Summary Under the proposed Cloud and AI Development Act (CADA), customer data processed by a cloud service provider seeking Union assurance level 2 recognition must remain exclusively within the European Union. Annex II 2.1(c) of the proposal explicitly states that customer data, including metadata and telemetry, must "remain exclusively within the Union," unless the public sector body explicitly requires otherwise. Furthermore, Annex II 2.1(f) imposes an absolute prohibition on data generated by the service: such data must not be used to train or fine-tune any AI system operated by a third country and must not be transferred outside the Union "in any case."
Detail
The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, establishes a harmonised framework for cloud sovereignty designed to reduce the Union's strategic dependence on third-country providers. A cornerstone of this framework is the "Union assurance levels," a tiered system defined in Article 16 that sets cumulative criteria for cloud computing service providers wishing to serve Union entities and public sector bodies. To qualify for Union assurance level 2, a provider must undergo independent third-party audits and demonstrate strict adherence to the criteria set out in Annex II.
For legal counsel and compliance officers, the data residency and data usage restrictions at level 2 represent some of the most rigorous requirements in the proposal. These rules distinguish between "customer data" (which has a narrow exception) and "data generated by the service" (which has no exception).
Customer Data Residency: The "Explicit Requirement" Exception
The primary rule for customer data under Union assurance level 2 is strict localisation within the EU. Annex II 2.1(c) mandates that "the customer data, including metadata and telemetry data, that is processed, stored and transferred by the audited provider and the subcontractors which are involved in the provision of the service, remain exclusively within the Union."
This prohibition is not absolute in every conceivable scenario; the text provides one specific, narrow exception. The data may leave the Union only if "the public sector body explicitly requires otherwise." This phrasing establishes a default legal position of strict localisation. Any transfer of customer data to a third country requires a specific, explicit, and documented request from the contracting public authority. The cloud provider cannot unilaterally decide to route data outside the EU for processing, backup, disaster recovery, or any other operational reason without this explicit mandate.
Crucially, this rule applies at "any time, including before, during or after the configuration or use of the service." This ensures that data cannot be temporarily moved out of the EU for maintenance or optimization and then returned, nor can it be archived in a third country after the service contract ends, unless the public body has explicitly authorised such a lifecycle event.
Data Generated by the Service: The Absolute Ban
A second, distinct category of data is "data generated by using the audited service." This typically includes logs, telemetry, performance metrics, and usage patterns derived from the customer's interaction with the cloud platform. Annex II 2.1(f) imposes a zero-tolerance policy for this type of data regarding third-country AI training and external transfer.
The provision mandates that "the data generated by using the audited service are not used to train or fine-tune any AI system operated by a third country or a legal entity established in a third-country, and are not transferred outside the Union in any case."
Unlike the customer data rule in 2.1(c), there is no exception for public sector requests. Even if a public body were to request that generated data be sent abroad or used for AI training, the provider would be prohibited from complying if such action involved a third-country entity or transfer outside the Union. This is designed to prevent third-country actors from gaining competitive advantages, intelligence, or model improvements by leveraging data produced within the EU's sovereign cloud infrastructure. The phrase "in any case" leaves no room for derogation.
Scope: Providers and Subcontractors
These obligations apply not just to the primary cloud computing service provider but also to its entire supply chain. Annex II 2.1(a) requires that both the audited provider and the subcontractors involved in the provision of the service are established in the Union. Consequently, the data localisation rules in 2.1(c) and 2.1(f) extend to any third-party vendors, support teams, or infrastructure partners that have access to the data. If a subcontractor is involved in processing, storing, or transferring the data, they are bound by the same exclusive-in-the-Union requirement.
Audit and Verification
Because these are level 2 requirements, they are subject to independent third-party audits as per Article 20. Auditing organisations will examine technical architectures, data flow diagrams, and contractual clauses to verify that no mechanisms exist that could allow data to leave the EU or be used for foreign AI training. Providers must demonstrate effective technical and organisational separation between EU operations and any third-country subsidiaries or parent companies to ensure these rules are enforceable.
What this means for you
For in-house counsel, compliance officers in the public sector, and cloud service providers, these provisions create clear, non-negotiable technical and contractual obligations.
For Public Sector Procurement Officers
When procuring cloud services with Union assurance level 2, you can rely on the guarantee that your customer data will not leave the EU unless you explicitly request it. You must document any such requests carefully. If you do not explicitly require data to leave the Union, the provider is legally barred from doing so. This simplifies risk assessments regarding data sovereignty and extraterritorial access risks, such as those posed by laws like the US CLOUD Act, as the data physically cannot leave the EU without your direct instruction.
For Cloud Service Providers
You must architect your services to ensure that all data flows, including backups and disaster recovery, remain within EU borders. You need to implement strict data governance policies that separate "customer data" from "generated service data" and apply different controls. For generated data, you must ensure that your internal AI teams or third-country affiliates cannot access it for training purposes. Your contracts with subcontractors must explicitly mirror these Annex II obligations, and you must be prepared to provide auditors with evidence of these controls, such as network logs, access control lists, and data flow diagrams.
Penalties and Enforcement
Failure to comply with these sovereignty criteria can lead to the revocation of your Union assurance level recognition by the national competent authority of establishment (Article 17). Once recognised, providers must also notify authorities of any material changes that could affect their compliance (Article 23). Member States must lay down rules on penalties for infringements, which must be "effective, proportionate and dissuasive" (Article 24). While CADA itself does not set specific fine amounts for these technical breaches, it empowers Member States to impose significant financial penalties and allows recipients of the service to seek compensation for damages caused by non-compliance.
Common misconceptions
Misconception 1: "We can send data to a third country if we use encryption." This is incorrect. Annex II 2.1(c) requires data to remain "exclusively within the Union." Encryption does not change the physical location of the data. Even if the data is encrypted, if it is stored on servers located in a third country, it violates the level 2 criteria unless the public sector body explicitly requires that specific transfer.
Misconception 2: "Generated telemetry data can be sent to our global HQ for AI improvement." This is strictly prohibited under Annex II 2.1(f). Data generated by the service cannot be transferred outside the Union "in any case," nor can it be used to train AI systems operated by third-country entities. This blocks common industry practices of sending usage logs to a central global repository for model fine-tuning.
Misconception 3: "Level 2 is just about cybersecurity certification." While level 2 requires a European cybersecurity certificate of at least assurance level 'substantial' (Annex II 2.1(e)), it is much broader. It includes strict data localisation, personnel screening possibilities, software supply chain transparency, and the specific AI training prohibitions mentioned above. Cybersecurity is only one part of the sovereignty framework.
Related
- Why does CADA only allow associated third countries at Level 3?
- What is 'sensitive data' under CADA Level 4?
- CADA Level 4: Sensitive Data Risk Assessment & Strict Residency Rules
- CADA Data Training Ban: Can Cloud Providers Train AI on Customer Data?
- CADA Level 1 Data Residency: What the Proposal Requires
This is general information about a draft EU regulation, not legal advice.