Does a CADA risk assessment apply to AI systems as well as cloud services?

Summary No, the CADA risk assessment mechanism in Article 29 applies specifically to cloud computing services, not to AI systems themselves. As proposed, the regulation requires Member States and Union entities to assess which cloud services are needed for public-order activities to determine the required "Union assurance level." However, Article 32 introduces separate "Union added value" criteria that procurement officers must apply when purchasing innovative AI systems, creating a distinct but complementary compliance pathway for AI. While an AI system may run on a cloud service, the sovereignty risk assessment evaluates the infrastructure provider, not the algorithmic model.

Detail

The Cloud and AI Development Act (CADA) proposal, COM(2026) 502 final, establishes a clear functional separation between the sovereignty assessment of cloud infrastructure and the procurement criteria for AI technologies. To understand whether a risk assessment applies to your AI systems, it is necessary to examine the specific scope of Article 29 and how it interacts with the broader procurement framework under Articles 30 and 32.

Article 29 Targets Cloud Computing Services, Not AI Systems

The core risk assessment obligation under CADA is found in Article 29(1). This provision mandates that Member States and Union entities carry out risk assessments to identify public sector activities that contribute to the preservation of public order. The text of Article 29(1) explicitly states that these assessments must:

"(a) identify the public sector activities that use or will make use of cloud computing services, that contribute to the preservation of public order in sectors falling under Annex I or II of Directive (EU) 2022/2555 and in the areas of national security, internal security, external border management, defence, justice or law enforcement..."

The purpose of this assessment, as outlined in Article 29(1)(b), is to determine which Union assurance level (2, 3, or 4) is appropriate for the identified activities. The assurance levels themselves, defined in Annex II of the proposal, set out strict criteria for cloud computing service providers regarding data localization, personnel citizenship, cybersecurity certification, and absence of third-country control.

Therefore, the risk assessment in Article 29 is a tool to classify the infrastructure (cloud) upon which services run, not the application (AI) running on that infrastructure. An AI system, as defined in Article 2 of CADA, is distinct from a cloud computing service. While an AI system may be hosted on a cloud service, the sovereignty risk assessment evaluates the cloud provider's ability to protect data and ensure operational autonomy, not the algorithmic behavior or risk profile of the AI model itself. The AI Act (Regulation (EU) 2024/1689) remains the primary instrument for assessing the risks of the AI system itself.

The Role of Articles 30 and 32 in Procurement

While Article 29 does not assess AI systems directly, the procurement of AI systems is still subject to CADA's rules through Articles 30 and 32.

Article 30 dictates the procurement requirements based on the outcome of the Article 29 risk assessment. If a contracting authority's activities are identified as contributing to public order (e.g., defense or law enforcement), Article 30(3) requires them to procure cloud computing services that have been recognized as offering Union assurance levels 2, 3, or 4. This means that if you procure an AI system that is delivered via a cloud computing service (such as a SaaS AI platform), the underlying cloud service must meet the assurance level determined by your risk assessment. The AI system is effectively "wrapped" by the sovereignty requirements of the cloud it inhabits.

Article 32 introduces a separate set of obligations for the procurement of innovative cloud computing services and AI systems. This article requires contracting authorities to include non-price award criteria that evaluate the tenderer's contribution to the development of a European cloud and AI ecosystem. Specifically, Article 32(3) allows authorities to evaluate:

• The extent to which the tenderer contributes to strengthening the digital technology supply chain in the Union.
• The integration of technologies developed in the Union.
• Whether the service is delivered using hardware components designed or manufactured in the Union.

This provision effectively creates a "sovereignty premium" in procurement scoring for AI systems that rely on European supply chains, even though the AI system itself is not subjected to the Article 29 risk assessment. Article 32(2) clarifies that these criteria must be "ancillary and not decisive in the award of the contract," ensuring that technical and financial performance remain primary.

Why the Distinction Matters

The separation between cloud and AI in CADA reflects the different nature of the risks involved. The AI Act (Regulation (EU) 2024/1689) already imposes strict requirements on AI systems regarding safety, fundamental rights, and transparency. CADA's sovereignty framework addresses a different set of risks: dependence on third-country providers, potential extraterritorial data access, and operational disruption.

By focusing Article 29 on cloud services, CADA ensures that the infrastructure hosting sensitive public data is trustworthy. By focusing Article 32 on procurement criteria for both cloud and AI, it incentivizes the use of European technology stacks. Procurement officers must therefore apply two different lenses:

1. Risk Assessment (Article 29): Does the cloud service hosting my data meet the required sovereignty level for my public-order activity?
2. Procurement Criteria (Article 32): Does the AI system (or the cloud service) demonstrate European added value in its supply chain and development?

What this means for you

For public-sector procurement officers and compliance teams, this distinction requires a two-step compliance approach when acquiring AI solutions:

1. Map your activities to cloud assurance levels: Before procuring an AI system, you must have completed the risk assessment under Article 29 for your specific public sector activities. If your activity involves national security, law enforcement, or critical infrastructure, you likely require a cloud service with Union assurance level 3 or 4. You cannot procure an AI system hosted on a non-compliant cloud service, even if the AI system itself is innovative or cost-effective. The risk assessment determines the minimum cloud assurance level required for the procurement.
2. Apply European added value criteria: When drafting tender documents for AI systems, you must include the non-price award criteria mandated by Article 32. This means evaluating bidders not just on price and technical performance, but on their contribution to the European digital supply chain. You should ask suppliers about the origin of their hardware, the location of their R&D, and their use of Union-developed technologies.
3. Check the central repository: For cloud services, you must verify that the provider is listed in the central repository of recognized services (Article 22) with the appropriate assurance level. For AI systems, while there is no equivalent repository, you must ensure the procurement process aligns with the added value criteria and that the underlying cloud service meets the Article 30 requirements.

Common misconceptions

Misconception 1: "I need to risk-assess my AI model under CADA." This is incorrect. CADA's risk assessment (Article 29) applies to cloud computing services. The risk assessment for AI systems (e.g., fundamental rights impact, safety) falls under the AI Act, not CADA. CADA is concerned with where the AI runs and who controls the infrastructure, not how the AI decides.

Misconception 2: "If my AI system is open-source, it doesn't need to comply with CADA." While CADA promotes open source (Chapter V), the procurement rules still apply. If you procure an open-source AI system via a cloud service, the cloud service must still meet the assurance level determined by your Article 29 risk assessment. Furthermore, Article 32's added value criteria may favor open-source solutions that are developed and maintained within the Union, but the cloud infrastructure hosting them remains subject to sovereignty rules.

Misconception 3: "The Article 29 risk assessment covers all my IT spending." No. Article 29 is limited to cloud computing services used for activities contributing to public order. It does not cover standalone software licenses, on-premise servers, or AI systems hosted on private, non-cloud infrastructure. However, Article 32's procurement criteria apply broadly to innovative cloud and AI procurements, regardless of the public-order classification.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)

Related

• What penalties apply if a public body ignores its CADA risk assessment obligations?
• How does a CADA risk assessment determine when to migrate cloud services?
• Does a CADA risk assessment apply to Union institutions like the Commission?
• Why is the CADA risk assessment described as a risk-based and context-specific approach?
• When is the first CADA risk assessment due?

This is general information about a draft EU regulation, not legal advice.