CADA sovereignty levels vs FISA Section 702

Summary The proposed Cloud and AI Development Act (CADA) would not grant legal immunity from US surveillance laws such as FISA Section 702 — an EU regulation cannot override US jurisdiction. What CADA's sovereignty framework would do is restrict which providers EU public bodies may use for sensitive activities. Union assurance levels 2, 3 and 4 (Annex II) impose increasingly strict requirements on third-country access and control: level 2 demands legal, technical and organisational measures to prevent third-country access where the provider is third-country-controlled, while levels 3 and 4 require, as a rule, that the provider and its subcontractors are not subject to third-country control. For activities contributing to public order, Article 30(3) would limit procurement to providers recognised at level 2, 3 or 4 — keeping the most sensitive workloads away from providers that cannot demonstrate this autonomy.

Detail

The intersection of CADA and US surveillance regimes — particularly Section 702 of the Foreign Intelligence Surveillance Act (FISA) — is a core tension in digital sovereignty. The key is to separate legal immunity (which CADA cannot grant) from operational autonomy and procurement eligibility (which CADA would govern).

The FISA Section 702 problem

Section 702 of FISA authorises the US government to target non-US persons located outside the United States for foreign-intelligence purposes, and can reach communications held by providers subject to US jurisdiction regardless of where the data is physically stored. If a cloud computing service provider is subject to US jurisdiction (for example, US-incorporated or US-controlled), it may be compelled to comply. This creates a "long-arm" risk: EU public-sector data stored in EU data centres could still be exposed if the provider falls under US legal reach.

CADA's response: the Union assurance framework

CADA would not challenge US law directly. Instead, Article 16 establishes a Union cloud computing sovereignty framework of four Union assurance levels, with criteria in Annex II, that providers must meet to serve Union entities and public sector bodies. The protection against FISA-702-style access is built into the cumulative criteria for the higher levels.

Union assurance level 1: the baseline

Level 1 (Annex II, Section 1) requires, among other things, establishment in the Union and that infrastructure and data remain in the Union unless the public sector body requires otherwise. It does not, as a rule, prohibit third-country control. A level 1 provider could therefore still be subject to US law if US-controlled, which is why level 1 is reserved for public-sector activities not contributing to the preservation of public order (Article 30(2)).

Union assurance levels 2, 3 and 4: rising barriers to third-country access

For activities identified as contributing to the preservation of public order, Article 30(3) requires procurement only of services recognised at Union assurance level 2, 3 or 4. The criteria tighten across these levels:

1. Level 2 — measures to prevent third-country access (Annex II, Section 2.1(g)). If a level 2 provider or its subcontractors are subject to third-country control, they must demonstrate that legal, technical and organisational measures ensure, among other things, that access by a third country (or a third-country entity) to customer data is prevented (2.1(g)(ii)); that disruption or degradation of the service by a third country is prevented (2.1(g)(iii)); and that third-country control is not exercised so as to compel compliance with restrictive measures conflicting with Union or Member State law (2.1(g)(iv)). Level 2 also requires technical and operational support to be performed exclusively within the Union (2.1(h)) and includes software supply-chain controls to block remote tampering features from third-country components (2.1(i)).

2. Level 3 — no third-country control, subject to a narrow derogation (Annex II, Section 3.1(g)). Level 3 raises the bar: the audited provider and its subcontractors involved in the service "are not subject to the control of a third country or a legal entity established in a third-country." A derogation applies only where the Commission has adopted an implementing act recognising an associated third country under Article 18; even then, the provider must still demonstrate the prevention measures (e.g. customer data access prevented). Level 3 also requires that personnel involved in the service are Union citizens, with national security clearance where appropriate (3.1(d)).

3. Level 4 — strictest controls (Annex II, Section 4.1(g)). Level 4, the highest tier, requires that the provider and its subcontractors "are not subject to the control of a third country or a legal entity established in a third-country," with no equivalent associated-third-country derogation. It adds the highest cybersecurity certification ("high" assurance level, 4.1(e)) and stricter software supply-chain control, including demonstrating that no third country holds or exercises effective control over the design and evolution of software components (4.1(i)(ii)). This effectively excludes US-incorporated or US-controlled providers from the most sensitive public-order functions.

