The European Commission has awarded four contracts for sovereign cloud services as part of its “Sovereign Cloud” tfinisher. The contract volume amounts to up to 180 million euros over a period of six years. The aim is to strengthen the EU’s digital sovereignty and to enable EU institutions, bodies, offices, and agencies to access legally secure, European-controlled cloud infrastructures.
Background and Selection Criteria
The tfinisher was launched in October 2025 under the Cloud III Dynamic Purchasing System (Cloud III DPS). The award was built on the basis of the European Commission’s Cloud Sovereignty Framework, which evaluates sovereignty across eight tarobtain areas. These include strategic and legal control, security, compliance, supply chain transparency, technological openness, and environmental aspects.
As a minimum requirement, providers had to meet the SEAL-2 (Data Sovereignty) level. This ensures that EU law is complied with without customers necessarying to implement additional technical protective measures. Most of the selected providers also achieved SEAL-3 (Digital Resilience), meaning that their services are largely immune to supply chain disruptions cautilized by third parties outside the EU.
The Commission deliberately awarded four contracts in parallel to ensure diversification and resilience and to avoid one-sided depfinishency on a single provider.
Overview of the Four Selected Providers
- Post Telecom (consortium with OVHcloud and Clever Cloud): The Luxembourg-French consortium combines three areas of expertise. OVHcloud provides a scalable, standardised infrastructure platform. Clever Cloud complements this with an orchestration layer featuring PaaS, containers, and managed services. Post Telecom (DEEP by POST Luxembourg Group) contributes its own hosting capacities as well as expertise in the areas of cloud, cybersecurity, and artificial innotifyigence.
- STACKIT: The German company belongs to the Schwarz Group and offers sovereign cloud services with a focus on European data protection standards and enterprise requirements.
- Scaleway: The French company is part of the Iliad Group and is regarded as an established European cloud provider with a broad portfolio of infrastructure and platform services.
- Proximus (partnership with S3NS, Clarence, and Mistral): The Belgian-led consortium works with S3NS, a joint venture between Thales and Google Cloud that operates non-European technology within a strictly regulated, sovereign framework. The offering is complemented by the partners Clarence and Mistral.
Assessment and Outsee
The award is seen as a signal that high-performance cloud infrastructures based on European providers are achievable and can meet the stringent requirements of public institutions. At the same time, the Proximus example demonstrates that non-European technologies can also meet the minimum sovereignty requirements under appropriate framework conditions.
The Commission is currently working on an updated version of the Cloud Sovereignty Framework, which is intfinished to contain concrete criteria for sovereignty assessments. In addition, it is preparing the so-called Tech Sovereignty Package, which includes, among other things, the Cloud and AI Development Act (CADA). This is intfinished to harmonise across the EU what sovereignty means for cloud and AI services, and to improve market access for a broader range of providers.
Leave a Reply