2014: How American laws cost Alstom 12 billion euros
In April 2013, Frédéric Pierucci, executive director of Alstom, was arrested by the FBI at JFK airport in New York. His company is under investigation for corruption based on the Foreign Corrupt Practices Act (FCPA), an American law that applies to any company using the dollar or American technology.
While Frédéric Pierucci spent 25 months in American prison, General Electric negotiated the purchase of Alstom's energy branch for 12.4 billion euros. France is losing control of the Arabelle turbines, which equip its nuclear power plants and its Charles de Gaulle aircraft carrier. Alstom is fined a record $772 million.
“The United States has passed extraterritorial laws that allow access to the data of any American company, anywhere in the world. It is a question of economic sovereignty and the protection of our businesses.”
Frédéric Pierucci, Former CEO of Alstom, author of The “American Trap”
The risks you are taking with American solutions
Dependence on American solutions exposes your organization to three categories of structural risks:
The Cloud Act gives the US government legal access to all of your data, even if it's stored in Europe.
- Government access without notification and without the possibility of legal challenge
- NIS2 sanctions up to €10 million or 2% of global turnover for non-compliant OIVs/BSOs
- Encryption keys under US control: impossible to audit who actually accesses your data
In the event of geopolitical tensions, the United States can unilaterally cut off access to its cloud services.
- Business interruption without recourse (e.g.: USA-China threats in 2020)
- Support and maintenance monitored from abroad, strategic decisions made in the United States
- Impossible to ensure continuity of service in the event of a foreign policy decision
Vendor lock-in creates a blocking dependency with exit costs that can reach several million euros.
- Proprietary formats and closed APIs: impossible to migrate without prohibitive costs
- Frequent unilateral rate increases and unpredictable billing
- No ability to audit the source code or to evolve technology independently
Digital sovereignty = strategic autonomy of Europe
Dependence on American giants (Microsoft, Google, AWS) does not only threaten your data: it compromises the strategic autonomy of the whole of Europe.
Today, 92% of European businesses depend on American solutions for their critical infrastructures. This dependence exposes Europe to three major geopolitical risks:
Data sovereignty compromised : exposure to the Cloud Act and extraterritorial government access laws, lack of control over encryption keys, possibility of accessing your data without notification.
Fragile operational sovereignty : unilateral interruption of access in the event of geopolitical tensions, support and maintenance controlled from abroad, impossibility of ensuring the continuity of service in the event of a foreign decision.
Lost technological sovereignty: blocking dependence on critical components under American law, lack of capacity for autonomous evolution, technological lockdown (vendor lock-in).
Digital sovereignty cannot be proclaimed, it can be proved. It is based on an inseparable triptych: these three pillars are cumulative and do not compensate each other. Excellence on one axis cannot mask a critical weakness on another.
Building European cloud champions is not a patriotic choice: it is a strategic necessity to guarantee Europe's technological, economic and political independence.
“Europe must regain control of its critical digital infrastructures to guarantee its strategic autonomy in the face of American and Chinese powers.”
European Commission, European Digital Strategy 2030
The 4 guarantees of Wimi sovereignty
These 4 guarantees are cumulative and do not compensate each other. Sovereignty is binary: either your data is immune to any foreign influence, or it is not.
100% French capital
Wimi is an independent French company, with no American or Chinese shareholders. Our governance and strategic decisions are taken in France, for European interests. Microsoft, Google, and AWS are American companies subject to American law and the supervision of the United States government.
100% French hosting
Your data, metadata and backups are hosted exclusively in France (Île-de-France and Hauts-de-France), in sovereign datacenters certified ISO 27001. SecNumCloud 3.2 qualification in progress (2026 objective). Even stored in Europe, your data on Microsoft 365 remains accessible to the American government via the Cloud Act.
French and European teams
The operation, support, maintenance and development of Wimi are provided by French and European teams, based in Paris and Lyon. No dependence on personnel subject to foreign laws. Microsoft and Google support is often relocated outside of Europe, with system administrators based in the United States.
