Summary The EuroCloud Federation, as proposed in the Cloud and AI Development Act (CADA), is strictly a public-to-public sharing mechanism for Union entities and Member States to exchange idle capacity. It is not a marketplace for commercial cloud providers. Under Article 34 and Article 35, participation is limited to public bodies that own the underlying hardware, explicitly excluding commercial providers who lease infrastructure or resell services. Commercial providers cannot join the Federation to sell capacity. Instead, they engage with the public sector exclusively through the Commission's common procurement framework (Articles 37–39), where they bid for contracts to supply services that public entities cannot source internally.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes two distinct pathways to strengthen the EU's cloud ecosystem: the EuroCloud Federation for internal public-sector capacity sharing, and a common procurement framework for acquiring services from the market. For commercial cloud providers, distinguishing between these two mechanisms is critical, as they operate under fundamentally different legal regimes and offer different engagement opportunities.

The EuroCloud Federation: A Public-to-Public Sharing Mechanism

Article 34 of the CADA proposal establishes the European public sector cloud federation (the "EuroCloud Federation"). Its defined purpose is to "facilitate the sharing of public sector data centre services and cloud computing services between Union entities and public sector bodies." This is a voluntary framework designed to interconnect national and European cloud initiatives that provide highly trusted and secure public-sector capabilities.

Crucially, the Federation is not designed as a commercial market. The explanatory memorandum (Recital 71) explicitly states that "participation within the EuroCloud Federation should be limited to public entities, without direct participation of a private party." This exclusion is not merely a policy preference but a structural requirement embedded in the legal text. The Federation is intended to allow public bodies to pool their own sovereign assets to increase efficiency and resilience, rather than to create a new sales channel for private vendors.

Ownership Requirements Exclude Commercial Resale

The barrier to entry for commercial providers is codified in Article 35(1), which sets strict conditions for the "sharing entity" (the public body providing the service). A member may only share services with another member if the sharing entity directly, or indirectly through an intermediate legal entity, owns the hardware through which the service is made available and provides the service.

This "ownership" requirement effectively disqualifies commercial cloud providers. Most commercial cloud services are delivered via complex supply chains where the provider may lease infrastructure, manage third-party data centres, or operate on hardware they do not own in the strict legal sense required by the Regulation. Even if a provider owns hardware, they are excluded because they are not a "public sector body" or "Union entity."

The Regulation further clarifies the definition of control for indirect ownership. If the sharing entity uses an intermediate legal entity, the sharing entity must exercise decisive influence over that entity's strategic objectives, there must be no direct private capital participation in the intermediate entity, and more than 80% of the intermediate entity's activities must be performed for the sharing entity. These cumulative conditions ensure that the EuroCloud Federation remains a tool for public entities to utilize their own sovereign assets, preventing private vendors from using the Federation as a conduit to offload commercial capacity.

Recital 70 reinforces this by noting that members must comply with requirements to "avoid any distortion of competition in relation to private economic operators." Allowing commercial providers to join would fundamentally distort the market, contradicting the Regulation's intent.

Commercial Providers Engage via Common Procurement

For commercial cloud providers, the gateway to the public sector under CADA is not the EuroCloud Federation, but the common procurement framework established in Chapter IV of Title IV (Articles 37–40).

Article 37 empowers the Commission to carry out procurement activities for data centre services, cloud computing services, software, and AI systems. It explicitly allows the Commission to act as a central purchasing body for contracting authorities of Member States and partner organisations. This framework enables the Commission to aggregate demand and leverage collective purchasing power to negotiate better terms, drive innovation, and reduce dependencies on third-country providers.

Commercial providers engage with this system by:

  1. Responding to Tenders: The Commission launches procurement procedures (framework contracts or dynamic purchasing systems) where commercial providers can submit bids.
  2. Fulfilling Contracts: Successful bidders enter into contracts to supply the requested services to the participating public entities.
  3. Meeting Sovereignty Standards: To win these contracts, providers must typically demonstrate compliance with the Union assurance levels (Levels 1–4) defined in Article 16 and Annex II, particularly if the procuring authority has identified the activity as relevant to public order under Article 30.

