What is Cloud Procurement?
Cloud Procurement refers to tender procedures where public authorities procure cloud services (SaaS, IaaS, PaaS). These procurements have special requirements for data protection, IT security, digital sovereignty, and contract design.
Key Drivers
- OZG (Online Access Act): Digitalization of government services
- German government cloud strategy: Multi-cloud approach
- GAIA-X: European cloud ecosystem
- BSI C5: Cloud security standard
- GDPR: Data protection requirements
Special Requirements
Data protection: EU/EEA-only data processing, data processing agreements, no third-country access, data portability at contract end.
IT security: BSI C5 attestation, ISO 27001, encryption, penetration testing, incident response.
Digital sovereignty: Open-source preference, vendor lock-in avoidance, data portability, interoperability, subcontractor transparency.
Cloud Service Models
| Model | Description | Typical Tender |
|---|---|---|
| SaaS | Software as a Service | E-filing, DMS, collaboration |
| IaaS | Infrastructure as a Service | Servers, storage, network |
| PaaS | Platform as a Service | Development platforms |
| Private Cloud | Dedicated infrastructure | High-security applications |
| Sovereign Cloud | Cloud under German/EU control | Government cloud |
BSI C5 – Cloud Security Standard
| Aspect | C5 Type 1 | C5 Type 2 |
|---|---|---|
| Scope | Control design | Design + effectiveness |
| Period | Point-in-time | Min. 6 months |
| Assurance | Basic level | Higher security |
Patterno Helps
With Patterno-HIT, you can identify public sector cloud tenders. Our AI recognizes cloud-specific requirements (BSI C5, EVB-IT Cloud, GDPR compliance) and filters matching procurements for cloud providers.