How does a public body join the EuroCloud Federation under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), the EuroCloud Federation is a voluntary mechanism allowing Union entities and public sector bodies to share sovereign cloud and data centre services. To join, an eligible body must formally request the European Commission to participate; there is no automatic enrollment. As proposed, the Commission will establish a dedicated platform featuring a catalogue of available services and a service orchestration layer to facilitate resource exchange. The specific administrative procedures and request templates are not yet finalized in the primary text but will be defined by implementing acts adopted by the Commission under Article 34(4).

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, introduces a significant structural innovation for the European public sector: the EuroCloud Federation. This framework is designed to break down silos between national and EU-level digital infrastructures, enabling the sharing of secure, resilient, and sovereign cloud computing services and data centre capacities. For public-sector procurement officers, IT strategists, and legal counsels, understanding the accession mechanism is vital for leveraging this shared infrastructure to enhance operational efficiency, reduce costs, and strengthen the Union's strategic autonomy.

Legal Basis and the Principle of Voluntary Participation

The legal foundation for the EuroCloud Federation is established in Article 34 of the CADA proposal. This article explicitly defines the nature of the Federation's membership. Article 34(1) states: "The European public sector cloud federation ('the EuroCloud Federation') is hereby established. The EuroCloud Federation shall be open for the participation of Union entities and public sector bodies on a voluntary basis."

This voluntary nature is a critical design feature. CADA does not impose a mandatory obligation on all public authorities to join the Federation. Instead, it creates an optional, opt-in framework for entities that wish to interconnect their cloud infrastructures. The goal is to foster collaboration among those public bodies that have the capacity to share resources or the need to access shared sovereign capacity, without disrupting existing national procurement strategies or infrastructure investments.

The entities eligible to participate are clearly defined:

• Union entities: This category encompasses the institutions, bodies, offices, and agencies of the European Union established by or pursuant to the Treaties.
• Public sector bodies: These are entities defined under Union law, specifically referencing the definition in Article 2, point (1), of Directive (EU) 2019/1024 on the re-use of public sector information. These are bodies governed by public law that provide public services or are under public administration.

The Accession Process: Requesting Membership

Unlike standard regulatory compliance where registration might be automatic upon meeting certain criteria, joining the EuroCloud Federation under CADA requires a proactive, formal step by the interested entity. Article 34(1) specifies the mechanism for entry: "Union entities and public sector bodies may request the Commission to join the EuroCloud Federation."

This provision establishes the European Commission as the central administrator and gateway for the Federation. Public bodies do not join the Federation through a peer-to-peer agreement or a decentralized registry. Instead, they must submit a formal request to the Commission, which then evaluates and facilitates their inclusion. This centralization ensures that the Federation maintains a coherent governance structure and that all members adhere to the uniform standards required for cross-border data sharing and service orchestration.

It is important to note that the primary legislation (the Regulation itself) does not yet contain the detailed administrative steps, required documentation, or technical prerequisites for this request. Article 34(4) explicitly empowers the Commission to adopt implementing acts to flesh out these details. These acts will specify:

1. The procedure to participate in the EuroCloud Federation.
2. The templates concerning the content and other details of the request for participation.

These implementing acts will be adopted in accordance with the examination procedure referred to in Article 46(2) of CADA. Consequently, while the right to request membership is established by the Regulation, the exact administrative workflow will be defined in secondary legislation. Public bodies should anticipate that these future acts will outline the technical interoperability standards, security certifications (potentially linked to Union Assurance Levels), and governance commitments required to ensure a member's infrastructure is compatible with the Federation's sovereign objectives.

The Commission's Platform: Catalogue and Service Orchestration

To transform the legal framework into an operational reality, Article 34(3) mandates that the Commission establish a dedicated platform for the EuroCloud Federation. This platform is not merely a static registry of members; it is a functional digital tool designed to enable the actual discovery, exchange, and orchestration of resources.

The Regulation requires this platform to provide at least two core components:

1. A Catalogue: This component serves as the discovery layer for the Federation. It will provide information on available public sector data centre services and cloud computing services. Through this catalogue, participating entities can identify what capacity is available from other members, fostering transparency and enabling efficient resource matching.
2. A Service Platform: This component acts as the technical engine for the Federation. It facilitates the exchange and orchestration of computing, storage, and network resources and services. This ensures that when a public body accesses a service provided by another member, the technical handover is seamless, secure, and interoperable across different national infrastructures.

The establishment and maintenance of this platform are a direct responsibility of the Commission. By providing a standardized interface, the Commission aims to lower the technical barriers to cross-border cloud sharing, ensuring that public bodies can access sovereign cloud capacity regardless of their location within the Union.

