Public Procurement Differences Across Europe
Public procurement is the engine room of Europe’s digital transformation, with an annual volume exceeding €2 trillion. When public authorities purchase artificial intelligence systems, they are not merely acquiring software; they are commissioning socio-technical systems that will influence public services, fundamental rights, and the distribution of resources. The process is governed by a complex interplay of European Union directives and national implementations, creating a fragmented landscape where the requirements for vendor selection, technical documentation, and deployment practices can diverge significantly from one member state to another. For vendors and contracting authorities alike, navigating this terrain requires a granular understanding of how high-level principles are translated into specific, enforceable obligations on the ground.
The European Legal Framework: A Foundation of Harmonization and Flexibility
The primary legal architecture for public procurement in the EU is established by the Public Procurement Directive 2014/24/EU. This directive aims to foster a single market for public contracts by setting out common procedures and principles. At its core, the directive promotes competition, non-discrimination, and transparency. However, it also grants member states significant discretion in how they implement these principles, leading to notable variations in practice. The directive provides several award procedures, but for complex acquisitions like AI, the Open Procedure and the Competitive Procedure with Negotiation (CPN) are most relevant.
The CPN is particularly suited for AI procurements where the contracting authority cannot define its requirements with sufficient precision using technical specifications alone. This procedure allows for a dynamic dialogue with bidders to refine solutions before a final offer is submitted. While the directive provides the framework, national laws transpose these rules, often adding layers of complexity. For example, the German Vergabegesetz (GWB) and the UK’s Public Contracts Regulations 2015 (prior to Brexit) have their own specific thresholds and procedural nuances. This creates a dual-level regulatory environment: the EU sets the “what” and “why,” while national laws dictate the “how” and “where.”
Principles of Non-Discrimination and Equal Treatment
These foundational principles require contracting authorities to treat all economic operators equally and without bias. In the context of AI, this has profound implications. An authority cannot specify a technical standard that is only achievable by a single vendor or a specific technology stack (e.g., requiring a system built exclusively on TensorFlow). Such a move would be seen as discriminatory. However, the interpretation of what constitutes a discriminatory specification varies. In some jurisdictions, like the Netherlands, procurement bodies are extremely cautious about defining proprietary standards and will often default to open-source or interoperable requirements. In others, there may be more tolerance for performance-based specifications that, while not explicitly naming a vendor, effectively favor incumbents with established track records and proprietary data sets.
The Role of the European Court of Justice (ECJ)
The ECJ plays a crucial role in interpreting the directive and ensuring consistent application across the Union. Its case law shapes how national authorities interpret concepts like “abnormally low tenders” or “technical and professional ability.” For AI procurement, ECJ rulings on similar technologies (e.g., large-scale IT systems, biometric data processing) provide essential guidance. A key ECJ principle is that technical specifications must be defined in a way that allows for genuine competition. If a contracting authority’s requirements are so specific that only one bidder can realistically meet them, this violates EU law unless the authority can provide an objective justification. This is a high bar to clear, and national courts are bound by ECJ jurisprudence, creating a degree of harmonization at the interpretive level even if national laws differ in their text.
Technical Specifications: The Battleground for Vendor Selection
The technical specification is the heart of an AI procurement tender. It defines what the system must do and how it must perform. The divergence between member states is most apparent here. The directive allows for specifications to be framed in terms of functional or performance requirements, which is encouraged for innovation. However, the translation of this encouragement into practice is uneven.
Functional vs. Prescriptive Requirements
A functional requirement describes what the system must achieve, leaving the “how” to the vendor. For example, “The system must identify and classify all incoming permit applications with an accuracy of 98%.” A prescriptive requirement dictates the method: “The system must use a convolutional neural network with at least five hidden layers.” The EU directive strongly favors functional requirements to foster innovation and avoid vendor lock-in. However, many national contracting authorities, particularly those with less technical expertise, default to prescriptive requirements because they feel safer and are easier to evaluate. This creates a market advantage for vendors who can provide detailed, prescriptive solutions and disadvantages smaller, more agile innovators who may have a better functional solution but a less conventional technical approach.
Interoperability and Open Standards
Interoperability is a key policy goal at the EU level, driven by initiatives like the Interoperable Europe Act. In procurement, this translates into requirements for adherence to open standards and APIs. However, the practical application varies. In countries like Estonia, a “once-only” principle and a mandate for open APIs are deeply embedded in public sector IT procurement, making it a prerequisite for any new system. In other countries, interoperability might be a “desirable” criterion rather than a mandatory one, scoring points but not being essential. This directly affects vendor selection. A vendor whose system is built on a closed, proprietary architecture may win a contract in a country where interoperability is not strictly enforced, but will be immediately disqualified in a market like Estonia or Finland where it is a core requirement.
