Summary The proposed Cloud and AI Development Act (CADA) structurally separates the EuroCloud Federation (Chapter III) from Commission procurement (Chapter IV) to distinguish between public-to-public capacity sharing and commercial market purchasing. As proposed, the EuroCloud Federation enables public entities to share self-owned infrastructure at strict cost-recovery rates, a mechanism explicitly excluded from standard public procurement rules to avoid market distortion. In contrast, Commission procurement acts as a central purchasing body to buy commercial cloud and AI services from the market, remaining fully subject to Union public procurement frameworks. This split ensures internal public cooperation does not trigger competitive bidding requirements, while external market purchases maintain transparency and fair competition.
Detail
The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes two distinct legal mechanisms for public sector entities to acquire or utilize cloud and AI capabilities. These are the EuroCloud Federation under Title IV, Chapter III, and the Commission procurement framework under Title IV, Chapter IV. This separation is not merely administrative; it reflects a fundamental divergence in legal nature, financial structure, and interaction with the single market.
Chapter III: The EuroCloud Federation (Public-to-Public Sharing)
Article 34 establishes the European public sector cloud federation ("EuroCloud Federation"). Its primary objective, as stated in the proposal, is to "facilitate the sharing of public sector data centre services and cloud computing services between Union entities and public sector bodies." Participation is voluntary and strictly limited to public entities.
The critical legal distinction lies in Article 35, which governs the sharing of services. This article mandates that cooperation within the Federation be "governed solely by considerations of public interest" and "should not entail any form of consideration in exchange for another." While a "sharing entity" (the provider of the capacity) may charge a fee to a "using entity," this fee is legally constrained. It must be "limited strictly to what is necessary and proportionate to recover the costs incurred by the sharing entity."
These recoverable costs are narrowly defined in the text as "additional costs incurred in the sharing of capacity," including:
- Allocating and isolating resources;
- Managing access;
- Enabling integration and interoperability;
- Ensuring compliance with applicable Union law;
- Managing the sharing relationship.
Crucially, Recital 73 explicitly states that these fees "should not be deemed as a consideration for the provision of a service and should not constitute a pecuniary interest or public contract within the meaning of Directive 2014/24/EU and Regulation (EU, Euratom) 2024/2509." Consequently, the sharing of services within the EuroCloud Federation does not fall under Union public procurement rules. This mechanism is designed as an internal optimization tool, allowing Member States and Union entities to utilize idle or underused public capacity without triggering the administrative burden, market-opening requirements, and competitive bidding obligations of standard procurement law.
Chapter IV: Commission Procurement (Commercial Market Purchasing)
In stark contrast, Chapter IV (starting with Article 37) establishes a framework for the Commission to act as a central purchasing body. This mechanism is designed for procuring data centre services, cloud computing services, software, and AI systems from the commercial market.
Under Article 37, the Commission may procure these services on behalf of Union entities, Member State contracting authorities, and selected partner organisations. It can conclude framework contracts or operate dynamic purchasing systems. Unlike the EuroCloud Federation, this is a market transaction. The Commission acts as a wholesaler, acquiring services and reselling or donating them to participating entities.
While Article 39 provides that a participating entity is "deemed to have fulfilled its obligations under applicable Union public procurement law" when acquiring supplies through the Commission, the procurement activities themselves remain subject to the public procurement framework. The Commission must adhere to the rules set out in Regulation (EU, Euratom) 2024/2509 and Directive 2014/24/EU. The goal here is to harness collective buying power to negotiate better terms, lower prices, and facilitate the adoption of innovative technologies from external vendors, including European SMEs.
Why the Separation Matters
The structural separation ensures legal clarity and prevents market distortion. If the EuroCloud Federation were treated as a procurement vehicle, the internal sharing of public assets would be subject to competitive bidding, defeating the purpose of optimizing existing public resources. Conversely, if Commission procurement were treated as internal sharing, it would circumvent the transparency and non-discrimination requirements essential for fair market competition.
Furthermore, the financial structures differ significantly:
- EuroCloud Federation (Article 36): Costs are jointly financed by members through fees levied by the Commission. These revenues constitute "internal assigned revenues" used to cover the costs of establishing and managing the Federation platform.