Scope, Purpose, and Governance

The primary purpose of the EuroCloud Federation, as defined in Article 34(2), is to "facilitate the sharing of public sector data centre services and cloud computing services between Union entities and public sector bodies." This sharing is not an open market activity; it is governed by strict conditions set out in Articles 35 and 36 of CADA.

Article 35 clarifies the operational boundaries, ensuring that the sharing entity (the provider) must own the hardware (directly or indirectly through an intermediate legal entity over which it exercises control) and provide the service. Crucially, Article 35(71) and the recitals emphasize that participation is limited to public entities; direct private participation is excluded to avoid distorting competition. Private cloud providers may supply services to public bodies, but the public body must retain control and ownership of the underlying hardware or service contract to share it within the Federation.

Article 36 addresses the financial sustainability of the Federation, allowing the Commission to levy fees on members to cover the costs of administration and platform maintenance. These fees are structured as cost-recovery mechanisms, ensuring the Federation remains financially viable without constituting a commercial transaction that would trigger standard public procurement rules for the sharing act itself.

What this means for you

For public-sector procurement officers, IT directors, and legal counsels, the EuroCloud Federation represents a new strategic avenue for cloud sourcing and infrastructure management. Here is how you should prepare for the proposed framework:

• Assess Your Infrastructure Readiness: Before submitting a request to join, conduct a thorough evaluation of your current cloud and data centre assets. The Federation is designed for entities that either have surplus capacity to share or a strategic need to access shared sovereign capacity. Ensure your infrastructure aligns with the high cybersecurity and sovereignty standards implied by the Federation's purpose, as these will likely be prerequisites in the upcoming implementing acts.
• Monitor the Adoption of Implementing Acts: Since the specific procedure for joining is delegated to implementing acts under Article 34(4), you must actively monitor the European Commission's publications. These acts will provide the mandatory templates, technical specifications, and administrative steps for your membership request. Early engagement with national competent authorities may help in understanding how these acts will be transposed or applied.
• Leverage the Future Platform: Once operational, the Commission's platform will be your primary interface for discovering available sovereign cloud resources across the EU. Prepare your teams to utilize the catalogue to identify potential partners or available capacity that aligns with your specific security needs, such as those requiring Union Assurance Levels 2, 3, or 4.
• Budget for Administrative Fees: While participation is voluntary, the administration of the Federation involves costs. Article 36 explicitly allows the Commission to levy fees on members to cover the costs of the Federation's administration and platform maintenance. These are cost-recovery fees, not profits, but they represent a financial consideration for joining. Review the related fee structures (detailed in Article 36 and the associated financial statement) to budget for these administrative costs in your future planning.
• Integrate into Sovereign Strategy: Consider the Federation as a core component of your broader sovereign cloud strategy. It allows you to pool resources with other public bodies, potentially achieving better economies of scale, higher security standards, and greater resilience than standalone procurement. It is a tool to reduce dependencies on third-country providers by maximizing the utility of existing European public infrastructure.

Common misconceptions

• Misconception: Membership is mandatory for all public bodies.
  • Reality: Participation in the EuroCloud Federation is explicitly voluntary under Article 34(1). Public bodies are not forced to join. The Regulation creates an opportunity for those who wish to interconnect their infrastructures, but it does not impose a blanket obligation.
• Misconception: Private cloud providers can join the Federation directly as members.
  • Reality: The Federation is exclusively for Union entities and public sector bodies. Private companies cannot join as members. While private providers may supply services to public bodies, the public body must own or control the hardware/service to share it within the Federation, as defined in Article 35. Direct private participation is excluded to prevent market distortion.
• Misconception: The procedure for joining is already fully detailed in the Regulation.
  • Reality: The Regulation establishes the right to request membership but delegates the specific procedures, templates, and technical requirements to implementing acts under Article 34(4). These secondary legislative acts are yet to be adopted, meaning the exact administrative steps are not currently fixed in the primary text.
• Misconception: Joining the Federation is free of charge.
  • Reality: While the sharing of services is governed by public interest and cost-recovery principles, the administration of the Federation incurs costs. Article 36 allows the Commission to levy fees on members to cover these administrative and platform costs. These are not profits but necessary contributions to sustain the platform and governance structure.
• Misconception: The Federation replaces national cloud strategies.
  • Reality: The Federation is a complementary mechanism. It facilitates sharing between entities but does not replace national strategies or procurement obligations. Public bodies must still comply with their national laws and the broader CADA procurement rules (e.g., Article 30) when procuring services, even if those services are later shared within the Federation.

Related

• How does a public body share cloud or data centre services in the EuroCloud Federation?
• What should a public-sector body do before CADA's application date?
• How to join the OSPO Network under CADA: A guide for public bodies
• How does a public body apply CADA's open source first principle?
• How do I price and charge a sharing fee in the EuroCloud Federation?

This is general information about a draft EU regulation, not legal advice.