NACE 63.1 – Data Processing, Hosting and Related Activities | Public Tenders
NACE 63.1: Data processing and hosting in public tenders. Cloud, data centres, CPV codes and contracting authorities for public IT contracts.
Definition: NACE 63.1 covers data processing services, hosting, data centre services and web portals — from classic data centre services through cloud computing to the operation of public web portals. In the era of administrative digitalisation, this segment is among the fastest-growing procurement areas.
Legal basis: NACE Rev. 2 (Regulation (EC) No 1893/2006) · Last updated: January 2026
What does NACE 63.1 cover?
NACE 63.1 (Data processing, hosting and related activities; web portals) classifies companies that operate and provide IT infrastructure for others — a core area of public IT procurement in which cloud services, data centres and government portals are tendered.
Group 63.1 within Section J (Information and Communication) and Division 63 comprises two classes:
| Class | Title | Typical services |
|---|---|---|
| 63.11 | Data processing, hosting and related activities | Data centre services, IaaS, PaaS, SaaS, managed services |
| 63.12 | Web portals | Operation of online portals, content delivery platforms, search engines |
In the public sector, class 63.11 dominates — from classic colocation services through government private cloud to public cloud services from hyperscalers for authorities. Class 63.12 is relevant for public service portals and citizen information platforms.
Public Tenders: Sector NACE 63.1
Cloud services and data centre services are among the most dynamic procurement areas in the public sector — driven by the move away from on-premises IT, data sovereignty requirements and the development of sovereign government cloud solutions.
Typical types of contract
- Infrastructure as a Service (IaaS): Provision of compute capacity, storage and network resources as an on-demand service for authorities
- Platform as a Service (PaaS): Development and operating platforms for government applications (e.g. Kubernetes clusters, database services)
- Software as a Service (SaaS): Government-specific cloud applications (e.g. office suites, ERP systems, collaboration tools)
- Colocation and managed hosting: Operation of government IT in commercial data centres with physical security
- Backup and disaster recovery: Data backup and failover concepts for government IT systems
- Government web portals: Development and operation of public online portals, citizen service portals and information platforms
Thresholds and procedure types
Cloud and data centre services for federal authorities regularly exceed the EU threshold of EUR 221,000. These contracts must be tendered EU-wide — frequently as a multi-year framework agreement, in the open procedure or, for complex requirements, in the competitive dialogue. Data sovereignty requirements (processing in Germany/EU) are key award criteria.
Relevant CPV codes for NACE 63.1
For research into hosting and cloud tenders in the public sector, the CPV codes of group 72xxxxxx are particularly relevant.
| CPV Code | Title | Application |
|---|---|---|
| 72310000 | Data-processing services | General data processing and hosting |
| 72312000 | Data-entry services | Digitalisation and data migration |
| 72315100 | IT support services | Managed services and support |
| 72320000 | Database services | Database operation and administration |
| 72411000 | Internet service providers | Web hosting, ISP services |
| 72416000 | Application service providers | SaaS and PaaS for authorities |
| 72417000 | Internet domain names | Domain administration for authorities |
| 72512000 | Document management services | DMS hosting and operation |
Current tenders can be found on TED (Tenders Electronic Daily) as well as on national procurement platforms. For government cloud tenders, monitoring the federal portal for public contracts is also recommended.
Who is NACE 63.1 relevant for in public procurement?
Public contracting authorities
Data processing and hosting are demanded by all public bodies:
- Federal authorities and central agencies: ITZBund, as the federal data centre, operates the federal IT consolidation and procures extensive cloud and hosting services
- Regional IT service centres: DATAPORT, LIT.NRW, AKDB and similar institutions operate data centres for federal states and municipalities and procure external services
- Municipalities: Smaller municipalities increasingly outsource IT infrastructure to municipal utility IT or commercial providers
- Educational institutions: Universities and colleges procure HPC clusters, research data centres and cloud services
- Healthcare: Hospitals in public ownership procure hospital information system hosting and cloud services under GDPR/KHZG
Companies and bidders
Cloud and data centre providers must meet specific requirements for public tenders:
- Data protection and data sovereignty: GDPR compliance, server location in Germany/EU, where applicable C5 attestation by the BSI for cloud services
- Security certifications: ISO 27001, BSI IT baseline protection certification, where applicable security clearances
- High availability: Evidence of SLAs (availability, RTO/RPO) and reference projects from the public sector
- Auditability: Right of audit and inspection by the contracting authority or its designated representatives
- Economic capability: Annual turnover, financial stability as evidence of long-term operation
Frequently Asked Questions on NACE 63.1 and public tenders
May public administrations use public cloud services (AWS, Azure, Google)? Yes, but with restrictions. The BSI requirements catalogue C5 and the GDPR set framework conditions. Hyperscalers increasingly offer sovereign cloud variants for authorities (e.g. Microsoft Azure Government, Google Sovereign Cloud). Use is possible following a risk assessment and, where applicable, a data protection impact assessment.
What is the BSI C5 attestation and why is it important for public contracts? The Cloud Computing Compliance Criteria Catalogue (C5) is an audit framework of the BSI for cloud services. C5 attestations are included in many government tenders as a minimum requirement or award criterion and demonstrate the security of the cloud provider.
How does the federal IT consolidation affect tenders? The federal IT consolidation bundles many IT services at ITZBund. External providers can be involved as subcontractors or under framework agreements. For providers, monitoring of ITZBund tenders on the federal procurement platform is recommended.
What is the difference between NACE 63.1 and NACE 62.0? NACE 62.0 covers the development and consultancy of IT systems, NACE 63.1 the operation of IT infrastructure and hosting. In practice, many IT projects are mixed services that could be assigned to either group.
NACE 63.1 in context: Section J and Division 63
- NACE J – Information and Communication: Parent section with all ICT activities
- NACE 62.0 – Computer programming, consultancy and related activities: Software development and IT consultancy
- NACE 63 – Information service activities: Division covering hosting and information services
- NACE 63.9 – Other information service activities: Databases and news agencies
- NACE 61.1 – Wired telecommunications activities: Fixed line and fibre as a complementary service
Last updated: January 2026 All information is provided without guarantee. For legally binding advice, please consult a law firm specialising in public procurement law.
Book a demo.
See what BOND finds for your company — tenders, suppliers, and partners you'd never discover on your own. Cancel any month, anytime.