Can a non-EU company lead a frontier AI priority project under CADA?

Summary As proposed in the Cloud and AI Development Act (CADA), a non-EU company cannot independently lead or stand alone as the applicant for a frontier AI priority project. Article 8(b) explicitly mandates that such projects must be undertaken by a European digital infrastructure consortium (EDIC) established under Decision (EU) 2022/2481, or by "another legal entity eligible for funding under Union law." Furthermore, the project must involve the participation of at least three Member States. While a non-EU entity might theoretically participate as a subcontractor or associated partner under specific grant conditions, the lead applicant and the core consortium structure are strictly bound by EU establishment and funding eligibility criteria, reflecting the Act's sovereignty objectives to reduce third-country dependencies.

Detail

The Cloud and AI Development Act (CADA), proposed by the European Commission on 3 June 2026 (COM(2026) 502 final), establishes a comprehensive framework to strengthen Europe's cloud and AI ecosystem. A central pillar of this framework is the support for "frontier AI priority projects," designed to scale up cutting-edge AI technologies and reduce strategic dependencies on third countries. For in-house counsel and compliance officers, understanding the strict eligibility criteria for these projects is critical, as they dictate who can access significant EU funding, computing resources, and the designation of "frontier AI priority project."

The Legal Gatekeeper: Article 8(b)

The core legal basis for determining who can lead a frontier AI priority project is Article 8 of the CADA proposal. The Commission may, by means of a decision, recognize projects as "frontier AI priority projects" if they are selected through open calls for expression of interest and meet specific cumulative criteria.

Article 8(b) sets a definitive structural requirement:

"it is undertaken by a European digital infrastructure consortium established pursuant Decision (EU) 2022/2481 or another legal entity eligible for funding under Union law and it involves the participation of at least three Member States;"

This provision creates two distinct, cumulative hurdles that effectively bar a non-EU company from acting as the sole lead applicant:

1. The Entity Requirement: The applicant must be either a European digital infrastructure consortium (EDIC) or a legal entity "eligible for funding under Union law."
2. The Participation Requirement: The project must involve the participation of at least three Member States.

Implications for Non-EU Companies

1. The "Eligible for Funding" Constraint

The phrase "eligible for funding under Union law" acts as the primary gatekeeper. Under the EU's financial regulations and the specific rules of the programmes referenced in the CADA explanatory memorandum (such as Horizon Europe and the Digital Europe Programme), direct funding and leadership roles are generally restricted to entities established within the European Union or associated countries.

While EU grants often allow for the participation of third-country partners as subcontractors or associated partners, the lead beneficiary and the core consortium structure are predominantly required to be EU-based. A non-EU company cannot simply register as an "entity eligible for funding" unless it has a substantial legal establishment within the EU that meets the specific criteria of the relevant funding program. Even if a non-EU company has an EU subsidiary, the strategic intent of CADA, as outlined in the explanatory memorandum, is to "reduce critical external dependencies" and strengthen "homegrown cloud and AI capabilities." This policy direction suggests that the Commission will interpret eligibility strictly to favor EU-based innovation ecosystems and ensure that the strategic assets developed remain under Union control.

2. The EDIC Alternative

Article 8(b) offers a specific pathway via a European digital infrastructure consortium (EDIC). EDICs are established under Decision (EU) 2022/2481 (the Digital Decade Policy Programme). These consortia are inherently designed for cross-border EU cooperation, typically composed of public and private partners from multiple Member States.

A non-EU company would not be able to form an EDIC, as the structure is legally defined by the participation of Member States and entities within the Union. Therefore, a non-EU company would have to join an existing EDIC-led consortium. However, even in this scenario, the EDIC itself must be the applicant, and the non-EU entity would be a participant, not the lead. The lead entity remains bound by the requirement to be "eligible for funding under Union law."

3. The Three-Member State Rule

Even if a non-EU company had an EU subsidiary that was eligible for funding, the project must involve the participation of at least three Member States. This requirement is designed to ensure cross-border collaboration and the pooling of resources across the Union.

Article 8(c) reinforces this by stating that "the participating Member States pool computing time and other relevant resources to support the implementation of the designated project." This pooling mechanism is a public policy tool to ensure that the benefits of frontier AI development are distributed across the EU. It further limits the ability of a single non-EU entity to dominate the project structure, as the project's viability depends on the active commitment and resource contribution of at least three distinct Member States.

