The European Commission (EC) has allocated a €180m sovereign cloud contract to four European firms in a move designed to increase EU digital autonomy over the next six years.
The selected providers are Post Telecom, which is working with CleverCloud and OVHcloud, STACKIT, and Scaleway. Proximus, the fourth provider, has formed a partnership with S3NS, a joint venture between Thales and Google Cloud, as well as with Clarence and Mistral.
The multi-provider arrangement aims to serve all EU institutions, agencies, offices, and bodies under a framework intended to limit external influence over cloud infrastructure used by the Union entities.
The procurement process took place via the Cloud III Dynamic Purchasing System (Cloud III DPS), which the Commission launched in February 2024. This system facilitates targeted mini-competitions for multi-tenant infrastructure- and platform-as-a-service solutions.
The primary objective of Cloud III DPS is to support acquisition channels for EU agencies and institutions, allowing for multiple contracts designed to meet diverse operational and security requirements inherent to European digital infrastructure.
Awarding four parallel contracts, rather than relying on a single vendor, the EC seeks to sustain infrastructure redundancy and resilience, ensuring that no one provider becomes a critical point of failure. This aligns with broader EU strategies around supply chain transparency and operational robustness.
Eligibility criteria ensured that non-EU parties could exert only a limited degree of control over any relevant technology or service.
Providers were evaluated against the Cloud Sovereignty Framework. This framework scores vendors on eight sovereignty objectives, including strategic, legal, operational, and environmental criteria, as well as security, compliance, technological openness, and supply chain transparency.
The chosen framework guides all service providers on maintaining conformance with the EU’s legal and regulatory environment.
The EC stated: “The tender encourages the entire sector to comply with European standards and values. Its success highlights the high quality of European providers, demonstrating their ability to meet the Commission’s strict criteria.
“It also shows that non-European technologies, when operated within a strict and appropriate framework, can meet the minimum level of sovereignty required.”
Large-scale cloud adoption is considered necessary to advance EU digital sovereignty. The EC said that it is updating the Cloud Sovereignty Framework to include more granular sovereignty metrics, intended to assist further institutions interested in adopting a similar model.
Internally, there is an ongoing process to integrate sovereignty criteria across the digital services offered by the Commission and other EU bodies.
Looking ahead, the Commission is preparing a Tech Sovereignty package containing several legislative and strategic documents. These will cover the Open Source strategy, a second iteration of the Chips Act, a Strategic Roadmap for Digitalisation and AI in Energy, and the Cloud and AI Development Act (CADA).
The CADA is anticipated to define unified standards for cloud and AI service sovereignty across the single market and establish public procurement protocols supportive of new market entrants.
The Commission awarded the contracts at the conclusion of a competition that began in October 2025, centred on requirements drawn from the Cloud Sovereignty Framework. The approach is intended to standardise minimum acceptable sovereignty assurance levels for cloud services procured by EU institutions, targeting vendor diversity and compliance with European law.
