Clouding SASU and the Limited Market for Local Cloud

The business question is straightforward: why would a customer choose a regional cloud operator when AWS, Azure, Google Cloud, OVHcloud, Scaleway, Outscale, Cloud Temple, Clever Cloud, and a long list of hosting providers are just a credit card, a reseller agreement, or a procurement line away? The answer cannot be "compute". Compute is too easy to compare, too easy to rent, and too difficult to differentiate for a small operator at the level of CPU cycles, RAM, block storage, entity storage, or virtual machine packaging. The only durable market that a small French cloud operator can create revolves around what the commodity cloud hides: locality, support, migration labor, procurement fit, low-friction operations, abuse management, billing clarity, language, jurisdictional comfort, and the willingness to be accountable when something goes wrong.

This is the right framework for Clouding SASU, because public evidence does not support a clean hyperscaler-style business profile. It supports something narrower and economically more interesting: an active French SASU with a broad corporate purpose of IT services, a founder-controlled origin, modest disclosed historical accounts, and real evidence of RIPE/RDAP network resources linked to AS212718, "clouding-asn". The business question is not whether Clouding can beat the hyperscalers. It cannot, based on any currently visible evidence. The question is whether Clouding can turn a small infrastructure identity into a defensible service market where the buyer pays not for undifferentiated compute, but for reduced coordination cost.

The first product is not compute; it is the elimination of hassle

A small regional cloud succeeds only when the real cost to the buyer is not the published price of a vCPU. For many SMEs, associations, small software publishers, local public sector contractors, agencies, and industrial companies, the determining constraint is not that AWS is unavailable. It is that AWS presents too large a surface for the internal team, too easy to misconfigure, too costly to govern, too complex to predict, or too remote when a routine migration, backup failure, DNS issue, certificate renewal, email deliverability problem, or incident requires human intervention.

That is why the 'local cloud' is better understood as an economic package than a technical category. The package may include hosting, managed virtual machines, backups, monitoring, firewalls, domain and DNS work, email routing, data migration, software licenses, light DevOps, procurement paperwork, French-language support, and, in some cases, network number resources or BGP competence. The customer buys a reduction of operational ambiguity. Compute is the visible SKU; accountability is the product.

That distinction matters because the French cloud market is already structurally hostile to generic competitors. The French competition authority described a cloud infrastructure and platform market dominated by hyperscalers, with AWS, Google Cloud, and Microsoft Azure accounting for most of the public cloud infrastructure/application spending growth in France in 2021; it also pointed to credits, egress fees, ecosystems, and migration frictions as competitive problems. A small operator does not beat that by matching a catalog. It survives by selling into niches where catalog breadth is less important than local accountability and operational sufficiency.

The visible public trail of Clouding SASU points toward that kind of market, if it points to any market. The records do not reveal a polished public cloud storefront, a visible customer list, a portfolio of certifications, a public procurement footprint, or public product documentation. They reveal a legal company, a corporate purpose of IT services, a service-like historical economy, a registered autonomous system, and an abuse contact. That combination does not qualify Clouding as a cloud provider at scale. It suffices to consider Clouding as a French micro-enterprise of cloud/hosting adjacent services with infrastructure optionality.

What the public record actually establishes

The canonical legal entity is Clouding, a French SASU registered under SIREN 891 849 655, active, with its registered office at 2 Allée Lucien Coupaye, 91560 Crosne. The derived record from Pappers indicates the activity as "Conseil en systèmes et logiciels informatiques" (consultancy in computer systems and software), shows creation on 4 December 2020, identifies Karim Bouabene as director, and records zero employees in 2026. It also indicates legal form SASU, capital of €1,000, VAT number FR14891849655, RCS Evry, and an APE/NAF activity code 62.02A.

The company's articles of association are broad and not cloud-specific. The corporate purpose covers IT consultancy and services in systems, software, programming, and training; hardware resale; related activities; development, publishing, and sale of software, websites, mobile sites, and mobile applications; and the acquisition, operation, and sale of licenses. The same foundational document shows a capital of €1,000 divided into 1,000 shares, all subscribed by Karim Bouabene at incorporation.

Those facts create a legal identity, not proof of a cloud product. They show that Clouding can legally provide IT services, software, licenses, and related activities. They do not show an operating public cloud platform, a fleet of data centers, a customer base, a service-level agreement, a product catalog, or recurring hosting revenue. The distinction is important because "clouding" is a generic enough trade name to generate false positives. Some visible review and hosting signals for "Clouding" belong to unrelated companies, such as Clouding.io in Barcelona, not the French Clouding SASU. Trustpilot and HostAdvice pages for Clouding.io point to a Spanish hosting brand and must not be imported into Clouding SASU's reputation history.

