Summary In the proposed Cloud and AI Development Act (CADA), a "sharing entity" is a specific type of member within the EuroCloud Federation that provides data centre or cloud computing services to other members. As defined in Article 35(1), this entity must either directly own the hardware used to deliver the service or, if ownership is indirect, exercise strict control over the intermediate legal entity that owns the hardware. Crucially, if an intermediate entity is used, it must have no direct private capital participation, and more than 80% of its activities must be dedicated to tasks entrusted by the sharing entity.

Detail

The EuroCloud Federation, established under Article 34 of the proposed CADA (COM(2026) 502 final), is designed to facilitate the voluntary sharing of public-sector data centre and cloud computing services across the European Union. Its primary goal is to allow Union entities and public-sector bodies to leverage idle capacity, thereby enhancing resilience and efficiency without distorting the internal market.

To achieve this, the regulation distinguishes between two distinct roles: the "using entity" (the recipient of the service) and the "sharing entity" (the provider). The definition of a sharing entity is not merely functional; it imposes rigorous structural requirements regarding asset ownership and corporate control to ensure the federation remains a public-interest mechanism.

The Definition of a Sharing Entity

A sharing entity is a member of the EuroCloud Federation that makes its data centre services or cloud computing services available to another member. Article 35(1) sets the baseline condition: the sharing entity must be the entity that "directly, or indirectly through an intermediate legal entity, owns the hardware through which the service is made available and provides the service that is made available to the using entity."

This definition creates a direct link between the provision of the service and the ownership of the underlying physical infrastructure. It prevents the federation from being used as a conduit for private commercial providers to access public-sector capacity without maintaining public control over the assets.

Direct vs. Indirect Ownership Structures

The proposal acknowledges that public-sector IT infrastructure is often managed through various legal structures. Consequently, Article 35(1) permits two pathways for a member to qualify as a sharing entity:

  1. Direct Ownership: The public body (the sharing entity) directly owns the hardware (servers, storage, networking equipment) and provides the service itself. In this scenario, the ownership chain is transparent and immediate.
  2. Indirect Ownership: The public body does not own the hardware directly but controls an "intermediate legal entity" that does. In this structure, the intermediate entity owns the hardware and provides the service, but the public body remains the ultimate sharing entity.

The Strict Control Test for Indirect Ownership

The most critical aspect of the sharing entity definition arises when indirect ownership is involved. To prevent private market distortion and ensure that the infrastructure remains under public control, Article 35(1) mandates that the sharing entity must "exercise control over that intermediate legal entity."

The legislative text, specifically Recital 71, clarifies that this "control" is not a loose concept. It requires the simultaneous fulfillment of three cumulative conditions:

  1. Decisive Influence: The sharing entity must exercise a decisive influence over both the strategic objectives and the significant decisions of the intermediate legal entity. This ensures that the public body retains ultimate authority over the infrastructure's operation and strategic direction, preventing the intermediate entity from acting independently in a commercial capacity.
  2. No Direct Private Capital: There must be "no direct private capital participation" in the intermediate legal entity. This condition is a strict firewall against private commercial interests. It ensures that the entity providing the service is not influenced by private shareholders whose profit motives might conflict with the public-service mandate of the EuroCloud Federation.
  3. Predominant Public Task: More than 80% of the activities of the intermediate legal entity must be carried out in the performance of tasks entrusted to it by the sharing entity. This threshold ensures that the intermediate entity is primarily a vehicle for public service delivery. If the entity engages in significant commercial activities for private clients, it would fail this criterion, disqualifying the sharing entity from the federation.

The Role of the European Commission

The proposal includes a verification mechanism to ensure compliance. Article 35(3) stipulates that prior to sharing services, the sharing entity must demonstrate to the European Commission that it fulfills the conditions set out in Article 35(1). The Commission then assesses this information and allows the sharing to proceed only if the conditions are met. This gatekeeping role ensures that the integrity of the federation is maintained and that the "no private capital" and "80% activity" rules are strictly enforced.

What this means for you

For public-sector IT directors, legal counsels, and procurement officers, the definition of a sharing entity has immediate operational implications for participation in the EuroCloud Federation.

  • Audit Your Legal Structure: Before applying to share capacity, you must map your ownership chain. If you own the hardware directly, the process is straightforward. If you rely on a subsidiary, a public IT agency, or a joint venture, you must immediately assess whether that entity meets the "control test."
  • Verify Capital Structures: If your IT infrastructure is held by an intermediate entity, you must verify that there is no direct private capital participation. Even a small minority stake by a private investor could disqualify the entity from acting as a sharing entity under the proposed rules.
  • Calculate Activity Ratios: You must be able to demonstrate that more than 80% of the intermediate entity's activities are dedicated to tasks entrusted by your public body. If the entity provides services to private companies or other non-entrusted public bodies, you may need to restructure or limit its scope to meet the threshold.
  • Document Strategic Control: Prepare evidence of your "decisive influence." This includes board composition, voting rights, strategic planning documents, and governance protocols that prove you control the intermediate entity's strategic objectives.
  • Prepare for Commission Scrutiny: Under Article 35(3), you will need to submit this evidence to the Commission. Failure to prove these conditions will prevent your organization from sharing services within the federation, potentially limiting your ability to contribute to the EU's public-sector cloud resilience.

Common misconceptions

"Any public cloud provider can join the EuroCloud Federation as a sharing entity." No. While the federation is open to Union entities and public-sector bodies, the specific role of "sharing entity" requires ownership or strict control of the hardware. A public body that leases all its infrastructure from a private hyperscaler cannot act as a sharing entity, as it does not own the hardware.

"We can share services through a joint venture with a private company." Likely not. Article 35(1) and Recital 71 explicitly require "no direct private capital participation" in the intermediate legal entity. A joint venture involving private equity would almost certainly fail this criterion, preventing the public body from using that structure to share services.

"Ownership of the service contract is enough." No. The regulation is specific about the hardware. You must own the physical assets (or control the entity that does). Holding a contract to manage a service provided by a third party does not satisfy the ownership requirement.

"The 80% rule is a guideline, not a hard limit." It is a hard limit. The text states "more than 80% of the activities... must be carried out." This is a cumulative condition for establishing control. Falling short of this percentage means the control test is not met, and the entity cannot be recognized as a sharing entity.

Related

This is general information about a draft EU regulation, not legal advice.