
CISPE
European cloud trade body; launched rival auditable sovereignty badge to contest the Commission's SEAL framework.
Last refreshed: 17 May 2026 · Appears in 1 active topic
CISPE's rival badge launched the day after SEAL — can it become the standard CAIDA actually references?
Timeline for CISPE
Mentioned in: EU chip share slips to 9%
European Tech SovereigntyMentioned in: Bruegel puts the cloud law at 86bn euros
European Tech SovereigntyMentioned in: CAIDA leak: US clouds barred from EU public data
European Tech SovereigntyMentioned in: Sovereignty package slips to 27 May
European Tech SovereigntyMentioned in: Virkkunen picks Tokyo after EU summit
European Tech SovereigntyWhat is CISPE and why did it criticise the EU sovereign cloud contract?
What is CISPE's auditable sovereignty framework?
What is the US CLOUD Act and why does it matter for European cloud sovereignty?
Background
CISPE (Cloud Infrastructure Services Providers in Europe) is the trade association representing European cloud infrastructure providers, including OVHcloud, Hetzner, Scaleway, and dozens of smaller operators across EU member states. On 22 April 2026, its Secretary General Francisco Mingorance publicly described the European Commission's decision to include S3NS — a joint venture between Thales and Google Cloud — in the €180m sovereign cloud framework as "clearly an own goal" and characterised it as "sovereignty washing" .
CISPE's core commercial interest is enforcement of a meaningful distinction between genuinely European cloud infrastructure and US-linked providers operating under a European brand. The US CLOUD Act gives American authorities the power to compel US-domiciled cloud companies to disclose data held anywhere in the world, including through European joint ventures. CISPE argues this structural legal exposure makes S3NS's SEAL-2 certification — the minimum data sovereignty threshold, one tier below the digital resilience achieved by the other three awardees — an insufficient basis for inclusion in a framework described as sovereign.
Mingorance delivers the keynote "Making Sovereignty Verifiable" at Sovereign Tech Europe on 23 April 2026, presenting CISPE's proposed auditable sovereignty framework — a certification scheme designed to give cloud procurement legally defensible definitions that distinguish hedged access from genuine independence . Whether CISPE translates its public criticism into a formal legal challenge against the framework award remains an open question.
On 24 April 2026 — the day after Mingorance's Brussels keynote — CISPE formally launched its Sovereign and Resilient Cloud Services Framework, certifying 40-plus services under a binary distinction: Sovereign (full CLOUD Act immunity, data processed exclusively in the EU, no non-EU legal access vectors) or Resilient (operational independence, but without the full legal immunity). Third-party audits are conducted by BYCYB (formerly LNE). CISPE explicitly framed the launch as a challenge to the Commission's graduated SEAL tiers, calling SEAL a "murky sovereignty score" that obscures whether a service is genuinely immune or merely operationally independent.
The framework competition with SEAL now has a legislative dimension. The Commission's CAIDA (Cloud and AI Development Act), tabled for adoption 27 May 2026, is expected to name a certification standard for procurement of sensitive public-sector data. CISPE has lobbied for its binary framework to be that reference, arguing SEAL's tiered structure allowed the S3NS compromise that CISPE publicly called an own goal. If CAIDA references CISPE's binary standard rather than SEAL, it would effectively mandate that S3NS-type hybrid structures are excluded from the most sensitive data categories across all EU member states — a commercially decisive outcome for OVHcloud, Hetzner, and Scaleway.
The result is a contest between two rival certification architectures: the Commission's SEAL (graduated tiers, broader inclusion, backed by institutional procurement precedent) and CISPE's binary badge (all-or-nothing sovereign test, industry-led, auditor-backed). CAIDA's language will determine which framework shapes EU public procurement for the next decade.