STRATEGIC Programme execution framework for Treasury and oversight body review.

Programme Execution Framework

This document defines how the Sovereign Cloud Initiative will be executed: command structures, stage-gates, off-ramps, accountability, and the management information required to steer a multi-national programme of this scale.

Purpose: This framework complements the Governance Model (which defines who decides) by defining how decisions flow, what triggers decisions, and how progress is measured.

1. Guiding Principles

Principle 1: Fail Fast, Learn Fast

The programme is structured with explicit gates and off-ramps so that failure is detected early and investment is protected. Every gate is a genuine decision point where "stop" is a valid outcome.

Principle 2: National Sovereignty Over Programme Efficiency

Each jurisdiction retains the right to diverge, delay, or withdraw. Programme structures support coordination without creating supranational dependency. No jurisdiction is locked in.

Principle 3: Evidence-Based Progression

Advancement through gates requires demonstrated evidence, not assertions. Claims must be validated by independent assessment before they unlock budget or scope expansion.

Principle 4: Transparency to Oversight Bodies

Public Accounts Committees, National Audit Offices, and parliamentary scrutiny have full visibility. No "commercial confidentiality" shields programme performance from democratic oversight.

2. Command Chain & Accountability

The programme operates at three distinct levels. Each level has clear authority, accountability, and escalation paths.

2.1 Command Levels

L1

Strategic Level

Sovereign Cloud Architecture Board (SCAB) - Ministerial representatives from each jurisdiction. Meets quarterly. Approves gates, treaty changes, and budget tranches. Reports to national Cabinets.

L2

Tactical Level

Programme Executive - Single accountable officer for programme delivery. Supported by Technical Steering Committee (TSC) and national Programme Directors. Reports monthly to SCAB Chair.

L3

Operational Level

Working Groups & Delivery Teams - Domain-specific execution. Working Group Chairs report weekly to Programme Executive. Delivery teams operate within delegated authority.

2.2 Key Roles

Programme Chair

Level: L1 Strategic

Accountable for: Overall programme success, international coordination, ministerial engagement

Authority: Calls extraordinary SCAB meetings, recommends gate decisions, speaks for programme externally

Appointment: Elected by SCAB, 2-year term, rotates between jurisdictions

Programme Executive

Level: L2 Tactical

Accountable for: Day-to-day delivery, budget execution, milestone achievement, risk management

Authority: Commits up to €10M per decision, hires/removes staff, stops work for safety/security

Appointment: Recruited by SCAB, 4-year term, performance-reviewed annually

National Programme Directors

Level: L2 Tactical

Accountable for: National delivery, domestic procurement, jurisdiction-specific compliance

Authority: National budget execution, supplier management within jurisdiction

Appointment: By national government, coordinates with Programme Executive

2.3 Escalation Paths

Issue Type First Escalation Second Escalation Final Authority
Technical dispute Working Group Chair TSC Programme Executive
Budget variance >10% Programme Executive SCAB Chair SCAB
Inter-jurisdictional conflict Programme Executive Independent Mediator SCAB / Arbitration
Security incident Security Council National security agencies SCAB (emergency session)
Programme termination Programme Executive SCAB National Cabinets

3. Stage-Gate Framework

The programme advances through numbered gates. Each gate is a formal decision point with explicit criteria, evidence requirements, and approval authority. No gate is automatic - failure to meet criteria results in remediation, scope reduction, or programme termination.

3.1 Programme Timeline with Gates

Mobilisation
Months 1-6
G0
Pilot
Months 7-24
G1
Foundation
Months 25-48
G2
Scale
Months 49-72
G3
Completion
Months 73-96
G4

3.2 Gate Definitions

Gate 0: Programme Initiation

CRITICAL

Decision: Should the programme proceed to pilot phase?

Approval Authority: SCAB (unanimous) + National Treasury/Finance approvals

Evidence Required:

  • Independent threat assessment validated by national security agencies (NCSC, ENISA, CSE, ASD)
  • Legal framework agreed (treaty text or MoU with binding elements)
  • Pilot scope and success criteria defined and agreed
  • Budget baseline approved by all national Treasuries
  • Programme Executive appointed and Secretariat established
  • Risk register with mitigations for critical risks

Budget Released: Pilot phase funding (€200-500M across all jurisdictions)

Off-Ramp: If threat assessment does not validate premise, programme terminates with lessons learned report.

Gate 1: Pilot Completion

CRITICAL

Decision: Has pilot demonstrated viability? Should we proceed to full foundation build?

Approval Authority: SCAB (unanimous for continuation; any member can trigger off-ramp)

Evidence Required:

  • Pilot services operational for minimum 6 months
  • Performance meets defined SLAs (availability, latency, security)
  • At least 3 workloads successfully migrated per jurisdiction
  • Cost actuals within 20% of estimates (or variance explained)
  • Independent technical review confirms scalability path
  • No unresolved critical security findings
  • Supplier ecosystem demonstrated (minimum 10 SMEs contracted)

Budget Released: Foundation phase funding (€2-5B across all jurisdictions)

Off-Ramp: If pilot fails criteria, programme enters 12-month remediation or terminates.

