Is ThinkOn Safe for Canadian Government Data? Analysis

Q: Is ThinkOn subject to the CLOUD Act?

No. ThinkOn Inc. is 100% Canadian-owned and operated, headquartered in Etobicoke, Ontario. Not subject to the US CLOUD Act or any foreign data access law. No foreign employees or contractors support ThinkOn's Canadian infrastructure.

Q: How much data does ThinkOn manage?

ThinkOn manages over 100 petabytes of data for 1,500+ organizations including the Canadian Federal Government, provincial agencies, and organizations in healthcare, finance, education, and defence.

Q: Do I need a TIA for ThinkOn under Law 25?

ThinkOn is Canadian-owned with all Canadian infrastructure operated exclusively by Canadians within Canada. Data does not leave Canadian jurisdiction. The TIA requirement is substantially simplified.

Parent Company

Think On Inc. (Etobicoke, ON)

CLOUD Act Status

✓ Not Exposed

Government Clearance

✓ Protected-B Authorized

Headquarters

Etobicoke, ON, Canada

Data Managed

100+ petabytes / 1,500+ orgs

Classification

✓ Canadian Sovereign

Why ThinkOn is the sovereignty benchmark

ThinkOn is what a truly sovereign cloud looks like. Founded by Craig McLellan and headquartered in Etobicoke, Ontario, ThinkOn is 100% Canadian-owned and operated. No foreign employees or contractors support its Canadian infrastructure. No foreign parent company can be compelled to produce data. No offshore operations touch Canadian workloads at any point in the data supply chain.

This is not a marketing distinction. ThinkOn is the only Canadian-owned cloud service provider authorized to handle Protected-B government workloads under the Shared Services Canada GC Cloud Framework Agreement for Secure Workloads. Protected-B is the security classification for sensitive government information that, if compromised, could cause serious injury to an individual, organization, or government. ThinkOn achieved this status after four rigorous audits in 2018 — and has maintained it since.

ThinkOn manages over 100 petabytes of data for more than 1,500 organizations, including the Canadian Federal Government, provincial and local agencies, and organizations in healthcare, finance, education, and defence. The company operates on a 100% channel-only model through 150+ resellers — a deliberate choice that avoids the conflicts of interest that arise when a cloud provider competes with its own channel partners.

Regulatory Analysis

▾

Not CLOUD Act exposed — at every layer

Think On Inc. is Canadian-owned with no foreign controlling interest. Not subject to the US CLOUD Act. But ThinkOn goes further than most Canadian providers: the company does not rely on any employees or contractors residing outside Canada to support its infrastructure. This eliminates the indirect sovereignty risk that exists even with some Canadian-owned providers who use offshore support staff.

🏛️

Government Data

Protected-B workloads
Healthcare, finance, defence

🏢

ThinkOn Inc.

Etobicoke, ON, Canada
100% Canadian staff

🛡️

Canadian Jurisdiction

Canadian courts only
CLOUD Act does not apply

Protected-B authorization

ThinkOn is the only Canadian-owned CSP authorized for Protected-B workloads under the SSC Framework Agreement. This authorization requires ITSG-33 compliance, SOC 2 Type 2 certification, and continuous third-party auditing. For government departments, crown corporations, and tribunals, ThinkOn is the only sovereign option that meets the full Protected-B standard.

VMware Sovereign Cloud certification

ThinkOn is the first Canadian VMware Sovereign Cloud partner — a distinction reserved for companies that address sovereignty requirements across the full data journey. VMware’s certification requires proof of a sovereign data supply chain, ITSG-33 compliance, and stringent security and data governance controls. ThinkOn is the only Canadian organization in this elite global group.

Quebec Law 25

ThinkOn is Canadian-owned with all infrastructure in Canada operated exclusively by Canadians. Data does not leave Canadian jurisdiction. The TIA requirement is substantially simplified.

