Summary As proposed in the Cloud and AI Development Act (CADA), a public body from a non-Member State cannot participate in the EuroCloud Federation. Article 34(1) explicitly restricts membership to "Union entities and public sector bodies," which are legally defined as entities established within the European Union. While the separate common procurement framework under Article 38(9) allows contracting authorities from EFTA States and candidate countries to join, this exception applies strictly to purchasing activities. It does not extend to the EuroCloud Federation, which remains a strictly EU-focused mechanism for sharing infrastructure capacity.
Detail
The proposed Cloud and AI Development Act (COM(2026) 502 final) establishes two distinct mechanisms for public-sector collaboration: the EuroCloud Federation for sharing infrastructure capacity, and a common procurement framework for joint purchasing. Understanding the eligibility criteria for each is essential, as the rules differ significantly regarding non-EU participation.
The EuroCloud Federation: Strictly EU Membership
The EuroCloud Federation is established under Title IV, Chapter III of the proposal. Its primary purpose, as set out in Article 34(2), is to "facilitate the sharing of public sector data centre services and cloud computing services between Union entities and public sector bodies."
Article 34(1) is the definitive gatekeeper for membership. It states:
"The European public sector cloud federation (the 'EuroCloud Federation') is hereby established. The EuroCloud Federation shall be open for the participation of Union entities and public sector bodies on a voluntary basis."
The term "public sector body" is defined in Article 2(6) by reference to Article 2, point (1), of Directive (EU) 2019/1024 (the Open Data Directive). That Directive defines a public sector body as an entity established in a Member State. Consequently, the legal definition of a potential member is inherently territorial and jurisdictional, limited to entities established within the European Union.
Recital 69 reinforces this limited scope, noting that the Federation should bring together "national and European cloud initiatives" to interconnect infrastructures "across the Union." Crucially, Article 34 contains no provision for the accession of public bodies from third countries, associate partners, or candidate countries. The Federation is designed as an internal EU instrument to pool sovereign capacity, not as a pan-European or global cloud alliance.
The Distinction: Common Procurement (Article 38)
A frequent source of confusion arises from the common procurement framework established in Title IV, Chapter IV (Articles 37–40). This framework allows the Commission to act as a central purchasing body for cloud and AI services. Unlike the Federation, this procurement mechanism has a broader scope for international participation.
Article 38(9) explicitly provides a derogation to standard international trade rules for this specific framework:
"By way of derogation from Article 168(2) of Regulation (EU, Euratom) 2014/2509, the Steering Committee may approve the participation of contracting authorities from EFTA States and Union candidate countries without the need for a bilateral or multilateral treaty provided for such possibility."
This provision allows non-Member State authorities to join the procurement platform to benefit from aggregated purchasing power and standardized contracts. However, this expansion is legally confined to the procurement activities described in Articles 37–40. It does not amend Article 34, nor does it alter the membership criteria for the EuroCloud Federation.
Therefore, a public body from an EFTA state or a candidate country may participate in the Commission's joint purchasing activities, but it cannot become a member of the EuroCloud Federation to share its own cloud capacity or access the Federation's specific infrastructure-sharing mechanisms.
Future Possibilities and Legislative Intent
The proposal does acknowledge the potential for future expansion, but this is not a current right. Recital 69 states:
"When evaluating this Regulation, the Commission may, at a later stage, assess the possibility for acceding countries, candidate countries and potential candidates, as well as for international organisations whose headquarters are in the Union, to participate in the EuroCloud Federation."
This language confirms that the current exclusion of non-Member States is intentional and temporary. The Commission retains the power to assess inclusion during the Regulation's review cycle (four years after entry into force, and every five years thereafter, per Article 47). Until such an assessment leads to a formal amendment of the Regulation, the strict membership criteria of Article 34(1) remain in force.
What this means for you
For legal counsel, procurement officers, and strategic planners in public bodies located outside the EU (including EFTA states, candidate countries, and potential candidates), the distinction between the two CADA mechanisms is critical for compliance and strategic planning.
- No Direct Federation Membership: You cannot register your public body as a member of the EuroCloud Federation. You are ineligible to use the Federation's platform to share your idle cloud capacity with EU members, nor can you access the specific interconnection mechanisms reserved for Federation members.
- Procurement Participation is Possible: If your authority is from an EFTA State or is a candidate country, you can request participation in the Commission's joint procurement framework under Article 38(9). This allows you to leverage the EU's aggregated purchasing power to acquire cloud and AI services, but it does not grant you the infrastructure-sharing rights of the Federation.
- Monitor Legislative Reviews: Since Recital 69 explicitly mentions a future assessment for candidate countries and international organizations, you should monitor the Commission's evaluation reports. If your jurisdiction is a candidate country, there is a potential pathway for future inclusion in the Federation, but this is not a current legal entitlement.
- Sovereignty Compliance Remains: Even if you participate in joint procurement, any cloud services you procure for sensitive public order activities must still comply with the Union assurance levels (Articles 16–24) if they are to be used in contexts requiring high sovereignty. The procurement mechanism is the access route, not a waiver of sovereignty standards.
Common misconceptions
"If I can join the procurement platform, I am part of the EuroCloud Federation." This is incorrect. The procurement framework (Articles 37–40) and the EuroCloud Federation (Articles 34–36) are separate legal constructs. Article 38(9) allows non-Member States into procurement, but Article 34(1) restricts the Federation to Union entities and public sector bodies.
"The EuroCloud Federation is open to all European public bodies." "European" in this context is defined strictly by EU law. The Federation is limited to entities established in Member States and Union institutions. It does not automatically include EFTA states (like Switzerland or Norway) or other European nations unless they are EU Member States.
"Candidate countries are automatically included in all CADA mechanisms." Candidate countries are explicitly mentioned in Article 38(9) for procurement purposes, but they are not included in Article 34 for Federation membership. Their inclusion in the Federation is subject to a future Commission assessment, not current law.
Related
- Can a public body both share and use services in the EuroCloud Federation?
- Can a Member State leave the EuroCloud Federation? Exit rules under CADA
- Who can join the EuroCloud Federation under CADA?
- What counts as a public sector body for EuroCloud Federation membership under CADA?
- How can a public body share spare capacity via EuroCloud?
This is general information about a draft EU regulation, not legal advice.