Does CADA procurement apply to defence and law enforcement?

Summary Yes, as proposed, the Cloud and AI Development Act (CADA) procurement rules explicitly apply to defence, law enforcement, justice, and border management. Under Article 30(3), these sectors are classified as activities contributing to the preservation of public order. Consequently, contracting authorities in these fields must procure cloud services recognised at Union assurance levels 2, 3, or 4. This requirement is triggered by a mandatory risk assessment conducted by Member States to determine the specific assurance level needed for each use case, ensuring the infrastructure supporting these critical functions is resilient and sovereign.

Detail

The CADA proposal introduces a harmonised sovereignty framework for cloud computing services in the public sector, designed to mitigate risks associated with dependence on third-country providers. A central pillar of this framework is the mandatory procurement of cloud services that meet specific "Union assurance levels" (UALs). The applicability of these rules to sensitive sectors like defence and law enforcement is explicitly defined in the text, removing ambiguity about whether national security functions fall under EU procurement harmonisation.

Explicit Inclusion of Defence and Law Enforcement

Article 30(3) of the CADA proposal is the primary provision governing high-risk public sector procurement. It states that contracting authorities, including entities acting on their behalf, whose activities have been identified as contributing to the preservation of public order, must only procure cloud computing services recognised as having a Union assurance level 2, 3, or 4.

The text explicitly lists the sectors falling under this obligation:

"sectors falling under Annex I or II of Directive (EU) 2022/2555 and in the areas of national security, internal security, external border management, defence, justice or law enforcement, including the prevention, investigation, detection and prosecution of criminal offence."

This means that a ministry of defence, a national police force, a border agency, or a judicial body cannot simply procure a cloud service based on price or technical features alone. If the activity is deemed to contribute to public order—which the text strongly implies for these sectors—the service must be audited and recognised at a higher sovereignty tier (UAL 2, 3, or 4) rather than the baseline UAL 1. The inclusion of "justice" and "law enforcement" alongside "defence" ensures that the entire criminal justice chain, from investigation to prosecution, is covered by these stringent sovereignty requirements.

The Role of Risk Assessments

The trigger for applying UAL 2, 3, or 4 is not automatic for every IT purchase in these sectors but is determined through a risk assessment mechanism outlined in Article 29. By one year after the regulation's entry into force, and every two years thereafter, Member States and Union entities must carry out risk assessments. These assessments must:

1. Identify public sector activities that use or will use cloud computing services and contribute to the preservation of public order in the listed sectors (defence, law enforcement, etc.).
2. Determine which Union assurance level (2, 3, or 4) is appropriate for those specific activities.

The risk assessment considers the sensitivity, criticality, and magnitude of the data processed, including the risk of unlawful access by third countries and the risk of service disruption. For example, while general administrative IT for a defence ministry might be assessed differently than a system processing classified intelligence or operational border control data, both fall within the scope of the mandatory assessment and potential high-assurance procurement requirements. The Commission is empowered to specify the methodology for these assessments to ensure consistency across the Union.

Tiered Assurance Levels for Sensitive Data

The CADA framework distinguishes between four levels of assurance. While UAL 1 requires the provider to be established in the Union and data to remain in the Union, UALs 2, 3, and 4 introduce stricter cumulative criteria, particularly regarding third-country control and personnel.

• Union Assurance Level 2: Requires independent third-party audits. Providers must demonstrate that they are not subject to the control of a third country in a way that restricts service delivery or allows data access. Data generated by the service cannot be used to train AI systems operated by third countries.
• Union Assurance Level 3: Adds stricter personnel requirements, such as Union citizenship for staff involved in service provision. It also allows for the hosting of EU classified information. Providers subject to third-country control can only qualify if the Commission has adopted a specific implementing act for that country (under Article 18), confirming it meets strict safeguards against unauthorized access or service disruption.
• Union Assurance Level 4: The highest tier, requiring that the provider and its subcontractors are not subject to the control of a third country at all. It mandates Union citizenship for personnel, Union residency for support staff, and strict separation from any third-country subsidiaries. This level is designed for the most critical public order activities where absolute operational autonomy is required.

For defence and law enforcement, the risk assessment will likely often point towards UAL 3 or 4, especially when handling classified information or data critical to national security. Article 30(3) mandates that if the risk assessment identifies an activity as contributing to public order in these sectors, the authority shall only procure services recognised at levels 2, 3, or 4.

Interaction with National Security Exclusions

It is important to distinguish between the procurement of cloud services and the operation of military systems. The EU AI Act, which runs in parallel to CADA, excludes AI systems used exclusively for military, defence, or national security purposes from its scope (Recital 24 of the AI Act). However, CADA's sovereignty framework applies to the cloud infrastructure underpinning these activities. Even if the AI model itself is exempt from the AI Act's market rules, the cloud platform hosting it, if procured by a public authority, falls under CADA's procurement obligations if the activity is deemed to preserve public order. The CADA proposal aims to ensure that the infrastructure supporting these sensitive functions is resilient and sovereign, regardless of whether the applications running on them are subject to other regulatory regimes.

What this means for you

For public-sector procurement officers in defence, law enforcement, justice, and border management, the CADA proposal signals a fundamental shift in how cloud services are sourced.

1. Mandatory Risk Assessments: You must prepare for the mandatory risk assessments required by Article 29. These assessments will determine whether your specific use cases (e.g., evidence storage, operational command systems, personnel records) fall under the "preservation of public order" umbrella and dictate whether you need UAL 2, 3, or 4 services.
2. Supplier Qualification: You can no longer assume that major global hyperscalers automatically qualify for your most sensitive workloads. To procure at UAL 2, 3, or 4, providers must undergo rigorous independent audits and demonstrate strict separation from third-country control. You will need to verify that any tendered service is listed in the central repository of recognised services (Article 22) with the appropriate assurance level.
3. Transition Planning: If your current cloud providers do not meet UAL 2, 3, or 4 criteria, you will need to plan for migration. Article 29(6) allows for a reasonable transition period, not exceeding 12 months, to migrate to compliant services, taking into account technical feasibility and data portability.
4. Multi-Cloud Strategies: The proposal encourages considering multi-vendor or multi-cloud strategies (Article 29(9)) to enhance resilience. For defence and law enforcement, this may mean segmenting workloads across different sovereign providers to avoid single points of failure or dependency.

Common misconceptions

• "Defence is exempt from CADA." This is incorrect. While the AI Act excludes military AI systems from its scope, CADA's procurement rules explicitly include defence as an area contributing to public order (Article 30(3)). The cloud infrastructure supporting defence activities must meet the sovereignty requirements.
• "All public sector procurement requires UAL 3 or 4." No. Only activities identified through the risk assessment as contributing to the preservation of public order in the specified sectors (defence, law enforcement, etc.) require UAL 2, 3, or 4. Other public sector bodies not involved in these critical functions must procure at least UAL 1 (Article 30(2)).
• "Third-country providers can never be used in defence." They can, but only under strict conditions. For UAL 3, the Commission must adopt an implementing act recognising the third country as providing sufficient assurances (Article 18). For UAL 4, third-country control is prohibited. Without such recognition, third-country-controlled providers cannot offer services at these levels.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)

Related

• CADA Article 39: How buying through the Commission satisfies EU procurement law
• Does CADA procurement apply to Union institutions and bodies?
• Does CADA procurement apply to data centre services too?
• Do CADA procurement rules apply during the transition period?
• Will small public bodies be able to afford CADA procurement fees?

This is general information about a draft EU regulation, not legal advice.