How do CADA's EuroCloud and central procurement reduce reliance on non-EU cloud?

Summary As proposed in the Cloud and AI Development Act (CADA), the EuroCloud Federation and centralised procurement mechanisms are designed to structurally reduce EU reliance on non-EU cloud providers by aggregating public-sector demand and pooling trusted domestic capacity. Article 34 establishes the EuroCloud Federation to facilitate the sharing of secure, sovereign cloud resources among public bodies, while Article 37 empowers the Commission to act as a central purchasing body to negotiate better terms and scale for European providers. Together, these measures leverage collective buying power and resource efficiency to accelerate the uptake of Union-assured services, directly supporting Title IV's objective of strategic autonomy.

Detail

The Cloud and AI Development Act (CADA) recognises that the EU's dependence on a limited number of third-country cloud providers poses significant risks to operational autonomy, data sovereignty, and public order. To address this, the proposal introduces two complementary demand-side measures: the European public-sector cloud federation (EuroCloud) and a framework for centralised procurement. These mechanisms aim to create a viable market for European cloud providers by ensuring sufficient scale, reducing fragmentation, and guaranteeing that public money supports sovereign capabilities.

The EuroCloud Federation: Pooling Trusted Capacity

Article 34 of the CADA proposal establishes the EuroCloud Federation as a voluntary network for Union entities and public-sector bodies to share data centre and cloud computing services. The primary objective is to interconnect national and European cloud initiatives that provide "highly trusted and secure public-sector cloud capabilities."

Under Article 35, the Federation facilitates the sharing of services between a "sharing entity" and a "using entity." Crucially, this sharing is anchored in public-sector cooperation rather than commercial market transactions. The proposal stipulates that such cooperation is governed solely by public interest considerations and does not entail pecuniary consideration in exchange for services, except for fees strictly limited to recovering the additional costs incurred by the sharing entity (e.g., for resource isolation, integration, and compliance).

By enabling Member States to share idle or surplus capacity, the EuroCloud Federation addresses the inefficiencies of fragmented national procurement. It allows smaller or less-equipped public bodies to access high-assurance, Union-assured cloud services (as defined in the sovereignty framework of Articles 16–24) without bearing the full capital expenditure of building independent infrastructure. This pooling mechanism increases the utilisation rate of European-built data centres, making them more economically viable and competitive against global hyperscalers.

Central Procurement: Aggregating Demand for Scale

While EuroCloud optimises existing public-sector assets, Article 37 addresses the procurement of new services by empowering the Commission to act as a central purchasing body. Currently, individual Member States or public authorities often lack the bargaining power to negotiate favourable terms with large cloud providers or to drive the innovation required for sovereign alternatives.

Article 37 allows the Commission to procure data centre services, cloud computing services, software, and AI systems on behalf of Member States, Union entities, and selected partner organisations. This aggregation of demand serves two strategic purposes:

1. Economies of Scale: By bundling requirements across multiple jurisdictions, the Commission can achieve better pricing and contractual terms, reducing the total cost of ownership for public administrations.
2. Market Signalling: Centralised procurement can explicitly prioritise Union-added-value criteria (as outlined in Article 32), such as the use of hardware manufactured in the Union or software developed under EU-funded programmes. This creates a reliable revenue stream for European cloud providers, encouraging investment in sovereign infrastructure.

The proposal details that these procurement activities will be governed by a Steering Committee (Article 38) composed of the Commission and Member State representatives, ensuring that strategic oversight remains collaborative. Participating entities contribute to the costs through fees levied by the Commission (Article 40), which are intended to cover the operational costs of the procurement platform and activities, ensuring the mechanism is financially sustainable without draining the general EU budget.

Strategic Autonomy and Public Order Protection

Both mechanisms serve the broader strategic autonomy objectives set out in Title IV of the CADA. The proposal mandates that public-sector bodies conduct risk assessments (Article 29) to determine the appropriate Union assurance level (1–4) for their cloud services. Activities contributing to the preservation of public order must procure services recognised at assurance levels 2, 3, or 4.

The EuroCloud Federation and central procurement directly support this mandate by:

• Ensuring Availability: Providing a guaranteed source of Union-assured services for critical public functions.
• Reducing Lock-in: By fostering interoperability and multi-cloud strategies within the Federation, public bodies reduce dependency on single vendors, particularly non-EU incumbents.
• Promoting Open Source: Article 41 encourages the use of open-source solutions, and the EuroCloud platform facilitates the reuse of such software across borders, further diminishing reliance on proprietary, third-country-controlled stacks.

What this means for you

For public-sector procurement officers and IT directors, the CADA proposal signals a shift from ad-hoc cloud purchases to coordinated, federation-based resource management.

• Voluntary Participation: Joining the EuroCloud Federation (Article 34) is voluntary. However, participating offers access to a catalogue of shared, secure cloud services that may already meet your required Union assurance level, potentially reducing the need for costly, standalone infrastructure investments.
• Simplified Procurement: You may benefit from the Commission's central procurement activities (Article 37). Instead of running complex, resource-intensive tender processes for cloud and AI services, your authority could accede to agreements negotiated at the EU level. This reduces administrative burden and ensures compliance with the new sovereignty criteria.
• Cost Recovery Model: Be aware that participation in these frameworks involves fee structures. Under Article 36, EuroCloud members pay fees to cover the Commission's administrative costs and platform maintenance. Under Article 40, participating entities in central procurement pay fees to cover the Commission's procurement activities. These fees are designed to be cost-neutral relative to the savings achieved through scale and efficiency.
• Strategic Alignment: Your procurement strategies must align with national risk assessments (Article 29). If your activities are deemed to preserve public order, you must procure from providers recognised at Union assurance levels 2–4. The EuroCloud Federation and central procurement channels are designed to streamline access to these compliant services.

Common misconceptions

• "EuroCloud replaces national cloud strategies." Incorrect. Article 34 establishes a federation alongside national initiatives. It does not abolish national cloud providers but rather interconnects them. Member States retain sovereignty over their data and infrastructure but gain the ability to share surplus capacity with other EU public bodies.

• "Central procurement forces all Member States to buy the same services." Incorrect. Participation in the Commission's procurement activities (Article 37) is based on an agreement between the Commission and participating Member States. It is not a mandatory, one-size-fits-all mandate. Entities can choose which procurement procedures to join, and the Steering Committee (Article 38) allows for strategic oversight that respects national specificities.

• "EuroCloud is a commercial marketplace." Incorrect. Article 35 explicitly states that sharing within the Federation is governed by public interest and does not constitute a pecuniary interest under public procurement directives. Fees are strictly limited to cost recovery for additional operational burdens, not profit generation.

• "This only applies to new cloud contracts." Incorrect. While central procurement targets new acquisitions, the EuroCloud Federation facilitates the sharing of existing data centre and cloud services. This means legacy infrastructure can be integrated into the sovereign ecosystem, optimising current assets rather than requiring immediate replacement.

Related

• EuroCloud Federation & SMEs: How Startups Access CADA Central Procurement
• How does CADA central procurement reduce duplication across Member States?
• Why does CADA separate the EuroCloud Federation from Commission procurement?
• CADA Central Procurement: What Role Do Member States Play?
• CADA: EuroCloud Platform vs. Common Procurement Platform

This is general information about a draft EU regulation, not legal advice.