GrapheneOS Ditches OVHcloud, Citing French Jurisdiction and Encryption Backdoor Pressure
The GrapheneOS mobile operating-system project has announced that it is severing ties with OVHcloud, expressing concern that French jurisdiction no longer offers a reliably secure environment for protecting user data and devices. The developers have already begun migrating their infrastructure to other providers, stressing that the decision stems not from technical shortcomings but from broader privacy and policy considerations.
OVHcloud is one of Europe’s largest cloud-infrastructure providers, operating data centers across Europe and North America. The company offers hosting, virtual servers, and related services frequently chosen by open-source projects that prefer to keep data within the EU.
The GrapheneOS team believes that operating through such a provider—given the current stance of the French government—creates a risk of undisclosed state access to encryption and user devices. Accordingly, they consider continued cooperation unsafe.
The developers report a full withdrawal of servers from France and a refusal to use OVHcloud facilities even in Canada and the United States if the infrastructure is ultimately owned by the French group. In their view, France is becoming an inhospitable environment for initiatives grounded in strict privacy and maximal encryption.
OVHcloud CEO Octave Klaba clarified on social media that nothing had happened to the GrapheneOS servers and that no incidents had occurred. The conflict, therefore, shifts from technical reliability to questions of trust in the legal landscape and the regulatory demands that may emerge in the future.
A central point of concern is France’s support for the EU initiative known as Chat Control—a proposal that mandates scanning user content and introducing mechanisms for government access to private communications under the pretext of combating crime. Germany opposed the measure in October, warning of profound risks to fundamental rights and the integrity of encryption.
Additional pressure arises from disputes surrounding data sovereignty. OVHcloud is currently embroiled in legal proceedings in Canada over information stored on French servers. Should the court compel the company to release this data in defiance of existing agreements, it could set a precedent that forces the entire industry to rethink cross-border data-protection practices.
Other industry voices have highlighted the growing uncertainty. Mark Boost, CEO of the British cloud provider Civo, notes that the sector must reconsider what true data sovereignty means in practice—beyond marketing assertions. Proton, the Swiss company known for its privacy-focused services, interprets France’s approach as a warning to the industry: operating in the country may be possible only for those willing to grant authorities access to user data.
Against this backdrop, GrapheneOS has chosen to exit and relocate its services to alternative providers. For OVHcloud, the situation becomes a test of whether its proclaimed commitment to information protection aligns with the expectations of projects built on rigorous privacy and open-source principles.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
