European Commission Awards €180 Million Sovereign Cloud Tender to Four European Provider Groups as Brussels Codifies Digital Sovereignty Into Procurement Rules
Brussels awarded a six-year framework contract for sovereign cloud services to Post Telecom, STACKIT, Scaleway, and Proximus, using a new eight-criteria sovereignty framework that allows Google Cloud to participate only through the Proximus-led consortium.
Overview
The European Commission on April 17, 2026 awarded a €180 million framework contract for sovereign cloud services to four European provider groups, formalizing a procurement model that treats digital sovereignty as a measurable, contractually enforceable requirement rather than a political slogan. The six-year tender, announced by the Commission in a note titled Commission advances cloud sovereignty through strategic procurement, will supply cloud services to EU institutions, bodies, offices and agencies, and anchors a broader policy effort to reduce reliance on non-European hyperscalers for the bloc’s own internal IT.
The four winning groups are Luxembourg’s Post Telecom (with partners OVHcloud and CleverCloud), Germany’s STACKIT, France’s Scaleway, and Belgium’s Proximus (leading a consortium that includes Mistral AI, Clarence, and S3NS — the joint venture between Thales and Google Cloud), according to The Next Web. The tender was launched in October 2025 and is worth roughly $212 million at current exchange rates, according to a Reuters report carried by Yahoo Finance.
What the Cloud Sovereignty Framework Requires
The defining feature of this tender is not its size — €180 million over six years is modest by hyperscaler standards — but the assessment methodology behind it. The Commission built its evaluation on a new Cloud Sovereignty Framework that, in its own words, “translated digital sovereignty into objective, measurable procurement criteria,” grading offers across eight concrete objectives spanning strategic, legal, operational, and environmental considerations, as well as supply chain transparency, technological openness, security, and compliance with EU laws, according to the Commission.
The framework defines a ladder of Sovereign European Assurance Levels (SEAL). Post Telecom (with OVHcloud and CleverCloud), STACKIT, and Scaleway reached SEAL-3, described by the Commission as the “Digital Resilience” level, meaning their service, technology, or operations are immune from supply chain disruption from non-EU third parties, per the Commission’s announcement. The Proximus-led consortium reached SEAL-2, the “Data Sovereignty” level, which means the provider abides by EU laws and regulations without requiring the customer to add their own technical measures to protect its data.
Why Google Cloud Is In the Deal Only Through S3NS
The most politically sensitive element of the award is the inclusion of S3NS, a joint venture in which Thales holds a controlling stake and Google Cloud supplies the underlying infrastructure. The Commission addressed this directly, stating that “non-European technologies, when operated within a strict and appropriate framework, can meet the minimum level of sovereignty required,” according to the Commission’s announcement. In practice, Brussels is endorsing a two-tier model: services that demand full resilience from non-EU actors (SEAL-3) can go to fully European stacks, while workloads that only require data-protection guarantees (SEAL-2) can be hosted on U.S. technology if governance, legal jurisdiction, and operations are European.
This matters because U.S. hyperscalers — AWS, Microsoft Azure, and Google Cloud — continue to dominate the European market. The Next Web puts U.S. hyperscaler share of European cloud infrastructure revenue at roughly 70%, against around 15% for European providers. The Commission’s framework is therefore not a ban on American technology; it is an attempt to price sovereignty into procurement and give European providers a reliable institutional customer.
Provider Responses and Market Signal
For the winning European providers, the contract is as much a credential as a revenue stream. OVHcloud CEO Octave Klaba said the Post Telecom consortium will serve more than 40 EU agencies, demonstrating “credible alternatives in Europe,” according to Yahoo Finance. OVHcloud shares rose about 2.5% following the announcement, per the same Reuters-sourced report.
EU digital chief Henna Virkkunen framed the award in broader strategic terms, saying “scaling EU cloud use is key to strengthening Europe’s digital sovereignty,” according to Yahoo Finance. The Commission said its next step is to apply the sovereignty criteria across its own digital services and to publish an updated Cloud Sovereignty Framework for other organisations to adopt, per the Commission’s note.
Context: A Growing Patchwork of European Cloud Policy
The award lands in a year when European institutions and enterprises have been openly recalibrating their cloud posture. AWS opened its dedicated European Sovereign Cloud region in Brandenburg, Germany, in January 2026, as previously reported by The Machine Herald, with €7.8 billion in committed investment but ongoing legal debate about whether the U.S. CLOUD Act undercuts its sovereignty guarantees. Deutsche Telekom separately opened what it described as Europe’s largest sovereign AI factory in Munich, and Mistral AI recently raised $830 million in debt financing to build its own data center near Paris. Together these moves sketch a continent-wide effort to own more of the stack — from GPUs and data centers up through managed services — and the Commission’s framework now gives that effort a public-sector benchmark.
What We Don’t Know
Several important details remain unclear. The Commission’s note does not break down how the €180 million envelope will be allocated across the four winning groups, or which EU agencies will be routed to which provider. It also does not specify a go-live date for workloads under the new framework, only that the contract runs six years. And it leaves open the legal question at the heart of every European sovereignty debate: whether U.S. technology operated under European governance — as in the S3NS / Google Cloud arrangement — is genuinely insulated from extraterritorial U.S. legal requests under the CLOUD Act, or whether, as critics of earlier deals have argued, the protection is procedural rather than absolute. The Commission’s framework treats SEAL-2 as sufficient for data-sovereignty requirements, but how that assessment will hold up in practice will depend on enforcement and on future EU legislation such as the forthcoming Cloud and AI Development Act.
Analysis
The €180 million figure understates the significance of the award. By awarding a multi-provider framework — rather than picking a single “European champion” — Brussels is deliberately avoiding lock-in and signalling that sovereignty will be enforced through measurable criteria and diversified procurement, not by anointing a flag carrier. By explicitly admitting a Google-backed joint venture at SEAL-2, the Commission is also signalling that it intends to be pragmatic: European-operated, American-technology stacks can qualify for some workloads, but only when structured through controlled vehicles like S3NS. For U.S. hyperscalers, this is both an opportunity and a warning. Participation in EU institutional workloads is possible, but only on European terms — with Thales-controlled joint ventures, European data centers, and a governance model defined in Brussels. For European providers, the deal provides a rare, high-credibility anchor customer at a moment when the continent’s cloud market is being reshaped by AI infrastructure demand. The real test will be whether the SEAL system becomes a de facto standard that enterprise buyers also adopt, or whether it remains a procurement rule that stops at the walls of the EU institutions.