Jusletter IT

The adoption of cloud computing in the public sector has always been critical but security and confidentiality have acted as the most serious obstacles to cloud adoption. This reluctance was aggravated by the NSA’s PRISM surveillance programme, leading to national initiatives and binding cloud solutions to national regulations. But instead of enhancing the adoption of cloud services, it both brought market fragmentation, and, crucially, led to the under-utilisation of the scalability and future-proof that cloud computing can provide.

Taking that as a challenge to develop trusted cloud services in Europe involving member states and industry, the intention of the C4E project takes that as a challenge for the development of trusted cloud services suitable for public sector needs.¹

The common requirements of European public administrations for cloud services and the need to boost the creation of a vibrant and competitive cloud ecosystem for a digital single market are key objectives to bring forward cloud adoption in the public sector. C4E will mitigate the obstacles for the adoption of cloud computing in the public sector by implementing a joint PCP process for innovative cloud solutions that opens opportunities for cloud providers in Europe and prepares the public sector for the procurement of cloud services.

The project has three phases; the first phase is the PCP preparation and comprises all the preparatory work needed for implementing the tender. This includes analysing the requirements of the European public sector, the current market situation and the relevant standardisation landscape. The second phase is the PCP tender implementation, which starts after initial proposals for innovative cloud services are received. Solutions to be prototyped and prototypes that will become test products are evaluated and selected for next phases. In the third phase – Sharing – lessons learnt will be transferred into best practices and recommendations for future PCP activities.

A model needs to be defined to allow public authorities to work together in the area of PCP, i.e. to allow a joint multinational PCP at European level.

Two models were discussed in detail: the Lead Tendering Authority with «Joint Framework Contract» and the Common Procuring Entity. For the latter example two options have been analysed, namely the European Grouping for Territorial Cooperation (EGTC) and a private law association (registered under Italian law).

Both models were found suitable, at least initially, for the joint PCP procedure. In fact, the analysis showed that both models provide workable solutions with respect to launching and operating the tender as a single entity.

The Lead Tendering Authority model does not require setting up permanent organisations, and is therefore cost-effective and less time-consuming.

The main difference was to be found in complexity and timings. While the process to set up a Common Procuring Entity with clear responsibilities and financial risks limited to the project funds would take considerable time (from 3 to 6 months just for the initial authorization from each Public Authority), the adoption of the Lead Tendering Authority model offered a more flexible and timely solution. The Lead Tendering Authority model is also less costly from an administrative perspective and enables to set up a simple governance structure limited to the bodies necessary for the procurement.

As such the project adopted the «decentralized lead tendering authority model» that foresees the assignment of the duty to launch the tender to a single authority. As such, it also allows simplifying and to uniform the legal requirements (i.e. equal treatment and conditions for economic operators). The model further foresees a close collaboration between all participants at each stage of the procurement life cycle, sharing out individual tasks but also responsibilities (e.g. in evaluating tender offers and selecting winning suppliers). The overall process of innovation will be managed in a coordinated manner by the Lead Authority, the other Contracting Authorities and the partners in the project. This solution is also the simplest in legal terms and could be effective for tasks that merely require regulation.

The C4E procuring partners decided to implement the Lead Tendering Authority model with Agency for Digital Italy (AGID) as Lead Tendering Authority.

The legal requirements and related barriers in a cloud environment have been set up by several public authorities, taking into account the outcome of the due diligence performed within the consortium.

In essence, the legal challenges a European based public organization has to face when adopting cloud solutions can be divided in two categories: (1) the challenges common to most cloud services such as applicable law, jurisdiction & dispute resolution, data protection, liability, contractual framework, data portability, interoperability, consumer related concerns and government access to the cloud and (2) the challenges specific to the public sector, such as public procurement legislation related concerns and specific legislation in the fields of various domains of the law, mainly relating to language requirements, archiving, national defence and state secrets, fiscal and bookkeeping legislation, social and criminal procedures and medical requirements.

The set-up of a decentralized lead tendering Authority model requires a legal framework to allow the cross-border collaboration between the participating public authorities. This framework can be established by way of a convention, without the need for a permanent cooperation structure.

As such, in the case of C4E, the lead tendering authority model will be implemented as a collaborative agreement between the participating procurers, i.e. a joint PCP agreement² throughout which their activities are combined for a one-off procurement action.

The agreement covers also ancillary matters, such as the management of the tender procedure, the conduct of legal action arising under the joint PCP, the lack of compliance with the agreement and the amicable settlement of eventual disagreement between the contracting authorities.

As mentioned, the role of the lead tendering authority is to act in its own name and on behalf of all the other contracting authorities, in accordance with Italian law.

The procurement agreement contains also specific provisions in relation to the role of the lead authority in the joint PCP and also regulates that the lead tendering authority shall be the sole representative of the contracting authorities towards the tenderers under the framework agreement and in any legal action or counter-claim that may arise.

