Summary The proposed Cloud and AI Development Act (CADA) establishes the EuroCloud Federation as a statutory, public-sector-only mechanism for sharing cloud and data centre capacity across the Union. In contrast, Gaia-X is a voluntary, industry-led framework for federating data and cloud services based on trust frameworks and interoperability standards. While CADA does not formally regulate Gaia-X, the EuroCloud Federation is explicitly designed to interoperate with existing initiatives to avoid silos. The key distinction is legal nature: EuroCloud is a public cooperation mechanism governed by CADA's strict cost-recovery and membership rules, whereas Gaia-X is a market-driven ecosystem. They are complementary: EuroCloud secures the public sector's sovereign infrastructure, while Gaia-X provides the technical standards that can facilitate interoperability with the private sector.

Detail

The relationship between the EuroCloud Federation and Gaia-X is defined by their distinct legal bases, scopes, and operational mandates within the EU's broader digital sovereignty strategy. Understanding this distinction is critical for legal counsel advising public bodies on cloud procurement and data governance.

The EuroCloud Federation: A Statutory Public-Sector Mechanism

Under the proposed CADA (COM(2026) 502 final), the EuroCloud Federation is not a voluntary consortium but a statutory entity established by Article 34. Its primary purpose, as defined in Article 34(2), is to "facilitate the sharing of public sector data centre services and cloud computing services between Union entities and public sector bodies."

Recital 69 provides the legislative context, noting that the Federation responds to the "joint declarations" and Council conclusions aiming for a common approach to federating cloud capacities. It is designed to bring together national and European cloud initiatives that provide "highly trusted and secure public-sector cloud capabilities."

Key legal characteristics of the EuroCloud Federation include:

  • Exclusive Public Membership: Participation is strictly limited to Union entities and public sector bodies on a voluntary basis (Article 34(1)). Recital 71 explicitly excludes direct private participation. A private entity cannot be a member unless it acts as an intermediate legal entity under very specific cumulative conditions: the public sharing entity must exercise decisive influence over strategic objectives, there must be no direct private capital participation, and more than 80% of the intermediate entity's activities must be performed for the public sharing entity.
  • Public Interest Governance: The sharing of services within the Federation is "governed solely by considerations of public interest" and "should not entail any form of consideration in exchange for another" (Recital 73).
  • Strict Cost-Recovery Model: Fees charged by a "sharing entity" to a "using entity" are legally constrained. Under Article 35(5), fees are "limited strictly to what is necessary and proportionate to recover the costs incurred." These costs cover resource allocation, integration, and compliance management. Crucially, Recital 73 clarifies that such fees "should not be deemed as a consideration for the provision of a service" and "should not constitute a pecuniary interest." Consequently, sharing services within the Federation "should not fall under Union public procurement rules."
  • Commission-Led Platform: The Commission is mandated to establish a platform for the Federation, including a catalogue of available services and a service platform for the exchange and orchestration of resources (Article 34(3)).

Gaia-X: A Voluntary Industry Framework

Gaia-X, by contrast, is an industry-led initiative, not a legislative instrument. It operates as a voluntary framework for creating a federated data and cloud infrastructure in Europe. Its core function is to define a trust framework and interoperability standards that allow businesses, research institutions, and public bodies to offer and consume data and cloud services across borders while maintaining data sovereignty.

While the CADA text does not explicitly name "Gaia-X," the proposal acknowledges the necessity of leveraging existing European digital infrastructure consortia. Recital 24 states that the Cloud and AI Leadership Initiatives "could leverage the outcomes of relevant European digital infrastructure consortiums (EDICs), including shared infrastructure, common standards and best practices." Gaia-X serves as the de facto standard-setter in this space, providing the technical architecture and trust rules that enable the kind of federated interoperability the EuroCloud Federation seeks to achieve in the public sector.

Interoperability and Complementarity

The relationship between the two is one of complementarity and interoperability, not competition. CADA aims to strengthen Europe's cloud ecosystem by reducing dependencies, while Gaia-X aims to create a unified European data space.

  1. Shared Technical Foundations: Both initiatives rely on open standards. The EuroCloud Federation's platform, established by the Commission, is expected to align with existing European standards for data spaces. Gaia-X provides a robust set of these standards, particularly regarding data sovereignty, security, and transparency. Public sector bodies participating in the EuroCloud Federation may utilize services that are compliant with Gaia-X standards to ensure seamless integration with private sector partners or research institutions.
  2. Sovereignty Alignment: Both address the core EU objective of technological sovereignty. The EuroCloud Federation ensures public sector data remains under EU jurisdiction and control, as mandated by CADA's sovereignty framework (Article 16). Gaia-X addresses similar concerns for the private sector, ensuring compliance with EU legal requirements like the GDPR and the Data Act.
  3. Avoiding Fragmentation: Recital 47 highlights the risk of fragmented national approaches to sovereign cloud. By establishing a Union-wide framework, CADA seeks to create a unified public sector market. Interoperability with Gaia-X ensures this market does not become isolated from the broader European digital economy, allowing for hybrid cloud strategies where public sector entities can securely interact with industry data spaces.