Sovereign & independent technical stack
Wimi masters its entire technical stack, without blocking dependence on critical components under extraterritorial law. Open APIs, standard formats, easy migration. Microsoft 365 and Google Workspace use proprietary formats and closed APIs, creating an expensive vendor lock-in.
Wimi vs American solutions: the sovereignty differences that matter
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore and dolore magna aliqua. Ut enim ad minimim veniam, qui nostrud exercising ullamco laboris nisi ut aliquip ex ea commodo consequat. Duvet high grain color wine Reprehenderit In voluptate velit esse illum dolore eu fugiat nulla pariatur.
“Wimi is a solution perfectly suited to collaboration in project mode. Its ease of handling and the flexibility offered according to uses convinced us. Covid-19 and the periods of teleworking have only amplified the need for such a solution to maintain exchanges and continue our projects.”
"Wimi nous permet de centraliser notre processus de création et de planification de contenus. La plateforme nous apporte une vision claire et centralisée de notre production. Je le recommande sans hésiter aux équipes qui veulent gagner en agilité et optimiser leur processus de création de contenus."
"Wimi nous permet de faciliter la communication entre le staff et les joueurs, de fluidifier le partage des données et d’accélérer la planification de nos évènements sportifs. Le budget est aussi très attractif au regard du périmètre fonctionnel, riche et ergonome couvert par la solution."
"Wimi est un outil sécurisé et sécurisant qui répond clairement aux besoins d’une profession réglementée par le secret professionnel. Travailler sur nos dossiers depuis la plateforme est devenu une évidence pour nous. Nous sommes bluffés par la facilité avec laquelle nos clients et partenaires adoptent la solution."
Your questions about digital sovereignty
What is the cost compared to Microsoft 365?
Wimi offers transparent and stable pricing, with no surprise increases. External guests are unlimited free (unlike Microsoft, which charges each user). Depending on your current Microsoft 365 configuration, savings can be significant, especially if you collaborate regularly with partners, customers, or service providers. Request a custom simulation to compare precisely.
What is the Cloud Act and why should I care?
The Cloud Act (Clarifying Lawful Overseas Use of Data Act) is an American law passed in 2018 that allows American authorities to legally access data stored by American companies, wherever they are hosted in the world.
In concrete terms, this means that:
- Even if your data is hosted in Europe, it can be viewed by American authorities if you use Microsoft 365, Google Workspace, or AWS
- This accessibility takes place without you being informed and without validation from a European judge
- The Cloud Act is added to Patriot Act (2001), further strengthening these extraterritorial access powers
Why are you worried about it?
If your organization manipulates sensitive, strategic or confidential data (R&D, strategic projects, business secrets, sensitive customer data), you expose yourself to the risk of economic espionage or unauthorized access.
The sectors particularly concerned:
- Defence and critical industries (OIV/OSE)
- Public administration and communities
- Businesses subject to trade secrets
- Regulated sectors (health, finance, energy)
With Wimi, a 100% French and independent company with sovereign infrastructure in France, your data is fully immunized against these extraterritorial laws.
Learn more about our sovereign infrastructure
Is my data really 100% in France with Wimi?
Yes. Wimi is a French company whose datacenters are located exclusively in mainland France. Your data never passes through foreign servers and remains subject only to French and European law. We are in the process of qualifying SecNumCloud 3.2 by ANSSI (objective Q1 2026) (objective Q1 2026), the highest level of security for the cloud in France, which guarantees sovereign hosting and immunity to extraterritorial laws. You can check our compliance via our ISO 27001, RGPD certifications and our status as a company under French law.
Does digital sovereignty involve compromises on functionalities?
No, absolutely not. This is precisely Wimi's ambition: reconciling protection and performance of use.
As Lionel Roux, CEO of Wimi, explains:
“What is the point of a sovereign and ultra-secure system, if it is almost unusable, slow, outdated and finally bypassed by users in a hurry?”
