EU AI Act forces architecture timing
- On April 17, the European Commission awarded a sovereign-cloud framework worth up to €180 million over six years, giving European Union bodies four approved providers for regulated cloud buying. - The roster is specific: Post Telecom with CleverCloud and OVHcloud, STACKIT, Scaleway, and Proximus with S3NS, Clarence and Mistral, all screened under the Commission’s sovereignty framework. - The timing lands against the EU AI Act’s phased deadlines, with general-purpose model rules already in force since August 2, 2025, and broader obligations due August 2, 2026. (ec.europa.eu)
The European Commission has put cloud procurement and artificial intelligence compliance on the same calendar. On April 17, it awarded a sovereign-cloud framework worth up to €180 million over six years. (interoperable-europe.ec.europa.eu) (acceptance.audiovisual.ec.europa.eu) The four selected providers are Post Telecom with CleverCloud and OVHcloud, STACKIT, Scaleway, and Proximus with S3NS, Clarence and Mistral. The framework lets European Union institutions, bodies, offices and agencies buy sovereign cloud services from that shortlist. (interoperable-europe.ec.europa.eu) The Commission said the contracts were scored under its Cloud Sovereignty Framework, which measures eight objectives across strategic, legal, operational, technological, security, environmental and supply-chain criteria. It awarded four parallel contracts to avoid dependence on a single provider. (interoperable-europe.ec.europa.eu 1) (interoperable-europe.ec.europa.eu 2) That procurement move lands after the European Union’s first Artificial Intelligence Act rules started applying on February 2, 2025. Those first provisions covered the law’s definition of artificial intelligence, artificial-intelligence literacy duties, and a narrow set of banned uses. (digital-strategy.ec.europa.eu) The next hard date was August 2, 2025, when obligations for providers of general-purpose artificial intelligence models entered into application. The Commission says those providers must keep technical documentation, implement a copyright policy, and publish a summary of training content. (digital-strategy.ec.europa.eu) For the most advanced general-purpose models, the rulebook goes further. Providers of models with systemic risk must notify the Commission and handle risk assessment, incident reporting and cybersecurity protections. (digital-strategy.ec.europa.eu) The broader AI Act is scheduled to become fully applicable on August 2, 2026, with some exceptions and transition periods. The Commission’s public timeline says high-risk systems are part of that phased rollout, while some older systems and public-authority deployments have later deadlines. (digital-strategy.ec.europa.eu) (ai-act-service-desk.ec.europa.eu) That matters for architecture choices because the AI Act regulates systems by use case, not by marketing label. The Commission’s examples of banned or tightly controlled uses include social scoring, emotion recognition in workplaces and education, and some biometric systems. (digital-strategy.ec.europa.eu) A hiring tool, worker-management system or customer-service product can therefore trigger legal questions before a team writes code or signs a cloud contract. The Commission says the law was designed to address cases where artificial intelligence decisions affect hiring, public benefits and other rights-sensitive outcomes. (digital-strategy.ec.europa.eu) The result is that, inside Europe’s own institutions, cloud sovereignty is no longer a policy memo sitting beside delivery. It is now embedded in a live procurement vehicle, on the same timeline as the AI Act’s staged compliance dates. ([interoperable-europe.ec.europa.eu](https://
