PaaS
In brief
One step up. You rent a platform ready to run your code, without managing the machines underneath. Like a fully fitted premises — you just bring your business.
▶ Precise definition
Platform as a Service: a managed execution environment (databases, runtimes, message queues, deployment tools) on which the customer deploys their applications without administering the infrastructure. More convenience, but greater dependency on the platform's proprietary services, and therefore a higher lock-in risk than IaaS.
Our analysis
PaaS is the layer where technical teams gain speed at the cost of increased dependency. We deliver faster because we no longer have to manage servers, but we become tied to the provider’s choices, formats and managed services.
When it comes to sovereignty, two risks combine. The first is the provider’s jurisdiction, as is the case at every layer. The second is specific to PaaS: code portability is rarely guaranteed. An application written for Cloud Run cannot be redeployed elsewhere without being rewritten, because it relies on conventions and services specific to the platform. This is application lock-in, distinct from data lock-in: one can repatriate one’s data yet remain unable to run one’s application outside the original platform.
This is also the layer where sovereign certifications are the rarest and most recent. Certifying an IaaS amounts to certifying a foundation; certifying a PaaS requires, in addition, the certification of the entire managed runtime environment, which is a much broader scope. S3NS certified both IaaS and PaaS simultaneously in December 2025, making this a milestone rather than a routine procedure.
See also