Sovereign government cloud consortium

In October 2025, ThinkOn joined Hypertec, eStruxture, and Aptum to launch Canada’s first end-to-end sovereign government cloud. ThinkOn provides the cloud services layer — the only component of the consortium authorized for Protected-B. This consortium directly supports the Government of Canada’s Sovereign AI Compute Strategy.

ThinkOn secures your infrastructure — but what about the applications running on top? Microsoft 365, Salesforce, and Zoom are all US-controlled. Map your full stack.

Map your entire SaaS and infrastructure stack to parent jurisdictions and CLOUD Act exposure in 10 minutes.

Map Your Stack →

Alternatives & Comparison

▾

ThinkOn competes in the Canadian sovereign cloud and government infrastructure space:

Provider	Ownership	CLOUD Act	Protected-B	VMware Sovereign
ThinkOn	Canada (100%)	Not exposed	Authorized	First CDN partner
Bell AI Fabric	Canada (BCE)	Not exposed	PSPC ready	No
Hypertec Cloud	Canada	Not exposed	Consortium	No
eStruxture	Canada (Fengate)	Not exposed	Facilities only	No
AWS (Canada)	US (Amazon)	Exposed	GC qualified	No
Azure (Canada)	US (Microsoft)	Exposed	GC qualified	No

Based on Upper Harbour Sovereignty Index data. April 2026.

Key finding: ThinkOn is the only Canadian-owned cloud provider with both Protected-B authorization and VMware Sovereign Cloud certification. AWS and Azure are qualified for some government workloads but remain CLOUD Act exposed. For sensitive government data where true sovereignty is required — not just data residency — ThinkOn is the standard.

💬Questions about ThinkOn and Canadian compliance?

We help organizations assess jurisdictional risk across their SaaS and infrastructure stack. Book a call or send us a message.

Book a Call → Email Us →

Frequently Asked Questions

▾

Is ThinkOn subject to the CLOUD Act?

No. ThinkOn Inc. is 100% Canadian-owned and operated. Not subject to the US CLOUD Act or any foreign data access law. No foreign employees or contractors support ThinkOn’s Canadian infrastructure.

Is ThinkOn approved for Protected-B government data?

Yes. ThinkOn is the only Canadian-owned cloud provider authorized for Protected-B workloads under the Shared Services Canada GC Cloud Framework Agreement. Achieved Protected-B status after four rigorous audits in 2018.

What is ThinkOn’s VMware Sovereign Cloud certification?

ThinkOn is the first Canadian VMware Sovereign Cloud partner — one of only a few in-country leaders worldwide. The certification requires proof of a sovereign data supply chain, ITSG-33 compliance, and stringent data governance controls.

Is ThinkOn part of the sovereign government cloud consortium?

Yes. ThinkOn provides the cloud services layer in Canada’s first end-to-end sovereign government cloud, alongside Hypertec (hardware), eStruxture (facilities), and Aptum (orchestration). Launched October 2025.

How much data does ThinkOn manage?

Over 100 petabytes for 1,500+ organizations through 150+ channel partners. Clients include the Canadian Federal Government, provincial agencies, and organizations in healthcare, finance, education, and defence.

Do I need a TIA for ThinkOn under Law 25?

ThinkOn is Canadian-owned with all infrastructure operated exclusively by Canadians within Canada. Data does not leave Canadian jurisdiction. The TIA requirement is substantially simplified.

Related research

Cloud Infrastructure Sovereignty: Who Actually Controls Your Stack? → · Bell AI Fabric Analysis → · eStruxture Analysis →

Methodology: This assessment is based on Think On Inc.’s corporate records, Protected-B authorization under SSC Framework Agreement, VMware Sovereign Cloud certification, sovereign government cloud consortium launch (October 2025), SOC 2 Type 2 certification, and the Upper Harbour classification methodology. Data verified April 2026. Updated quarterly. Part of the Canadian Technology Sovereignty Index.

ThinkOn Canadian Data Sovereignty Analysis