Why was the EuroCloud Federation created? CADA's public-sector cloud strategy

Summary The EuroCloud Federation was created under the proposed Cloud and AI Development Act (CADA) to pool sovereign public-sector cloud capabilities across the EU, reducing duplication and dependence on non-European providers. By federating national initiatives, it allows public authorities to share idle capacity and access trusted, secure services that meet strict Union assurance levels, thereby strengthening digital sovereignty and public order.

Detail

The Cloud and AI Development Act (CADA) identifies a critical vulnerability in the European digital landscape: an over-reliance on a limited number of non-European cloud providers. This dependence creates risks regarding data sovereignty, operational continuity, and exposure to third-country laws that may conflict with EU fundamental rights. To address this, CADA proposes the establishment of the EuroCloud Federation as a central mechanism for public-sector cooperation.

The Rationale: Addressing Sovereignty and Fragmentation

As outlined in the explanatory memorandum, the EU currently faces a fragmented cloud market where public authorities often procure services from non-EU hyperscalers due to a lack of viable, scalable European alternatives. While individual Member States have begun developing national sovereign cloud initiatives, these efforts remain siloed. This fragmentation prevents economies of scale and limits the ability of European providers to compete globally.

The EuroCloud Federation is designed to solve this by bringing together national and European cloud initiatives that provide highly trusted and secure public-sector cloud capabilities. Its primary purpose, as defined in Article 34(2), is to "facilitate the sharing of public sector data centre services and cloud computing services between Union entities and public sector bodies."

This initiative is rooted in the broader objectives of Title IV (Autonomy) of the proposed Regulation. The recitals explain that protecting public order requires maintaining control and agency by public-sector bodies. By creating a federation, the EU aims to:

1. Reduce Duplication: Prevent multiple Member States from building redundant infrastructure for similar needs.
2. Pool Capabilities: Aggregate idle or underutilized capacity from various national providers to create a robust, pan-European resource pool.
3. Ensure Trust: Provide a harmonized framework where services are assessed against Union assurance levels, ensuring they meet strict sovereignty and cybersecurity standards.

How the Federation Works

The EuroCloud Federation is not a new cloud provider itself. Instead, it is a cooperative framework open for voluntary participation by Union entities (such as EU institutions and agencies) and public sector bodies from Member States. Article 34(1) states that the Federation "shall be open for the participation of Union entities and public sector bodies on a voluntary basis."

To facilitate this sharing, the Commission will establish a dedicated platform (Article 34(3)). This platform will serve two main functions:

• A Catalogue: Providing information on available public sector data centre services and cloud computing services.
• A Service Platform: Enabling the exchange and orchestration of computing, storage, and network resources and services among members.

Crucially, the federation is designed to operate outside standard commercial procurement rules to encourage collaboration. Article 35 clarifies that the sharing of services within the Federation should be governed solely by considerations of public interest. Charges for using another member's capacity are limited strictly to cost recovery and do not constitute a pecuniary interest that would trigger standard public procurement directives. This allows for a more flexible, efficient exchange of resources without the administrative burden of traditional tendering processes.

Supporting Digital Sovereignty

The creation of the EuroCloud Federation is a direct response to the "sovereignty gap" in the EU. By enabling public authorities to source services from a federated pool of trusted European providers, the mechanism supports the uptake of sovereign cloud services. This aligns with the risk assessment obligations in Article 29, which require Member States to determine the appropriate Union assurance level for their activities. For high-risk public order activities, the Federation provides a viable pathway to source services that meet Union assurance levels 2, 3, or 4, which are often difficult to find in the commercial market.

What this means for you

For public-sector procurement officers and IT directors, the EuroCloud Federation represents a significant shift in how cloud services can be sourced and managed.

• Access to Trusted Capacity: If your authority requires cloud services that meet high Union assurance levels (e.g., for handling sensitive personal data or critical infrastructure), the Federation provides a structured way to access capacity from other Member States that may already have this certified infrastructure.
• Reduced Procurement Burden: Participating in the Federation allows your organization to bypass complex procurement procedures when sharing resources with other public bodies. Costs are limited to actual resource usage and administrative overhead, simplifying financial reporting.
• Voluntary Participation: Joining is optional. You can assess whether your current national providers can meet your sovereignty needs or if federating with other states offers better value, scalability, or security guarantees.
• Cost Efficiency: By sharing idle capacity, you can potentially lower total cost of ownership. Instead of building new data centers, you can leverage existing sovereign infrastructure across the EU.

Procurement officers should monitor the Commission's implementing acts, which will detail the specific procedures for joining the Federation and the technical standards for the service platform. Early engagement with national competent authorities will be key to positioning your organization to benefit from this new cooperative model.

Common misconceptions

• Misconception: The EuroCloud Federation is a new EU-owned cloud provider.
  • Reality: The Federation is a cooperative framework, not a service provider. It does not own hardware or sell cloud services. It facilitates sharing between existing public-sector bodies and their providers.
• Misconception: All public cloud services must move to the EuroCloud Federation.
  • Reality: Participation is voluntary (Article 34(1)). Authorities can still procure from commercial providers if those providers meet the required Union assurance levels through the recognition process in Article 17. The Federation is an option for enhanced cooperation and sovereignty, not a mandatory replacement for all cloud usage.
• Misconception: Using the Federation requires complex cross-border contracts.
  • Reality: The framework is designed to simplify sharing. Article 35 ensures that costs are strictly cost-recovery based, avoiding the need for full commercial tendering. The Commission's platform will standardize the technical and administrative interfaces to make sharing seamless.

Related

• What is the European public sector cloud federation (EuroCloud Federation) under CADA?
• What counts as a public sector body for EuroCloud Federation membership under CADA?
• EuroCloud Federation vs Commission Procurement: What CADA Means for Public Buyers
• EuroCloud Federation: Who is liable when public bodies share services?
• EuroCloud Federation: Legal obligations, fees and security duties for public bodies

This is general information about a draft EU regulation, not legal advice.