OVHcloud has taken a significant step in its security strategy and “trusted cloud” approach with the acquisition of Seald, a French company specializing in end-to-end encryption (E2EE). Announced on January 26, 2026 in Madrid, this move positions the operation as a direct response to an increasingly clear market demand across Europe: protecting sensitive data without relying on blind trust in the provider, even when operating under strict regulatory frameworks.
The key aspect of the acquisition lies in Seald’s technological focus: a zero-knowledge model. In practical terms, content is encrypted before being sent and can only be decrypted on the end-user devices. This means that neither the hosting provider, service developer, nor system administrator should be able to access plaintext content. In an environment where the cloud serves as the operational center for companies and government agencies, this is a crucial development: security ceases to be solely a perimeter issue and becomes a matter of end-to-end cryptographic control.
A move designed for critical use cases
OVHcloud frames the acquisition as an “important step forward” to strengthen its security and compliance offerings in high-sensitivity use cases. This is a field where multiple players compete with similar messages but very different approaches. Traditionally, cloud encryption often relies on mechanisms where the provider manages part of the key infrastructure or, at minimum, has technical capacity to intervene under certain operational scenarios. The zero-knowledge model aims to limit that exposure: if the provider cannot decrypt the data, risks related to internal access, misconfigurations, or external requests are structurally reduced.
This approach is particularly suitable for sectors where privacy and confidentiality are not optional but a requirement: public sector organizations, healthcare, financial services, industries with sensitive intellectual property, or companies handling large-scale personal data. The market conclusion is clear: when the cloud becomes critical infrastructure, encryption no longer remains just another layer but evolves into a foundational element of architecture.
A certified SDK to lower the entry barrier
One aspect OVHcloud highlights about Seald is its SDK, designed to seamlessly integrate end-to-end encryption into web and mobile applications without requiring advanced cryptography knowledge. Additionally, the company emphasizes a differentiating feature for many corporate purchases: the SDK has CSPN certification granted by ANSSI, the French cybersecurity agency.
The CSPN (First-Level Security Certification) is not just a decorative badge. It is a validation that, within the French and broader European ecosystems, serves as a reference for security products that must pass technical evaluations under defined criteria. While not as comprehensive as other longer certification schemes, it provides a sign of maturity and independent analysis that many organizations seek when encryption becomes core to a platform.
Based on publicly available information, the SDK’s capabilities include practical features for real-world environments: rights management, key rotation, multi-device support, and secure private key recovery. In other words, it not only encrypts but also tackles the common cryptography challenge: how to maintain control and operability when users switch devices, lose credentials, or need quick revocations.
Native integration alongside Secret Manager, KMS, and HSM
OVHcloud states that this acquisition will enable native integration of end-to-end encryption within its product portfolio, complementing its current security offerings. The announcement explicitly mentions components like Secret Manager, Key Management Service (KMS), and HSM, with a promise to build a “comprehensive end-to-end protection chain,” from backend infrastructure to the user endpoint.
This nuance is important: Secret Manager and KMS facilitate secret and key management, while HSMs are associated with high-security cryptographic environments. With Seald, OVHcloud aims to fill the gap often left unaddressed by traditional cloud services: encryption that resides in the application and concludes at the user device, not just on the server.
The company anticipates two main outcomes from this trend: first, creating a differentiated offering for highly sensitive scenarios; second, accelerating the development of “ultra-secure” solutions targeting enterprises and the public sector. Beyond marketing, the message is clear: the market no longer only demands data sovereignty or compliance but requires technical mechanisms that substantiate these promises in a verifiable manner.
Security as a strategic pillar in a trust-driven Europe
OVHcloud, which manages over 500,000 servers across 46 data centers on 4 continents and serves 1.6 million clients in more than 140 countries, has long positioned itself as a “trusted cloud” and a European alternative with predictable pricing and a focus on sovereignty. The acquisition of Seald fits into this narrative but adds a new dimension: security is no longer just about certifications or compliance but about the provider’s technical incapacity to access content.
In a time when digital trust is negotiated case by case—and with AI increasing the sensitivity of processed data—the acquisition indicates a direction: the European cloud sector wants to compete not solely on infrastructure but on cryptographic architecture and operational guarantees.
Frequently Asked Questions
What does “zero-knowledge” mean in end-to-end encryption?
It means that the service provider does not possess the keys necessary to decrypt the content: data is encrypted before being sent and only decrypted on the end user’s device.
What types of organizations benefit most from E2EE in the cloud?
It is especially relevant for public administrations, healthcare, banking, regulated sectors, and companies handling personal or strategic data where minimizing indirect access is critical.
What does the CSPN certification of Seald’s SDK add?
It provides a technical validation issued by the French cybersecurity agency, serving as a reference in procurement processes and projects that require guarantees and independent assessments.
How does end-to-end encryption differ from server-side encryption with KMS or HSM?
Server-side encryption with KMS/HSM typically protects data at rest or during platform-managed processes, whereas E2EE aims to ensure content exists in plaintext only on authorized user devices, not on the provider’s servers.