Gate 2: Foundation Completion

MAJOR

Decision: Is foundation platform ready for scaled migration?

Approval Authority: SCAB (75+ weighted votes)

Evidence Required:

  • All core platform services operational in all jurisdictions
  • Cross-jurisdiction interoperability demonstrated
  • Security certifications achieved (NCSC, EUCS, IRAP, PBMM)
  • Operational runbooks validated through exercises
  • Wave 1 migration candidates identified and assessed

Budget Released: Scale phase funding (€10-20B across all jurisdictions)

Gate 3: Scale Completion

MAJOR

Decision: Is platform ready for final migration waves and steady-state operation?

Approval Authority: SCAB (65+ weighted votes)

Evidence Required:

  • 60%+ of target workloads migrated
  • Platform operating at designed capacity
  • Unit costs within 15% of hyperscaler equivalents
  • Operational team fully staffed and trained

Budget Released: Completion phase funding

Gate 4: Programme Completion

COMPLETION

Decision: Has programme achieved its objectives? Transition to steady-state operations.

Approval Authority: SCAB

Evidence Required:

  • 90%+ of target workloads migrated
  • Hyperscaler dependency reduced to acceptable residual level
  • Steady-state operating model functioning
  • Knowledge transfer to operational teams complete
  • Final accounts reconciled and audited

Outcome: Programme closes; operations transition to standing infrastructure organisation.

3.3 Gate Review Process

Step Activity Timeline Responsible
1 Programme Executive compiles gate evidence pack G-8 weeks Programme Executive
2 Independent assurance review of evidence G-6 weeks Assurance function
3 National Programme Directors validate jurisdiction-specific evidence G-4 weeks National Directors
4 Gate papers circulated to SCAB G-3 weeks Secretariat
5 National briefings (each jurisdiction briefs their Minister) G-2 weeks National Directors
6 SCAB gate review meeting Gate date SCAB
7 Gate decision communicated; budget released or remediation initiated G+1 week SCAB Chair

4. Off-Ramps & Exit Criteria

Off-ramps are not failures - they are responsible risk management. The programme includes explicit exit points where stopping is the correct decision if circumstances warrant.

Off-Ramp 1: Pre-Gate 0 (Threat Assessment Invalid)

Trigger: Independent security assessment concludes that the threat does not justify the investment.

Action: Programme terminates before pilot. Mobilisation costs written off (€20-50M).

Residual Value: Threat assessment methodology and findings remain valuable for future reference.

Off-Ramp 2: Pilot Failure (Gate 1)

Trigger: Pilot does not meet success criteria after 18-24 months.

Action: Programme enters remediation (6-12 months) or terminates. Pilot infrastructure repurposed or decommissioned.

Residual Value: Pilot learnings inform future attempts; some infrastructure may serve other purposes.

Off-Ramp 3: Jurisdiction Withdrawal

Trigger: One or more jurisdictions decide to withdraw (24-month notice required).

Action: Withdrawing party pays exit costs per treaty. Remaining parties decide whether to continue at reduced scale.

Residual Value: National infrastructure remains; cross-border cooperation ends for withdrawing party.

Off-Ramp 4: Geopolitical Change

Trigger: Change in US administration/policy materially reduces threat (e.g., binding international agreement on cloud sovereignty).

Action: Programme pivots to reduced scope or transitions to interoperability-only mode.

Residual Value: Infrastructure provides resilience and optionality even if primary threat reduced.

4.1 Kill Criteria

The programme must terminate if any of the following occur:

5. Charters & Terms of Reference

Each governance body requires a formal charter or terms of reference (TOR) that defines its purpose, composition, authority, and operating procedures.

Required Charters

The following documents must be drafted, agreed, and signed before Gate 0:

  1. Programme Charter - Overall programme objectives, scope, constraints, success criteria, and governance structure
  2. SCAB Terms of Reference - Board composition, voting procedures, meeting frequency, decision authorities
  3. TSC Terms of Reference - Technical committee scope, membership, technical decision authority
  4. Secretariat Operating Framework - Executive Director authority, staffing, budget, operational procedures
  5. Working Group TOR Template - Standard template for each WG with scope, deliverables, escalation paths
  6. Inter-Governmental Agreement - Legal basis (treaty, MoU, or equivalent) with binding obligations

5.1 Programme Charter Contents

The Programme Charter must include:

Section Content
Vision & Objectives Strategic intent, measurable objectives, success definition
Scope In-scope services, jurisdictions, workloads; explicit exclusions
Governance Bodies, roles, decision rights, escalation procedures
Delivery Approach Phases, gates, delivery methodology principles
Budget & Funding Total envelope, contribution model, release schedule
Risk Appetite Acceptable risk levels, risk tolerance thresholds
Constraints Legal, regulatory, political, technical constraints
Dependencies External dependencies, assumptions, interface agreements
Change Control Process for scope, budget, timeline changes

6. Delivery Approach Selection

The programme does not mandate a specific delivery methodology. Different approaches suit different contexts, and each jurisdiction may adapt within the overall framework. However, the chosen approach must support the stage-gate model and provide the required evidence at each gate.

