Europe is investing billions in sovereignty. But most systems run on Intel or AMD processors with a built-in Management Engine. What virtually no one realizes: RISAA legislation requires hardware manufacturers like Intel and AMD to grant access to U.S. intelligence agencies. Even if those systems are located in Europe and managed by a European company.
Digital sovereignty has become a European priority. Through the IPCEI-CIS program, the EU is pumping billions into its own cloud infrastructure. France went further and built SecNumCloud: a certification framework with nearly 1,200 technical requirements designed to legally shield cloud operators from U.S. legislation. In December 2025, S3NS, the joint venture between Thales and Google Cloud, became the first hybrid cloud provider to receive the certification. It seemed like a milestone.
But anyone who reviews the certification documents will encounter a striking gap. SecNumCloud certifies architecture, encryption standards, access controls, legal structure, and autonomous execution. What it does not certify is the processor on which all that certified infrastructure runs. And that processor, whether from Intel or AMD, has a built-in management layer that operates outside the scope of any European security framework.
The computer your operating system doesn’t see
Most modern Intel processors contain a Converged Security and Management Engine, the CSME. At AMD, the equivalent is called the Platform Security Processor, the PSP. Both operate at what security researchers call Ring -3: a privilege level below the operating system, below the hypervisor, and beyond the reach of the security software running on the host. A kind of invisible management mode beneath the operating system.
“It’s a computer inside your computer,” says John Goodacre, Professor of Computer Architectures and former director of the UK’s Digital Security by Design program. The Management Engine has its own memory, its own clock, and its own network stack. “Because it shares the host’s MAC address and IP address, traffic it generates is indistinguishable from regular host traffic to a firewall,” explains Goodacre. “The monitoring tools designed to detect it don’t see it.”
Intel’s Active Management Technology, the management feature that enables the ME, allows administrators to remotely log in to devices, manage files, and power systems on or off—even when the computer is turned off. This makes it a valuable tool for large-scale IT management. But Goodacre points out the downside: “It’s an entry point that operates below the level where European security certifications have any control.”
Goodacre documented the risks in a 37-page risk analysis for CISOs evaluating Intel vPro hardware. His conclusion is stark. “A device on which ME is not disabled and that is connected to corporate networks undermines the entire host-based security.” All those security layers—from encryption and antivirus software to the corporate firewall and the VPN—are, according to Goodacre, blind to what happens on Ring -3. This has legal implications that virtually no one in the European sovereignty debate is considering.
The law that almost no one knows
Europe’s sovereignty debate focuses primarily on two well-known legal instruments. The CLOUD Act of 2018 grants U.S. authorities extraterritorial access to data held by U.S. companies. FISA Section 702 enables intelligence agencies to compel the production of communications. Both operate through the front door: a legal order issued to a company that manages data. A SecNumCloud-certified operator can be legally insulated from such demands. That is precisely what the framework was designed for.
But the RISAA 2024, the Reforming Intelligence and Securing America Act, is far less well known. That law amended the definition of “electronic communications service provider” in FISA legislation in a way that extends beyond cloud operators and platform companies. As a result, hardware manufacturers now also explicitly fall within the scope of the law. In concrete terms, this means that Intel and AMD can be compelled via secret gag orders to cooperate with U.S. intelligence agencies.
The mechanism through which this access can be exercised is the Management Engine. It runs beneath everything the operating system can see or block, is always connected to the network, and never stops. “You essentially have a policy mechanism through which any machine anywhere in the world can hand over its information,” says Goodacre. The cloud operator is legally shielded. The processor in the servers is not.
RISAA’s two-year term expired on April 20, 2026. Congress extended the law by 45 days while the debate on reforms continues.
Deliberately out of scope
Aurélien Francillon is a security researcher at the French research institute EURECOM. He is also a member of the cloud security working group of the French Académie des Technologies, an advisory body that evaluates the technical foundations of frameworks such as SecNumCloud. Furthermore, he has spent years studying firmware backdoors and demonstrating them in practice. So he knows what the hardware is capable of, and he also knows what the certification requires.
Does SecNumCloud set requirements for how operators handle the Intel Management Engine or the AMD Platform Security Processor? Francillon: “There is no direct requirement to prevent firmware backdoors.” The framework does, however, require providers to conduct a thorough risk analysis and monitor access by external parties. But the hardware layer itself remains outside the scope. “The certification requirements have been deliberately kept generic and do not delve into technical details,” says Francillon. “The bulk of it is organizational security.”
Vincent Strubel, director of ANSSI, the French agency that manages SecNumCloud, publicly confirmed this in January 2026. Every cloud service, hybrid or otherwise, relies on components whose design and updates are not fully controlled in Europe. SecNumCloud is, in his words, “a cybersecurity tool, not an industrial policy tool.” It protects against external legal pressure and scenarios where a foreign government could force access or shut down services. But immunity at the chip level was never the goal.
Castle Walls and Structural Flaws
But Francillon argues that the operational security surrounding the ME makes the risks manageable in practice. “A backdoor in a room doesn’t help you if that room is inside a castle. You have to get past the castle walls first.” Those walls are network isolation, monitoring, and a robust threat model. SecNumCloud requires operators to use isolated management portals and network segmentation that prevents the spread of an attack. The ME backdoor exists, but according to Francillon, it is only accessible to attackers with significant resources and expertise.
In his risk analysis, Goodacre points out a structural flaw in that reasoning. Because the Management Engine shares the host’s MAC address and IP address, a perimeter filter cannot distinguish ME-generated data streams from legitimate host traffic. An encrypted tunnel from the ME to an attacker’s server on port 443 looks to the perimeter like any other HTTPS connection. Furthermore, analysis of production environments by security firm Eclypsium reveals that a large majority of the devices examined remained vulnerable to known ME leaks years after public disclosure. The Conti ransomware group even developed exploit code for Intel ME, specifically aimed at installing persistent malware deep within the firmware.
Network filtering reduces the attack surface, but it does not eliminate exposure. The disagreement between Francillon and Goodacre is not about the technical facts. Both confirm that the vulnerability exists, that AMD faces the same problem, and that software alone does not solve it. The difference lies in the question of for whom the castle walls hold. Francillon believes that operational security makes the ME backdoor inaccessible to virtually any attacker. Goodacre believes that nation-states will still find a way through.
The question Europe hasn’t asked itself yet
Goodacre gauged awareness of the Management Engine among attendees at the CyberUK conference in April 2026. “Virtually no one knew about it,” he says. The architectural reality underlying the sovereignty debate is not visible in policy discussions, not in procurement decisions, and not in the public discussion about what digital sovereignty truly entails.
An alternative to Intel and AMD processors does indeed exist. RISC-V, an open-source processor architecture, is being touted by European sovereignty advocates as a long-term solution. But competitive data center performance is not yet on the horizon. “It will take decades,” says Francillon. ARM demonstrates just how difficult that is. Goodacre was personally involved in the first ARM server processors. “It’s only nearly twenty years later that ARM is really gaining a foothold in servers,” he says.
Strubel puts it bluntly: anyone who thinks this problem only affects providers like S3NS—where a European company runs on American cloud technology—is mistaken. “That’s pure fantasy that doesn’t stand up to the facts.” Every cloud provider depends on components it does not fully control. The question is not what label a provider carries, but what an organization wants to protect itself against and whether the measures implemented actually address that threat.
As long as Europe fails to answer the question of whether digital sovereignty can exist on non-sovereign processors, it is certifying the upper floors of the castle while leaving the foundation as it is.