The contracting authorities have to participate in the procurer’s steering committee’s meetings, to support the lead tendering authority in all the activities mentioned above, to provide project management services (oversight, progress, and deliverables) and documents, and to provide legal assistance to the lead tendering authority when requested.

The governance structure foresees a Procurers Steering Committee as well as a number of independent evaluation committees; the latter depending on the number of lots the tender is divided.

The EC Directives distinguish five different procedures for public procurement, among which the open and restricted procedures. The procurers analysed and discussed these two procedures, in order to make an informed decision.

In Open Procedures, any interested economic operator may submit an offer in response to the publication of the notice placed in the Official Journal of the European Union (OJEU). The Contracting Authorities must then provide additional information to the interested suppliers at least 6 days before the final date of receipt of offers.³ This kind of procedure suits best, when contracting authorities are expecting only a small number of suppliers to answer to the publication of the notice.

In Restricted Procedure there are two stages: once a notice is placed in the OJEU (TED database - Tenders Electronic Daily), in 37 days, economic operators may request to participate and then, only those selected by the Contracting Authorities will be invited to submit a tender. The deadline for the receipt of tenders is at least 40 days after sending the invitation. Candidate’s selection is based on objective criteria (financial standing, technical capability, etc.).

Both, in open and restricted procedures the award criteria for tenders are the lowest price and the economically most advantageous (best value for money), plus several objective criteria such as quality, technical assistance and service, delivery period.⁴ The criteria must be non-discriminatory and non-prejudicial to fair competition.

The procurers recognized the pros and cons of both procedures, and in particular, the inevitable lengthening of times that restricted procedures involves. 

The final decision was to opt for the open procedure. This procedure seemed also more in line with the provision of the EU COM(2007) 799, considering that it would better guarantee transparency in relation to both the PCP subject and the evaluation criteria.

The PCP process shall be organized in three phases (and eventual sub-phases), according to the EU Communication from 14.12.2007⁵ and the commission staff working document.⁶

Multiple companies developing research and development services will take part in the process. As such, as also shown in Figure 3, the PCP process is thought to be a competitive process.

Following the publication of a contract notice on TED, the procedure will take place in phases by applying the award criteria set out in the tender specifications to reduce the number of tenders. After the expiry of the deadline for the submission of offers the lead tendering authority will appoint the evaluation committees. The initial offer evaluation process will end up with the selection of at least 5 companies.

The lead tendering authority then notifies the award decision simultaneously to all tenderers or candidates.⁷ Finally, the lead tendering authority will sign the framework agreement on its own account and on behalf of the contracting authorities.

At the end of phase I, the lead tendering authority will send an invitation letter to those tenderers who successfully ended the solution design phase, and invite them to submit a technical offer for phase II.

After the expiry of the deadline for the submission of the technical offers, the lead tendering authority will appoint the administrative and the technical evaluation committees, which will select at least 3 companies. The same applies for the last phase.

The tender regulation specifies in detail the general context of PCPs, including all requirements, the instructions for the submission of offers (including the reception and content of the bid envelope), the instruction for the deposit and for the technical and the financial offer, the declaration of subcontracting, a description of the PCP awarding procedure (award criteria for the PCP) and other information. Furthermore, the Tender Regulation will provide precise instruction for tenderers who want to participate individually or by way of a consortium or association.

An introduction will specify the number of phases, the budget for each phase, the number of contracts to be awarded, the lead authority contact point for clarification, and the award procedure. The document provides also detailed rules for the submission of offers.

The tender documents have to be submitted under the three-package system. In this kind of system, the tenderers are evaluated in stages. The first envelope must include all the administrative documents required, which shall give evidence of the tenderer’s compliance with the exclusion and selection criteria to be specified in the tender regulation.

The framework agreement is the contract resulting from the joint PCP procedure, conducted pursuant to the procurement agreement and signed by the tenderers and the lead authority. The draft, published together with the contract notice, gives evidence of rights and obligations of the parties, in relation to the specific type of research and development service for each type of service.

Key provisions in this framework agreement relate to the intellectual property rights and the deposit.

The framework agreement shall give evidence of risk and benefit sharing between the parties. It shall provide the regime of sharing of intellectual property rights between the lead authority and each tenderer. The intellectual property rights, generated by the tenderer in the course of the framework agreement, will belong to the tenderer, whilst the latter will grant to the lead tendering authority and the other contracting authorities an irrevocable, worldwide, royalty-free, non-exclusive license to use, at no additional cost, the results of what has been achieved with regard to the three phases. The existing intellectual property rights used or supplied for the purpose of the framework agreement in connection with the project remain the property of the party introducing the same (or any third party supplier that owns it).

Procurers were asked to express their interest in the provision of a percentage of revenues obtained by the tenderer. The lead tendering authority can indeed potentially receive royalties, which can then be distributed to the other contracting authorities in accordance with their contribution to the PCP. Such provision has not been integrated in the agreement, since all of the procurers are public organizations, which cannot act as a commercial party.

