Summary As proposed in the Cloud and AI Development Act (CADA), the EuroCloud Federation is a voluntary mechanism established under Article 34 to facilitate the sharing of secure data centre and cloud computing services among Union entities and public sector bodies. By enabling public administrations to pool resources and share idle capacity, the federation aims to reduce dependencies on third-country providers, lower costs, and ensure that critical public services run on sovereign, trusted infrastructure. Crucially, the sharing of services within the federation is designed to fall outside standard public procurement rules, provided fees are strictly limited to cost recovery.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, introduces a comprehensive framework to strengthen Europe's cloud and AI ecosystem. A central pillar of this framework is the establishment of the EuroCloud Federation, a mechanism explicitly designed to enhance the resilience, sovereignty, and efficiency of public-sector digital infrastructure. Unlike commercial cloud marketplaces, this federation is a sovereign alternative where public bodies interconnect their own infrastructures to create a unified, trusted resource pool.

Establishment and Scope: Article 34

Under Article 34 of the CADA proposal, the European public-sector cloud federation (the 'EuroCloud Federation') is established to bring together national and European cloud initiatives that provide highly trusted and secure public-sector cloud capabilities. The federation is open for the participation of Union entities and public sector bodies on a voluntary basis. Interested bodies may request the Commission to join the federation, which will facilitate the sharing of public-sector data centre services and cloud computing services among its members.

The Commission is tasked with establishing a dedicated platform for the EuroCloud Federation. This platform must provide:

  • A catalogue providing information on available public-sector data centre services and cloud computing services.
  • A service platform for the exchange and orchestration of computing, storage, and network resources and services.

The Commission is empowered to adopt implementing acts to specify the procedure to participate in the EuroCloud Federation and templates concerning the content and other details of the request for participation. This ensures a standardized, EU-wide approach to interoperability and access.

How Service Sharing Works: Article 35

The operational mechanics of the federation are detailed in Article 35, which governs the sharing of public-sector data centre services and cloud computing services. The core principle is that a member of the federation (the 'sharing entity') may share services with another member (the 'using entity') under specific, strict conditions designed to preserve sovereignty.

Crucially, the sharing entity must directly, or indirectly through an intermediate legal entity, own the hardware through which the service is made available. If the sharing entity indirectly owns the hardware via an intermediate legal entity, the sharing entity must exercise control over that intermediate legal entity. This requirement ensures that the entities sharing resources maintain ownership and control over the underlying infrastructure, a key component of the sovereignty framework.

Before sharing services, the sharing entity must demonstrate to the Commission that it fulfills the conditions set out in Article 35. This includes putting in place appropriate technical, operational, and organisational measures to ensure an effective, secure, and resilient provision of services. The Commission will assess the information provided and allow the sharing only where these conditions are fulfilled.

Cost Recovery and Financial Structure

Participation in the EuroCloud Federation is not free of charge, but the financial model is designed to avoid distorting competition or constituting a public contract in the traditional procurement sense. Article 35(5) states that a sharing entity may charge a fee to the using entity. However, the amount of this fee is strictly limited to the costs that the sharing entity incurs in relation to the sharing of the service.

These costs are limited to additional costs incurred in the sharing of capacity, including:

  • Allocating and isolating resources.
  • Managing access.
  • Enabling the integration and interoperability of resources.
  • Ensuring compliance with applicable requirements under Union law.
  • Managing the sharing relationship.

Importantly, these fees do not constitute a pecuniary interest within the meaning of Directive 2014/24/EU or Regulation (EU, Euratom) 2024/2509. Consequently, the sharing of services within the EuroCloud Federation does not fall under Union public procurement rules, provided these conditions are met. This is a significant procedural advantage, allowing for rapid resource allocation without the lengthy tendering processes typically required for public contracts.

The administrative costs of the federation itself are covered by fees levied by the Commission on the members, as outlined in Article 36. These costs include the establishment of the platform and the assessment of requests to join. If initial costs are borne by the general budget of the Union, they must be reimbursed by EuroCloud members over a period not exceeding three years.

