Does CADA affect competition law beyond State aid?

Summary As proposed, the Cloud and AI Development Act (CADA) does not override, replace, or suspend EU competition law. Recital 90 of the proposal explicitly states that the regulation is "without prejudice to the application of Articles 101 and 102 TFEU, and to the enforcement powers of competition authorities." This means that while CADA introduces new sovereignty frameworks and procurement mandates, cloud providers and public sector bodies must simultaneously comply with strict antitrust prohibitions on cartels, collusion, and abuse of dominance. Compliance with CADA's technical or sovereignty requirements offers no "safe harbour" from competition law enforcement.

Detail

The relationship between the proposed Cloud and AI Development Act (CADA) and the EU's foundational competition rules is one of strict coexistence, not substitution. CADA is designed to address market failures related to strategic autonomy, data sovereignty, and infrastructure capacity. However, it was drafted with a clear understanding that these goals must not come at the expense of a contestable single market. The proposal carefully carves out the domain of competition law to ensure that the drive for sovereignty does not inadvertently shield anti-competitive behavior.

Recital 90: The Explicit Safeguard for Competition Law

The primary legal anchor for this interaction is Recital 90 of the CADA proposal. It serves as a definitive interpretative guide, stating unequivocally:

"This Regulation should be without prejudice to the application of Articles 101 and 102 TFEU, and to the enforcement powers of competition authorities."

This recital is not merely a formality; it is a substantive guarantee. It confirms that the new obligations imposed by CADA—such as the requirement for public authorities to procure only from providers with specific "Union assurance levels" (Article 30) or the use of "Union added value" award criteria (Article 32)—do not grant cloud providers or public buyers immunity from antitrust scrutiny.

If a cloud provider engages in collusive bidding to secure a contract awarded under CADA's framework, or if a dominant provider uses its market position to exclude competitors in violation of the Treaty on the Functioning of the European Union (TFEU), those actions remain illegal. The "without prejudice" clause ensures that the administrative recognition of a provider under CADA's sovereignty framework (e.g., Article 17) does not validate anti-competitive conduct.

Articles 101 and 102 TFEU Remain Fully Applicable

The CADA proposal does not alter the substantive scope or application of the core competition provisions of the TFEU.

Article 101 TFEU prohibits agreements between undertakings, decisions by associations of undertakings, and concerted practices which may affect trade between Member States and which have as their object or effect the prevention, restriction or distortion of competition within the internal market.

Article 102 TFEU prohibits any abuse by one or more undertakings of a dominant position within the internal market or in a substantial part of it, insofar as it may affect trade between Member States.

For in-house counsel and compliance teams, this means that standard antitrust compliance programs must remain active and rigorous. The introduction of new public procurement channels, such as the Commission's role as a central purchasing body (Article 37), does not exempt participating providers from the obligation to act independently in their pricing, tendering, and market strategies.

The cloud computing market is currently characterized by high concentration, with a limited pool of third-country providers controlling a significant share of the European market. The European Commission has already opened market investigations under the Digital Markets Act (DMA) to assess whether certain cloud providers should be designated as gatekeepers. CADA operates in parallel to the DMA and the general competition framework. Recital 90 ensures that CADA's sovereignty measures do not inadvertently create monopolies or facilitate anti-competitive behavior.

Specific Risks in the CADA Context

The interaction between CADA's specific mechanisms and competition law creates distinct risk areas that require careful navigation:

• Collusion Risks in Recognition Processes: The process for obtaining "Union assurance levels" (Article 17) involves audits and interactions with national competent authorities. If cloud providers were to use this administrative process to coordinate prices, divide markets, or exchange sensitive commercial information, this would constitute a violation of Article 101 TFEU. The recognition process is an administrative compliance mechanism, not a cartel exemption.
• Abuse of Dominance via Technical Requirements: A dominant cloud provider cannot use CADA's technical requirements—such as data localisation rules in Annex II or personnel citizenship requirements—as a pretext to exclude smaller competitors if those requirements are applied arbitrarily, disproportionately, or in a way that forecloses the market. Such conduct could be scrutinized under Article 102 TFEU.
• Joint Procurement and Information Exchange: Under Article 37, the Commission may act as a central purchasing body. While this aims to aggregate demand, participating entities and providers must ensure that information exchanges during these procedures do not cross the line into anti-competitive coordination. The "without prejudice" clause ensures that competition authorities retain the power to investigate such conduct.

Competition authorities, including the European Commission's DG COMP and national competition authorities, retain their full investigative and enforcement powers. They can investigate cloud providers for anti-competitive conduct even if those providers are fully compliant with CADA's sovereignty and procurement rules.