Article 38 establishes the governance for these activities, including a Steering Committee composed of the Commission and Member State representatives. This committee provides strategic oversight but does not manage the operational procurement, which remains the Commission's responsibility. Article 39 clarifies that when public entities acquire services through this framework, they are deemed to have fulfilled their public procurement obligations under Union law, simplifying the process for buyers and creating a predictable, unified market for providers.

Financial and Operational Distinctions

The financial structures of these two mechanisms further highlight their separation. Article 36 states that the costs of the EuroCloud Federation are jointly financed by its members through fees levied by the Commission. These fees are strictly limited to recovering the costs of administering the Federation and establishing the platform. Crucially, Article 35(5) states that any fee charged by a sharing entity to a using entity must be limited to costs incurred and "shall not constitute a pecuniary interest." This confirms the non-commercial, cost-recovery nature of the Federation.

In contrast, the procurement framework involves commercial contracts where providers are paid for the services they deliver. While Article 40 allows the Commission to levy fees on participating public entities to cover the administrative costs of the procurement activities, these fees are paid by the buyers, not the providers. Commercial providers compete on price and quality in the procurement market, subject to the "Union added value" criteria in Article 32, which may award points for using EU-designed hardware or contributing to the European ecosystem.

What this means for you

For commercial cloud service providers and data centre operators, the EuroCloud Federation represents zero direct sales opportunity. You cannot register your commercial cloud services as a "sharing entity" under Article 35 because you do not meet the criteria of being a public entity that owns the hardware. Attempting to position your services within the EuroCloud Federation framework would be a regulatory error and would not lead to eligibility.

Your primary engagement point is the Commission's common procurement activities under Articles 37–39. You should:

  • Monitor Procurement Notices: Watch for tenders launched by the Commission acting as a central purchasing body.
  • Prepare for Sovereignty Requirements: Ensure your services can meet the Union assurance levels (Levels 1–4) required for public procurement, particularly for activities involving public order.
  • Focus on EU Added Value: Highlight how your services contribute to the European ecosystem (e.g., using EU-manufactured hardware, integrating EU technologies) to score higher under Article 32.

While the EuroCloud Federation may reduce the volume of external procurement for specific low-complexity or overflow workloads by enabling public entities to share idle capacity, it does not replace the need for commercial procurement. Public entities will still require external services for new investments, large-scale deployments, or specialized capabilities not available within the Federation. This is where commercial providers remain essential.

Common misconceptions

Misconception 1: The EuroCloud Federation is a marketplace for all cloud providers. False. Article 34 and Article 35 restrict participation strictly to public entities (Union entities and public sector bodies) that own the hardware. It is a peer-to-peer sharing network for public assets, not a commercial exchange. Private cloud providers cannot join as members or service sharers.

Misconception 2: Commercial providers can resell their services through the EuroCloud Federation. False. Article 35(1) requires the sharing entity to own the hardware. Commercial providers typically lease infrastructure or provide services based on supply chains that do not fit the "public ownership" and "control" criteria defined in Recital 71 and Article 35. Reselling commercial cloud capacity through the Federation is not permitted.

Misconception 3: The EuroCloud Federation replaces public procurement for cloud services. False. The Federation facilitates the sharing of existing idle capacity among public entities. For new investments, large-scale deployments, or services not available within the Federation, public entities must still procure services from the market. This is where commercial providers engage, via the common procurement framework in Articles 37–39 or through direct national procurement processes that comply with CADA's sovereignty requirements.

Misconception 4: Joining the EuroCloud Federation is mandatory for public cloud providers. False. Participation in the EuroCloud Federation is voluntary for public entities (Article 34(1)). Commercial providers are not involved in the Federation at all. Their involvement is in the procurement processes where public entities buy services they cannot source internally.

Related

This is general information about a draft EU regulation, not legal advice.