Sovereignty and Strategic Autonomy

The restrictions on non-EU participation are not merely administrative; they are rooted in the sovereignty objectives of CADA. The explanatory memorandum highlights that the EU is "critically dependent on a limited number of cloud computing service providers subject to the control of third countries." This dependence creates risks related to data access, operational continuity, and geopolitical leverage.

By restricting frontier AI priority projects to entities eligible for Union funding and requiring multi-state participation, CADA aims to:

• Build Domestic Capacity: Ensure that the next generation of frontier AI models is developed within the EU's regulatory and legal framework, reducing reliance on foreign technology stacks.
• Mitigate Third-Country Control: Prevent scenarios where a non-EU entity, potentially subject to foreign laws (such as the US CLOUD Act), controls the foundational models or the infrastructure supporting them.
• Ensure Data Sovereignty: Frontier AI projects involve massive datasets. Keeping the project leadership within EU-eligible entities helps ensure that data governance aligns with EU standards, including the GDPR and the Data Act, and that data remains within the Union's jurisdiction.

Compliance and Penalties

While Article 8 itself does not list specific penalties for non-compliance regarding the application process, the broader CADA framework includes robust enforcement mechanisms. Article 24 outlines that Member States must lay down rules on penalties applicable to infringements of the Chapter on autonomy, which includes the recognition of cloud computing services and related frameworks.

Although frontier AI projects are primarily funded initiatives rather than market-facing services subject to the sovereignty framework's audit levels, misrepresentation of eligibility or failure to meet the consortium requirements could lead to severe consequences:

• Recovery of Funds: Under EU financial rules, ineligible beneficiaries are required to repay granted funds. If a non-EU entity is found to have improperly led a project, the entire grant could be clawed back.
• Exclusion from Future Funding: Entities found to have misrepresented their status or failed to meet the Article 8 criteria may be excluded from future EU funding opportunities.
• Reputational Risk: Failure to adhere to the strict sovereignty and participation requirements could damage an entity's standing with EU institutions and national competent authorities, potentially affecting their ability to participate in other EU initiatives.

What this means for you

For in-house counsel and compliance officers at non-EU companies looking to engage with the EU's frontier AI landscape, the following steps are essential:

1. Assess EU Establishment: Determine if your company has a subsidiary or branch in the EU that qualifies as "eligible for funding under Union law." This is not automatic; it depends on the specific rules of the funding program (e.g., Horizon Europe) and whether the EU entity has sufficient autonomy and resources to act as a lead beneficiary.
2. Partner with EDICs or EU Consortia: If your company does not have a qualifying EU entity, your only viable path is to partner with an existing European digital infrastructure consortium or an EU-based legal entity that is leading the project. Ensure that your role is clearly defined within the consortium agreement and that it complies with the "third-country partner" rules of the relevant grant.
3. Verify Member State Participation: Confirm that the consortium includes partners from at least three Member States. This is a hard requirement under Article 8(b). Failure to meet this threshold will result in the rejection of the application.
4. Review Data and Sovereignty Implications: Even as a subcontractor, your company may be subject to data protection and sovereignty requirements. Ensure that any data processing or model training activities comply with the GDPR and the specific data localization requirements that may apply to the project, especially if it involves sensitive or classified information.

Common misconceptions

• Misconception 1: "Any global tech company can apply if it has an office in Brussels."
  • Reality: Having an office is not enough. The entity must be legally eligible for funding under Union law, which often requires more than just a physical presence. It must meet the specific legal and financial criteria of the funding program and be established in a Member State.
• Misconception 2: "Frontier AI projects are open to international consortia like standard research grants."
  • Reality: While international cooperation is possible, the lead entity and the core consortium structure are heavily biased toward EU-based entities. The requirement for three Member States to participate and pool resources makes it difficult for a non-EU entity to lead the project.
• Misconception 3: "If we win the project, we can host the infrastructure anywhere."
  • Reality: The sovereignty framework of CADA, particularly the Union assurance levels, imposes strict requirements on where data and infrastructure are located. Frontier AI projects are likely to be subject to high assurance levels, requiring data and compute to remain within the EU.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• GDPR (Regulation (EU) 2016/679)
• Data Act (Regulation (EU) 2023/2854)
• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• Can a private company lead a frontier AI priority project under CADA?
• Why would a company want frontier AI priority project status under CADA?
• Who can apply for frontier AI priority project recognition under CADA?
• How can a CTO position a project for frontier AI priority recognition under CADA?
• Can frontier AI priority project status help with AI Act compliance?

This is general information about a draft EU regulation, not legal advice.