The public procurement of cloud services in Spain is shifting from a collection of scattered projects to the development of a structural infrastructure. The clearest indicator comes from TendersTool data: in 2025, tenders related to cloud services reached €146.6 million, concentrated in 13 large-scale contracts. It’s not just a volume leap; it’s primarily a shift in pattern. In the public sector, the focus is no longer on “migrating to the cloud” as an isolated milestone, but on maintaining operation, interoperability, and continuity of critical systems in the medium and long term.
This movement toward fewer but larger contracts also raises the bar. When investment concentrates in strategic agencies, provider strategies change: the advantage is no longer just about competing for bids but understanding which entities drive public digitalization and how their demand evolves. Practically, these types of purchases generally require more mature technical capabilities: stricter service level agreements (SLAs), traceability, data governance models, “security by design,” and teams equipped to operate complex environments over years.
Less processes, more continuity: the market is professionalizing
TendersTool analysis points to a key idea: the growth of public cloud does not always translate into “more tenders,” but into larger, more continuous contracts. For agencies with critical systems, cloud is now an infrastructure component upon which daily services depend, not an experiment. This drives standardization: repeatable architectures, service catalogs, operational frameworks, and, most importantly, genuine capacity to deliver and maintain.
In parallel, there’s an increasing need for prior positioning. In a B2G market where consolidation intensifies competition, anticipating requirements means better responding to technical demands that are no longer improvised: network segmentation, identity management, encryption, monitoring, business continuity, automation, and compliance policies.
Cloud sovereignty is no longer a slogan: Gartner predicts $80.427 billion in 2026
This local shift aligns with a broader international trend: sovereign cloud is no longer discussed solely in regulatory terms but as a strategic priority against traditional hyperscalers. Gartner forecasts global spending on sovereign cloud IaaS will reach $80.427 billion in 2026, with an annual growth rate of 35.6%. It estimates that the so-called “geopatriation” will move 20% of workloads from global providers to local players. Regionally, Europe stands out for its acceleration: the consulting firm anticipates that by 2027, the continent will exceed North America in expenditure in this segment.
Behind these figures lies an operational interpretation: governments, regulated sectors, and critical infrastructure are treating sovereignty as a design requirement. It’s not just about “where the data is,” but also about jurisdiction, control, resilience, and the capacity to execute sensitive workloads with reduced exposure to geopolitical tensions.
The State strengthens its cloud: NubeSARA and the El Escorial Data Center as critical assets
In Spain, this sovereignty narrative finds support in public infrastructure. The Ministry for Digital Transformation and Public Function recently announced the El Escorial Data Center of the State Agency for Digital Administration (AEAD) as the “main hub” of the electronic administrative ecosystem. According to official sources, it provides cross-cutting services used by millions of citizens, tens of thousands of public employees, and thousands of organizations.
The most significant element to understand the current moment is NubeSARA, described as the State Administration’s private, sovereign, and secure cloud. The Ministry details that it integrates multiple data centers, with over 12,000 virtual machines, more than 50 user entities, and presence across the territory via the SARA Network. Additionally, the data center is designed to handle high-density workloads and support a future sovereign AI platform capable of deploying trained models—such as ALIA—and generative AI services for citizens and public agencies, including intensive computing (GPU) resources within a sovereign environment.
In other words: while the market is bidding on large cloud contracts, the State also asserts that it can operate critical infrastructure under public ownership, focusing on data control, jurisdiction, and security standards.
Oracle and the uncomfortable debate: Is sovereignty “European region” or local provider?
However, cloud sovereignty is not a univocal concept. Recent days saw renewed debate after the Madrid meeting to explore collaboration with Oracle around its Oracle EU Sovereign Cloud. The approach revolves around services equivalent to public cloud but tailored to European sovereignty and compliance requirements, aligned with Oracle’s investment positioning in Europe and Spain.
There emerges a core debate many sector actors see as inevitable: for part of the market, “sovereign” should not simply mean operating within European territory under a specific contractual framework but rather supporting local providers with closer control and supply chains. In Spain, several companies present themselves as national alternatives for infrastructure and services—ranging from large telecommunications groups to specialized providers. The challenge for public policies will be defining precisely what sovereignty entails and how to measure it in bidding processes: ownership, operation, data control, technological dependence, exit, and portability.
What does this mean for sysadmins and developers?
For technical professionals, this shift has clear implications. As contracts grow larger and more durable, public administrations will demand stronger guarantees for operation and migration: consistent automation, mature observability, identity governance, network segmentation, and tested continuity plans—ready for production, not just presentations. For developers, the impact is usually reflected through platforms: increased standardization, heightened portability requirements, and architectures designed to reduce dependence on a single provider.
In this context, the 2025 figures (€146.6 million in 13 major tenders) are symptomatic: cloud in the public sector is no longer “entering,” but taking root. And once established, the debate shifts from ideological to technical: who operates, under what control, with what guarantees, and how to prevent sovereignty from becoming merely a contractual term.
Frequently Asked Questions
What does “sovereign cloud” mean in public procurement?
It usually involves enhanced requirements for jurisdiction, data control, and protection, along with operational and compliance conditions aimed at reducing external dependencies.
Why are there fewer cloud tenders, but larger ones?
Because cloud is being regarded as a critical infrastructure: contracts seek continuity, broad scope, and sustained operation rather than isolated projects.
What is NubeSARA, and why is it mentioned in the State’s digital strategy?
It is the State Agency for Digital Administration’s private, sovereign, and secure cloud, operated by the AEAD, offering services to host critical applications and providing computing and storage capacities for public agencies.
How can a provider or technical team prepare for large-scale cloud tenders?
By demonstrating real operational capabilities (SLAs, security, monitoring), consistent automation, tested continuity plans, and a clear proposal for data governance and portability.
via: tendersTool