The company is not obviously dormant in the registry sense. Pappers shows an active status, continuous updates, and notices of annual account filings for the 2022, 2023, and 2024 financial years, although subsequent accounts are confidential. It also shows no collective proceedings, litigation, sanctions, won public tenders, labels or certificates, or intellectual property rights in the visible record. That combination is revealing from a business perspective: Clouding appears alive as a legal company, but not publicly demonstrative as a cloud provider.

A service income statement, not hyperscale

The only disclosed financial year visible in the Pappers record is 2021. It shows €214,000 in revenue, €214,000 in gross margin, €84,700 in EBITDA, €66,300 in net profit, 100% gross margin, 39.6% EBITDA margin, 31% net margin, €57,400 in cash, €67,300 in equity, zero salary expense as a percentage of revenue, and €94,900 in export revenue.

Those figures are not consistent with a capital-intensive public cloud deployment. They are consistent with a founder-operated service business, a consultancy, a resale/licensing wrapper, or a project-based IT activity with low cost of goods sold. The 100% gross margin is especially significant. A company managing material rented infrastructure, wholesale compute, high-traffic hosting, or hardware resale at scale would typically show some direct cost leakage, unless the accounting classification is unusual. Thus, the visible profile points to labor and knowledge as the economic driver, not own compute capacity.

This is not a negative finding; it is the core economic interpretation. A small cloud-adjacent company with high-margin services can be rational. A small company trying to sell raw infrastructure against hyperscalers and large French providers would face brutal price pressure, availability expectations, abuse loads, capital requirements, and procurement skepticism. Clouding's visible accounts suggest the former is more likely than the latter, at least at the time the public accounts were available.

Subsequent account confidentiality prevents analyzing the revenue trend. It could conceal growth, stagnation, restructuring, or a deliberately discreet founder-led company. That opacity itself has a business meaning. For relationship-based IT services, opacity may not matter much, because trust is built through direct referrals, contract history, and personal accountability. For self-service cloud, opacity is a conversion penalty, because the buyer needs public trust signals before placing workloads on an unfamiliar platform.

The ASN is real, but an ASN is not a cloud

The strongest infrastructure fact is AS212718. The public RDAP/WHOIS context identifies the autonomous system as "clouding-asn", located in France, with the registrant entity ORG-CS860-RIPE named Clouding SASU, address in Crosne, and an abuse role using contact@clouding.fr. The RIPE database documentation itself explains that the RIPE Database exists to hold network registration information in the RIPE NCC service region and related contact details, including coordination and routing policy uses.

From a business standpoint, this demonstrates that Clouding is not just a name in a commercial register. It has at least some network operator identity in the RIPE ecosystem. An autonomous system number is useful if a company intends to originate prefixes, multihome between transit providers, control routing policy, build hosting infrastructure, operate edge services, or signal technical seriousness to counterparties. It also creates obligations: abuse contacts are meant to receive reports about abusive behavior originating from a resource holder's network, and hosting networks attract spam, scans, phishing, botnets, and complaint traffic.

But the ASN does not prove a cloud. It does not prove active customer workloads, announced prefixes, transit contracts, racks in data centers, own hardware, SLA-backed infrastructure, a support service, or significant traffic. Cloudflare Radar has pages for AS212718 and ranks it in routing/security views, indicating that the ASN is visible enough to be represented in external routing analyses, but the accessible page text does not provide traffic volume or a measure of customer base.

There is also a weak but notable IPv6 hint. A RIPE allocations mirror appears in search results with "fr.clouding", "Clouding SASU", date 20250512, and prefix 2a04:5fc0::/29. The underlying mirror describes itself as based on data from the RIPE NCC allocation file and gives the format for IPv4 and IPv6 allocations, but the live fetched page did not show Clouding's line in the accessible text. The correct interpretation is not certainty. It is optionality: if the allocation signal is accurate, Clouding could have acquired significant IPv6 address space in 2025, which would support an infrastructure trajectory; if it is stale, misindexed, or not reflected in the current accessible page, it remains a due-diligence clue rather than proof.

The market implication is precise. Clouding's network evidence supports "operational capability" more than "market scale". It makes the company more interesting than a plain consultancy, but less evidenced than a public cloud. The ASN is a real asset in the narrative; it does not substitute for product evidence.

Locality is useful, but sovereignty is a higher bar

Locality sells when customers want a French counterparty, French-language support, local invoicing, local legal processes, low-latency regional placement, and a provider that understands French business constraints. Sovereignty sells only when the provider can meet more demanding requirements around control, certification, jurisdiction, auditability, and operational independence. They are not the same market.

