Where does the EuroCloud Federation sit in the structure of CADA?

Under the proposed Cloud and AI Development Act (CADA), the EuroCloud Federation is established in Chapter III of Title IV, the section dedicated to "Auton

Summary Under the proposed Cloud and AI Development Act (CADA), the EuroCloud Federation is established in Chapter III of Title IV, the section dedicated to "Autonomy." Specifically, Articles 34–36 govern the Federation, while the immediately following Chapter IV (Articles 37–40) addresses the Commission's central procurement activities. Both chapters operate within the same Title to reduce dependencies on third-country providers, but they serve distinct functions: the Federation facilitates the voluntary sharing of idle public-sector capacity, whereas Chapter IV enables the Commission to act as a central purchasing body to procure cloud, software, and AI services collectively.

Detail

To understand where the EuroCloud Federation fits within the broader architecture of CADA, it is necessary to examine the regulation's hierarchical structure. The proposal is divided into five Titles. Title IV, titled "Autonomy," is the critical section for public-sector bodies and cloud providers navigating sovereignty requirements. This Title is subdivided into six chapters, with the EuroCloud Federation occupying a specific niche within Chapter III, distinct from the procurement mechanisms in Chapter IV.

Title IV: Autonomy and its Chapter Structure

Title IV is designed to mitigate the risks stemming from the EU's reliance on third-country cloud providers. It establishes the sovereignty framework (Union assurance levels), sets out risk assessment obligations, and creates mechanisms for public procurement that favor European added value. Within this Title, the structure is as follows:

Chapter I: Cloud computing sovereignty framework (Articles 16–28).
Chapter II: Demand-side measures, including public procurement rules and risk assessments (Articles 29–33).
Chapter III: European public sector cloud federation (Articles 34–36).
Chapter IV: Procurement of data centre services, cloud computing services, software and AI systems by the Commission (Articles 37–40).
Chapter V: Open source (Articles 41–44).
Chapter VI: Final provisions.

The EuroCloud Federation: Chapter III (Articles 34–36)

Article 34 explicitly establishes the European public sector cloud federation, referred to as the "EuroCloud Federation." Its primary purpose is to facilitate the sharing of public sector data centre services and cloud computing services between Union entities and public sector bodies. Participation is voluntary.

The structure of this chapter is tight and focused on interconnection and resource sharing:

Article 34 sets out the scope, purpose, and the Commission's role in establishing a platform for the Federation. This platform includes a catalogue of available services and a service platform for exchanging computing, storage, and network resources.
Article 35 details the conditions for sharing. A "sharing entity" may share services with a "using entity" if the sharing entity owns the hardware (directly or through an intermediate legal entity it controls). Crucially, the sharing entity must demonstrate to the Commission that it fulfills specific technical, operational, and organizational security measures.
Article 36 addresses the financial model. The Commission can recover costs incurred in establishing and administering the Federation through fees levied on members. These fees are strictly limited to covering costs and do not constitute a pecuniary interest or public contract under standard procurement directives, thereby exempting the sharing of services within the Federation from standard Union public procurement rules.

Commission Procurement: Chapter IV (Articles 37–40)

Immediately following the EuroCloud Federation, Chapter IV outlines a different mechanism for reducing dependency: central procurement. While the Federation is about sharing existing public assets, Chapter IV is about buying new services collectively.

Article 37 empowers the Commission to carry out procurement activities for itself, Union entities, and contracting authorities from Member States. It allows the Commission to act as a central purchasing body, procuring data centre services, cloud computing services, software, and AI systems.
Article 38 sets out the arrangements for these procurement activities, including the establishment of a Steering Committee composed of the Commission and representatives of Member States.
Article 39 clarifies the applicable public procurement framework, noting that participating entities are deemed to have fulfilled their obligations under applicable Union public procurement law when they acquire services through the Commission.
Article 40 establishes a fee structure for these procurement activities, ensuring that costs are jointly financed by participating entities.

The Structural Distinction

The placement of these two mechanisms in consecutive chapters within Title IV highlights a dual strategy for autonomy. Chapter III leverages existing public infrastructure to create a federated, resilient network that bypasses commercial markets for certain workloads. Chapter IV leverages the collective purchasing power of the public sector to drive demand for European cloud and AI providers, creating economies of scale that individual Member States might not achieve alone. Both are exempt from standard procurement rules to varying degrees to ensure efficiency and speed, but they address different supply-side and demand-side challenges.

What this means for you

For in-house counsel and compliance officers in the public sector or for cloud providers targeting the public sector, the structural distinction between Chapter III and Chapter IV has practical implications:

Participation Strategy: If your organization is a public sector body, you must decide whether to engage with the EuroCloud Federation (Chapter III) to share idle capacity or to participate in the Commission's central procurement framework (Chapter IV) to access pre-negotiated contracts. These are separate mechanisms with different entry requirements.
Compliance with Article 35: If you are a "sharing entity" in the EuroCloud Federation, you must prepare to demonstrate compliance with the technical, operational, and organizational measures outlined in Article 35(2) and (6). This includes robust policies on risk analysis, information system security, and business continuity. The Commission will assess your demonstration before allowing you to share services.
Fee Structures: Be aware that both chapters introduce fee-based revenue streams. Under Article 36, you will pay fees to administer the EuroCloud Federation. Under Article 40, you will pay fees for the Commission's procurement activities. These fees are designed to cover costs and do not generate profit for the Commission, but they must be factored into your budgeting.
Procurement Exemptions: Both mechanisms offer exemptions from standard public procurement rules. For the EuroCloud Federation, Article 35(5) states that fees charged do not constitute a pecuniary interest, meaning the sharing of services does not fall under Union public procurement rules. For Commission procurement, Article 39(1) deems participating entities to have fulfilled their procurement obligations when using the Commission's framework. This simplifies compliance but requires strict adherence to the specific rules of each chapter.

Common misconceptions

Misconception: The EuroCloud Federation replaces standard public procurement.
- Reality: It is an alternative mechanism for sharing existing public capacity, not a replacement for all procurement. Chapter IV provides a separate mechanism for procuring new services. Most public sector cloud needs will still be met through standard procurement or the Chapter IV framework, while the Federation is for specific capacity-sharing scenarios.
Misconception: Any public entity can automatically join the EuroCloud Federation.
- Reality: Participation is voluntary but conditional. Under Article 35, a sharing entity must demonstrate to the Commission that it fulfills specific security and operational conditions. The Commission assesses this information before allowing the entity to share services.
Misconception: The Commission's procurement role (Chapter IV) is limited to buying hardware.
- Reality: Article 37 explicitly states that the Commission may procure "data centre services, cloud computing services, software and AI systems." This is a broad scope covering the full stack of digital services.

This is general information about a draft EU regulation, not legal advice.