Distinction from State Aid Rules (Articles 107 and 108 TFEU)

It is essential to distinguish between general competition law (Articles 101/102) and State aid rules (Articles 107/108 TFEU). CADA interacts with both, but through distinct "without prejudice" clauses.

Recital 89 addresses State aid, stating: "If any of the measures provided for by this Regulation constitute State aid, the provisions concerning such measures are without prejudice to the application of Articles 107 and 108 TFEU."

CADA includes several measures that could potentially qualify as State aid, such as:

• The designation of "data centre strategic projects" (Article 14), which may receive public support.
• The establishment of the EuroCloud Federation (Article 34), which involves the sharing of capacity between public entities.
• Common procurement activities led by the Commission (Article 37).

While Recital 89 preserves the application of State aid rules, it does not automatically mean every CADA measure is illegal State aid. Instead, it mandates that any public financial support or advantage granted under CADA must still be notified to and approved by the European Commission if it meets the criteria for State aid under Article 107(1) TFEU.

However, this is distinct from competition law. Articles 101 and 102 regulate the behavior of companies in the market (e.g., pricing, market sharing), whereas Articles 107 and 108 regulate the financial support provided by governments. CADA's "without prejudice" clauses ensure that neither area is compromised by the other. A measure could be compliant with CADA's sovereignty goals but still require State aid notification, while a separate anti-competitive agreement by the same provider would be prosecuted under Articles 101/102.

What this means for you

For in-house counsel, compliance officers, and public procurement teams, the coexistence of CADA and competition law requires a dual-track compliance strategy.

1. Maintain Antitrust Firewalls: Ensure that your sales, procurement, and strategic planning teams understand that participation in CADA-driven initiatives (such as the EuroCloud Federation or common procurement) does not relax antitrust rules. Information exchange with competitors must be strictly limited to what is necessary for the specific CADA-compliant activity and must never cover future pricing, production, or market allocation.
2. Monitor Procurement Conduct: When bidding for contracts that use CADA's "Union added value" criteria (Article 32), ensure your bids are independent. Any coordination with other bidders, even informal discussions regarding the interpretation of sovereignty criteria, risks violating Article 101 TFEU.
3. State Aid Compliance for Public Entities: For public sector bodies, verify that any support provided to cloud projects under CADA (e.g., funding for data centre strategic projects under Article 14) is structured to avoid unlawful State aid. This may require prior notification to the Commission under Article 108 TFEU.
4. Risk Assessments: Integrate competition law risks into your broader CADA risk assessments. While Article 29 requires risk assessments for sovereignty and public order, ensure that these assessments do not inadvertently lead to anti-competitive exclusions that could trigger Article 102 TFEU scrutiny.
5. Documentation: Keep clear records of decision-making processes related to CADA compliance. In the event of a competition authority investigation, demonstrating that decisions were made based on legitimate CADA criteria (e.g., security, sovereignty, public order) rather than anti-competitive intent will be crucial for defense.

Common misconceptions

• Misconception 1: CADA creates a new competition regime.
  • Reality: CADA is a sectoral regulation focused on sovereignty, capacity, and procurement. It does not create new competition rules or replace the TFEU. Articles 101 and 102 TFEU remain the primary legal basis for antitrust enforcement.
• Misconception 2: Compliance with CADA exempts companies from antitrust liability.
  • Reality: Recital 90 explicitly states that CADA is without prejudice to Articles 101 and 102 TFEU. A company can be fully CADA-compliant and still be found to have violated competition law.
• Misconception 3: State aid and competition law are the same in CADA.
  • Reality: While both are preserved by "without prejudice" clauses (Recitals 89 and 90), they address different issues. State aid (Articles 107/108) concerns government subsidies and advantages. Competition law (Articles 101/102) concerns company behavior in the market. CADA's measures may trigger State aid notifications, but they do not change the antitrust landscape.
• Misconception 4: The Commission's role in procurement removes competition oversight.
  • Reality: The Commission's role as a central purchasing body (Article 37) is administrative. It does not strip competition authorities of their power to investigate anti-competitive conduct among the providers participating in those procurements.

Related

• GBER and CADA: How State Aid Exemptions Apply to Cloud & AI Funding
• CADA and State Aid: How Articles 107 & 108 TFEU Apply
• How do State aid rules apply to data centre strategic projects under CADA?
• How do EU State aid rules interact with CADA?
• Does CADA override or exempt anything from EU State aid rules?

This is general information about a draft EU regulation, not legal advice.