Must a sharing entity own the hardware behind a shared service in the EuroCloud Federation?

Summary Yes, under the proposed Cloud and AI Development Act (CADA), a sharing entity must own the hardware underlying the cloud or data centre services it shares within the EuroCloud Federation. Article 35(1) mandates that the sharing entity must directly, or indirectly through an intermediate legal entity it controls, own the hardware through which the service is made available. This requirement ensures that the federation facilitates genuine public-sector capacity sharing rather than the mere resale of third-party commercial cloud services. Consequently, a public body cannot act as a sharing entity if it merely resells capacity leased from a commercial hyperscaler.

Detail

The EuroCloud Federation, established under Article 34 of the CADA proposal, is designed to facilitate the secure sharing of public-sector data centre and cloud computing services between Union entities and public-sector bodies. Its primary purpose is to pool sovereign, public-owned capacity to enhance resilience and efficiency. To prevent market distortion and ensure the federation serves its intended purpose of leveraging existing public infrastructure, the proposal imposes strict ownership criteria on members who wish to share their resources.

The Ownership Requirement in Article 35(1)

Article 35(1) explicitly defines the conditions under which a member (the "sharing entity") may share services with another member (the "using entity"). The text states:

"A member of the EuroCloud Federation (the 'sharing entity') may share data centre services and cloud computing services with another member of the EuroCloud Federation (the 'using entity') where the sharing entity directly, or indirectly through an intermediate legal entity, owns the hardware through which the service is made available and provides the service that is made available to the using entity."

This provision establishes two cumulative conditions for the sharing entity:

1. Hardware Ownership: The entity must own the physical infrastructure (hardware) used to deliver the service.
2. Service Provision: The entity must be the provider of the service being shared.

The text is unambiguous: ownership of the hardware is a prerequisite. The service being shared must be one that the entity itself provides, derived from hardware it owns.

Direct vs. Indirect Ownership and the "Controlled" Intermediate Entity

The proposal acknowledges that public administrations often operate through specific corporate structures. Therefore, Article 35(1) permits indirect ownership. A sharing entity qualifies if it owns the hardware through an "intermediate legal entity," provided that the sharing entity exercises control over that intermediate entity.

The definition of "control" in this context is strict and detailed in Recital 71. For an intermediate legal entity to satisfy the ownership requirement, three cumulative conditions must be met:

• Decisive Influence: The sharing entity must exercise decisive influence over both the strategic objectives and significant decisions of the intermediate entity.
• No Private Capital: There must be no direct private capital participation in that intermediate legal entity.
• Public Task Focus: More than 80% of the activities of the intermediate legal entity must be carried out in the performance of tasks entrusted to it by the sharing entity.

This structure allows public bodies to use dedicated subsidiaries or special purpose vehicles to manage IT infrastructure, provided those entities remain effectively public, non-commercial, and dedicated to the public mandate.

Exclusion of Pure Resellers and Commercial Cloud Arbitrage

The requirement for hardware ownership has a critical practical implication: pure resellers or managed service providers (MSPs) who lease capacity from third-party commercial cloud providers cannot qualify as sharing entities in the EuroCloud Federation.

If a public body purchases cloud services from a commercial hyperscaler (e.g., AWS, Azure, or GCP) and then attempts to "share" a portion of that purchased capacity with another public body via the EuroCloud Federation, it would not meet the criteria of Article 35(1). In such a scenario, the public body does not own the underlying hardware; the commercial provider does. The public body is merely a customer, not an owner.

Therefore, the EuroCloud Federation is not a mechanism for public bodies to arbitrage commercial cloud contracts or act as intermediaries for third-party services. It is a platform for leveraging owned sovereign infrastructure. Recital 71 reinforces this by stating that participation is limited to public entities without direct participation of a private party, and explicitly excludes scenarios where the sharing entity does not own the hardware. This distinction preserves the federation's role in enhancing technological sovereignty by promoting the use of public-owned, secure infrastructure rather than deepening reliance on third-country controlled commercial clouds.

