DIGIT-TM III Framework Contract: The New European Commission’s IT-Services Procurement

The DIGIT-TM III Framework Contract is the forthcoming reference agreement through which the European Commission’s Directorate-General for Informatics (DG DIGIT) will obtain external IT and digital-services expertise between 2026 and 2030. Valued at approximately € 3.5 billion (excluding VAT), the framework ensures continuity of digital operations across the European Commission and other participating EU institutions.

Replacing DIGIT-TM II (2018–2025), the new framework modernises procurement rules, expands technological scope, reinforces security and data-protection obligations, and introduces detailed provisions on the responsible use of artificial intelligence (AI) within service delivery.

DIGIT-TM III Policy and Strategic Context

The contract underpins the European Commission Digital Strategy and contributes directly to the Digital Europe Programme (DEP). Its objectives include:

• Modernising the Commission’s IT infrastructure and services.
• Ensuring secure and resilient digital systems.
• Promoting transparency and competition in procurement.
• Supporting European digital sovereignty by restricting delivery to EU territory.
• Enabling innovation while guaranteeing compliance with EU data-protection and ethical-AI principles.

Legal and Procedural Framework of the DIGIT-TM III

DIGIT-TM III is tendered under Regulation (EU, Euratom) 2024/2509 on public procurement by the EU institutions.
The Contracting Authority is DG DIGIT – Digital Services. Other institutions may use the framework under inter-institutional agreements.

The contract type is a multi-supplier Time-and-Means (T&M) framework with reopening of competition.
Services are billed on a daily-rate basis for experts effectively provided, following standard acceptance and supervision procedures. It has the duuration of 48 months, with possible extensions, and an estimated maximum value: € 3 500 000 000 (€3.5 billion).

Structure and Lots

The DIGIT-TM III Framework Contract is divided into three lots, distinguishing delivery modes and geographical scope:

Lot	Delivery Model	Main Locations	Typical Activities
Lot 1	Far-site (remote within EU)	Any EU Member State	Software development, testing, BI and data engineering
Lot 2	Near-site / on-site (BE)	Brussels and Geel	Core administrative and operational systems
Lot 3	Near-site / on-site (LU + JRC sites)	Luxembourg, Ispra, Seville, Karlsruhe, Petten, Grange	Scientific platforms and data-processing systems

Each lot will be awarded to several framework contractors. Assignments are distributed through mini-competitions among the contractors of the relevant lot.

Scope of Services

The framework covers the complete digital-solution lifecycle:

1. Management and Governance: project / programme management, PMO, service-delivery oversight.
2. Definition and Design: requirements, architecture, UX/UI, prototyping.
3. Development and Integration: coding, configuration, automated testing, CI/CD.
4. Transition and Deployment: release management, migration, knowledge transfer.
5. Operations and Support: incident handling, maintenance, monitoring, user support.
6. Exploitation and Data Management: BI, data-warehouse, big-data, AI analytics.

All services must be performed from within the EU and follow the Commission’s methodologies (Agile, ITIL, DevOps).

Selection and Evaluation of Framework Contractors within DIGIT-TM III

Evaluation Phases

The selection of framework contractors takes place in three sequential phases:

1. Administrative Compliance Check: verification of legal forms, signatures, and completeness of required documents.
2. Technical Evaluation: assessment of professional capacity, experience, and quality methodology.
3. Financial Evaluation: analysis of price realism and computation of weighted-average rates.

Administrative Requirements

Tenderers must provide:

• A Declaration on Honour confirming absence of exclusion situations.
• Proof of legal existence and registration in a Member State.
• Power of Attorney (for consortia) and Commitment Letters (for subcontractors / relied-upon entities).
• Evidence of financial capacity, including balance sheets / turnover data.
• Contract References demonstrating relevant experience in IT services of comparable scale.

Technical Evaluation Criteria

The technical evaluation of the DIGIT-TM III Framework Contract focuses on:

Criterion	Description
Relevant Experience	Demonstrated capability in projects similar in scope / complexity.
Quality and Methodology	Proposed approach to service delivery, governance, QA, and risk management.
Resource Capacity	Availability of qualified personnel and recruitment process.
Security and Compliance Framework	Conformity with DG DIGIT security and GDPR requirements.
Innovation and Tools	Use of modern technologies consistent with Commission standards.

A minimum technical-score threshold applies; only offers above this are considered financially.

Financial Evaluation

Bidders submit a Financial Model listing daily rates per profile and seniority. An average reference basket of profiles is used to compute a weighted-average rate, which determines the financial score. Abnormally low or inconsistent prices may trigger requests for justification or rejection.

Award Decision

The best-value for money principle applies:

Final Score = (Technical Score × Weight T) + (Financial Score × Weight F)

Typical weighting: Technical 70 %, Financial 30 %. Contracts are awarded to the highest-scoring bidders up to the maximum number of contractors per lot (usually 5 – 8).

Mini-Competitions (Reopening of Competition)

Once the framework is signed, every new assignment is procured through reopening of competition among the contractors of the relevant lot.

Workflow

1. Service Request (“SR”) issued by DG DIGIT or another participating DG.
2. Contractors receive identical specifications including scope, profiles, duration, and evaluation criteria.
3. Contractors submit a mini-proposal (CVs + rates + short technical note).
4. Evaluation and Selection by the Commission based on quality / price.
5. Specific Contract signature with the selected contractor.
6. Execution and monitoring of services.