French public-sector cloud policy makes the difference clear. DINUM's cloud doctrine says that State IT teams and contractors must use the cloud by default for new projects, but choices must consider security, total cost, internal experience, and technical needs. It also says that sensitive systems must use SecNumCloud or an equivalent qualification and be immune to unauthorized access by public authorities of third countries, while also considering multicloud portability and provider diversity. ANSSI describes SecNumCloud as a qualification framework for cloud providers, covering IaaS, PaaS, and SaaS, aimed at reinforcing trust in the security of offerings and provider practices.

Pappers shows no labels or certificates for Clouding in the visible record. That does not prevent Clouding from serving ordinary commercial workloads, SMEs, test systems, managed hosting, non-sensitive SaaS backends, agencies, or private clients that value support over certification. It does limit the plausibility that Clouding wins sensitive public-sector or regulated workloads, unless it is reselling, integrating, or operating alongside a qualified provider.

This is where many local cloud propositions fall down. "French company" does not equal "trusted cloud". "Local support" does not equal SecNumCloud. "European data center" does not equal legal immunity from extraterritorial access. A small operator can still make money below that threshold, but it should not claim the sovereign cloud premium unless it has the certifications, documented controls, legal architecture, and audited operations to back it.

The market Clouding can plausibly create

The plausible market is not mass-market public cloud. It is a narrow, service-led market with infrastructure characteristics.

The likely customer will be an organization with enough IT complexity to need outside help, but without enough in-house cloud expertise to govern hyperscaler sprawl. That customer may have a legacy application, a small web platform, a few Linux or Windows servers, a database, backups, DNS, monitoring, VPN, firewall rules, email routing, or the need to migrate from an old host. It may not like the billing uncertainty of hyperscalers. It may not need Kubernetes, global regions, machine learning platforms, managed data warehouses, or hyperscaler marketplaces. It may want a single accountable provider.

For that buyer, locality, simplicity, and support can outweigh raw platform superiority. A local operator can package a narrower set of sufficient services: virtual machines, storage, backups, managed firewall, monitoring, domain/DNS support, migration, patching, incident response, and a direct support channel. The operator does not need to be technically better than AWS. It needs to make the customer's total operational cost lower after including attention, risk, time, governance, mistakes, and staff availability.

Clouding's corporate purpose fits this package. It explicitly covers IT consultancy/services, training, software/website/application development, hardware resale, and licenses. That breadth is economically more important than a narrow "cloud" label. A small provider often needs to combine recurring infrastructure with project labor. Pure hosting margin is thin; migration and support labor are the margin source.

The failure path is also clear. If Clouding sells generic VPS capacity without a visible SLA, status page, security posture, references, pricing, automation, documentation, or certification, it competes in the worst part of the market: commodity compute with low trust. If it sells managed outcomes to customers who know the founder or the partner network, public invisibility matters less. That makes Clouding look more like a relationship-based infrastructure services firm than a self-service cloud platform.

Support labor is both the margin source and the bottleneck

Support is the only credible moat for a small provider, but it does not scale cleanly. A local operator can differentiate by answering the phone, performing the migration, explaining the backups, translating requirements into working infrastructure, helping after an incident, and taking charge of the tedious middle layer between the application vendor, the ISP, the domain registrar, the DNS, the email provider, and the cloud infrastructure.

The economics are attractive when support is packaged into recurring service fees. The customer compares the bill not to a hyperscaler VM, but to the cost of internal staff time, failed migrations, downtime, unmanaged backups, security gaps, and vendor coordination. In that comparison, a regional provider can charge a premium over raw compute.

The bottleneck is labor. Pappers indicates zero employees in 2026. A cloud-adjacent company without employees can still operate through its founder, subcontractors, automation, reseller relationships, or part-time arrangements, but it faces key-person risk. The same person may be responsible for sales, architecture, billing, security, abuse, maintenance, documentation, customer support, and incident response. That model can work for a small portfolio of clients. It breaks when clients expect 24/7 incident management, formal change management, compliance evidence, and rapid support during simultaneous failures.

This is the main unit-economics constraint. Hyperscalers amortize platform engineering over millions of customers. Large French providers amortize compliance, NOC, data center operations, sales, support, and legal over thousands. A micro-operator must recover fixed operational loads from a small revenue base. The only way to do it is to avoid broad promises, specialize, automate, or charge for human accountability.

Network resources are option value, not proof of scale

AS212718 gives Clouding an infrastructure option. It can use an ASN to multihome, build its own routing policy, decouple from a transit provider's identity, improve portability between facilities, operate anycast or edge services, and present as a more serious network counterparty. If the IPv6 allocation hint is real, it adds a future-oriented address resource base, especially for new deployments where IPv6 is viable.