- Commission Procurement (Article 40): Fees are levied on participating entities to cover the costs of the procurement activities themselves (e.g., platform development, management, ancillary support). These fees do not cover the purchase price of the services but rather the administrative cost of the procurement process.
What this means for you
For in-house counsel, compliance officers, and public procurement managers, understanding this distinction is critical for determining the correct regulatory pathway for your organization's cloud strategy.
1. Determine Your Legal Status and Intent
If your organization is a public sector body or a Union entity, you must first identify whether you are seeking to share existing public capacity or purchase new services from the market.
- EuroCloud Federation Path: If you own the hardware (directly or through a controlled intermediate entity) and wish to share it with another public body, you must demonstrate that the fee charged covers only the specific additional costs of sharing (Article 35). You cannot generate profit. This path avoids public procurement procedures.
- Commission Procurement Path: If you are buying cloud services from a commercial provider, you should participate in Commission-led tenders. You will be deemed compliant with national procurement laws if you purchase through the Commission's framework contracts, but you must pay the associated fees for the procurement service.
2. Compliance with Article 35 Conditions
For entities participating in the EuroCloud Federation, strict adherence to Article 35 is mandatory. You must put in place appropriate technical, operational, and organizational measures to ensure secure service provision. Crucially, you must demonstrate to the Commission that you fulfill the ownership conditions (direct ownership or control over an intermediate legal entity) before sharing is allowed. Failure to maintain the strict cost-recovery model could transform the transaction into a service contract subject to procurement rules, exposing the entity to legal challenges.
3. Deadlines and Reporting
While specific implementation dates depend on the final adoption timeline, Article 48 states the Regulation will apply one year after entry into force. Compliance officers should prepare to map their current cloud contracts and infrastructure to determine which category they fall into. For Commission procurement, participating entities must agree to the practical arrangements set out in Article 38, including potential fees for ancillary support services.
4. Penalties and Oversight
Infringements of the sovereignty framework (Title IV) carry penalties under Article 24, which must be "effective, proportionate and dissuasive." While specific penalties for EuroCloud or procurement violations are not detailed in these articles, the overarching requirement for transparency and compliance with Union assurance levels (Article 16) applies to services procured or shared. Misclassifying a commercial purchase as an internal share could lead to significant legal and financial repercussions, including the potential invalidation of the contract.
Common misconceptions
Misconception 1: The EuroCloud Federation is a joint procurement body. Many assume the EuroCloud Federation is a vehicle for public bodies to pool money and buy cloud services together. This is incorrect. As proposed in Article 34 and Article 35, it is a mechanism for sharing existing, self-owned capacity. It is not a purchasing consortium. If public bodies want to buy together, they should look to the Commission procurement framework in Chapter IV.
Misconception 2: Commission procurement bypasses national procurement laws. Participating in Commission procurement does not exempt entities from procurement law; rather, it provides a mechanism to comply with them more efficiently. Article 39 states that acquiring services through the Commission satisfies the entity's obligations under applicable Union public procurement law. The Commission still follows the rules, but the individual entity relies on the Commission's process.
Misconception 3: Any public entity can join the EuroCloud Federation. Participation is limited to public entities. Article 35 explicitly excludes direct private participation. If a private entity owns the hardware, it cannot participate in the EuroCloud Federation as a sharing entity. This ensures the mechanism remains a tool for public sector cooperation and does not become a channel for private companies to access public markets without competition.
Misconception 4: Fees in the EuroCloud Federation can cover operational profits. Article 35 strictly limits fees to the recovery of additional costs incurred in sharing. These costs are defined narrowly: allocating and isolating resources, managing access, ensuring interoperability, and compliance. They do not include general overhead or profit margins. Charging beyond this limit transforms the transaction into a service contract subject to procurement rules.
Related
- EuroCloud Federation vs Commission Procurement: What CADA Means for Public Buyers
- EuroCloud Federation vs Commission Procurement: Key Differences under CADA
- Who can benefit from Commission cloud procurement under CADA?
- EuroCloud Federation & SMEs: How Startups Access CADA Central Procurement
- EuroCloud Federation vs. Commercial Procurement: What Cloud Providers Need to Know
This is general information about a draft EU regulation, not legal advice.