The European Commission is stepping up efforts to secure Europe’s technological independence, awarding a major cloud services tender worth up to €180 million over six
years. The move enables EU institutions, agencies, and bodies to procure “sovereign cloud” solutions designed to keep critical data and infrastructure under European control.
Four European providers have been selected under the framework. These include Post Telecom, working with CleverCloud and OVHcloud; STACKIT; Scaleway; and Proximus, which collaborates with S3NS (a joint venture between Thales and Google Cloud), alongside Clarence and Mistral. The selection reflects a deliberate strategy to rely primarily on European companies while still allowing limited involvement of non-European technologies under strict conditions.
At the heart of the initiative is the Commission’s Cloud Sovereignty Framework, which evaluates providers across eight key dimensions. These range from legal and operational safeguards to cybersecurity, environmental impact, supply chain transparency, and compliance with EU law. Only providers meeting stringent requirements—particularly around limiting control from non-EU entities—were eligible.
Rather than choosing a single supplier, the Commission awarded multiple contracts in parallel. This approach is designed to strengthen resilience and reduce dependency risks, ensuring that no single provider dominates the EU’s cloud ecosystem.
A broader strategy for digital sovereignty
This tender is more than a procurement exercise—it is part of a wider EU push toward digital sovereignty. In practical terms, digital sovereignty refers to Europe’s ability to control its own digital infrastructure, data, and technological development without excessive reliance on external powers.
In recent years, concerns over data protection, geopolitical tensions, and dependence on large non-European tech firms have accelerated EU action in this space. By investing in sovereign cloud capabilities, the Commission aims to ensure that sensitive public-sector data remains governed by European rules and values, including strict privacy protections under GDPR.
The initiative also sends a strong signal to the market. By setting high standards and leading through its own purchasing power, the Commission is effectively encouraging the broader cloud sector to align with European norms. It demonstrates that European providers can compete at the highest level—and that even global technologies can be adapted to meet EU sovereignty requirements when placed within a robust regulatory framework.
What comes next
Looking ahead, the Commission is preparing an updated version of its Cloud Sovereignty Framework, which will introduce more detailed criteria for assessing sovereignty. This is intended to help other EU entities—and potentially member states—adopt similar approaches.
Internally, efforts are also underway to apply these sovereignty standards across the Commission’s wider digital services ecosystem.
At the policy level, the upcoming “Tech Sovereignty” package will further define Europe’s ambitions. This bundle is expected to include initiatives such as an updated open-source strategy, a potential Chips Act 2, a digitalisation and AI roadmap for the energy sector, and the Cloud and AI Development Act (CADA).
CADA, in particular, is set to play a pivotal role. It aims to harmonise how cloud and AI sovereignty is defined across the EU single market, expand opportunities for European providers, and encourage greater competition by lowering barriers to entry.
A defining moment for Europe’s digital future
The sovereign cloud tender marks a concrete step in turning the concept of digital sovereignty into operational reality. By combining regulatory clarity, public investment, and market incentives, the EU is positioning itself to retain control over critical digital infrastructure in an increasingly competitive global landscape.