Summary No, the EuroCloud Federation is not open to private cloud providers as direct members. As proposed in Article 34(1) of the Cloud and AI Development Act (CADA), membership is strictly limited to Union entities and public sector bodies. Private providers cannot join the federation, nor can they act as "sharing entities" under Article 35(1) unless they are part of a public entity that owns the hardware. However, private providers remain essential to the ecosystem: they can supply cloud services to federation members through standard public procurement procedures, provided they meet the relevant Union assurance levels.

Detail

The EuroCloud Federation represents a distinct mechanism within the proposed Cloud and AI Development Act (CADA), designed to facilitate the sharing of public-sector data centre and cloud capacity among European administrations. Its governance and operational rules explicitly exclude private commercial entities from direct participation.

Membership is Restricted to Public Entities

The scope of the federation is defined in Article 34(1), which states that the EuroCloud Federation "is hereby established" and "shall be open for the participation of Union entities and public sector bodies on a voluntary basis." The text further clarifies that these public bodies "may request the Commission to join the EuroCloud Federation."

There is no provision in the proposal for private cloud service providers, data centre operators, or commercial technology firms to become members. The legislative intent is to create a cooperative framework exclusively for the public sector to share its own resources, thereby enhancing resilience and reducing reliance on external commercial markets for specific public functions.

The "Sharing Entity" Requirement: Hardware Ownership

The exclusion of private providers is structurally reinforced by the rules governing the sharing of services. Article 35(1) establishes that a "sharing entity" (a member sharing its capacity) may only share services if it "directly, or indirectly through an intermediate legal entity, owns the hardware through which the service is made available."

While a private provider typically owns hardware, it cannot qualify as a "sharing entity" because it cannot first qualify as a "member" of the federation. The logic is circular but deliberate: only public entities can join; only members can share; therefore, only public entities that own hardware can share.

Recital 71 of the explanatory memorandum further clarifies this by stating that "Participation within the EuroCloud Federation should be limited to public entities, without direct participation of a private party." It explicitly excludes direct private participation where the sharing entity "owns the hardware... and provides that service." This ensures that the federation remains a tool for public-to-public resource optimization rather than a commercial marketplace.

How Private Providers Interact with the Federation

Although private providers are barred from membership, they are not excluded from the broader CADA ecosystem. They interact with the federation indirectly as suppliers to its members.

  • Procurement Pathway: Public sector bodies that are members of the EuroCloud Federation retain the right to procure cloud computing services from private providers. If a member body lacks the necessary capacity or hardware to share, it can purchase services from the open market.
  • Sovereignty Compliance: Any private provider supplying services to a federation member must comply with the CADA sovereignty framework. Under Article 29, the public body must conduct a risk assessment to determine the required "Union assurance level" (Levels 1–4). The private provider's service must be recognized at that level under Article 16 and Annex II.
  • No Direct Platform Access: Private providers do not have access to the federation's internal platform for sharing idle capacity. They cannot list their services on the federation catalogue for other members to "share" or "swap." They can only be engaged through formal procurement contracts.

Preventing Market Distortion

The restriction on private membership is a deliberate policy choice to prevent distortions of competition. As noted in Recital 70, the framework is designed "to avoid any distortion of competition in relation to private economic operators by placing a private provider of services in a position of advantage over its competitors."

By limiting the federation to public entities, the EU ensures that the sharing of public infrastructure does not give a specific commercial provider an unfair advantage in the public procurement market. The federation remains a sovereign tool for public administration, while the commercial market remains the primary source for non-sovereign or non-shared capacity.

What this means for you

If you are a private cloud service provider, data centre operator, or technology vendor, the following strategic adjustments are necessary under the proposed CADA framework:

  1. Do Not Seek Membership: You cannot apply to join the EuroCloud Federation. Any resources dedicated to securing membership would be misallocated, as the legal framework explicitly restricts membership to Union entities and public sector bodies.
  2. Prepare for Sovereign Procurement: Your primary route to serving federation members is through public procurement. Ensure your services can be recognized at the appropriate Union assurance levels (likely Level 1 as a baseline, potentially Level 2–4 for critical public-order activities). This requires readiness for independent third-party audits under Article 20.
  3. Monitor Public Tenders: Federation members will continue to issue tenders for cloud services. These procurements will likely emphasize "Union added value" criteria under Article 32, such as the use of EU-designed hardware or software.
  4. Understand the "Sharing" Limit: If you are a public sector body considering joining the federation, note that under Article 35(1), you can only act as a "sharing entity" if you own the hardware. If you lease your entire infrastructure from a private provider, you may not be able to share capacity within the federation, even if you are a member.

Common misconceptions

  • Misconception: "The EuroCloud Federation is a marketplace where private providers can list their sovereign cloud offerings for public bodies to buy."
    • Reality: It is a federation for public bodies to share their own owned infrastructure. Private providers are external suppliers, not participants in the sharing mechanism.
  • Misconception: "Private providers can join if they meet the highest sovereignty standards (Level 4)."
    • Reality: Membership is based on legal status (public vs. private), not technical compliance. Even a fully sovereign, EU-owned private company cannot join as a member.
  • Misconception: "Joining the federation guarantees contracts for members."
    • Reality: Membership facilitates the sharing of idle capacity among public bodies. It does not create a monopoly or guarantee that other members will use your services over external private providers.
  • Misconception: "Private providers can act as 'intermediate legal entities' to share hardware."
    • Reality: While Article 35(1) allows sharing via an intermediate legal entity, that entity must be controlled by the public sharing entity. A private provider cannot use this clause to bypass the membership restriction.

Related

This is general information about a draft EU regulation, not legal advice.