4. Data localisation and AI-training restrictions (Annex II, Sections 2.1(f), 3.1(f), 4.1(f)). At levels 2, 3 and 4, data generated by using the service must not be used to train or fine-tune any AI system operated by a third country (or third-country entity) and must not be transferred outside the Union. This guards against secondary exploitation of EU public-sector data, alongside the direct-access protections.

The limits of CADA's protection

CADA could not invalidate a FISA-702 order. It has no jurisdiction over US courts or agencies. A US-controlled provider that continued to serve an EU entity would remain bound by US law. CADA's protection is procurement-based: by requiring public buyers to use only recognised providers that have demonstrated (via independent audit for levels 2–4) the necessary legal, technical and organisational separation, CADA shifts sensitive workloads onto providers that can resist such access. A provider unable to evidence that autonomy cannot reach the required level and so cannot be procured for the relevant functions.

What this means for you

For in-house counsel and compliance officers, CADA's framework would reshape vendor selection and risk assessment.

1. Mandatory risk assessments

Under Article 29, Member States and Union entities must carry out risk assessments to identify which public-sector activities contribute to public order and to determine the appropriate Union assurance level (2, 3 or 4). Identify which workloads involve data critical to public order, national security or law enforcement; these cannot remain on level 1 where the assessment requires more.

2. Vendor due diligence and audit evidence

Do not rely on marketing claims of "EU sovereignty." Verify that a provider has been formally recognised by a national competent authority under Article 17. For levels 2–4 this rests on an independent third-party audit (Article 20) and a "positive" audit opinion.

• Action: request the audit report and positive opinion.
• Focus: scrutinise the evidence on third-country control. For level 2, are the measures under Annex II, Section 2.1(g) in place? For levels 3 and 4, can the provider show it is not subject to third-country control (3.1(g) / 4.1(g))? Are remote-tampering controls on third-country software components documented (2.1(i)/3.1(i)/4.1(i))?

3. Transition and migration

If a current provider does not meet the required level, Article 29(6) allows migration within a reasonable transition period not exceeding 12 months. Plan exit strategies now and ensure data portability and switching are ready.

4. Penalties and liability

CADA would impose penalties on providers for infringements (Article 24), and recipients would have a right to compensation (Article 24(3)). Public buyers face operational and reputational risk if they procure non-compliant providers for critical functions. Reference the required Union assurance level in contracts and include termination rights if recognition is revoked.

Common misconceptions

• "CADA makes FISA 702 illegal for US providers."
  • Reality: CADA cannot override US law. It restricts EU public bodies from buying from providers subject to such laws for critical functions; the US provider remains bound by US law.
• "Level 1 is sufficient for all government data."
  • Reality: Level 1 is the baseline for activities not contributing to public order. For public-order activities, Article 30(3) requires level 2, 3 or 4. Level 1 does not, as a rule, prohibit third-country control.
• "Only level 4 keeps providers free of third-country control."
  • Reality: Both level 3 and level 4 require that the provider is not subject to third-country control. Level 3 allows a narrow derogation for "associated third countries" recognised by the Commission under Article 18; level 4 does not.
• "Data localisation alone solves the problem."
  • Reality: Storing data in the EU is not enough if the provider is third-country-controlled. The higher levels require operational and legal separation, not just physical localisation.

Official sources

• GDPR (Regulation (EU) 2016/679)

Related

• GDPR data localisation vs CADA sovereignty levels: are they the same?
• CADA voluntary recognition vs mandatory procurement levels
• CLOUD Act vs EU-US Data Privacy Framework vs CADA: which addresses sovereignty?
• CADA sovereignty risk assessment vs a NIS2 risk assessment
• CADA national competent authority vs a data protection authority

This is general information about a draft EU regulation, not legal advice.