Finally, the tenderer shall use its maximum effort to exploit commercially the intellectual property of the results arising from the project, and also of the other results, within three years from the end of the last awarded phase of the project. Otherwise, such non-exploited project intellectual property rights will be assigned to the lead tendering authority and the other contracting authorities.

Further, procurers also discussed the provision of a deposit. It is the only way to avoid the risk due to withdrawals or defaults on tenderer’s commitments during the tender. It is a (minimum) guarantee for all the specific obligations assumed by the tenderer. Considering the amounts involved, such small percentage (equal to the 2%) of the contract value should not be an inhibition for the participation of SMEs.

The tendering process for governmental services is quite different than the one for private industry. In essence, public procurement aims at providing value for money for taxpayers while ensuring equal treatment, non-discrimination and transparency. As such, appropriate tendering and awarding procedures need to be followed, with specific rules on financial thresholds, notices, timeframes, grant criteria and documentation.

The challenges relating to the public procurement legislation need to be addressed by a new regulatory framework, which is (partially) done by the new Public Procurement Directive, adopted on 15 January 2014, and to be implemented by April 2016.⁸

By introducing less complex and more flexible negotiation procedures⁹, contracting authorities are better tailored to their needs at the best price, which could be beneficial in a public sector cloud environment, since often, public domain related services indeed may require specific requirements, which cannot be offered «off the shelf».

Further, the drastic cut of the administrative burden, by reducing the number of required documents¹⁰, will ease the life of the economic operators.

On top, the access to public procurement for SMEs is encouraged, by, amongst others, strong incentives to divide tenders into lots through the «apply or explain» principle and limiting the financial capacity requirements for the submission of a tender¹¹, which can be considered beneficial in cloud tenders.

Finally, by introducing the MEAT criterion (most economically advantageous tender) as the only criterion for award, public authorities will be able to put more emphasis on quality, environmental and social considerations while still taking into account the price and «life-cycle-cost» of what is procured. As such, contracting authorities may, in their award decisions, take into account criteria linked to the production process of the services or even require that works or services bear specific labels certifying specific characteristics. When tendering cloud services, certifications, in particular on security measures, could become one of the selection criteria.

To enhance cloud adoption and usage by the public sector, as envisaged by the C4E project, and taking into account the legal requirements as well as identified challenges, we recommend the following steps to establish a cloud in the public sector. Our recommendations relate to changes in the regulatory framework and to recommendations to enhance the relationship between a public cloud consumer and a cloud provider, taking into account the potential use of the cloud services by a cloud end user.

Public procurement rules need to be further harmonized and simplified to enable a smooth cloud tendering process. Member states should set up common guidelines to set the prerequisites for an efficient tendering process, both taking into account administrative as well as budgetary simplifications/aspects. The directive, by its nature, entails potentially diverging implementations in the various member states. Also, some obstacles remain unsolved under the new initiatives, for example how to enable a government to award the same services to two providers at the same time, while one provider services as a main provider and the second one as a back-up provider.

Overall, the main barriers can be summarized as follows (1) a patchwork of national conflicting laws resulting from local implementation of European legislation, with the European data protection legislation as an area of focus, (2) fragmented and diverging national legislation in the public sector, with often no clear or even conflicting national legislation on whether data in the relevant domains can be transferred to a(n) (international) cloud environment, (3) national legislation discouraging the transfer of data to a(n) (international) cloud environment, (4) inappropriate public procurement legislation and (5) hesitance to transfer data to the cloud for reasons of national defense and state secrets and, more in general, the extra-territorial enforcement and the foreign intelligence gathering practices.

Currently the main experience and recommendations of the C4E project relates to the preparation of the PCP tender. The main lessons learnt are that the procurers should start early with developing the tender strategy, identifying the challenges and object of the tender, as well as deciding on the procurement model as early as possible. If needed new procurers can be included, but without significant change of the tender strategy. When drafting the tender, it is also advised to avoid creating different lots, if possible.

Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, COM(2007) 799 final, Pre-commercial Procurement: Driving innovation to ensure sustainable high quality public services in Europe.

Directive 2004/18/EC of the European Parliament and of the Council of 31 March 2004 on the coordination of procedures for the award of public works contracts, public supply contracts and public service contracts.

Directive 2014/24/EU of the European Parliament and of the Council of 26 February 2014 on public procurement and repealing Directive 2004/18/EC.

Heijboer, Govert/Telgen, Jan, Choosing the open or the restricted procedure: a big deal or a big deal?, Journal of Public Procurement, Vol. 2, Issue 2, 2002.

Legislative Decree no. 163/2006, Informazioni circa i mancati inviti, le esclusioni e le aggiudicazioni [Informations regarding missing invitation, exclusions and awarding], Article 79 [as provided by article 41 of 2004/18/EC].