EU sovereign‑cloud procurement

The European Commission has picked four provider groups for a new sovereign-cloud program that can run for six years and reach €180 million. (commission.europa.eu) The awards were announced on April 17, 2026, after a tender launched in October 2025 for European Union institutions, bodies, offices and agencies. The four winners are a Post Telecom-led partnership with OVHcloud and CleverCloud, StackIT, Scaleway, and a Proximus-led partnership. (commission.europa.eu, commission.europa.eu) The Proximus group is the one that pulls a U.S. hyperscaler into the picture. It uses services from S3NS, a joint venture between Thales and Google Cloud, alongside Clarence and Mistral. (commission.europa.eu, itpro.com) The Commission did not frame sovereignty as “European only” in absolute terms. It turned the issue into procurement rules, with measurable tests for who controls the service, where data sits, which laws apply, how operations are run, and how exposed the stack is to non-European suppliers. (commission.europa.eu, interoperable-europe.ec.europa.eu) Those tests sit inside the Commission’s Cloud Sovereignty Framework, published in October 2025 and updated in March 2026. The framework scores providers across eight objectives, including legal, operational, technological, security, environmental and supply-chain criteria. (interoperable-europe.ec.europa.eu, commission.europa.eu) The framework also assigns Sovereignty Effectiveness Assurance Levels, or SEAL, from 0 to 4. Providers needed at least SEAL-2 to qualify, which the Commission defines as a data-sovereignty level that does not require extra customer-side technical measures to protect data under European Union law. (commission.europa.eu, commission.europa.eu) Three awardees — Post Telecom with partners, StackIT and Scaleway — reached SEAL-3, which the Commission describes as digital resilience against disruption from non-European third parties. Proximus and S3NS reached SEAL-2, with the Commission saying the Google-based technical environment is operated exclusively by European Union companies. (commission.europa.eu) That distinction gets at the live argument inside Europe’s cloud policy. One camp wants sovereignty defined mainly by ownership and homegrown technology; the Commission’s award shows a second model, where non-European technology can still pass if control boundaries, legal exposure and operating conditions are locked down tightly enough. (commission.europa.eu, itpro.com) The procurement also fits a longer shift inside the Commission itself. Its 2019 cloud strategy set a cloud-first, hybrid multi-cloud approach, and the 2026 tender extends that into a formal buying system for “sovereign” services rather than treating sovereignty as a policy slogan. (commission.europa.eu, commission.europa.eu) Now the test moves from award notices to actual deployments. The Commission has written sovereignty into contract language, scoring models and operating rules; the next six years will show how far that model can hold when Europe’s public sector buys cloud at scale. (commission.europa.eu, ted.europa.eu)