Summary As proposed, a CADA Level 1 provider cannot serve sensitive, critical, or classified government data. Union Assurance Level 1 is a self-assessed baseline designed strictly for standard public-sector activities that do not contribute to the preservation of public order. Handling sensitive, critical, or classified data requires a higher assurance levelβ€”specifically Union Assurance Levels 3 or 4. These higher tiers mandate strict prohibitions on third-country control, mandatory Union citizenship for all personnel, and rigorous independent third-party audits. Public bodies procuring for public-order-relevant activities must legally exclude Level 1 providers under Article 30.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a tiered "Union cloud computing sovereignty framework" comprising four distinct Union assurance levels. Understanding the specific limitations of Level 1 is critical for public-sector procurement officers, legal counsel, and IT architects determining which providers can legally handle specific data categories. The framework is designed to match the assurance level to the risk profile of the public-sector activity.

Level 1: A Self-Assessed Baseline for Non-Critical Activities

Under Article 16, the Union assurance levels define the criteria cloud computing service providers must meet to serve Union entities and public sector bodies. Annex II specifies that Union Assurance Level 1 is the entry-level tier. It is characterized fundamentally by a "conformity self-assessment" rather than an independent audit.

According to Article 19, providers seeking Level 1 recognition must carry out a self-assessment of compliance with the criteria in Annex II, Section 1 and issue an "EU statement of conformity." This process relies on the provider's own internal controls and documented evidence, without the verification of an external auditing organisation. While Level 1 requires the provider to be established in the Union and generally keeps customer data within the Union (unless the public sector body explicitly requires otherwise), it lacks the stringent operational, personnel, and control safeguards required for sensitive data.

Crucially, Annex II, Section 1.1(g) allows a Level 1 provider to be subject to the control of a third country, provided they guarantee that no laws in that third country require them to report software vulnerabilities to authorities before those vulnerabilities are known to have been exploited. This flexibility makes Level 1 unsuitable for data where third-country interference is a primary risk.

Sensitive Data Requires Higher Assurance (Levels 3 and 4)

The regulation explicitly links the sensitivity of data and the criticality of public-sector activities to higher assurance levels. Article 29 obliges Member States and Union entities to conduct risk assessments to identify public-sector activities that contribute to the preservation of public order. These activities often involve sensitive, critical, or classified data in sectors such as national security, defence, justice, and law enforcement.

For these identified activities, Article 30(3) mandates that contracting authorities must only procure cloud computing services recognised as offering Union Assurance Level 2, 3, or 4. Level 1 is explicitly excluded for these high-risk use cases.

The distinction becomes stark when comparing the baseline Level 1 with the rigorous requirements for sensitive data under Annex II, Sections 3 and 4:

  • Personnel and Citizenship: Level 1 has no specific citizenship requirements for personnel. In contrast, Annex II, Section 3.1(d) (Level 3) requires that all personnel, including those of subcontractors, must be Union citizens. For Level 4, Annex II, Section 4.1(d) reinforces this, adding that personnel must also hold the necessary national security clearance issued by a Member State when handling classified information.
  • Third-Country Control: Level 1 permits providers subject to third-country control under specific conditions. However, Annex II, Section 3.1(g) (Level 3) and Section 4.1(g) (Level 4) generally prohibit providers and their subcontractors from being subject to the control of a third country or a legal entity established in a third country. Level 3 allows a derogation only if the Commission has adopted a specific implementing act under Article 18 (note: the draft text cross-references Article 19 in Annex II 3.1(g), but the mechanism for third-country recognition is established in Article 18 of the main text) for that third country, ensuring robust safeguards against unauthorized access or service disruption.
  • Audit and Verification: Level 1 relies entirely on self-assessment. Levels 3 and 4 require independent third-party audits by accredited auditing organisations. Article 20 outlines that these audits must verify compliance with strict criteria, including the prevention of remote features that could tamper with systems and the implementation of comprehensive software supply chain measures (such as Software Bills of Materials).
  • Data Usage and AI: While Level 1 keeps data in the Union, Annex II, Section 3.1(f) and Section 4.1(f) explicitly prohibit the use of data generated by the service to train or fine-tune any AI system operated by a third country or a legal entity established in a third country. This is a critical safeguard for sovereign AI development.
  • Cybersecurity Certification: Level 1 requires compliance with state-of-the-art cybersecurity standards. Level 3 requires a European cybersecurity certificate of at least assurance level "substantial" (Annex II 3.1(e)). Level 4 escalates this requirement to a certificate of at least assurance level "high" (Annex II 4.1(e)).