Evaluation of Mini-Proposals

Each proposal is assessed against explicit criteria:

Criterion	Content	Typical Weight
Profile Match and Experience	Degree to which the proposed consultant meets profile requirements and assignment context.	40 – 60 %
Availability and Continuity Plan	Confirmation of immediate availability and proposed continuity measures.	10 – 20 %
Quality of Technical Approach	Understanding of tasks, methodologies, and tools.	10 – 20 %
Financial Offer	Daily rate proposed (within framework ceiling).	20 – 30 %

The Specific Contract is awarded to the offer achieving the highest weighted score.

Timeframes

Response deadlines are generally short—5 to 10 working days. Contractors must maintain internal rapid-response teams to handle multiple parallel requests.

Performance Feedback

DG DIGIT records performance scores from each Specific Contract. These influence future mini-competitions, reinforcing accountability and quality improvement.

Consultant Profiles and Evaluation

Each CV submitted must correspond exactly to one of the predefined profiles in Annex 6.2 and Annex 6.1. The Commission verifies:

• Professional Qualifications: degrees and certifications consistent with profile requirements.
• Years of Experience: calculated from verified employment history.
• Technical Competences: alignment with technologies and tools listed in Annex 2.
• Language Skills: typically English at B2 level or higher.
• Availability: confirmation for the proposed period.

Inaccurate or non-verifiable CV information is grounds for exclusion from evaluation.

Security and Compliance Requirements

Information Security

Contractors must implement security controls compatible with the Commission Security Rules (Decision C(2015) 8065) and the “Security Baseline and Acceptable Use Policy” (Appendices 3a and 3b).
Key obligations include:

• Controlled access to Commission networks and data.
• Use of secure, patched hardware and software.
• Encryption of data in transit and at rest.
• Immediate incident notification through defined channels.
• Periodic security audits and staff training.

Data Protection

All personal data processing must comply with Regulation (EU) 2018/1725. Contractors act as data processors; DG DIGIT remains the data controller. Sub-processing is only permitted with prior written authorisation.

AI and Automation Restrictions

The use of artificial intelligence or automated decision-making tools within service delivery is subject to strict limitations:

• AI tools may be used only for assistive purposes (e.g., code generation or testing) if approved by DG DIGIT.
• Generative AI systems must not process or store Commission data outside EU jurisdiction.
• Any AI usage must comply with the forthcoming EU AI Act and DG DIGIT’s internal ethical AI guidelines.
• Contractors must document AI tool usage and obtain explicit consent from the Commission.

Personnel Screening and Confidentiality

Personnel assigned to sensitive projects may require security clearance. All experts must sign confidentiality undertakings.
Failure to respect security obligations can lead to removal from assignments and financial penalties.

Governance, Quality and Performance Monitoring

Governance Structure

• Steering Committee: reviews overall framework execution.
• Operational Meetings: monthly / quarterly follow-ups on specific contracts.
• Security Board and Quality Board: monitor compliance and KPIs.

Quality Indicators

Quality metrics cover delivery timeliness, documentation accuracy, service continuity, and incident resolution rates.
Performance data are aggregated into periodic SLA reports.

Corrective Measures

In case of repeated non-conformities, DG DIGIT may impose service credits, temporary suspension from mini-competitions, or framework termination.

Financial Architecture and Audit

Daily rates are fixed as maximum ceilings per profile and level. Prices include all overheads and administrative costs. Invoices are based on validated timesheets and are payable within 30 days. DG DIGIT, OLAF, and the European Court of Auditors retain audit rights throughout the contract lifecycle. Contractors must maintain records for five years post-payment.

Ethics and Conflict of Interest

Contractors must uphold impartiality, avoid conflicts of interest, and disclose any potential situations immediately. DG DIGIT may exclude tenderers or contractors engaged in fraudulent or unethical behaviour. All personnel are bound by the Commission’s Code of Conduct and Information Security Rules.

Implementation Timeline

Phase	Indicative Period	Main Activities
Prior Information Notice (PIN)	Aug 2025	Announcement of upcoming tender
Contract Notice and Tender Documents	Sep 2025	Publication on Funding & Tenders Portal
Tender Submission Deadline	Q4 2025	Electronic submission via eSubmission
Evaluation Phase	Q4 2025 – Q1 2026	Administrative, technical and financial assessment
Award Decision and Notifications	Q2 2026	Publication of results in TED
Framework Signature	Q2 2026	Start of validity period
Operational Phase	2026 – 2030	Service delivery and mini-competitions

Expected Outcomes and Impact

DIGIT-TM III is expected to:

• Maintain uninterrupted IT services for EU institutions.
• Strengthen security and data protection across systems.
• Introduce standardised evaluation and performance criteria.
• Enable greater participation of SMEs through consortia.
• Support ethical use of AI and sustainable digital transformation.

Conclusion

The DIGIT-TM III Framework Contract establishes the foundation for the European Commission’s digital-solution lifecycle management between 2026 and 2030. It integrates a comprehensive procurement methodology covering legal compliance, technical capacity, financial evaluation, security requirements, and responsible AI use.

Through transparent competition and rigorous performance management, DIGIT-TM III ensures that the Commission and other EU bodies can access qualified IT expertise while upholding the highest standards of security, ethics and efficiency.

If you’re struggling with placing candidates within the European Commission, book a free demo with us and see how Sprint CV’s features can help you.