But network resources also create fixed costs and operational exposure. BGP is not a marketing badge. If a provider originates routes, it must manage routing policy, RPKI, transit-provider relationships, filtering, incidents, abuse, DDoS management, route leaks, blacklists, and monitoring. Even if the company does not yet route customer traffic, the existence of RDAP and abuse contacts means the company is part of an operator responsibility chain.

The absence of PeeringDB-style interconnection evidence in the source trail is significant. A mature infrastructure operator usually leaves traces: peering policy pages, exchange point memberships, transit relationships, route entities, RPKI ROAs, NOC contacts, looking glasses, status pages, public uptime disclosures, or customer-visible network documentation. Clouding's current public evidence is much sparser. That does not mean there is no private infrastructure. It means the commercial claim should be limited: network-capable, not network-proven at scale.

IPv4 is another constraint. A small provider entering cloud/hosting after the easy-allocation era faces scarce and expensive IPv4 resources. Without visible IPv4 holdings, the provider may depend on transit-provider-supplied or leased addresses, which weakens portability and margin. IPv6 can reduce the future constraint, but it does not eliminate the current customer reality: many applications, email systems, third-party integrations, and legacy clients still assume IPv4 reachability. If Clouding's address resource position is mostly IPv6, its infrastructure potential is real but commercially incomplete.

The provider stack behind a small cloud

A regional cloud operator rarely owns the full stack. It assembles it. The hidden stack may include colocation space, power, racks, servers, storage arrays, backup storage, virtualization software, network switches, upstream transit, DDoS mitigation, DNS, domain registration, monitoring, log storage, billing, ticketing, payment processing, security tools, and external contractors. Each dependency can become a margin leak or a failure path.

For a small French provider, the strongest strategic choice is often not to pretend otherwise. The rational model is to control the customer relationship, the architecture, the support process, and enough network identity to avoid total dependence on a single transit provider, while buying scale where required. That may mean reselling or integrating a larger cloud, colocating a limited platform, or running a managed hosting stack on rented infrastructure.

Clouding's public record does not reveal its providers. That silence matters. If the company depends on a single facility, a single transit provider, a single virtualization stack, a single founder, a single billing system, or a single DDoS vendor, a localized failure can become a total business failure. Large providers spread these risks across regions, teams, and balance sheets. A micro-operator must disclose enough to reassure customers or sell to buyers who already trust the operator through private channels.

Provider concentration also changes pricing. Hyperscalers set price floors on commodity services, but small operators often pay retail or near-retail prices for parts of the stack. They may not beat hyperscalers on gross unit cost. They can only beat them by changing the unit of value from compute to managed outcome. It is the same logic as an MSP: the input may be commodity, but the workflow and responsibility are local.

Abuse management is the hosting tax

Hosting attracts abuse because compute, IP addresses, and bandwidth are useful to malicious actors. Even a small provider can inherit disproportionate pain: spam complaints, phishing takedown notices, malware scanning, credential stuffing, open proxies, compromised WordPress instances, botnet command traffic, copyright notices, and DDoS retaliation. Abuse management is not an optional overhead. It is part of the operational cost of being a network infrastructure provider.

Clouding's RDAP abuse contact is therefore more than an administrative detail. It places the company in the complaint loop. For a micro-provider, abuse can destroy the economics of cheap hosting. A bad customer can blacklist IP space, trigger transit-provider intervention, consume support time, and damage deliverability for legitimate customers. IPv4 scarcity makes this worse: dirty or blacklisted address space is harder to replace, and reputation repair is slow.

This creates a strategic filter. A small operator must avoid anonymous, low-friction, low-price public compute unless it has strong automated abuse controls. The best customer base is known, contract-based, local, managed, and lower-risk. That points again toward a service-led market rather than an open self-service cloud. If Clouding wants a durable niche, it should prefer customers whose identity, use case, and support relationship are known before provisioning.

Switching costs are shifting, but managed-work lock-in remains

The EU Data Act changes the cloud switching environment. The European Commission describes cloud customers as facing barriers such as high egress fees, lengthy switching procedures, and lack of interoperability; the Act requires cloud and edge providers to facilitate switching, increase contractual transparency, remove obstacles, and phase out switching charges, including data egress fees, before 12 January 2027.

This matters in two opposing ways. First, it weakens a hyperscaler lock-in mechanism on the margin. If egress fees become less punitive, some customers may be more willing to leave large platforms or adopt secondary providers. Second, it reduces a selling point for regional providers that rely on the "no lock-in" message. If the law mandates greater openness sector-wide, small providers must compete on service quality, support, security, simplicity, and local fit, not merely on claims of reversibility.

