The European Commission has selected four providers to deliver sovereign cloud services to EU institutions. This tender is worth up to 180 million euros over six years.
The European Commission has appointed four companies to develop a European cloud service. These are Post Telecom, Stackit, Scaleway, and Proximus. The companies will receive 180 million euros for this, spread over six years. The exact amount each company receives is not known. This new tender is intended to strengthen the European Union’s digital sovereignty and limit dependence on non-European technologies.
Four European companies
The Commission has awarded four contracts to various consortia and companies: a Luxembourgish-French partnership led by Post Telecom (with OVHcloud and CleverCloud), the German STACKIT (Schwarz Group), the French Scaleway (Iliad Group), and a Belgian-French-Luxembourgish partnership led by Proximus. Proximus is collaborating on this with S3NS (a joint venture between Thales and Google Cloud), Clarence, and Mistral.
According to the European Commission, this diversification limits the risk of vendor lock-in and increases the digital resilience of the Union’s institutions. Each of these providers brings its own technology and expertise, allowing the Commission to choose from a wide range of cloud services that meet strict requirements.
Cloud Sovereignty Framework
To assess the level of sovereignty, the Commission developed the Cloud Sovereignty Framework. This framework translates abstract principles into eight measurable criteria, including strategic, legal, operational, and environmental objectives. It also introduces so-called SEAL levels, ranging from full dependence to a fully EU-controlled supply chain.
All providers were required to achieve at least SEAL-2, meaning they comply with EU regulations without additional customer protection measures. Most providers even reached SEAL-3, where their services are immune to interference by non-EU third parties. In doing so, they demonstrate that European technologies are mature enough for critical applications.