Can EU classified information be hosted under CADA assurance levels 3 and 4?

Summary Under the proposed Cloud and AI Development Act (CADA), Union assurance levels 3 and 4 explicitly enable the secure hosting of EU classified information. However, this capability is not automatic; it is strictly contingent upon a Member State or Union entity conducting a risk assessment under Article 29 that identifies the activity as contributing to the preservation of public order. Recital 62 clarifies that while Member States retain the discretion to classify data sensitivity, the framework ensures that levels 3 and 4 provide the necessary technical and sovereignty criteria to host such information securely. Consequently, procurement of cloud services for classified data must be restricted to providers formally recognized at these higher assurance levels.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a harmonized Union cloud computing sovereignty framework to mitigate risks arising from dependencies on third-country providers. Central to this framework are four "Union assurance levels" (1 to 4), which define the cumulative criteria a cloud computing service must meet to be recognized as trustworthy for public sector use. The ability to host EU classified information is specifically tied to the highest tiers of this framework.

The Legal Basis: Risk Assessments and Public Order

The gateway to hosting classified information is the risk assessment mechanism mandated by Article 29. This article requires Member States and Union entities to carry out risk assessments to determine which public sector activities contribute to the preservation of public order.

Under Article 29(1), these assessments must:

1. Identify public sector activities using cloud computing services that contribute to preserving public order in sectors falling under Annex I or II of Directive (EU) 2022/2555 (NIS2), as well as in areas of national security, internal security, external border management, defence, justice, or law enforcement.
2. Determine which Union assurance level (2, 3, or 4) is appropriate for those identified activities.

Article 29(2) further stipulates that these assessments must consider the "sensitivity, criticality, and magnitude of the non-personal data processed," including the potential impact on public order and the risk of unlawful access by a third country. It is this specific determination of sensitivity and public order relevance that triggers the requirement for higher assurance levels.

Recital 62: The Link to Classified Information

The relationship between the assurance levels and classified information is explicitly defined in Recital 62 of the proposal. The recital states:

"Whereas the determination of the level of sensitivity of information that may be hosted in a cloud computing service that offers a Union assurance level lies within the competence and discretion of the Member States, to provide consistency across the Union, Union assurance levels 3 and 4 should allow for the secure hosting of EU classified information."

This provision serves two critical functions:

1. Preservation of National Competence: It confirms that the specific act of classifying data (e.g., assigning a "SECRET" or "CONFIDENTIEL" label) remains within the discretion of Member States and Union entities, consistent with existing classification frameworks.
2. Technical Validation: It establishes that the criteria embedded in assurance levels 3 and 4 are sufficient to meet the security requirements for hosting EU classified information. Without this explicit link, the framework would lack the necessary legal certainty for public bodies to migrate sensitive classified workloads to the cloud.

Distinctions Between Assurance Level 3 and Level 4

While both levels 3 and 4 are capable of hosting classified information, the criteria in Annex II differ significantly in strictness, particularly regarding personnel, third-country control, and cybersecurity certification.

Union Assurance Level 3

Level 3 is designed for high-sensitivity environments but includes a specific derogation mechanism for third-country control. Key criteria include:

• Establishment and Location: The provider and subcontractors must be established in the Union, with infrastructure, assets, and personnel located in the Union.
• Personnel: Personnel involved in the provision of the service must be Union citizens. Where appropriate, personnel handling classified information must possess the necessary national security clearance issued by a Member State.
• Third-Country Control: Generally, the provider must not be subject to the control of a third country. However, Article 18 allows for a derogation where the Commission adopts an implementing act identifying a third country as providing sufficient assurances. If such a decision exists, a provider subject to third-country control may still qualify for Level 3, provided strict safeguards prevent unauthorized access, service disruption, or the enforcement of restrictive measures.
• Cybersecurity: The service must obtain a European cybersecurity certificate of at least assurance level 'substantial' under a scheme established under Regulation (EU) 2019/881. Until such a scheme is established, national schemes or the highest applicable Union standards apply.