The most durable lock-in is not contractual; it is operational. Once a provider understands the customer's application, backup pattern, DNS configuration, deployment quirks, user permissions, compliance anxieties, and incident history, switching becomes costly even if data egress is cheap. That can be good or bad. It is good when the provider creates real operational knowledge and documents it. It is bad when the provider becomes an undocumented bottleneck.

Therefore, a small operator's defensible economics should come from managed-work lock-in, not technical hostage-taking. The customer should stay because the provider reduces failure likelihood and operational burden. If the customer stays because no one else understands the setup, the provider has created fragility, not value.

Competition is not a single market; it is four different threats

Clouding's likely competitive environment has four layers.

The first layer is the hyperscalers. AWS, Azure, and Google Cloud dominate the technical frontier and the developer mind. They win on breadth, ecosystem, credits, managed services, global regions, market depth, automation, compliance documentation, and enterprise procurement. They also create cost and complexity governance problems. For Clouding, the hyperscalers are not beaten head-on. They are avoided when the customer wants a simpler, more accountable counterparty.

The second layer is the large French and European cloud providers. OVHcloud markets a broad public cloud portfolio, infrastructure services, and reversibility; Scaleway offers a wide cloud range; 3DS OUTSCALE has positioned around trusted cloud and SecNumCloud qualification; Cloud Temple has SecNumCloud-qualified offerings; Clever Cloud sells European cloud positioning and legal sovereignty themes. These companies are the real substitute when a French customer wants locality plus more public evidence than a micro-provider can offer.

The third layer is MSPs, web agencies, local IT integrators, and hosting resellers. This is probably the most relevant competitive layer for Clouding. These firms do not need to own infrastructure to win the customer. They win by being trusted, available, and willing to manage the mess. If Clouding's edge is network technical competence, it must turn that into support outcomes that customers can feel.

The fourth layer is traditional telecom and data center operators. They sell connectivity, colocation, managed hosting, private cloud, security, and hybrid infrastructure. Against them, a micro-operator can be more flexible and cheaper, but less certifiable and less redundant.

The implication is that Clouding's best category is not "national telecom", nor "exchange", nor "hyperscale cloud". It is cloud/hosting adjacent infrastructure services, potentially a micro-cloud or managed hosting operator with RIPE/ASN evidence. For directory or publication classification, "cloud service" is defensible only with a caveat: public evidence currently supports cloud/hosting adjacency and operator identity, not a fully evidenced self-service public cloud platform.

The name collision problem is commercial, not cosmetic

Search-market ambiguity is a real due-diligence cost. "Clouding" is used by other companies. Clouding.io, for example, appears in review and hosting contexts as a Barcelona-based provider, and those reviews cannot be attributed to Clouding SASU. Another unrelated "CLOUDING SAS"/clouding.lt presence points to a Colombia-linked company serving broader markets, again not the French SASU.

This matters because small cloud providers depend heavily on trust signals. If a buyer searches the name and finds unrelated reviews, unrelated hosting brands, and thin official evidence of the French entity, the buyer's verification burden increases. That burden may be acceptable in referral-based sales. It is harmful in self-service procurement.

Name collision also raises a reputation risk. A complaint, outage, or abuse thread about an unrelated "Clouding" could be misattributed. Conversely, positive reviews about unrelated providers could create false confidence. The correct analyst posture is conservative: do not import third-party Clouding.io reputation to Clouding SASU; treat the lack of Clouding SASU-specific feedback as an absence of visible market signal, not as proof of customer satisfaction.

Silence is not innocence; it is low observability

There is no robust trail of public complaints in the collected source set: no visible conversations about outages clearly linked to Clouding SASU, no review pattern, no public procurement record, no official website listed on Pappers, no certificates or labels in the visible company record, and no cited companies available on Pappers.

This should not be read as "good reputation". It should be read as low observability. A company with few public customers, private contracts, low traffic, or project-based work will naturally leave fewer public traces. Low observability reduces negative evidence, but it also reduces trust. In cloud, the buyer cares about continuity, incident response, support depth, security controls, and exit options. A discreet profile forces the buyer to undertake private diligence or rely on personal trust.

That is the central economic tension. Sparse public evidence is viable for consultancy. It is a problem for infrastructure. Consultancy can be sold through personal credibility. Infrastructure requires institutional credibility because the customer deposits operational continuity with the provider. Clouding sits between those worlds: the registry and ASN evidence suggests ambition or infrastructure capacity, while the public commercial surface looks more like a small service company.

Ownership and control: useful concentration, dangerous concentration

Clouding's founding structure was simple: SASU, capital of €1,000, Karim Bouabene as sole shareholder at incorporation. Pappers' director page continues to associate Karim Bouabene with Clouding as president and shows no wide network of linked companies. A public LinkedIn snippet also associates a Karim Bouabene profile with network/connectivity leadership and "Founder" at clouding, though this is a softer professional network signal, not a registry fact.

