Does CADA apply to AI systems and AI providers, not just cloud?

Summary Yes. As proposed, the Cloud and AI Development Act (CADA) reaches AI systems and their providers, not just cloud infrastructure. It defines an "AI system" by reference to the EU AI Act, adds its own definitions for "frontier AI" and "AI agents," supports frontier-AI development through the Cloud and AI Leadership Initiatives, and extends procurement rules to AI systems. For example, Article 32 requires contracting authorities to apply "Union added value" criteria when procuring innovative AI systems, and Article 8 sets the criteria for recognising frontier AI priority projects. The aim is to strengthen the whole ecosystem so that AI development, deployment, and procurement align with EU sovereignty goals.

Detail

CADA is sometimes characterised as a regulation only for data centres and cloud hosting. As proposed, its scope is broader, integrating AI into its core objectives. To see the practical impact, look at how CADA would define AI, how it would support AI development, and how it would shape AI procurement.

AI systems are explicitly defined and included

Article 2(3) defines an 'AI system' by reference to the AI Act: "'AI system' means an AI system as defined in Article 3, point (1), of Regulation (EU) 2024/1689." This cross-reference keeps CADA's scope aligned with the AI Act's definition.

CADA also adds its own definitions for emerging categories. Article 2(4) defines 'frontier AI' as "AI models or AI systems built upon such models that can perform a wide variety of tasks and that approach, reach or exceed the current state of the art." Article 2(5) defines an 'AI agent.' These definitions matter because they trigger specific support mechanisms within the proposal.

By anchoring its core AI definition in the AI Act and adding strategic technical categories, CADA would apply its measures across the spectrum of AI technologies.

The AI Leadership Initiative and frontier AI projects

CADA would not just touch AI; it would actively support its development through the Cloud and AI Leadership Initiatives (Article 3), one of whose operational objectives (Article 4) is advancing the Union's capabilities in frontier AI.

A key component is the recognition of frontier AI priority projects. Article 8 sets the criteria: the Commission may, by decision, recognise as a frontier AI priority project a project selected through an open call for expressions of interest that supports grand challenge 3 in Annex I, provided it (a) is a pioneering project focused on supporting and scaling up frontier AI technologies; (b) is undertaken by a European digital infrastructure consortium (or another legal entity eligible for Union funding) and involves at least three Member States; and (c) involves participating Member States pooling computing time and other relevant resources.

Article 9 reinforces this: the Union and Member States would ensure that sufficient AI computing resources from their compute capacities are allocated to support frontier AI priority projects, within available capacity. The Union would aim to at least match Member State contributions, to the extent sufficient capacity is available within the Union's share of European high-performance computing access time.

Procurement rules extend to AI systems

One of the most immediate impacts is in public procurement. Article 32 provides that in public procurement procedures for innovative cloud-computing services and AI systems, contracting authorities shall include, as part of the quality evaluation, non-price award criteria that let them evaluate the tenderer's contribution to a European cloud and AI ecosystem.

In practice, when public bodies buy innovative AI systems, they would also evaluate, for example:

• The extent to which the tenderer strengthens the Union's digital-technology supply chain, including the use of software or hardware designed or manufactured in the Union.
• Whether the tenderer has integrated technologies developed in the Union, including results from Union-funded R&D.
• Whether the innovation required to deliver the service strengthens the security of supply and the development of a European cloud and AI ecosystem.

Under Article 32(2), these non-price criteria must remain ancillary and not decisive in the award. Still, the provision would create a market incentive for AI providers to align their development and supply chains with EU-based technologies.

Sovereignty framework and the cloud-AI boundary

The sovereignty framework (Union assurance levels) primarily targets cloud-computing services. But because a "cloud computing service" can encompass on-demand access to AI systems hosted and operated remotely, AI delivered as a cloud service would fall within the framework's reach. Note the boundary set in Recital 10: only the delivery and making available of an AI system forms part of the service — the AI system itself and its underlying model are excluded from that definition. So if you offer AI to public-sector bodies with critical data needs, your underlying cloud must meet the relevant Union assurance level, even though the model itself is governed by the AI Act, not CADA.

What this means for you

For CTOs, architects, and SMEs, CADA's reach into AI has concrete implications:

1. Procurement strategy. If you target the public sector, prepare for Article 32 criteria. Document EU-developed components, local supply-chain contributions, and integrated EU technologies; demonstrable "European added value" would be an advantage in tenders for innovative services.
2. Frontier AI opportunities. If you build state-of-the-art models, assess whether your project could qualify as a frontier AI priority project under Article 8 — which requires backing grand challenge 3, a European digital infrastructure consortium (or another Union-funding-eligible entity), at least three Member States, and pooled compute. Qualification could unlock prioritised AI computing resources under Article 9.
3. Cloud-AI integration. Because remotely hosted, on-demand AI forms part of the cloud-service definition, your hosting choices matter. If you serve public-sector bodies, ensure your cloud meets the necessary Union assurance level.
4. Supply-chain transparency. Be ready to document your AI supply chain. CADA's emphasis on European added value and sovereignty means the origin of your components and infrastructure would be scrutinised.

Common misconceptions

• "CADA is only for data centres." It includes significant data-centre provisions (acceleration zones, permitting), but it also defines AI, supports frontier AI, and applies procurement rules to AI systems.
• "AI providers are only regulated by the AI Act." The AI Act focuses on safety, fundamental rights, and market access. CADA focuses on sovereignty, supply-chain resilience, and procurement. Providers must consider both.
• "Frontier AI is just a buzzword in CADA." Article 2(4) gives it a definition, and Articles 8-9 create a concrete mechanism for recognition and compute allocation.
• "Sovereignty levels don't apply to AI." The assurance levels are for cloud services, but remotely hosted AI is part of the cloud-service definition (the underlying model excepted), so the sovereignty of the hosting layer affects eligibility for public-sector contracts.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)

Related

• Does CADA apply to non-EU cloud providers?
• Does CADA apply to cloud service providers?
• Why is the EU dependent on non-EU cloud providers?
• Who does the Cloud and AI Development Act (CADA) apply to?
• When does CADA enter into force and start to apply?

This is general information about a draft EU regulation, not legal advice.