The EU Cloud Sovereignty Framework: Context, Relevance and Perspectives from the IPCEI-CIS Ecosystem
4, November, 2025
On 20 October 2025, the European Commission published the Cloud Sovereignty Framework (version 1.2.1), a comprehensive reference document that outlines how the European Union intends to define, assess and procure sovereign cloud services.
The Framework is designed to provide clarity on what “sovereignty” means in the cloud context, introducing a set of eight Sovereignty Objectives and a new evaluation mechanism, the Sovereignty Effective Assurance Levels (SEAL) and the Sovereignty Score. This initiative turns Europe’s vision of digital sovereignty into a tangible framework for assessing and procuring trusted cloud services. It will form the basis for the Cloud III Dynamic Purchasing System, guiding how public institutions and European bodies source cloud services that meet EU sovereignty requirements.
How does the EU Cloud Sovereignty Framework fit into the context of IPCEI-CIS and CISERO?
The Cloud Sovereignty Framework is both a policy and assessment instrument developed by the European Commission to define how sovereign cloud services are evaluated in Europe. It introduces a structured approach based on sovereignty objectives, assurance levels, and a sovereignty score, creating a common reference for both public procurement and market practices. And it can be expected to become a key reference point for the upcoming Cloud & AI Development Act (CAIDA).
For the IPCEI-CIS initiative and its coordination and support action CISERO, this provides an important framing. CISERO’s mission, to enhance the visibility, adoption, and exploitation of European cloud and edge solutions, aligns closely with the Framework’s ambition to strengthen trust, transparency, and resilience in the cloud domain.
While the Framework defines what sovereign cloud should mean from a policy and assurance perspective, CISERO and the broader IPCEI-CIS ecosystem focus on how to realise those principles in practice: through interoperable architectures, open-source components, and collaborative governance models.
Reactions and reflections within the community
The publication of the Cloud Sovereignty Framework has sparked constructive and thought-provoking debate across the European cloud and edge community, including among participants in the IPCEI-CIS ecosystem.
Many stakeholders have welcomed it as a timely and valuable policy step that provides much-needed clarity on how sovereignty can be assessed in practical terms. It is widely seen as a policy anchor that will help align investment priorities, and procurement practices across Europe.
At the same time, some actors have raised questions about implementation, notably around the “sovereignty score” mechanism and how intersubjectively this can be measured. There are suggestions that it would be better to work with qualitative gates rather than a score, which can always involve uncertainty in quantification.
However, as there are voices that fear the exclusion of non-European providers on the one side as well as voices that fear that the framework does too little to promote European strategic autonomy on the other side, the framework in its current version seems to have struck a good balance – or, despite its high level of detail, still leaves too much room for interpretation. Nevertheless, against the backdrop of the current discussion, it should be ensured that the criteria remain proportionate and inclusive for European providers of all sizes. (See TechRadar, Heise Online).
To move ahead it sometimes is useful to first take a step back and describe sovereignty more concisely: digital sovereignty means that individuals, organisations and states can exercise their role in the digital world independently, self-determinedly and securely. It is about the ability to understand, operate and change, and by that to achieve secure, resilient, and compliant operations. The ICPEI-CIS community can contribute not least with operational reliability, open standards and multi-cloud portability, as well as new ideas for security.
All in all, the objective creating transparency in assessing sovereignty is recognized as an important step. Within this evolving discussion, CISERO contributes by creating spaces for exchange and understanding across the IPCEI-CIS community, helping ensure that reflections on sovereignty remain connected to practical experience and collective progress.
Looking forward: Bridging policy and practice
For CISERO, the Framework provides both context and opportunity to support the discussion with domain-specific insights. It reinforces the relevance of ongoing work within IPCEI-CIS (such as mapping open-source components, developing governance models, and supporting interoperability testing) and offers a policy lens through which to interpret these efforts. Its future design will therefore have broad implications for how digital sovereignty is operationalised across Europe.
In the coming months, CISERO will continue to facilitate dialogue between policy and practice, helping stakeholders navigate the evolving sovereignty landscape, share lessons from national and industrial projects, and connect technological progress with policy expectations.
As Europe refines its approach to sovereign cloud, maintaining an inclusive, evidence-based conversation between policymakers, providers, and users will be essential to turn principles into tangible outcomes.
Join the conversation
CISERO continues to foster dialogue on sovereignty and openness through community-driven initiatives. On 19 November 2025, the webinar Open Source Cloud Infrastructure in IPCEI-CIS: Challenges, Opportunities and Strategic Pathways will explore the role of open-source software in strengthening Europe’s cloud-edge ecosystem.
The session will address governance, interoperability, and modular frameworks, featuring insights from IPCEI-CIS projects such as NeoNephos and ONEnextgen, and will present CISERO’s activities supporting the open-source roadmap.
CISERO also invites contributions to its Open Source Catalogue Survey, aimed at mapping IPCEI-CIS open-source components to highlight their functionality, licensing, and impact across the ecosystem.