Summary No, the national competent authority (NCA) does not recognise frontier AI priority projects. As proposed in the Cloud and AI Development Act (CADA), this recognition is a centralised power of the European Commission, exercised exclusively under Article 8. The NCA's role is strictly limited to the cloud computing sovereignty framework, where it recognises cloud service providers offering "Union assurance levels" under Article 17. Confusing these two distinct regimes is a critical compliance error: frontier AI recognition is an industrial policy tool managed at the EU level to address "grand challenges," whereas sovereignty recognition is a market access gatekeeper managed nationally to safeguard public order.
Detail
To understand why the national competent authority is not involved in frontier AI priority project recognition, it is necessary to distinguish between two separate pillars of the proposed CADA: the supply-side industrial support measures (Title II) and the demand-side sovereignty framework (Title IV). These pillars serve different legal objectives, operate under different decision-making hierarchies, and involve different actors.
1. Frontier AI Priority Projects are Commission-led (Article 8)
The recognition of a "frontier AI priority project" is an exclusive competence of the European Commission. Article 8 of the CADA proposal explicitly states: "The Commission may, by means of a decision, recognise as frontier AI priority projects, projects selected through open calls for expression of interest..."
This provision establishes a centralised selection mechanism designed to ensure a coordinated, Union-wide approach to strategic technological sovereignty. The Commission acts as the sole decision-maker based on specific, cumulative criteria outlined in Article 8:
- Nature of the Project: It must be a pioneering project focused on the support and scaling-up of frontier AI technologies.
- Legal Structure: It must be undertaken by a European digital infrastructure consortium (EDIC) established pursuant to Decision (EU) 2022/2481, or another legal entity eligible for funding under Union law.
- Cross-Border Participation: It must involve the participation of at least three Member States.
- Resource Pooling: The participating Member States must pool computing time and other relevant resources to support the implementation of the designated project.
There is no provision in Article 8 or the surrounding Title II articles that delegates this decision-making power to national authorities. The process is intentionally centralised to address "Grand Challenge 3: Frontier AI" as outlined in Annex I, ensuring that strategic investments align with Union-wide priorities rather than fragmented national interests. The Commission's role is discretionary ("The Commission may... recognise"), meaning recognition is not automatic even if criteria are met, but it is the only body empowered to grant this status.
2. The Role of the National Competent Authority (Article 17)
The national competent authority (NCA) plays a critical but entirely different role under the CADA. Its primary function is within the cloud computing sovereignty framework established in Title IV, Chapter I.
Under Article 17, cloud computing service providers (CSPs) that wish to be recognised as offering a specific "Union assurance level" (Levels 1β4) must submit an application for recognition to the national competent authority of establishment. The NCA then evaluates the evidence submittedβwhich includes a self-assessment for Level 1 or an independent audit report and "positive" audit opinion for Levels 2β4βand makes the recognition decision.
While Article 17(5) allows for a 60-day review period where other Member States' NCAs may raise reasoned objections, the initial evaluation and the final recognition decision remain the responsibility of the NCA of establishment. This recognition certifies that a cloud service meets specific sovereignty criteria (such as data location, personnel citizenship, and cybersecurity standards) required for public sector procurement under Article 30.
3. Why the Distinction Matters
The confusion often arises because both processes involve "recognition" and both are central to the CADA's goals of strengthening the EU ecosystem. However, the legal nature and consequences of each are distinct:
- Frontier AI Recognition (Art. 8): This is an industrial policy and funding access mechanism. It grants access to pooled EU computing resources (such as EuroHPC capacity under Article 9) and supports strategic industrial development. It is decided by the Commission to ensure cross-border coherence.
- Sovereignty Recognition (Art. 17): This is a market access and compliance mechanism. It certifies that a cloud service meets the technical and legal criteria for "Union assurance" required for public procurement. It is decided by the NCA to ensure local oversight of service providers established in that Member State.
A project can be recognised as a "frontier AI priority project" by the Commission without the cloud services hosting it having obtained a Union assurance level from an NCA. Conversely, a cloud provider can be recognised by an NCA under Article 17 without hosting any frontier AI priority projects. The two regimes run in parallel but do not intersect in terms of decision-making authority.
What this means for you
For in-house counsel, compliance officers, and project managers, understanding this distinction is critical for accurate regulatory mapping, resource allocation, and avoiding procedural dead-ends.
1. Do not engage NCAs for Frontier AI Applications
If your organisation is preparing an expression of interest for a frontier AI priority project under Article 8, do not direct your application or compliance queries to your national competent authority. They lack the mandate to approve, reject, or even review these applications. Your engagement must be with the European Commission and the relevant European digital infrastructure consortiums (EDICs). Engaging the NCA here will result in procedural delays and misdirected effort, as the NCA has no statutory role in the Article 8 selection process.
2. Separate Compliance Tracks
Maintain separate compliance tracks for these two initiatives:
- For Frontier AI Projects: Focus on the Article 8 criteria: ensuring your consortium is an EDIC or eligible entity, securing participation from at least three Member States, and demonstrating the pooling of computing resources. Ensure your project aligns with the "Grand Challenge 3" objectives in Annex I.
- For Cloud Service Providers: If your company provides the cloud infrastructure for these projects (or any other public sector activity), you may still need to engage with the NCA under Article 17 to obtain a Union assurance level (e.g., Level 2, 3, or 4) if you intend to serve public sector clients. However, this is a separate legal obligation unrelated to the AI project's priority status. A project's priority status does not exempt the hosting provider from the sovereignty framework.
3. Monitoring Deadlines and Discretion
While Article 8 does not specify a fixed deadline for the Commission's decision-making process in the same way Article 17 does (which mandates a 60-day assessment period for NCA recognition), you should monitor Commission calls for expressions of interest closely. The Commission's recognition is a discretionary power ("The Commission may... recognise"), meaning there is no automatic right to recognition upon meeting criteria. In contrast, the NCA's assessment under Article 17 is more procedural; if the evidence is sufficient and no valid objections are raised, the NCA is expected to adopt the recognition decision.
Common misconceptions
Misconception 1: "The NCA approves all strategic projects under CADA." This is incorrect. The CADA distinguishes between different types of strategic designations. While the Commission designates frontier AI priority projects (Article 8) and data centre strategic projects (Article 14), the NCA recognises cloud computing services under the sovereignty framework (Article 17). Each designation has a different decision-maker and serves a different purpose.
Misconception 2: "Frontier AI projects automatically get sovereignty recognition." No. Being recognised as a frontier AI priority project under Article 8 grants access to computing resources and strategic support. It does not automatically confer a Union assurance level under Article 17. A cloud provider hosting a frontier AI project must still undergo the separate conformity assessment or audit process and apply to the NCA for sovereignty recognition if it wishes to be listed in the central repository for public procurement.
Misconception 3: "Member States can designate frontier AI priority projects." No. Article 8 explicitly reserves this power for the Commission. Member States' role is to participate in the consortia and pool resources, but the final decision to recognise a project as a "priority project" is an EU-level act. Member States cannot unilaterally designate a project as a frontier AI priority project within their own borders.
Official sources
Related
- Why must a frontier AI priority project involve at least three Member States?
- Who can apply for frontier AI priority project recognition under CADA?
- What benefits does frontier AI priority project recognition unlock under CADA?
- Step-by-step: how to get frontier AI priority project recognition under CADA
- Is frontier AI priority project recognition realistic for small companies?
This is general information about a draft EU regulation, not legal advice.