Union Assurance Level 4

Level 4 represents the highest tier of assurance, intended for the most critical public order activities. It imposes stricter controls than Level 3:

• Personnel: Similar to Level 3, personnel must be Union citizens with necessary security clearances for classified information.
• Third-Country Control: Unlike Level 3, there is no derogation for third-country control. The provider and subcontractors must not be subject to the control of a third country or a legal entity established in a third country. This eliminates the possibility of relying on Commission-identified third-country safeguards.
• Cybersecurity: The service must obtain a European cybersecurity certificate of at least assurance level 'high'.
• Software Supply Chain: Level 4 requires measures to retain effective control over software components, ensuring that a third country does not hold or exercise effective control over the design, development, maintenance, and evolution of those components.

Procurement Obligations

The risk assessment outcome directly dictates procurement rules under Article 30.

• Article 30(2) mandates that public sector bodies whose activities are not identified as contributing to public order must use services recognized at Union assurance level 1.
• Article 30(3) requires that contracting authorities whose activities are identified as contributing to public order (which includes those handling classified information) must only procure cloud computing services recognized as having Union assurance level 2, 3, or 4.

Therefore, if a risk assessment under Article 29 determines that a specific use case involves EU classified information requiring the highest protection, the procurement documents must restrict bids to providers holding recognition for assurance level 3 or 4. Procuring a level 1 or 2 service for such data would constitute a violation of the proposed CADA framework.

What this means for you

For public-sector procurement officers, IT decision-makers, and security officers, the ability to host EU classified information under CADA assurance levels 3 and 4 offers a pathway to modernize infrastructure while maintaining security. However, this requires a disciplined, multi-step approach:

1. Execute the Risk Assessment First: Before issuing any tender, you must complete the risk assessment mandated by Article 29. This assessment must explicitly evaluate the sensitivity of the data (including its classified status) and the criticality of the activity. The outcome of this assessment is the legal basis for determining the minimum assurance level required.
2. Select the Correct Level: Based on the risk assessment, decide whether Level 3 (allowing third-country control under specific Commission safeguards) or Level 4 (strictly no third-country control) is appropriate. For the most sensitive national security data, Level 4 is likely required to eliminate residual risks of foreign influence.
3. Verify Recognition in the Central Repository: Do not rely on marketing claims. You must check the central repository of recognized services (maintained by the Commission under Article 22) to confirm that the provider holds a valid recognition for the specific assurance level (3 or 4) required by your risk assessment.
4. Validate Personnel Clearances: Since Annex II requires personnel to be Union citizens and hold national security clearances for classified work, ensure that your national security authorities are involved early to validate that the provider's personnel screening processes meet your specific national requirements.
5. Monitor for Material Changes: Under Article 23, providers must report material changes that could affect their assurance level. Procurement contracts should include clauses allowing for termination or remediation if a provider's recognition is revoked or downgraded.

Common misconceptions

Misconception 1: Assurance Level 3 is sufficient for all classified data. While Recital 62 states that both levels 3 and 4 allow for the hosting of EU classified information, the choice between them depends on the specific risk assessment. Level 4 is strictly more demanding, particularly regarding the absolute prohibition of third-country control. For the most sensitive national security data, a risk assessment may determine that Level 4 is necessary to eliminate any residual risk of foreign influence, whereas Level 3 might be sufficient for lower-tier classified information where third-country control is mitigated by Commission-approved safeguards.

Misconception 2: Cybersecurity certification alone guarantees classified hosting. Holding a European cybersecurity certificate (e.g., under the EUCS) is a prerequisite for levels 3 and 4, but it is not sufficient on its own. CADA's assurance levels include non-technical sovereignty criteria, such as data localization, personnel citizenship, and the absence of third-country control. A service might be highly secure from a cyber perspective but fail the sovereignty criteria required for classified hosting.

Misconception 3: Member States can ignore the assurance levels for classified data. Recital 62 clarifies that while Member States determine the sensitivity of their information, the assurance levels provide the harmonized technical framework for hosting it. A Member State cannot decide that a Level 1 service is sufficient for EU classified information if the risk assessment under Article 29 dictates a higher level. The framework is designed to prevent fragmentation and ensure a consistent baseline of trust across the Union.

Official sources

• Cybersecurity Act (Regulation (EU) 2019/881)

Related

• How should data sensitivity be classified for CADA assurance levels?
• CADA Public-Order Test: How Risk Assessments Gate Assurance Levels 2–4
• Can the Commission request information from cloud providers for CADA risk assessments?
• Can a contracting authority skip the assurance level required by a CADA risk assessment?
• Can a CADA risk assessment require a higher assurance level over time?

This is general information about a draft EU regulation, not legal advice.