Can frontier AI priority project status help with AI Act compliance?

Summary No, recognition as a "frontier AI priority project" under the proposed Cloud and AI Development Act (CADA) does not grant exemptions from the EU AI Act (Regulation (EU) 2024/1689). CADA Article 8 is strictly an investment and capacity-building mechanism designed to secure compute resources and support strategic development; it does not alter the regulatory baseline. Projects recognized under CADA must comply with both frameworks simultaneously: CADA facilitates access to infrastructure, while the AI Act imposes binding safety, transparency, and governance obligations on providers of general-purpose AI (GPAI) models and high-risk systems. There is no "regulatory holiday" for priority projects.

Detail

The proposed Cloud and AI Development Act (CADA) and the EU AI Act serve distinct but complementary policy goals within the EU's digital strategy. CADA focuses on strengthening the Union's technological sovereignty, increasing compute capacity, and reducing dependence on third-country providers. The AI Act focuses on ensuring that AI systems placed on the market or put into service are safe, transparent, and respect fundamental rights.

CADA Article 8: Criteria for Frontier AI Priority Projects

Under CADA, the Commission may recognize certain projects as "frontier AI priority projects" to prioritize them for EU and Member State compute resources. Article 8 of the CADA proposal sets out specific criteria for this recognition. To qualify, a project must:

1. Be a pioneering project focused on the support and scaling-up of frontier AI technologies;
2. Be undertaken by a European digital infrastructure consortium (EDIC) established pursuant to Decision (EU) 2022/2481 or another legal entity eligible for funding under Union law; and
3. Involve the participation of at least three Member States.

The primary benefit of this recognition is resource allocation, not regulatory relief. Article 9 of CADA mandates that the Union and Member States ensure sufficient AI computing resources are allocated to support these designated projects, matching Member State contributions within the limits of available European high-performance computing (EuroHPC) capacity. This is a supply-side intervention aimed at ensuring European developers have access to the massive computational power required for frontier AI training.

The AI Act: Obligations for General-Purpose AI and Systemic Risk

The AI Act applies to providers of general-purpose AI (GPAI) models and those posing systemic risks, regardless of their status under CADA. If a frontier AI priority project involves the development of a GPAI model, the provider must comply with Chapter V of the AI Act.

Key obligations include:

• Technical Documentation: Providers must draw up and keep up-to-date technical documentation, including information on training data, architecture, and capabilities (Article 53 of the AI Act).
• Transparency: Providers must make available information to downstream providers who intend to integrate the model into their AI systems (Article 53(1)(b) of the AI Act).
• Copyright Compliance: Providers must put in place a policy to comply with Union copyright law, including identifying and complying with reservations of rights (Article 53(1)(c) of the AI Act).
• Training Data Summary: Providers must draw up and make publicly available a sufficiently detailed summary of the content used for training the model (Article 53(1)(d) of the AI Act).

Furthermore, if the model meets the threshold for high-impact capabilities (currently presumed when cumulative computation exceeds $10^{25}$ floating-point operations), it is classified as a GPAI with systemic risk. This triggers additional obligations under Article 55 of the AI Act, such as:

• Performing model evaluation, including adversarial testing;
• Assessing and mitigating systemic risks;
• Reporting serious incidents; and
• Ensuring adequate cybersecurity protection.

No Exemption: Investment vs. Regulation

It is crucial to understand that CADA and the AI Act operate in parallel. Article 8 of CADA is a mechanism for strategic investment and capacity building. It does not alter the regulatory baseline established by the AI Act. A project recognized under CADA Article 8 remains subject to all applicable AI Act requirements.

The CADA proposal explicitly states that it reinforces key objectives of the AI Act. The explanatory memorandum notes that the AI Act "harmonises rules for AI systems and general-purpose AI models to be placed on the EU market" and "ensures a high level of protection of health, safety and fundamental rights," while CADA addresses aspects of sovereignty and capacity. There is no provision in CADA that waives, suspends, or modifies AI Act obligations for priority projects. On the contrary, the EU's approach is to foster a robust ecosystem where innovation (supported by CADA) occurs within a trusted framework (enforced by the AI Act).

Penalties and Enforcement

Non-compliance with the AI Act carries significant penalties. Under Article 99 of the AI Act, non-compliance with obligations for providers of GPAI models (including those with systemic risks) can result in administrative fines of up to €15 million or 3% of total worldwide annual turnover for the preceding financial year, whichever is higher. Breaches of the prohibited practices under Article 5 of the AI Act can lead to fines of up to €35 million or 7%.

CADA also introduces its own enforcement mechanisms for cloud computing sovereignty and data centre deployment, but these are separate from AI Act penalties. A frontier AI priority project could theoretically face scrutiny from both the AI Office (for AI Act compliance) and national competent authorities under CADA (for cloud sovereignty and audit compliance), depending on the specific services and infrastructure involved.

What this means for you

For in-house counsel and compliance officers at organizations developing frontier AI, the following steps are essential:

1. Separate Compliance Tracks: Maintain distinct compliance programs for CADA and the AI Act. Do not assume that securing CADA priority status simplifies AI Act obligations. In fact, the resources gained from CADA support may enable more rigorous AI Act compliance (e.g., through better tools for adversarial testing and documentation).
2. Document for Both Regimes: Ensure your technical documentation satisfies both CADA's requirements for priority project recognition (demonstrating pioneering nature and multi-Member State involvement) and the AI Act's detailed requirements for GPAI and systemic risk models.
3. Monitor Compute Allocation: If your project is recognized under CADA Article 8, leverage the guaranteed access to EuroHPC and other EU compute resources. However, ensure that the use of these resources does not inadvertently create new compliance issues regarding data residency or sovereignty, which are separate CADA concerns (Articles 16–24).
4. Engage with Authorities Early: The AI Office and national competent authorities under CADA may have overlapping interests. Proactive engagement can help align your development roadmap with both the strategic goals of CADA and the safety requirements of the AI Act.

Common misconceptions

Misconception 1: "Frontier AI priority project status exempts us from AI Act transparency obligations." False. CADA Article 8 is purely about resource allocation and strategic recognition. It does not provide any exemption from the AI Act's requirements for technical documentation, training data summaries, or copyright compliance.

Misconception 2: "If we comply with CADA, we don't need to worry about the AI Act's systemic risk rules." False. The AI Act's systemic risk rules (Article 55) apply based on the model's capabilities and impact, not its funding or priority status. A CADA-recognized project that exceeds the compute threshold for systemic risk must still perform adversarial testing and report serious incidents.

Misconception 3: "CADA and the AI Act are competing frameworks." False. They are complementary. CADA builds the infrastructure and capacity; the AI Act ensures that the AI developed on that infrastructure is safe and trustworthy. The CADA proposal explicitly references the AI Act as a foundational element of the EU's AI strategy.

Misconception 4: "Only EU-based entities can benefit from CADA Article 8." While CADA emphasizes European sovereignty, the criteria in Article 8 focus on the legal structure (EDIC or eligible entity) and participation of at least three Member States. Third-country entities may participate if they are part of an eligible consortium, but they must still comply with the AI Act if they place models on the EU market.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• Why would a company want frontier AI priority project status under CADA?
• Who can apply for frontier AI priority project recognition under CADA?
• What is a frontier AI priority project under the EU Cloud and AI Development Act (CADA)?
• What does 'pioneering project' mean for frontier AI priority project status?
• Is frontier AI priority project status a grant, a label, or compute access?

This is general information about a draft EU regulation, not legal advice.