Founder concentration is a double-edged sword economically. It can be an advantage in small infrastructure services because decision-making is fast, technical context is concentrated, and customers can have direct access to the person who understands the system. It is also a continuity risk. If a single person carries the architecture, support knowledge, vendor relationships, and customer history, the company's service capability is bounded by that person's availability.

For a small regional cloud, the question is not only "who owns it?" but "who can operate it during a failure?" A support-based cloud must answer in the bad hours, not just sell in the good hours. Public evidence shows no staff depth. That does not make the company unviable, but it reduces the viable market to customers whose expectations match the operating model.

The true unit economics

The cost structure of a small French operator is shaped by five constraints.

First, compute has poor differentiation. If the customer wants the cheapest VM, the broadest service catalog, managed database, managed Kubernetes, AI platform, global CDN, compliance documentation, and instant provisioning, the large providers win. The local cloud must package compute with labor and accountability.

Second, support labor does not scale like software. Every migration, outage, backup restore, security incident, billing dispute, and abuse notice consumes time. The provider must charge a sufficient recurring margin to cover this. Cheap unmanaged hosting is a trap unless automation is robust and customer quality is strictly controlled.

Third, provider dependence is unavoidable. Without own data centers and large capital reserves, a micro-operator depends on transit providers. That is rational, but it means margin and resilience depend on supplier terms. A problem at a facility, a transit route issue, a DDoS gap, or a virtualization licensing change can disrupt the economics.

Fourth, trust is a capital cost. The lack of public references, certifications, status history, and product documentation increases buyer diligence costs. A small provider can compensate with direct relationships, but that keeps the addressable market small.

Fifth, regulation creates both demand and barriers. European cloud standards, Data Act switching reforms, and French sovereignty debates create demand for alternatives to hyperscaler lock-in, but sensitive workloads require evidence and qualifications. The same rules that create the market also raise the bar.

Clouding's visible record suggests it should optimize for measurable sufficiency, not prestige. It does not need to become a "sovereign cloud" brand to be economically useful. It needs a bounded offer where the customer can verify: where data is hosted, who supports it, how backups work, what happens during an incident, how to exit, what the SLA means, how abuse is managed, and which providers underlie it.

What may be residual signal rather than operational proof

Some Clouding signals may be operational evidence. Others may be residual.

The legal company is active, but legal activity does not prove active cloud services. The articles permit IT services, but corporate purposes are intentionally broad. 2021 revenue proves commercial activity in that year, but not the current revenue mix. Subsequent confidential accounts prove filings, not growth. The ASN proves RIPE network identity, but not traffic. The abuse contact proves operator accountability, not customer volume. The possible IPv6 allocation proves at most a network resource hint unless directly confirmed in RIPE entities and routing tables. The absence of public complaints proves a low visible complaint surface, not reliability.

This evidence boundary should be part of any business reading. If Clouding is being evaluated as a provider, the next step is not to ask whether it is "real". It is real as a legal and network-registry entity. The next step is to ask what part of the infrastructure stack it operates, what it resells, where customer workloads run, what support coverage exists, what happens on exit, and whether there is enough institutional continuity for the buyer's risk level.

Category recommendation

Clouding SASU is best categorized as a French micro-operator of IT services and cloud/hosting-adjacent infrastructure with RIPE/ASN evidence. It should not be described as a national telecom company, an exchange point, or a clearly scaled public cloud provider. The most supported category is "cloud service / hosting-adjacent regional infrastructure services", with an evidence caveat: public records currently support legal continuity, IT service scope, historical service economics, and network resource identity; they do not yet support a claim of visible public cloud scale, certified sovereign cloud status, a material customer footprint, or an independent data center operation.

Therefore, practical classification should be conservative: include it in cloud/hosting infrastructure coverage only if the article explicitly signals the evidence boundary. If future routing, product, certification, customer, or procurement signals emerge, the category can evolve toward regional cloud operator. If no such signals appear, the safest economic category is consultancy/IT services company with network number resources.

Evidence record

1. Pappers — Clouding company recordURL:https://www.pappers.fr/entreprise/clouding-891849655Source type: French commercial register aggregator using official registry data. Supports: Active French SASU identity, SIREN 891 849 655, address in Crosne, activity code 62.02A, legal form, capital, director, zero employees, 2021 accounts, continuity in account filings, no visible public tenders, no visible labels/certificates, no visible intellectual property rights. Does not prove: Live cloud product, current customer base, current revenue mix, own infrastructure, data center footprint, SLA quality, or operational maturity. Economic significance: Establishes Clouding as a real legal entity while showing a small, service-like visible scale rather than a capital-intensive public cloud profile.