Legal and Compliance Implications

For public sector bodies, the distinction has profound implications for procurement and data governance.

  • Mandatory vs. Voluntary: The EuroCloud Federation is a statutory mechanism. If a public body joins, it must comply with CADA's specific rules on cost recovery and membership. Gaia-X remains voluntary, but its standards may become de facto requirements for interoperability with the Federation.
  • Assurance Levels vs. Trust Frameworks: CADA introduces a four-tier Union assurance level system for cloud sovereignty (Article 16). Public bodies must conduct risk assessments to determine the required level (Article 29). While Gaia-X compliance may support technical aspects of these levels (e.g., cybersecurity certification), it does not automatically confer Union assurance level recognition. Recognition requires a formal process involving national competent authorities and independent audits (Article 17).
  • Procurement Exemptions: The EuroCloud Federation offers a narrow exemption from standard public procurement rules, provided fees are strictly for cost recovery (Recital 73). Any commercial element or pecuniary interest would trigger standard procurement directives. Compliance officers must structure agreements carefully to ensure they fall within this public cooperation exception.

What this means for you

For in-house counsel, compliance officers, and public procurement teams, the distinction between the EuroCloud Federation and Gaia-X dictates strategy.

1. Mapping the Legal Regime

  • If you are a public sector body: You are operating under CADA. If you wish to share cloud capacity with other public bodies, the EuroCloud Federation is the statutory vehicle. You must ensure your participation adheres to Article 35 (sharing conditions) and Article 36 (fee structures). You cannot simply "join" Gaia-X as a member; rather, you may use Gaia-X standards to demonstrate compliance with CADA's technical requirements.
  • If you are a cloud provider: You cannot be a direct member of the EuroCloud Federation. However, you can provide services to public bodies within the Federation. To do so, your service must meet the relevant Union assurance level (1–4) as defined in Annex II. Gaia-X certification may be a useful step toward meeting the cybersecurity and transparency criteria of these levels, but it is not a substitute for the formal recognition process under Article 17.

2. Procurement Strategy

  • Leveraging the Exemption: If your public body intends to share capacity with another public body, the EuroCloud Federation allows you to bypass standard tendering procedures, provided the transaction is strictly cost-recovery and non-pecuniary (Recital 73). This is a powerful tool for rapid deployment of sovereign infrastructure.
  • Interoperability Planning: When procuring cloud services for the Federation, ensure your contracts mandate compliance with relevant European interoperability standards. While CADA does not mandate Gaia-X specifically, referencing Gaia-X trust frameworks in your technical specifications can ensure that your public infrastructure remains compatible with the wider European data space.

3. Risk Management

  • Assurance Level Mismatch: Do not assume that a Gaia-X compliant service automatically satisfies CADA's Union assurance levels. The CADA framework includes specific criteria on establishment, personnel citizenship, and third-country control (Annex II) that go beyond Gaia-X's current scope. You must conduct a specific risk assessment under Article 29 to determine the required assurance level for your activity.
  • Private Participation Risks: Be vigilant regarding Recital 71. If a public body attempts to share services through an intermediate entity that is privately controlled, it risks violating the "public interest" and "no pecuniary interest" principles, potentially triggering public procurement rules and invalidating the exemption.

Common misconceptions

"The EuroCloud Federation replaces Gaia-X." No. The EuroCloud Federation is a statutory, public-sector mechanism established by CADA. Gaia-X is a voluntary, industry-led framework. They serve different primary audiences. The EuroCloud Federation does not replace Gaia-X; rather, it creates a public sector counterpart that can leverage Gaia-X standards for interoperability.

"Gaia-X certification is equivalent to CADA's Union assurance levels." No. Gaia-X trust frameworks and CADA's Union assurance levels are distinct legal concepts. CADA's assurance levels are legally binding criteria for public sector procurement, established through a formal recognition process involving national competent authorities and independent audits (Article 17). Gaia-X compliance may support technical aspects of these levels but does not constitute formal recognition under CADA.

"Private companies can join the EuroCloud Federation." No. Recital 71 and Article 35 restrict participation to public entities. Private companies cannot be direct members. However, private cloud providers may offer services that are used by public sector bodies within the Federation, provided they meet the stringent sovereignty and security requirements of the relevant Union assurance level.

"The EuroCloud Federation is just another cloud provider." No. It is a cooperation mechanism, not a provider. It facilitates the sharing of existing public sector capacity. It does not own infrastructure itself but provides the legal and technical platform for public bodies to share their own resources.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.