Explainability and Transparency Requirements
With the advent of the AI Act, requirements for transparency and explainability are moving from ethical guidelines to legal obligations. The AI Act mandates that high-risk AI systems must be designed to enable automatic logging of events (“logs”) throughout their lifecycle and be accompanied by instructions for use that are clear and understandable. In procurement, this must be reflected in the technical specifications. A contracting authority in Germany, for instance, might demand highly detailed documentation on the model’s architecture, training data provenance, and decision-making logic, reflecting a national culture of rigorous data protection and engineering precision. A French authority might focus more on the system’s ability to provide post-hoc explanations for individual decisions to citizens, aligning with their administrative law traditions. These are not trivial differences; they require different technical capabilities from the vendor and influence the design of the AI system itself.
Vendor Selection and Exclusion Grounds
Who is allowed to bid for a public contract is a critical gatekeeping mechanism. The EU directive sets out mandatory and discretionary exclusion grounds. These are intended to ensure that public funds are awarded to reliable and ethical actors. For AI, these grounds are taking on new significance.
Financial and Technical Capacity
Contracting authorities must verify that bidders have the financial stability and technical capability to deliver the contract. For an AI system, this goes beyond having a healthy balance sheet. Authorities increasingly demand evidence of specific expertise in machine learning, data science, and ethical AI development. They may ask for case studies of similar deployments, lists of qualified data scientists, or certifications in quality management (like ISO 9001) and information security (like ISO 27001). The divergence appears in the stringency of these demands. A Nordic country might require a bidder to demonstrate experience with public sector data and adherence to specific data protection standards, while a Southern European country might prioritize a lower cost and a proven track record in commercial, rather than public, deployments.
Reliability and Ethical Grounds
The directive allows for the exclusion of bidders who have been convicted of fraud, corruption, or terrorist offenses. More recently, and in line with the AI Act and GDPR, authorities are exploring the use of discretionary exclusion grounds related to professional misconduct and violations of labor or environmental law. A bidder whose AI system has been found to be discriminatory or who has a history of data breaches could be considered unreliable. The practical application of this is still evolving. For example, would a company that has been fined under GDPR be automatically excluded from a bid for a new AI contract? Different national procurement authorities will answer this question differently. Some may see it as a clear sign of unreliability, while others may require a more detailed assessment of the breach and the corrective measures taken. This creates uncertainty for vendors operating across multiple European markets.
Documentation and Compliance Burdens
The documentation required for an AI procurement tender is extensive and serves as the primary evidence for evaluation. The level of detail expected can vary dramatically.
The Technical Proposal
This is where the vendor details how their solution meets the functional specifications. In a German tender, this might be a 200-page document with detailed architectural diagrams, data flow models, and algorithmic descriptions. In a UK-style procurement (even post-Brexit, the influence remains), the emphasis might be on a more concise response focusing on the “how” and “why” rather than exhaustive technical detail at the bid stage, with specifics to be fleshed out during a negotiation phase. This difference impacts the cost and time required to prepare a bid. A vendor bidding across Europe must have a flexible proposal template that can be adapted to these different expectations.
Compliance with the AI Act and GDPR
Vendors are now expected to provide a “Compliance Folder” or “Technical Documentation” that demonstrates conformity with the AI Act. This includes details on the system’s design, development, and testing, as well as risk management procedures. Similarly, a Data Protection Impact Assessment (DPIA) under GDPR is often a mandatory requirement. The way these documents are evaluated differs. In some countries, a checklist-style declaration of conformity might suffice at the bid stage. In others, particularly those with strong data protection authorities like Spain or Austria, the contracting authority may engage its own experts to scrutinize the DPIA and technical documentation before a contract is even awarded. This pre-award scrutiny adds time and risk to the procurement process for the vendor.
Deployment Practices and Post-Market Monitoring
The procurement process does not end with the award of the contract. The requirements for deployment and ongoing monitoring are increasingly specified in the tender documents. The AI Act introduces a post-market monitoring system, requiring providers of high-risk AI systems to actively collect data on their performance and report serious incidents to national authorities. Contracting authorities are beginning to build these obligations into their contracts. This means a vendor might be contractually obligated to provide a dashboard for real-time performance monitoring, conduct regular algorithmic audits, and report any “drift” or performance degradation. The specifics of these obligations—how often reports are due, what constitutes a “serious incident,” who owns the monitoring data—can be defined differently in each national context, creating a complex web of post-contractual compliance duties for vendors operating at scale.
