Source: European Parliament
The Commission’s digital transformation is guided by its cloud strategy[1], prioritising a secure hybrid multi-cloud approach. The hybrid aspect is delivered through private cloud infrastructure under full Commission control, as the key part of its digital autonomy.
The multi-cloud dimension ensures resilience and mitigates vendor lock-in, with operators awarded via procurement procedures compliant with EU laws, data protection and cybersecurity legislation and international agreements.
Contracts have been awarded to a variety of providers, all of which are EU-based entities. The Commission has included European providers without corporate ties to the United States and makes extensive use of open-source software.
Currently, in line with the objective to avoid dependency, 85% of workloads run in the Commission’s private cloud. The remaining 15%, managing non-confidential data, are equally distributed among Amazon Web Services EMEA SARL (AWS) and Microsoft Ireland Operations Limited, and — to a lesser extent — OVHcloud. Contracts concluded with AWS and Microsoft are valid until 2030 and 2031 respectively, with no volume commitment in usage.
Since 2014, successive cloud and software framework contracts[2] have incorporated award criteria reflecting European digital sovereignty initiatives such as references to SecNumCloud that resulted in a contract awarded to OVHcloud.
Looking ahead, the Commission remains committed to leveraging forthcoming legislative and procurement instruments to strengthen EU digital sovereignty and foster innovative EU services.
The upcoming Cloud and Artificial Intelligence Development Act[3] will ensure secure EU-based capacity for critical needs, backed by a single EU-wide cloud policy for the public sector.