On April 17, the European Commission awarded EUR 180 million in cloud contracts across six years to four European provider consortia under its Cloud III Dynamic Purchasing System. The decision is significant not because of the money but because of what came with it: for the first time, the EU defined cloud sovereignty through a structured, measurable framework rather than political aspiration. The framework is called SEAL, and it runs from SEAL-0 (no sovereignty provisions) to SEAL-4 (full EU supply chain, hardware to software). SEAL-2 was the minimum threshold for contract eligibility. Most winners reached SEAL-3.
The four winning groups are: Post Telecom (Luxembourg) partnered with OVHcloud and CleverCloud; STACKIT, the cloud brand of Schwarz Group, the German company that owns Lidl and Kaufland; Scaleway, the cloud subsidiary of French telecoms group Iliad; and a consortium of Proximus (Belgium), S3NS, Clarence, and Mistral AI. Three of the four reached SEAL-3, described by the Commission as digital resilience sufficient to withstand supply chain disruption from non-EU third parties. The Proximus consortium reached SEAL-2.
The Google Problem at the Center of European Sovereignty
S3NS is a joint venture between French defense and technology contractor Thales and Google Cloud. It is the vehicle through which Google Cloud technology is operated under French governance and legal control, with Thales holding operational authority. The Commission’s position on this arrangement is explicit: “Non-European technologies, when operated within a strict and appropriate framework, can meet the minimum level of sovereignty required.” That sentence is the entire debate in one line. The EU is not requiring European-built infrastructure; it is requiring European-controlled governance. The distinction matters enormously for how the sovereign cloud market develops over the next five years.
IEU Monitoring’s transparency data adds context. Google and Google Cloud entities held 14 pre-award meetings with the Commission during the tender process, more than any other technology provider. OVHcloud had 8. Thales had 6. Mistral had 6. The outcome of those conversations is embedded in the SEAL framework itself, which explicitly permits non-European technology stacks under governance conditions rather than excluding them by origin.
Who Is Not in the Room
AWS, Microsoft Azure, and Google Cloud in their own names are absent from the awardee list. Together they account for roughly 70 percent of European cloud infrastructure revenues. European providers account for roughly 15 percent. The contracts go to the 15 percent, but the infrastructure layer underneath some of those contracts still includes Google Cloud technology via S3NS. The Commission is threading a needle: reducing institutional dependence on hyperscalers while acknowledging that building sovereign infrastructure entirely from scratch inside Europe is not the near-term reality.
The Commission announced that the SEAL framework will be extended beyond its own procurement as a standard for EU member states and public institutions. A Cloud and AI Development Act (CADA) is in the legislative pipeline as part of the broader Tech Sovereignty package. If SEAL becomes the procurement standard across EU public sector institutions, the framework effectively sets the qualification threshold for any cloud provider wanting government contracts in Europe.
The SEAL Framework as a New Market Standard
For European hosting providers, the SEAL framework is the first structured path toward formal sovereignty certification. Until now, “sovereign cloud” was a marketing category with no standardized definition. A provider at SEAL-3 has demonstrated: supply chain independence from non-EU third parties, operational sovereignty, legal compliance with EU data protection frameworks, and resilience against jurisdictional overreach. These are auditable criteria, not positioning statements.
The contract ceiling is EUR 180 million over six years across four providers. That is not the story. The story is that the Commission has created a framework that any European cloud or hosting provider can now work toward, and that framework will likely become the baseline requirement for public sector procurement across the continent. The four awardees are not a closed club; they are the first batch under a system designed to expand.
The explicit goal of reducing vendor lock-in is also worth noting. The Commission stated that diversification across four providers “limits the risk of vendor lock-in and increases the digital resilience” of EU institutions. For hosting providers selling to enterprise and public sector clients in Europe, the lock-in argument has now been formally institutionalized at the Commission level. It is a sales point that has been handed a policy foundation.
Łukasz Nowak
Nearly two decades in IT. A decade in web hosting - and still in the trenches. Writing about the infrastructure that runs the internet from the inside.
Sources
- Commission Advances Cloud Sovereignty Through Strategic Procurement - European Commission (official)
- EU Awards EUR 180 Million Sovereign Cloud Contract to Four European Providers - The Next Web
- European Commission Awards Four Companies EUR 180 Million to Build Sovereign Cloud - ITdaily
- European Sovereign Cloud: EU Commission Awards EUR 180M Tender to Four Providers - IEU Monitoring