Google Cloud’s recent framework agreement with Smals, the joint IT organization serving Belgium’s social security institutions, marks a concrete step in public-sector cloud adoption under strict sovereignty rules. The deal, awarded through GÉANT’s OCRE24 framework in partnership with SoftwareOne, positions Google Cloud alongside existing on-premise systems and the governmental G-Cloud as a third infrastructure pillar. Smals gains access to Gemini models, agentic platforms, and managed AI services while retaining full operational control and meeting European Commission Cloud Sovereignty Framework requirements.
This arrangement reflects a broader pattern: enterprises and governments are moving beyond pilot projects to embed AI into regulated workloads, yet they demand portability clauses and multi-vendor strategies to limit lock-in. At the same time, an unrelated fire at a third-party Delhi facility exposed capacity constraints in Google’s Indian network, while a U.S. trade-secrets case between Flexport and Freightmate is testing whether training data and AI prompts constitute protectable intellectual property. These developments together illustrate the operational, legal, and talent pressures shaping cloud competition in mid-2026.
European Public Institutions Adopt Hybrid Cloud Under Sovereignty Mandates
Smals will continue running its private cloud while adding Google Cloud services for workloads that benefit from AI acceleration. The contract explicitly requires workload portability and adherence to Belgium’s Federal Taskforce Cloud policy, ensuring institutions can shift applications between providers without architectural rework. A newly established Cloud Computing Center of Excellence will coordinate best practices across Smals members, aiming for a single integrated hybrid environment serving all Belgian social security institutions.
The arrangement gives member agencies immediate access to agentic AI tooling without surrendering data-residency controls. Dirk Deridder, Smals CTO, noted that the framework addresses specific public-administration requirements while satisfying security and sovereignty mandates. Similar multi-pillar strategies are appearing across European governments, where community clouds and on-premise systems remain core but public-cloud capacity is added for burst workloads and AI experimentation.
Security Partnerships Target AI-Specific Attack Surfaces
Samsung SDS expanded its managed-security offerings through alliances with U.S. startup XBOW and Korean firm Tatum Security. XBOW’s AI-driven penetration testing, which outperformed human researchers on the HackerOne platform, will be applied to enterprise web assets hosted on multiple clouds. Tatum’s console aggregates visibility across AWS, Azure, and Google Cloud, enabling unified monitoring and early anomaly detection.
The partnerships address the expanded threat surface created when organizations deploy generative models and autonomous agents. Samsung SDS executives emphasized that proactive vulnerability detection and post-incident recovery capabilities are now essential for customers operating agentic workloads. These capabilities complement Google Cloud’s own security tooling and illustrate how systems integrators are layering specialized AI security startups onto hyperscale platforms rather than building every capability in-house.
NTT DATA Scales Gemini Enterprise Practice to Bridge Experimentation and Production
NTT DATA announced plans to certify 5,000 Gemini Enterprise specialists and co-develop up to 500 reusable AI agents across industry verticals. The expanded collaboration combines Google Cloud’s platform with NTT DATA’s global delivery capacity in strategy, implementation, and managed operations. Forward-deployed engineers will embed with clients to accelerate adoption while governance, compliance, and responsible-AI frameworks are applied at enterprise scale.
This model directly responds to the demand surge for practitioners who can translate foundation-model capabilities into production workflows. By creating repeatable agent templates, NTT DATA aims to shorten time-to-value for clients that have already moved past proof-of-concept stages. The initiative aligns with Google Cloud’s broader partner fund, which allocates resources to accelerate agentic deployments among its 120,000-member ecosystem.
Data and Workflow Ownership Emerge as Central Legal Questions
The Flexport-Freightmate litigation has shifted from allegations of code copying to disputes over shipment datasets, AI prompts, Google Cloud resource logs, and ChatGPT activity records. Flexport claims former employees downloaded thousands of internal documents before founding the rival and later failed to preserve cloud-based development artifacts once litigation became foreseeable. Freightmate counters that materials were removed under a clean-room process and that source-code review has revealed no copying.
The case is becoming a test for whether the data and interaction patterns used to train document-processing agents constitute protectable trade secrets. As logistics firms invest heavily in AI systems that classify and validate shipping documents, courts may be forced to define ownership boundaries around training corpora and prompt engineering artifacts—issues that extend well beyond the immediate parties.
Talent Markets and Infrastructure Resilience Shape Competitive Positioning
Google Cloud executive Matt Renner has pushed back against narratives predicting the obsolescence of traditional IT services firms, arguing instead that AI has created an “insatiable” need for forward-deployed engineers. Indian providers including TCS, Infosys, and HCLTech are building dedicated Gemini practices, indicating that systems integrators remain essential for embedding models into complex legacy environments.
Concurrently, the Delhi network incident demonstrated that even non-compute Points of Presence remain single points of failure when third-party facilities experience physical disruption. Traffic was rerouted, but customers using Hybrid Connectivity and VPC experienced intermittent latency spikes across Indian metros. These events underscore that reliability investments must extend beyond compute regions to edge networking and physical infrastructure resilience.
Collectively, the developments show Google Cloud consolidating enterprise footholds while partners and competitors race to operationalize AI at scale. Public-sector deals now embed portability and sovereignty requirements by default. Security alliances focus on AI-specific risks rather than generic perimeter defense. Legal disputes are redefining what counts as proprietary in an era of automated workflows. Talent strategies emphasize embedded engineering over pure offshore delivery. Infrastructure incidents remind buyers that capacity and physical resilience remain foundational. Organizations that treat these elements as an integrated system—rather than isolated workstreams—will be best positioned to capture value as agentic AI moves from pilots into regulated, high-volume production environments.
