A Proof of Concept with a dual role — compliance check and technical scoring — needs two separate reading lenses
The Council of State dismisses Orange Belgium's challenge to Infrabel's €23.3 million CyberSOC framework award, because Orange's claim that Thales failed the POC rests on a confusion between the POC's compliance check (where everyone scored 'YES') and the technical evaluation (where Thales scored mid-range).
What happened?
Infrabel sought a Cyber Security Operations Center: detection of and response to cyber incidents, framework agreement of five years plus two one-year extensions, total €23,327,097 excluding VAT. Special sectors, negotiated procedure with prior call for competition. The framework would be signed with the two best-ranked bidders on price-quality ratio, conditional on passing a Proof of Concept (POC). Concrete orders under the framework go first to the top-ranked bidder; the second only steps in if the first defaults. Of twenty applicants, eighteen were selected, four submitted offers: Thales, Atos, Nokia and Orange. Evaluation ran across three price rounds (RFQ1-3) and a POC in December 2022. The specifications used 36 mandatory requirements EX1-EX36 (compliance, pass/fail) and 39 evaluation criteria CE1-CE39 (award, scored 50% or 80%, total 500 points). Price weighed 30%, technical evaluation 70%. On 11 July 2023 Infrabel awarded the framework to Thales (first) and Orange (second). Orange — already in the framework as second — went to the Council of State. The argument: the 'final evaluation' annex contained the sentence 'The POC has insufficiently demonstrated that the SOLUTION actually meets the requirements'. According to Orange this proved Thales failed the POC and should have been rejected as substantially non-compliant. Chamber President Carlo Adams explained the dual role of the POC: pages 2-4 of the final evaluation deal with compliance (everywhere 'YES' for all bidders, including Thales), the following pages deal with the technical evaluation. For Thales: 32 of 39 criteria scored 80% (meets expectations), 7 of 39 scored 50% (partially meets). The average sits between 50% and 80% — explaining the wording 'insufficiently demonstrated'. That sentence was not a compliance verdict but the reflection of the technical scoring methodology in clause 11.1.1 of the specifications. Both Thales and Orange were declared to have passed the POC in the award proposal. Orange's argument relies on a misreading of both specifications and final evaluation. The second ground was withdrawn at the hearing. Action dismissed. Orange pays €200 registry fee, €24 contribution, and €770 procedural cost award.
Why does this matter?
A POC that tests both compliance and technical quality is efficient, but vulnerable to misreading. For contracting authorities: structure your POC evaluation so the two roles are visually and textually separated. Compliance table (EX-requirements) in one block with YES/NO entries, technical evaluation (CE-criteria) in another block with scores. Sentences appearing as 'final wording' of the technical scoring must not be readable as compliance verdicts. For bidders: before challenging on the basis of a suspect sentence — read where the sentence sits, what role it has, what methodology it summarises. A 50% score on an award criterion is not 'non-compliance'. And for second-ranked bidders already in the framework: a challenge against the first only makes sense if you can hard-prove they shouldn't have won — otherwise you block your own work for nothing, with costs against you.
The lesson
If you design a POC that tests both compliance and technical evaluation, separate the two explicitly in the specifications and in the evaluation report. Use separate tables: a binary YES/NO table for compliance requirements (EX), a graded score table for award criteria (CE), with clear headers. As a bidder: read evaluation reports block by block. A sentence that sounds critical about 'the solution' may simply reflect a 50% score on a CE criterion, not a compliance verdict.
Ask yourself
You're second in the ranking, already in the framework agreement, but you want to be first by knocking out the first: do you have an explicit 'fails EX-requirement X' or 'NO' entry in a compliance table — or are you relying on a general sentence from the technical evaluation? In the latter case your chances are slim and the cost risk real.
About this database
The Council of State (Raad van State / Conseil d'État) is Belgium's supreme administrative court. In disputes over public procurement — from contract awards to tenderer exclusions — the Council of State is the final arbiter. The rulings in this database are summarised by TenderWolf in plain language, with practical lessons for tenderers and contracting authorities. View all rulings →