Europe’s sovereign cloud frameworks like SecNumCloud certify the stack above the silicon but explicitly omit Intel ME and AMD PSP, leaving a Ring -3 backdoor unaddressed.
Key Takeaways
Intel CSME and AMD PSP run at Ring -3, below the OS and hypervisor, with independent memory, network stack, and MAC/IP sharing – invisible to host firewalls.
RISAA 2024 classifies hardware manufacturers as electronic communications service providers, meaning Intel and AMD can be compelled via secret orders to cooperate with US intelligence.
ANSSI director and SecNumCloud advisors confirm the framework has no direct requirement for firmware backdoor prevention; the hardware layer was left out by design, not oversight.
Microsoft documented the PLATINUM nation-state actor using Intel AMT Serial-over-LAN as a covert exfiltration channel in 2017 – no vulnerability exploited, just default credentials and an enabled feature.
AMD SEV-SNP confidential computing was broken with a 100% success rate software-only exploit (Fabricked, April 2026), showing the PSP is equally exposed.
Hacker News Comment Review
Commenters broadly agreed the framing is unfair: “data sovereignty” (locking data away from US legal reach) and “hardware sovereignty” (owning the full silicon stack) are distinct goals; European initiatives explicitly targeted the former.
Several commenters pushed back on the article’s implied solution, noting full silicon independence requires decades and hundreds of billions – China’s Loongson/LoongArch path was cited as the only real precedent at scale.
The concrete threat model matters: US intelligence using ME/BMC to infiltrate certified European clouds is a real operational risk, not just a theoretical sovereignty gap.
Notable Comments
@nasretdinov: flags that the article ignores ARM entirely, a notable omission for any European sovereign compute discussion.
@neilv: notes that “almost no one” at CyberUK 2026 knew about the Management Engine – surprising given the topic has been public for over a decade.
