a complete shift is costly, laborious and politically unpopular.
Several forces slow any change in direction:
- Legacy systems: many applications and workflows have been tied to Microsoft products for years.
- Convenience: teachers and administrative staff know the familiar tools and are wary of disruption.
- Compatibility: universities operate internationally, and many partner institutions also standardise on Microsoft.
- Lack of resources: rolling out and maintaining open-source solutions requires in-house specialist staff.
France is not unique in this. In Germany, the federal government and the states have long pursued a similar double track: ambitious open-source pledges appear in strategies and policy papers, while everyday operations still end up dominated by Microsoft, Google and others.
What digital sovereignty actually means
The dispute around the French Ministry of Education’s Microsoft contract underlines how often “digital sovereignty” remains an abstract label. Behind the slogan are very practical questions:
- Who controls the servers that hold sensitive education and research data?
- Who can change software features - or switch them off?
- What happens if a provider suddenly raises prices or changes direction?
- How easily can data and processes be migrated to another supplier?
A sovereign approach aims to limit these risks. It does not necessarily mean that states must consistently avoid every major US vendor. A more realistic path is a mixed strategy: placing core areas more firmly on European or national infrastructure, promoting open standards, and reducing dependencies deliberately.
In education, that could mean gradually adopting open file formats, building collaborative tools under European control, and procuring new software in ways that keep future migration technically feasible. Early projects in France and Germany point in this direction, but they remain pilot-scale.
The newly confirmed Microsoft agreement by the French Ministry of Education illustrates how hard it is to unwind long-established structures in practice. Digital sovereignty may be an explicit objective - but in the engine room of the state, the pragmatism of familiar tools still prevails.
Comments
No comments yet. Be the first to comment!
Leave a Comment