2. Pappers — Clouding articles of association (PDF)URL:https://www.pappers.fr/entreprise/clouding-891849655/documents/CLOUDING%20-%20Statuts%20constitutifs%2009-12-2020.pdfSource type: Legal/incorporation document. Supports: Broad corporate purpose of IT services, hardware resale, software/website/application development, licensing activity, capital of €1,000, Karim Bouabene as sole shareholder at incorporation. Does not prove: Current ownership if subsequently changed, actual product mix, customer contracts, or cloud operations. Economic significance: Shows the company was incorporated as a broad IT services vehicle, not narrowly as a capitalized infrastructure platform.

3. Pappers — Director Karim Bouabene pageURL:https://www.pappers.fr/dirigeant/karim_bouabene_1979-12Source type: Registrar-derived director/person page. Supports: Continued association of Karim Bouabene as president of Clouding and lack of a broad visible network of linked companies. Does not prove: Day-to-day involvement, current beneficial ownership, staff depth, or operational capacity. Economic significance: Points to founder concentration, which can aid technical accountability but creates key-person and continuity risk.

4. RIPE/RDAP mirror — AS212718 clouding-asnURL:https://zh-hant.ipshu.com/asn/212718Source type: RDAP/WHOIS/RIR data mirror. Supports: AS212718, "clouding-asn", location in France, ORG-CS860-RIPE Clouding SASU, address in Crosne, maintainer/registrant records, abuse contact atcontact@clouding.fr. Does not prove: Active route origination, traffic volume, customer workloads, peering, transit relationships, data centers, or revenue. Economic significance: Confirms network operator identity and infrastructure optionality, but not market scale.

5. RIPE NCC — RIPE database descriptionURL:https://www.ripe.net/manage-ips-and-asns/db/Source type: Official RIR documentation. Supports: The interpretive meaning of RIPE database records as registration, contact, and routing coordination data. Does not prove: Anything specific about Clouding's commercial operations. Economic significance: Prevents over-interpretation of RDAP: registration identity is meaningful but does not equal cloud operational capability.

6. RIPE NCC — abuse-c policy contextURL:https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-database-acceptable-use-policy/Source type: Official RIR documentation/policy. Supports: Abuse contacts are meant to receive reports of abusive behavior originating from a resource holder's network. Does not prove: That Clouding has abuse incidents or a specific abuse volume. Economic significance: Shows that network resource ownership carries operational obligations; abuse management is a fixed cost burden for small hosting/cloud operators.

7. Cloudflare Radar — AS212718 routing/RPKI pageURL:https://radar.cloudflare.com/pl-pl/routing/rpki/as212718Source type: External routing analysis interface. Supports: AS212718 appears in public routing monitoring context as "clouding-asn". Does not prove: Significant traffic, active customer workloads, prefix count, route stability, or commercial adoption from accessible text. Economic significance: Useful as a follow indicator for whether Clouding's ASN becomes operationally visible.

8. Telecom SudParis RIPE allocations mirror / search trailURL:https://www-public.telecom-sudparis.eu/~maigron/rir-stats/ripe-allocations/allocations/fr-ip-allocations.htmlSource type: Public RIPE allocations mirror / search index hint. Supports: A weak indexed signal associating "fr.clouding", Clouding SASU, 20250512, and the IPv6 prefix 2a04:5fc0::/29; the mirror itself describes the RIPE allocation file structure. Does not prove: Current allocation, active routing, customer use, or that the line is currently visible in the accessible page excerpt. Economic significance: If confirmed, would materially strengthen the infrastructure optionality thesis; until confirmed, it is a watchpoint, not a firm fact.

9. Autorité de la concurrence — Opinion on the cloud sector in FranceURL:https://www.autoritedelaconcurrence.fr/fr/communiques-de-presse/informatique-en-nuage-cloud-lautorite-de-la-concurrence-rend-son-avis-sur-leSource type: French competition authority market analysis. Supports: Dominance of hyperscalers in French IaaS/PaaS, concerns about credits, egress fees, ecosystem power, and migration barriers. Does not prove: Clouding's market share, customer base, or conduct. Economic significance: Defines the competitive structure around which Clouding must operate: raw cloud infrastructure is not an easy-to-differentiate market.

10. European Commission — Data Act explainedURL:https://digital-strategy.ec.europa.eu/en/factpages/data-act-explainedSource type: Official EU regulatory explanation. Supports: Barriers to switching, phase-out of egress fees, interoperability, and contractual transparency direction for cloud/edge services. Does not prove: That switching will be operationally easy or that small providers automatically benefit. Economic significance: The lock-in economics of cloud are shifting; small providers must win on service and operational fit, not just anti-lock-in rhetoric.

