Does CADA help SMEs avoid vendor lock-in through funding?

Summary As proposed, the Cloud and AI Development Act (CADA) does not provide direct, standalone funding grants specifically designed to help SMEs pay for the costs of migrating away from existing vendor lock-in. Instead, CADA establishes the Cloud and AI Leadership Initiatives (Article 3), which fund large-scale, cross-sectoral "grand challenges" to develop sovereign, open-source cloud and AI technologies. By supporting the development of open cloud stack technologies under Article 7(2)(g) and fostering a competitive European supply base, the proposal aims to create market conditions where SMEs can access credible, non-proprietary alternatives to non-EU hyperscalers. This structural approach indirectly mitigates long-term vendor lock-in risks by ensuring viable European alternatives exist, a factor the Impact Assessment notes will positively affect SME competitiveness.

Detail

The Strategic Approach: Building Alternatives, Not Just Subsidizing Migration

CADA's approach to vendor lock-in is structural rather than transactional. The proposal recognizes that the EU's dependence on a limited pool of third-country cloud providers—currently controlling over 70% of the market—creates critical external dependencies and risks to operational autonomy. To address this, CADA does not primarily focus on reimbursing SMEs for switching costs. Instead, it focuses on supply-side measures to build a robust, sovereign European cloud ecosystem.

The core mechanism is the Cloud and AI Leadership Initiatives, established under Article 3. These initiatives pursue the general objective of promoting research and innovation activities and achieving large-scale capacity throughout the Union's cloud and AI ecosystem. Specifically, Article 3(1)(a) supports the development and deployment of cutting-edge cloud technologies, including "open cloud computing stack technologies." By funding the creation of these stacks, the proposal seeks to reduce the market dominance of proprietary systems that often trap users in single-vendor environments.

Article 7 and the Mandate for Open Cloud Stacks

A critical provision for SMEs concerned with lock-in is Article 7, which requires Member States to adopt national cloud and AI strategies. These strategies must include specific measures to support technological sovereignty. Article 7(2)(g) explicitly mandates that national strategies include:

"measures to support the development of cloud computing stack technologies built upon open hardware and software to strengthen technological sovereignty and enhance the competitiveness of strategic European industries."

This provision is pivotal. Vendor lock-in often stems from proprietary, closed-source stacks that make migration technically difficult and economically prohibitive due to incompatible APIs and data formats. By requiring Member States to fund and support open hardware and software stacks, CADA aims to lower the technical barriers to entry and switching. When the underlying infrastructure is open, SMEs can more easily integrate multi-cloud strategies or migrate between providers without being trapped by proprietary constraints.

Funding Mechanisms and Grand Challenges

The funding for these initiatives is not distributed as direct SME grants for migration. Instead, it flows through large-scale, cross-sectoral initiatives addressing "grand challenges" (listed in Annex I). For example, Grand Challenge 2 focuses on "Cloud stacks," aiming to build end-to-end hardware and software cloud stacks, including AI tools, to bridge the Union's critical capacity gaps.

Article 6 outlines the implementation mechanisms, noting that these initiatives may be supported by funding from Union programmes such as Horizon Europe and the Digital Europe Programme. The proposal emphasizes that private-sector stakeholders should be encouraged to align their investment strategies with these initiatives. For SMEs, this means that while they may not receive a direct "lock-in exit grant," they will benefit from a market increasingly populated by interoperable, open-source solutions developed with public funding. This reduces the dominance of proprietary hyperscalers and creates a more level playing field.

Impact on SME Competitiveness

The Explanatory Memorandum and Impact Assessment highlight that current market fragmentation and dependence on non-EU providers disproportionately affect European SMEs, which often lack the bargaining power of large enterprises. By fostering a diverse set of cloud computing service providers and reducing the market share of non-EU incumbents, CADA aims to improve competition on quality, innovation, and price.

