Does CADA require public bodies to report procurement to the EU annually?

Summary Under the proposed Cloud and AI Development Act (CADA), individual public bodies (contracting authorities) do not report procurement data directly to the European Commission on an annual basis. Instead, the obligation falls on Member States to collect, aggregate, and submit a consolidated yearly report. This requirement is explicitly set out in Article 33(3) of the proposal. The annual report must detail the size of economic operators participating in innovation procurement, trends in Small and Medium-sized Enterprise (SME) participation (including contract values and cross-border shares), and specific measures taken to improve SME access. This data feeds the national strategy required under Article 7 and tracks progress toward the target of awarding at least 25% of innovation procurement to SMEs.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, introduces a specific monitoring framework to ensure that public procurement drives innovation and strengthens the European cloud and AI ecosystem. While the Act imposes obligations on contracting authorities to promote SME participation and apply Union added-value criteria, the reporting mechanism is designed as a top-down national responsibility rather than a direct submission from every public buyer to the EU.

The Reporting Chain: From Local Buyer to Member State

A critical distinction in Article 33 is the separation of duties between the contracting authority and the Member State. Article 33(1) states: "Member States shall monitor and report on their use of procurement of innovation in cloud computing services and AI systems."

This means that while a local municipality or a national ministry must conduct the procurement and record the results, they do not send these records directly to the Commission. Instead, they must provide the necessary data to their national government. The Member State is then responsible for aggregating this information from all relevant public buyers across its territory to compile a single, comprehensive report. This structure ensures data consistency and reduces the administrative burden on individual public entities, which might otherwise face divergent reporting requirements from different EU instruments.

The Annual Reporting Obligation: Article 33(3)

The core of the reporting requirement is found in Article 33(3), which mandates that Member States inform the Commission on a yearly basis. The text of the proposal specifies that this report must include three distinct categories of information:

1. Size of Economic Operators: The report must provide data on "the size of the economic operators participating in such procurement." This allows the Commission to analyze market concentration and determine whether large incumbents or smaller, innovative players are dominating the market for cloud and AI services.
2. SME Participation Trends: A detailed breakdown of Small and Medium-sized Enterprise (SME) involvement is required. Specifically, the report must include:
   • "The number of contracts awarded to SMEs."
   • "Their share of the total contract value, as a percentage."
   • "Where available, the share of cross-border SMEs participation." This cross-border metric is particularly significant for CADA, as it directly measures the functioning of the single market and the ability of EU SMEs to compete beyond their national borders.
3. Measures to Improve Access: Member States must report on "measures taken to improve SMEs access to public procurement procedures." This could include the division of contracts into lots, the simplification of administrative procedures, or the use of pre-commercial procurement.

The Strategic Context: The 25% Target

The reporting obligation is not merely a bureaucratic exercise; it is the accountability mechanism for a specific policy goal. Article 33(4) establishes a clear objective: "Member States shall pursue as objective that at least 25% of their procurement for cloud computing services and AI systems be awarded to innovative SMEs."

To achieve this, Article 33(4) further requires that Member States "include, in their national strategies referred to in Article 7, plans on how they intend to achieve this objective." The annual report under Article 33(3) serves as the progress check against these plans. If a Member State fails to meet the 25% target or cannot demonstrate effective measures to improve access, the data will be visible to the Commission, potentially triggering further guidance or scrutiny under the broader CADA framework.

Why This Data Matters

The data collected under Article 33 feeds directly into the Commission's ability to monitor the "demand-side measures" of CADA. By analyzing operator size and SME trends, the EU can assess whether the market is becoming more competitive and whether European innovation is being effectively adopted by the public sector. This information is also crucial for evaluating the "Union added value" criteria mentioned in Article 32, ensuring that public spending actually contributes to the development of a European cloud and AI ecosystem rather than reinforcing dependencies on non-EU providers.

What this means for you

For Public Procurement Officers

If you work for a public body (a contracting authority), you are the source of the data, but not the submitter. You do not need to file a report with the EU Commission. However, your internal data management practices are critical.

• Classify Suppliers Correctly: Ensure your procurement records clearly categorize suppliers by size (micro, small, medium, or large) according to the EU definition (Commission Recommendation 2003/361/EC). Without this classification, your national government cannot generate the "size of economic operators" metric required by Article 33(3)(a).
• Track Cross-Border Winners: If an SME from another Member State wins a contract, record this explicitly. The "share of cross-border SMEs participation" is a specific requirement in Article 33(3)(c) that cannot be calculated if your data does not capture the origin of the winning bidder.
• Document Your Actions: If your authority implemented measures to help SMEs (e.g., splitting a large contract into smaller lots, simplifying tender documents, or holding pre-tender workshops), document these actions. Your national report must describe "measures taken to improve SMEs access" (Article 33(3)(c)).
• Align with National Strategy: Check your country's national cloud and AI strategy (required by Article 7). It should outline the plan to reach the 25% SME award target. Your procurement decisions contribute directly to this national aggregate.

For National Policymakers and Central Authorities

Your role is to build the data infrastructure. You must establish a mechanism to receive standardized data feeds from local and regional public buyers. This involves:

• Creating a central repository or dashboard where contracting authorities can upload their procurement results for cloud and AI innovation.
• Ensuring the data fields match the requirements of Article 33(3) (operator size, contract value, SME status, cross-border status).
• Compiling the annual report and submitting it to the Commission within the timeframe set by the implementing acts (once adopted).

Common misconceptions

"Every public buyer must report directly to the EU." Reality: No. Article 33(1) places the reporting obligation squarely on Member States. Individual contracting authorities report to their national competent authorities or central procurement agencies, which then aggregate the data for the Commission.

"The report covers all cloud spending." Reality: The reporting is specifically focused on procurement of innovation in cloud computing services and AI systems (Article 33(1)). While general cloud procurement is relevant for the sovereignty framework (Article 30), the annual reporting under Article 33 is tied specifically to innovation procurement and SME participation metrics.

"SMEs are defined by revenue alone." Reality: SMEs are defined by the Commission Recommendation 2003/361/EC, which considers staff headcount, annual turnover, and annual balance sheet total. Procurement officers must apply this standard definition to ensure data consistency across the EU.

"Failure to report leads to immediate fines." Reality: CADA focuses on enforcement through national competent authorities. While penalties for infringements are outlined in Article 24, the reporting obligation under Article 33 is primarily a monitoring and transparency tool. However, consistent failure to report could impact a Member State's ability to demonstrate progress on its national cloud and AI strategy, potentially affecting future funding or political standing.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)

Related

• Will small public bodies be able to afford CADA procurement fees?
• CADA Procurement vs AI Act: How Public Bodies Must Buy Cloud & AI
• Does CADA require public bodies to favour EU providers?
• CADA Procurement Compliance: Who is Responsible in a Public Body?
• What sectors count as preserving public order for CADA procurement?

This is general information about a draft EU regulation, not legal advice.