EU Cloud Sovereignty Framework: SEAL Criteria for €180m Procurement
- Tim Banting
- Jun 8
- 2 min read
The European Commission has published the technical specifics of the Cloud Sovereignty Framework it used to evaluate vendors for an April 2026 procurement contract.

Following enquiries from public administrations and IT firms, the Commission outlined how it assesses providers across 48 specific criteria. The framework relies on a tiered Sovereignty Effectiveness Assurance Level (SEAL) system, which scales from SEAL-0 to SEAL-4, to evaluate levels of data sovereignty and supply chain alignment.
What the EU Cloud Sovereignty Framework Means for Providers
The European Commission has introduced formal compliance benchmarks for cloud providers handling workloads for EU institutions, bodies, offices, and agencies (Union entities). By integrating the Cloud Sovereignty Framework into its Cloud III Dynamic Purchasing System (DPS), the Commission requires that vendors prove operational compliance to secure these institutional contracts.
The €180 million sovereign cloud contract awarded to four providers in April 2026 served as the primary mechanism for establishing this new standard. The selected providers are:
Post Telecom: Leading a Luxembourgish-French partnership alongside OVHcloud and CleverCloud.
STACKIT: Operated by the Schwarz Group.
Scaleway: Operated by the Iliad Group.
Proximus: Leading a Belgian-French-Luxembourgish partnership utilising services from S3NS (a joint venture between Thales and Google Cloud), Clarence, and Mistral.
The SEAL Grading Matrix
Publishing these criteria provides a transparent mechanism to assess provider risk. The evaluation relies on the tiered SEAL system, which tracks capabilities across a distinct spectrum:
SEAL-2 (Data Sovereignty level): Ensures compliance with EU data protection laws and regulations without requiring additional technical measures by the customer to protect its data.
SEAL-3 (Digital Resilience level): Mandates operational autonomy and technological autonomy.
SEAL-4 (Full Sovereignty level): Demands a full EU supply chain, spanning from hardware chips to software.
The Commission encourages the wider adoption of this framework, which grades providers across eight distinct categories, including supply chain security and environmental sustainability. While it serves as a voluntary benchmark for national authorities and private firms, formalising these standards establishes a repeatable commercial baseline. Enterprise buyers and regional health providers frequently adopt public sector scoring matrices to bypass lengthy compliance mapping during commercial tenders.
Capabilities
Comprehensive Assessment: Procurement teams utilise 48 specific criteria divided into eight distinct categories to evaluate elements such as supply chain security, legal jurisdiction, and artificial intelligence protocols.
Tiered Assurance: The scoring mechanism ranks vendors through the full SEAL system (SEAL-0 to SEAL-4), measuring milestones from foundational legal compliance up to a fully European-sourced technology supply chain.
Limitations
Applying 48 distinct sovereignty criteria creates heavy compliance burdens for smaller European cloud providers attempting to compete with well-resourced international joint ventures.
Achieving the highest SEAL ratings requires heavy capital expenditure, effectively restricting the top tiers of the framework to a very small pool of infrastructure operators.
Signals to Watch
National Procurement Convergence: Potential integration of this specific grading matrix by EU Member States into their national procurement systems to harmonise fragmented local standards.
Commercial Market Signalling: The likelihood of European cloud providers referencing SEAL equivalency standards within the broader commercial market to signal compliance to enterprise buyers.
Sustainability Integration: The inclusion of environmental sustainability within the sovereignty framework establishes ecological impact as a formal evaluation criterion for EU institutional procurement.
Sources: https://commission.europa.eu/news-and-media/news/sovereign-cloud-framework-explained-2026-06-01_en https://commission.europa.eu/news-and-media/news/commission-advances-cloud-sovereignty-through-strategic-procurement-2026-04-17_en