11. DINUM — Cloud doctrine for the French public sectorURL:https://www.numerique.gouv.fr/offre-accompagnement/cloud-administrations/programme/Source type: Official French government cloud policy guide. Supports: Cloud-default policy, security and cost criteria, SecNumCloud or equivalent requirement for sensitive systems, portability and provider diversity considerations. Does not prove: That Clouding is or is not eligible for all public contracts. Economic significance: Shows why certification and public evidence matter for regulated buyers; locality alone is.

12. ANSSI — Recommendations on hosting sensitive information systems in the cloudURL:https://messervices.cyber.gouv.fr/documents-guides/anssi_Recommendations%20on%20hosting%20sensitive%20IS%20in%20the%20cloud.pdfSource type: Official cybersecurity guide. Supports: The meaning and role of SecNumCloud qualification for cloud providers and trust in operational practices. Does not prove: That Clouding has, lacks, pursued, or not achieved any qualification, beyond the absence of visible certification in company records. Economic significance: Defines the trust premium and compliance barrier separating ordinary local hosting from sensitive sovereign cloud workloads.

13. Public materials from OVHcloud, Scaleway, OUTSCALE, Cloud Temple, and Clever CloudURLs:https://www.ovhcloud.com/en/public-cloud/;https://www.scaleway.com/en/;https://en.outscale.com/press-releases/archives/3ds-outscale-french-leader-guaranteeing-fully-trusted-cloud-around-the-world/;https://www.cloud-temple.com/en/press-releases/cloud-temple-first-in-france-to-obtain-secnumcloud-qualification-for-a-paas-offering/;https://www.clever.cloud/secnumcloud-trusted-cloud/Source type: Official competitor pages and announcements. Supports: Existence of French/European cloud alternatives with greater evidence, wider product surfaces, sovereignty positioning, or certifications. Does not prove: Direct customer overlap with Clouding or that Clouding cannot win niche customers. Economic significance: Sets the competitive ceiling: Clouding's plausible wedge is support-based specificity, not parity with a broad cloud platform.

14. Trustpilot/HostAdvice Clouding.io and unrelated Clouding web tracesURLs:https://fr.trustpilot.com/review/clouding.io;https://hostadvice.com/hosting-company/clouding-io-reviews/;https://www.clouding.lt/about-us/Source type: Review site and unrelated company signals. Supports: Name collision around "Clouding", especially with a Spanish hosting brand Clouding.io and other unrelated Clouding entities. Does not prove: Clouding SASU's reputation, quality, outages, customer satisfaction, or complaints. Economic significance: Shows due-diligence noise and SEO/reputation ambiguity; positive or negative signals from unrelated "Clouding" brands must not be misattributed.

Watchpoints

Monitor AS212718 for new visible BGP announcements, route6 entities, RPKI ROAs, transit provider changes, invalid routes, route leaks, traffic visibility, and peering traces.

Confirm or dismiss the IPv6 allocation hint 2a04:5fc0::/29 via RIPEstat, RIPE database entities, RPKI, route collectors, and delegated allocation files.

Watch clouding.fr for a product surface: pricing, SLA, DPA, status page, API documentation, customer portal, legal terms, support policy, incident history, and named infrastructure locations.

Follow PeeringDB, France-IX, Equinix, Telehouse, transit provider references, and data center partner pages for any appearance of AS212718 or Clouding SASU.

Follow Pappers/BODACC for capital increases, new shareholders, address changes, account publication, mergers, asset transfers, pledges, insolvency signals, or domicile changes.

Watch public procurement databases, UGAP references, local authority tenders, health hosting references, and subcontractor disclosures for Clouding SASU or clouding.fr.

Follow certification surfaces: SecNumCloud, ISO 27001, HDS, SOC 2, ongoing ANSSI qualification lists, or partner claims involving a qualified infrastructure provider.

Watch job postings for SRE, NOC, support, abuse, security, systems engineering, or sales roles; employee count is the clearest signal that Clouding is moving beyond founder-led services.

Follow customer traces: hosted domains, MX/NS patterns, reseller mentions, deployment examples on GitHub, status page dependencies, testimonials, MSP bundles, and invoice references.

Monitor abuse and reputation signals: Spamhaus, phishing takedowns, spam complaints, blacklist history, UCEProtect-style listings, public abuse threads, and transit-provider suspension notices.

Treat any review/outage signal from Clouding.io, Clouding.lt, or another "Clouding" as unattributable until the entity, domain, ASN, or legal name is clearly linked to Clouding SASU.