Article 114 vs Article 173 TFEU

Summary As proposed, the Cloud and AI Development Act (CADA) rests on a dual legal basis: Article 114 and Article 173(3) of the Treaty on the Functioning of the European Union (TFEU). Article 114 is the internal-market harmonisation power, used to remove fragmented national rules on data centre permitting, cloud sovereignty and public procurement. Article 173(3) is the industrial-competitiveness power, used for capacity-building measures such as the Cloud and AI Leadership Initiatives. Recital 7 states the framework "pursues separate objectives, relying on two distinct legal bases." CADA is a proposal, not yet in force.

Detail

The legal basis of an EU act shapes the Union's powers and the obligations it can impose. For CADA, the Commission has chosen two bases to serve two distinct but linked objectives: shaping the market through industrial policy, and integrating the market through harmonisation. This is set out in the explanatory memorandum and reflected in the recitals and in Article 1.

Article 173(3) TFEU: industrial competitiveness

Article 173(3) TFEU supports measures to strengthen the Union's industrial competitiveness and innovation capacity. As Recital 8 explains, it is "necessary to strengthen the competitiveness, capacity and resilience of the cloud and AI technological and industrial base of the Union in accordance with Article 173(3)" — and, importantly, "[s]uch measures should not entail the harmonisation of national laws or regulations." On this basis CADA would establish the Cloud Leadership Initiative and the AI Leadership Initiative (together the "Cloud and AI Leadership Initiatives"; see Article 1(1)(a) and Article 3), bridging the gap between the Union's research and its sustainable exploitation.

The explanatory memorandum frames this as a strategic deficit, not just a market distortion: it notes that the EU providers' market share for cloud services fell from 29% in 2017 to 15% in 2022 and has stagnated since, reflecting dependence on a small pool of third-country providers.

Article 114 TFEU: internal-market harmonisation

Article 114 TFEU empowers the Union to approximate national rules to improve the establishment and functioning of the internal market. Recital 9 states that "the available compute capacity and resilience of the cloud and AI ecosystem can best be addressed through Union harmonisation measures on the basis of Article 114 TFEU," and that "[a] single coherent regulatory framework harmonising certain conditions for service providers and deployers of cloud computing services … is necessary to ensure the functioning of the internal market."

On this basis CADA would harmonise:

• Data centre deployment: common conditions for acceleration zones and streamlined permitting (Articles 10–13).
• Cloud sovereignty: a single Union cloud computing sovereignty framework of four Union assurance levels (Article 16), with criteria in Annex II.
• Public procurement: common rules for risk assessments and procurement by assurance level (Articles 29–30).

Why both bases are needed

The Commission's view is that neither base alone would suffice. Article 114 would support harmonising divergent national rules but not the proactive, capacity-building industrial measures; Article 173(3) would support those industrial measures but, by its own terms, "should not entail the harmonisation of national laws" needed for a functioning single market. Recital 7 captures the cumulative approach: the framework "pursues separate objectives, relying on two distinct legal bases."

Article 1 mirrors this dual structure with two general objectives that are "separate from and complementary to" each other:

• Article 1(2): "The first general objective of this Regulation is to ensure the conditions necessary for the competitiveness and innovation capacity of the Union's cloud and AI ecosystem." (Tied to Article 173(3).)
• Article 1(3): "The second general objective, separate from and complementary to the first … is to improve the functioning of the single market by laying down a uniform Union legal framework for increasing the Union's resilience and strategic autonomy in cloud and AI technologies." (Tied to Article 114.)

This lets CADA, as proposed, both regulate the market (harmonisation) and shape it (industrial policy).

What this means for you

For in-house counsel and compliance officers, the dual basis affects how you read and implement CADA.

1. Two kinds of obligation. Because CADA spans internal-market and industrial-competitiveness measures, your obligations are not limited to market-access rules. The harmonised measures (e.g. permitting timelines under Article 13, the assurance-level framework under Article 16) carry binding obligations and enforcement; the industrial-policy measures (Leadership Initiatives, national strategy alignment) are largely enabling and capacity-building.

2. Procurement and sovereignty. The Article 114 harmonisation means the Union assurance levels apply uniformly across Member States. Contracting authorities must conduct risk assessments (Article 29) and, where activities are not public-order-relevant, procure level 1 services; where they are, procure level 2, 3 or 4 (Article 30). Penalties for provider infringements are set by Member States but must be "effective, proportionate and dissuasive" (Article 24).

3. Data centre deployment. The harmonised acceleration-zone rules (Articles 10–13) standardise permitting, capped at 12 months for projects in a zone from a comprehensive application (Article 13(5)), alongside the sustainability conditions in Article 11.

4. Strategic alignment. The Article 173(3) strand encourages alignment with national cloud and AI strategies (Article 7). These are not directly punitive, but alignment can affect access to support and funding under the Leadership Initiatives.

Common misconceptions

Misconception 1: CADA is only an internal-market instrument. The Article 173(3) basis brings industrial policy and capacity-building into the framework. CADA is not just about removing barriers — it actively supports the Union's cloud and AI industrial base. Recital 8 makes clear those measures are not intended as harmonisation.

Misconception 2: The sovereignty framework is voluntary. For public procurement it is not. Because the assurance levels are part of the harmonised framework, public buyers must use recognised services at the level their risk assessment requires (Article 30), and providers must seek recognition (Article 17) to be eligible.

Misconception 3: National strategies sit outside CADA. Article 7 requires national strategies that are "consistent with the objectives of this Regulation" (Article 7(3)) — they are part of the framework, not standalone.

Misconception 4: CADA replaces the AI Act. It does not. The AI Act (Regulation (EU) 2024/1689) is a product-safety and fundamental-rights instrument regulating AI systems. CADA addresses the underlying cloud and data centre infrastructure and the industrial ecosystem. They are complementary, with different objectives.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)

Related

• Gaia-X label vs CADA Union assurance recognition: which carries legal weight?
• CLOUD Act vs EU-US Data Privacy Framework vs CADA: which addresses sovereignty?
• Sovereign cloud vs private cloud under CADA: which gives more control?
• CADA self-assessment vs independent audit: which applies to my tier?
• CADA acceleration zone vs strategic project: which gets faster permitting?

This is general information about a draft EU regulation, not legal advice.