The proposal notes that the Data Act (which complements CADA) already addresses switching costs and interoperability. CADA builds on this by ensuring there are actually European alternatives to switch to. Without sovereign, open alternatives, switching remains a theoretical right rather than a practical option. CADA's funding of open stacks ensures that when SMEs do choose to switch, they have viable, secure, and compliant options that are not subject to the extraterritorial reach of third-country laws. The Impact Assessment specifically notes that these measures are expected to have positive effects on the competitiveness of SMEs by creating new market opportunities and reducing dependency on a limited number of non-EU providers.

Open Source as a Lever for Sovereignty

CADA places a particular emphasis on open source as a lever to boost technological sovereignty, in line with the EU Open Source Strategy. Article 41 encourages Union entities and public sector bodies to use and facilitate the reuse of open standards and components released under an open source licence. While this primarily targets public procurement, the resulting demand drives the development of open-source solutions that SMEs can also adopt. This reduces dependency on single vendors and limits the risk of vendor lock-in, as open-source solutions are inherently more portable and auditable.

What this means for you

For CTOs and Architects

• Focus on Interoperability: When designing your cloud architecture, prioritize solutions that align with the "open cloud computing stack" standards that CADA seeks to promote. This future-proofs your infrastructure against lock-in and positions you to leverage the sovereign alternatives that will emerge from CADA-funded projects.
• Monitor National Strategies: Keep a close eye on your Member State's national cloud and AI strategy (required by Article 7). These strategies will detail specific funding opportunities for open-source stack development that your organization may be able to join as a partner or adopter.
• Leverage Open Source: Evaluate open-source alternatives for your core cloud services. CADA's push for open hardware and software stacks means that support, documentation, and ecosystem maturity for these tools will likely improve significantly.

For SMEs Evaluating Practical Impact

• No Direct Migration Grants: Do not expect CADA to provide direct financial aid to cover the costs of migrating from a current proprietary cloud provider. The funding is directed at building the alternatives, not subsidizing the switch.
• Long-Term Cost Reduction: The indirect benefit for SMEs is a more competitive market. As more European providers offer open, interoperable services, the cost of switching and the risk of vendor lock-in will decrease. You will have more leverage in negotiations and more options for multi-cloud strategies.
• Participation in Consortia: SMEs with specialized expertise in open-source cloud technologies may be able to participate in the "grand challenges" funded under the Cloud and AI Leadership Initiatives. This is an opportunity to influence the development of the sovereign stack while gaining access to public funding and R&D resources.

Common misconceptions

• Misconception: CADA provides direct grants to SMEs to pay for cloud migration costs.
  • Reality: CADA funds the development of sovereign cloud infrastructure and open stacks. SMEs benefit from the resulting market competition and availability of alternatives, but there is no direct "migration subsidy" scheme in the proposal.
• Misconception: CADA bans non-EU cloud providers.
  • Reality: CADA does not ban non-EU providers. It establishes a sovereignty framework with four assurance levels (Article 16) and requires public sector bodies to procure from providers meeting these levels. This creates a strong market pull for European providers, indirectly reducing lock-in by making European alternatives more attractive and viable.
• Misconception: Vendor lock-in is only a pricing issue.
  • Reality: CADA addresses lock-in as a sovereignty and security issue. Proprietary stacks from third-country providers can expose EU data to extraterritorial access laws (e.g., US CLOUD Act). By funding open stacks, CADA aims to give SMEs control over their data and infrastructure, which is a deeper form of lock-in mitigation than just cost reduction.

Official sources

• Data Act (Regulation (EU) 2023/2854)

Related

• CADA for SMEs: Funding, Centres for AI, and National Strategies
• How does CADA coordinate funding to avoid duplication?
• Who decides which CADA projects get funding? Commission vs Member States
• IPCEI-CIS and CADA: How EU Funding Powers Sovereign Cloud
• GBER and CADA: How State Aid Exemptions Apply to Cloud & AI Funding

This is general information about a draft EU regulation, not legal advice.