The European Commission goes ‘cloud first’: A roadmap towards trusted cloud adoption to seize the opportunities of digital transformation for EU institutions and agencies

Cloud computing is likely to be taken up extensively by governmental organisations in the coming years, including the European Commission (EC), Parliament, Council and other EU institutions (EUIs), as well as EU executive or decentralised agencies and other EU bodies.1 On 21st November, 2018, the EC adopted a digital strategy (ECDS) with the double objective to transform the Commission into a user-focused and data-driven organisation. Building on the conclusions of the Tallinn Digital Summit in September 2017, this strategy recognised the need for the public sector to seize the opportunities offered by digital technologies and to accelerate the completion of the digital single market. Realising that cloud computing is already transforming the way to deliver state-of-the-art public services globally, the EC ambitions to become a data-driven administration by 2022. Digital strategy aims at a broad adoption of cloud computing by 2022, working closely with other EUIs and member states. This objective is framed by a cloud strategy for the EC. The main purpose of this paper is to provide the readers with a detailed analysis of the approach to information technology security taken by the European Commission’s Directorate General for Informatics (DIGIT) under its cloud strategy and by other EUIs in their cloud adoption. The adoption of cloud computing by EUIs takes place against the dual background of increasing pressure to become digitally enabled and a reinforced regulatory framework on personal data protection and information security. A common approach to cloud consumption will enable common strategies for compliance with legal requirements. The adoption of cloud computing by the EUIs also unfolds within a highly structured public procurement framework. DIGIT is planning to work within this framework using dynamic procurement models, which will enable access to a fast-evolving cloud computing market. Building on the experience of the first cloud framework contract (Cloud I), DIGIT is coordinating the preparation of the Cloud II framework contract to enable access for EUIs to the global market of cloud providers from 2020. With DIGIT serving as a broker, we will explore the challenges and opportunities that the European Commission is facing on its digital transformation path. This paper explains some of the lessons that the EUIs have learned from cloud experiments, from 2014 on through the Cloud I.