EU picks sovereign cloud vendors under SEAL criteria
On 17 April 2026 the European Commission announced the outcome of a strategic cloud procurement: four contracts with European providers assessed under the Cloud Sovereignty Framework. The minimum bar was SEAL-2 — data sovereignty under EU law without extra customer-only safeguards.
In short: Four EU contracts, SEAL-2 minimum. Sovereignty can finally be measured when choosing cloud.
What changed
Until now, “digital sovereignty” was hard to score in tenders. The framework adopted in October 2025 turns it into eight measurable objectives — ownership, jurisdiction, supply chain, openness, security (GDPR, NIS2, DORA), and more.
Awarded vendors include partnerships around Post Telecom/OVHcloud, Germany’s STACKIT, France’s Scaleway, and Proximus with S3NS services. Most reached SEAL-3 (resilience against non-EU supply disruption). The Commission also notes that non-European technology can meet the minimum bar when operated under strict EU control.
Why it matters beyond Brussels
Businesses and municipalities do not need to wait for the Commission’s tender. The direction is clear: ask about jurisdiction, who holds encryption keys, exit options, and whether support sits in the EU.
That is how we already work — Nextcloud, mail, and related services hosted in Europe, flat monthly fees, human support. Comparing options? See comparison with US clouds and public sector overview.