National Implementations: A Comparative View
To illustrate the practical divergence, it is useful to compare the approaches of a few representative member states. This is not an exhaustive list, but it highlights the spectrum of approaches.
Germany: Precision and Procedure
German public procurement is characterized by a highly formalized and procedure-driven approach. The principle of Leistungsbeschreibung (performance description) is central. German authorities often prefer detailed, prescriptive specifications because they believe it reduces ambiguity and legal challenges. For AI, this can mean a demand for exhaustive documentation of the model’s logic and training data. The evaluation criteria are often heavily weighted towards technical quality rather than price, reflecting a preference for robust, reliable engineering. Vendors must be prepared for a rigorous, lengthy process with multiple rounds of clarification and a strong emphasis on legal certainty at every step.
France: Innovation and Public Service Mission
French procurement law has a strong focus on innovation and the public service mission. The Code de la commande publique provides mechanisms for procuring innovative solutions, such as the “innovation partnership.” This allows authorities to collaborate with vendors on R&D to develop a solution that may not yet exist on the market. For AI, this is a powerful tool. French authorities are also increasingly sensitive to the ethical dimensions of AI, often including criteria related to algorithmic bias, energy efficiency, and the system’s impact on social cohesion. A vendor’s proposal in France must therefore not only be technically sound but also align with the broader public policy goals of the state.
Nordic Countries (e.g., Finland, Sweden): Transparency and Interoperability
The Nordic countries are often at the forefront of digital governance. Their procurement processes are characterized by a high degree of transparency and a strong emphasis on open-source software and open standards. Interoperability is not just a desirable feature; it is a foundational requirement. For AI, this means that vendors must demonstrate how their system will integrate with existing public sector digital infrastructure. There is also a strong focus on data sovereignty and security. A vendor may be required to guarantee that all data processing for a public sector AI system occurs within the EU/EEA and that the data is fully auditable. The evaluation process is often very technical, with significant weight given to the expertise of the evaluation committee.
Spain: A Balancing Act
Spanish public procurement for AI reflects a balance between the desire to modernize public services and the need to manage budget constraints. There is a growing interest in AI for administrative efficiency and citizen services. However, the market is also price-sensitive. This can lead to a situation where technical requirements are ambitious, but the final award decision is heavily influenced by the lowest price. This creates a challenge for vendors offering high-quality, but more expensive, solutions. The national implementation of the AI Act will be closely watched, as it may introduce stricter documentation and compliance requirements that could shift the balance back towards quality and risk management.
Emerging Trends and Future Harmonization
The landscape of AI procurement is not static. Several forces are pushing for greater convergence, while others preserve national diversity.
The Impact of the AI Act
The AI Act is a horizontal regulation that will directly apply in all member states. It sets out mandatory requirements for high-risk AI systems, including risk management, data governance, technical documentation, and human oversight. While the Act itself does not govern procurement, its requirements will become de facto mandatory for any vendor selling high-risk AI into the public sector. Contracting authorities will simply write the AI Act’s requirements into their tenders. This will create a significant degree of harmonization. A vendor that complies with the AI Act will have a compliant product for all of Europe, simplifying their documentation and compliance efforts. However, divergence will persist in how authorities evaluate and weigh these requirements, and in the specific use cases they prioritize.
EU-Level Frameworks and Cooperation
Initiatives like the European Digital Identity (eIDAS 2.0) and the European Health Data Space (EHDS) are creating pan-European infrastructure for data sharing and digital services. Procurement for these systems is inherently European and sets a high bar for interoperability and security. As these frameworks mature, they will influence national procurement standards, pulling them towards a more unified approach. Furthermore, joint procurement initiatives, where multiple public bodies from different countries procure a solution together, are gaining traction. These initiatives force participating authorities to agree on common specifications, thereby creating de facto European standards for certain types of AI systems.
The Role of Standardization
Standardization bodies like CEN-CENELEC and ETSI are developing technical standards for AI, particularly in response to the AI Act’s request for harmonized standards. Once these standards are adopted, they will provide a common technical language for procurement. A vendor who can demonstrate compliance with a harmonized European standard will have a much easier time proving their product’s quality and compliance across different member states. This is perhaps the most powerful tool for reducing fragmentation. However, the process of developing these standards is slow, and it will take years before they are widely adopted in public procurement practice.
The journey towards a truly harmonized European market for public AI procurement is far from over. While regulations like the AI Act provide a solid floor of common requirements, the diversity in national implementation, administrative culture, and strategic priorities will continue to shape a complex and varied procurement landscape. For professionals in the field, success will depend not only on building compliant AI, but also on understanding the subtle, yet significant, ways in which a European directive becomes a national reality.