Wimi offers the best of both worlds:
✅ Complete functional richness
- Collaborative workspaces
- Chat & instant messaging
- Document Management & Drive
- Tasks & Gantt
- Video conference (Wimi AirTime)
- Electronic signature (Wimi Sign)
- Sovereign Mail (Wimi Inbox & Mail)
- Integrated generative AI (Wimi Neo)
✅ An optimal user experience
- Modern and intuitive interface
- Performance equivalent to American solutions
- Complete mobile applications (iOS & Android)
- Integrations (Doctolib, Noah, API connectors)
✅ State-of-the-art security
- SecNumCloud 3.2 qualification in progress (2026 objective)
- End-to-end encryption available
- Multi-factor authentication (Wimi MFA)
- Digital tattoo (Wimi Tattoo)
The result? Our customers benefit from productivity gains while protecting their critical data, without frustration or functional limitations.
Discover all Wimi features
What sectors are affected by digital sovereignty obligations?
Digital sovereignty obligations concern a growing number of sectors, especially since the entry into force of NIS2 (October 2024), which considerably broadens the scope.
🎯 Priority sectors (high criticality)
1. Defence and national security
- Armies and defense industries
- Vitally Important Operators (OIV)
- Intelligence services
- Sovereign ministries
- Government ministries and services
- Territorial authorities
- Public establishments
- Government agencies
3. Vital sectors of activity
- Energy (production, transport, distribution)
- Health and care facilities
- Finance and banks
- Transport (air, rail, sea)
- Food and drinking water
Sectors concerned by NIS2 (European directive)
Since October 2024, the following are also affected:
- Digital service providers
- Waste management
- Chemical and pharmaceutical industry
- Agri-food
- Medical device manufacturing
- Research and development
Voluntary businesses
Beyond legal obligations, many companies choose sovereignty to:
- Protect their intellectual property (R&D, patents, innovations)
- Securing trade secrets (strategy, M&A, sensitive projects)
- Meeting customer expectations on confidentiality
- Anticipate regulatory changes
Penalties incurred in case of NIS2 non-compliance:
- Fines up to 10 million euros or 2% of global turnover
- Question of the responsibility of managers
How to migrate from Microsoft 365 to a sovereign solution?
The migration to Wimi from Microsoft 365 is carried out in a secure, progressive and without interruption of activity. We have developed a proven methodology to support this transition.
The 4-step migration process
1 ️ ※ Audit and scoping (Week 1)
- Analysis of your current Microsoft 365 environment
- Identification of the data to be migrated (emails, files, files, calendars, tasks)
- Definition of the scope and the schedule
- Validating the migration plan with your teams
2 ️ aging and setting up (2-3 weeks)
- Creation and configuration of your Wimi environment
- Setting up workspaces, users and rights
- Test migration in a pre-production environment
- Functional validation with your pilot teams
3 ️ 803 Migration and Training (Weeks 3-4)
- Progressive data migration (files, emails, contacts, calendars)
- User training by profile (managers, collaborators, assistants)
- Field support the first days
- Priority support during the transition phase
4 ️ ※ Stabilization and Optimization (Month 2)
- Verification of the completeness of the migration
- Adjustments and optimizations based on user feedback
- Increase in expertise on advanced functionalities
- Ongoing support and adoption monitoring
Migration options available
Depending on your context, several approaches are possible:
Full migration : Total switching of all services and users
Hybrid migration : Microsoft 365 + Wimi temporary coexistence
Progressive migration : By department, by data sensitivity, or by geography
✅ Wimi guarantees
- Zero data loss : complete and verified recovery
- Business Continuity : planned migration outside critical hours
- Dedicated support : project manager and technical support
- Training included : sessions by user profile
- Average delay : 4 to 8 weeks depending on volume
Do you need personalized support?
Our experts analyze your situation free of charge and offer you a migration plan tailor-made.
Take back control of your critical data
Learn how Wimi protects your sensitive information against US extraterritorial laws, while offering a comprehensive and sovereign alternative to American tools.