Strategic Purpose: Sovereignty and Resilience

The EuroCloud Federation is not merely a cost-saving mechanism; it is a strategic tool for enhancing technological sovereignty. By creating a federated network of public-sector cloud resources, the CADA aims to reduce the EU's dependence on non-European cloud providers. The federation allows public administrations to leverage idle capacity that might otherwise go unused, thereby increasing the overall availability of sovereign cloud resources in the EU.

This aligns with the broader CADA objective of ensuring that public order is preserved by maintaining control and agency by public-sector bodies. By interconnecting cloud computing infrastructures across the Union, the federation supports the deployment of a secure and interoperable European public-sector cloud, as envisioned in earlier joint declarations by Member States. It serves as a practical implementation of the "sovereign cloud" concept, ensuring that critical public data remains under the control of Union entities and public sector bodies, free from the extraterritorial reach of third-country laws.

What this means for you

For public-sector procurement officers, IT directors, and policy makers, the EuroCloud Federation represents a significant shift in how cloud services can be acquired and managed under the proposed CADA framework.

  • Access to Sovereign Capacity: If your organisation requires secure, sovereign cloud capacity but lacks the scale to build or procure it independently, the EuroCloud Federation offers a pathway to access shared resources from other public bodies. This can help you meet the sovereignty requirements imposed by CADA's risk assessments (under Article 29) without engaging in complex, standalone procurement processes.
  • Monetising Idle Resources: If your organisation has underutilised data centre or cloud capacity, you can become a 'sharing entity' within the federation. By sharing this idle capacity with other public bodies, you can recover costs associated with maintaining that infrastructure, improving the return on investment for public digital assets. This transforms idle assets into a strategic resource for the wider public sector.
  • Simplified Procurement: Because the sharing of services within the federation is not considered a public contract under certain conditions, it bypasses traditional public procurement procedures. This can significantly accelerate the deployment of cloud resources and reduce administrative burdens, allowing for faster response to emerging digital needs.
  • Voluntary Participation: Joining the EuroCloud Federation is voluntary. However, given the increasing pressure on public administrations to adopt sovereign cloud solutions and the potential requirements for high assurance levels (Levels 2–4) for public-order-relevant activities, participation may become a strategic imperative. You will need to assess whether your existing infrastructure meets the security and sovereignty criteria required to become a sharing entity.
  • Compliance and Security: To participate, you must demonstrate compliance with strict technical, operational, and organisational measures. This includes ensuring that your infrastructure is secure, resilient, and interoperable with other members. You should begin auditing your current cloud assets to identify any gaps in security or governance that need to be addressed before joining. The Commission's assessment process will be rigorous to ensure the integrity of the federation.

Common misconceptions

"The EuroCloud Federation replaces commercial cloud providers." No. The federation is specifically for public-sector bodies to share resources among themselves. It does not replace the need for commercial cloud providers, especially for services that require specific capabilities not available within the public sector. However, it does provide a sovereign alternative for core public services and critical infrastructure, reducing reliance on third-country hyperscalers.

"Participation is mandatory." No. The CADA proposal states that the EuroCloud Federation is open for participation on a voluntary basis. However, the broader CADA framework may impose sovereignty requirements on public procurement that make participation in such federated models highly advantageous or necessary for compliance, particularly for activities identified as contributing to the preservation of public order.

"Sharing services is free." No. While it is not a commercial transaction in the traditional sense, the sharing entity can charge fees to recover the costs incurred in sharing the service. These fees are strictly cost-recovery based and do not include a profit margin. The fees are limited to the additional costs of allocating, isolating, and managing the shared resources.

"Any public body can join immediately." No. Participation requires meeting specific conditions, including demonstrating ownership or control over the hardware and implementing appropriate security measures. The Commission must assess and approve the sharing entity's compliance before services can be shared. This ensures that the federation maintains high standards of security and sovereignty.

Related

This is general information about a draft EU regulation, not legal advice.