Cost Recovery vs. Commercial Sale

It is also important to note the economic nature of the sharing. Article 35(5) clarifies that while the sharing entity may charge a fee to the using entity, this fee is strictly limited. The amount must be limited to the costs that the sharing entity incurs in relation to the sharing of the service (e.g., allocating and isolating resources, managing access, ensuring compliance).

"The amount of the fee shall be limited to the costs that the sharing entity incurs in relation to the sharing of the service and shall not constitute a pecuniary interest within the meaning of Article 2 of Directive 2014/24/EU and Regulation (EU, Euratom) 2024/2509."

This confirms that the federation is not a commercial marketplace. The ownership requirement ensures that the entity sharing the capacity is the one bearing the capital risk of the hardware, and the fee mechanism is purely for cost recovery, not profit generation.

What this means for you

For CTOs, architects, and IT leaders in public sector bodies or SMEs evaluating their eligibility or strategy regarding the EuroCloud Federation, these rules have several practical implications:

• Audit Your Asset Register: Before joining the EuroCloud Federation as a potential sharing entity, verify that your cloud or data centre services are delivered on hardware you legally own. If you are leasing bare-metal servers or colocation space, ensure the lease or ownership structure aligns with the "direct or indirect ownership" test. If you are purely a reseller of commercial cloud, you are ineligible as a sharing entity.
• Review Subsidiary Structures: If your infrastructure is held by a subsidiary, ensure it meets the "intermediate legal entity" criteria. Specifically, check if more than 80% of its activities serve your public mandate and if there is no private capital involvement. If your subsidiary serves mixed commercial and public purposes, you may need to ring-fence the public-serving hardware into a compliant entity to qualify.
• Do Not Expect to Resell Commercial Cloud: If your organization currently relies on commercial cloud providers for its own operations, you cannot use the EuroCloud Federation to share that capacity with peers. The federation is for sharing owned capacity. If you have idle capacity on your own sovereign infrastructure, that is what can be shared.
• SMEs and Start-ups: For SMEs providing services to the public sector, understand that you cannot join the EuroCloud Federation as a sharing entity unless you own the hardware. However, you may still benefit as a "using entity" if your client (a public body) joins and shares its capacity with you, or through other procurement mechanisms under CADA.
• Cost Recovery: While sharing is free of charge in principle, Article 35(5) allows the sharing entity to charge a fee strictly limited to the additional costs incurred for isolating resources, managing access, and ensuring compliance. This is not a profit-making mechanism but a cost-recovery model for the overhead of sharing owned assets.

Common misconceptions

• Misconception: "We can share any cloud capacity we have access to."
  • Reality: No. You must own the hardware. Access via a commercial contract or lease from a third party does not count as ownership for the purposes of the EuroCloud Federation.
• Misconception: "Private cloud providers can join to share their excess capacity."
  • Reality: No. The EuroCloud Federation is exclusively for public-sector bodies and Union entities. Private parties cannot be sharing entities. Recital 71 explicitly excludes direct private participation.
• Misconception: "Indirect ownership means any subsidiary can qualify."
  • Reality: Indirect ownership is strictly defined. The intermediate entity must be controlled by the sharing entity, have no private capital, and devote >80% of its activities to the sharing entity's tasks. A standard commercial subsidiary serving multiple private clients would likely not qualify.
• Misconception: "Sharing implies selling services at market rates."
  • Reality: Sharing within the federation is governed by public interest considerations. Fees are strictly limited to cost recovery for the sharing overhead (isolation, access management, compliance). It is not a commercial sales channel.

Related

• What is a sharing entity in the EuroCloud Federation?
• EuroCloud Federation fees: What can a sharing entity charge?
• What conditions must a EuroCloud sharing entity meet under CADA?
• How does the Commission approve service sharing in the EuroCloud Federation?
• How does service sharing work in the EuroCloud Federation under CADA?

This is general information about a draft EU regulation, not legal advice.