The Role of Risk Assessments

The determination of whether data is "sensitive" enough to require Level 3 or 4 is not arbitrary. Article 29 requires Member States to perform risk assessments that consider the sensitivity, criticality, and magnitude of the data processed. This includes personal data, commercially sensitive information, and data subject to sector-specific obligations. The Commission will provide guidance to ensure consistent application across the Union, mapping specific assurance levels to categories of information.

If a risk assessment determines that an activity contributes to the preservation of public order, Article 30(3) becomes the binding procurement rule: Level 1 is legally insufficient.

What this means for you

For public-sector procurement officers, legal teams, and CIOs, the CADA proposal imposes a strict compliance workflow that prevents the use of Level 1 providers for sensitive data:

  1. Conduct a Mandatory Risk Assessment: Before procuring cloud services, you must determine if your activity contributes to the preservation of public order or involves sensitive/critical data. If the answer is yes, Level 1 is legally insufficient. Article 29 requires this assessment to be updated every two years or whenever necessary.
  2. Verify Assurance Levels in the Central Repository: Do not rely solely on a provider's marketing claims or self-declarations. Check the central repository established under Article 22 to confirm the provider's recognised Union assurance level. Only services with a "positive" audit opinion for Level 3 or 4 are eligible for sensitive data.
  3. Plan for Migration Immediately: If you are currently using a Level 1 provider for sensitive data, you must migrate to a Level 3 or 4 provider. Article 29(6) states that if a risk assessment requires migration, it must occur within a reasonable transition period that shall not exceed 12 months.
  4. Leverage Multi-Cloud Strategies: To mitigate dependency risks, Article 29(9) encourages considering multi-vendor or multi-cloud strategies as part of your procurement planning. This ensures that no single provider holds all critical data, aligning with the resilience objectives of the Act.
  5. Check Personnel and Control Status: When evaluating Level 3 or 4 providers, verify that they can demonstrate Union citizenship for all relevant personnel and prove the absence of third-country control, as required by Annex II.

Common misconceptions

  • "Level 1 is enough for all government data." Incorrect. Level 1 is only suitable for public-sector activities not identified as contributing to the preservation of public order. Any data deemed sensitive, critical, or classified falls outside Level 1's scope. Using Level 1 for such data would violate Article 30(3).

  • "Self-assessment is as rigorous as an audit." No. Level 1 relies on the provider's own statement of conformity. Levels 3 and 4 require independent, third-party audits that verify technical, operational, and legal safeguards, including source code audits, supply chain transparency, and proof of Union citizenship for personnel. The "substantial" and "high" cybersecurity certification requirements further distinguish these levels.

  • "EU establishment guarantees sovereignty." Not necessarily. A provider can be established in the EU but still controlled by a third-country entity. Level 1 permits this under certain conditions (provided no pre-exploitation vulnerability reporting is required). Levels 3 and 4 largely prohibit third-country control to prevent extraterritorial access or service disruption, ensuring true operational autonomy.

  • "Level 2 is sufficient for sensitive data." While Level 2 is a step up from Level 1, it does not mandate Union citizenship for personnel (it is conditional only if the public body requires it) and does not require the "high" cybersecurity certification needed for classified information. For the highest levels of sensitivity and classified data, Level 4 is the intended standard, with Level 3 serving as the baseline for public-order activities.

Related

This is general information about a draft EU regulation, not legal advice.