Key Insight: Prescriptive enterprise architecture frameworks have historically struggled in government digital delivery. Lighter-weight, user-centred approaches have shown better results for service delivery, while more structured approaches remain valuable for infrastructure and integration work.

6.1 Framework Characteristics

Service-Oriented Approaches

Characteristics: User-centred, iterative, outcome-focused, continuous delivery

Best For: Application development, migration tooling, user-facing services, pilot phase

Evidence Style: Working software, user research, metrics dashboards

Governance Fit: Show the thing; demonstrate value incrementally

Architecture-Driven Approaches

Characteristics: Blueprint-first, comprehensive documentation, formal review boards

Best For: Infrastructure design, security architecture, cross-jurisdiction integration

Evidence Style: Architecture documents, compliance matrices, design reviews

Governance Fit: Structured assurance, traceability, audit trails

Programme Management Approaches

Characteristics: Stage-gate, business case driven, formal change control

Best For: Overall programme governance, Treasury engagement, cross-workstream coordination

Evidence Style: Business cases, gate reviews, highlight reports

Governance Fit: Investment decisions, accountability, audit

Scaled Agile Approaches

Characteristics: Multiple teams, aligned cadences, portfolio-level planning

Best For: Scale phase with multiple delivery teams, supplier coordination

Evidence Style: Increment demos, velocity metrics, dependency tracking

Governance Fit: Frequent visibility, adaptive planning

6.2 Recommended Hybrid Approach

Based on government digital delivery experience, this programme should:

7. Management Information & Reporting

Effective steering requires timely, accurate management information. The programme will maintain dashboards and reports that provide visibility at each governance level.

7.1 Key Metrics

SPI Schedule Performance Index
CPI Cost Performance Index
% Workloads Migrated
RAG Overall Programme Status

7.2 Reporting Cadence

Report Audience Frequency Content
Team Stand-up Delivery teams Daily Blockers, progress, dependencies
Working Group Status WG Chairs, Programme Executive Weekly Deliverable status, risks, issues, decisions needed
Programme Highlight Report TSC, National Directors Fortnightly RAG status, milestone progress, top risks, budget position
Executive Dashboard Programme Executive, SCAB Chair Monthly KPIs, SPI/CPI, migration progress, financial summary
Board Report SCAB Quarterly Strategic progress, gate readiness, major decisions, escalations
National Progress Report National Cabinets, Parliaments Quarterly Jurisdiction-specific progress, spend, outcomes
Annual Review Public, Parliaments, Audit bodies Annual Comprehensive review, audited accounts, lessons learned

7.3 Dashboard Requirements

The programme will maintain real-time dashboards showing:

8. Audit & Assurance

Independent assurance provides confidence to ministers, parliaments, and taxpayers that the programme is well-managed and delivering value.

8.1 Assurance Layers

Layer Provider Scope Frequency
First Line Programme team Day-to-day quality, testing, reviews Continuous
Second Line Programme Assurance function Gate reviews, risk assessment, compliance At each gate + ad hoc
Third Line National Audit Offices Value for money, governance, financial audit Annual + special reviews
Fourth Line Parliamentary Committees Scrutiny of ministerial decisions, public accountability As required

8.2 National Audit Body Coordination

Each jurisdiction's audit body (NAO, European Court of Auditors, OAG Canada, ANAO) will receive:

8.3 Security Assurance

National security agencies (NCSC, ANSSI, CSE, ASD) will conduct:

9. Orchestration & Tooling

Programme management at this scale requires appropriate tooling. The tooling must be interoperable across jurisdictions while respecting data sovereignty requirements.

9.1 Tooling Categories

Category Purpose Requirement
Programme Management Schedule, resources, dependencies, reporting Federated; each jurisdiction may use preferred tool with data exchange
Risk & Issue Management Risk register, issue tracking, escalation Common tool or agreed exchange format
Document Management Charters, TORs, reports, evidence packs Sovereign-hosted; no US cloud dependencies
Collaboration Communication, meetings, working groups Sovereign-hosted or European alternatives
Financial Management Budget tracking, forecasting, reporting Integrated with national finance systems
Dashboard & Reporting Real-time visibility, KPIs, alerts Aggregated from jurisdictional sources

9.2 Tooling Principles

Summary: Execution Readiness Checklist

Before Gate 0, the following must be in place:

Item Status Required
Programme Charter Signed by all jurisdictions
Inter-Governmental Agreement Legally binding; ratified or signed
SCAB Terms of Reference Approved by SCAB
Programme Executive Appointed and in post
Secretariat Established with initial staff
Pilot Budget Approved by all national Treasuries
Threat Assessment Validated by national security agencies
Risk Register Populated with critical risks and mitigations
Reporting Framework Dashboard and report templates agreed
Assurance Arrangements Audit body engagement confirmed

Document Status

Version: 1.0 | Last updated: January 2026
Classification: Official
Audience: Treasury, Audit Bodies, Programme Leadership
Related: Governance Model | Pilot Programme | Business Case

Back to main documentation