Does the AI Act or CADA cover cloud sovereignty?

Summary No. The AI Act does not cover cloud sovereignty; it is a risk-based, product-safety and fundamental-rights regulation for AI systems. The proposed Cloud and AI Development Act (CADA) would address that gap separately, establishing a "Union cloud computing sovereignty framework comprising four Union assurance levels" (Article 16). As proposed, the two instruments are complementary: the AI Act governs how AI systems behave, while CADA would govern who controls the cloud infrastructure underneath. The CADA explanatory memorandum is explicit that the AI Act "does not cover aspects of sovereignty." CADA is still a proposal and the text may change.

Detail

To understand the regulatory landscape for cloud services in the EU, it helps to separate the objectives of the AI Act from those of the proposed CADA. Both aim to strengthen Europe's digital ecosystem, but they address fundamentally different problems.

The AI Act's scope: safety, not sovereignty

The AI Act (Regulation (EU) 2024/1689) is a risk-based framework harmonising the rules for placing AI systems on the market, putting them into service, and using them. Its purpose is to ensure a high level of protection for health, safety and fundamental rights while promoting trustworthy, human-centric AI. Its legal basis is the internal market.

As the CADA explanatory memorandum states, the AI Act "does not cover aspects of sovereignty." The AI Act regulates the behaviour and impact of AI systems — for example, prohibiting certain practices (AI Act Article 5), setting requirements for high-risk systems (AI Act Articles 8–27), and imposing transparency duties (AI Act Article 50). It does not regulate the underlying cloud infrastructure on which those systems run, nor the geopolitical risks of dependence on non-EU providers.

A cloud service could therefore host AI systems in full compliance with the AI Act yet still pose significant sovereignty risks if it is controlled by a third-country entity subject to extraterritorial data-access laws. The AI Act contains no mechanism to assess or mitigate those supply-chain and jurisdictional risks.

CADA's response: the Union cloud computing sovereignty framework

The proposed CADA would fill this gap. Title IV ("Autonomy") sets out the sovereignty framework, and Article 16 establishes a "Union cloud computing sovereignty framework comprising four Union assurance levels, the criteria for which are set out in Annex II," which providers would have to meet to serve Union entities and public sector bodies.

As proposed, the four levels (1 to 4) impose progressively stricter, cumulative criteria covering, among other things:

• Data location: customer data, including metadata and telemetry data, would have to remain exclusively within the Union (with a narrow exception where the public sector body explicitly requires otherwise; for level 4, this applies to data identified as sensitive).
• Personnel: at levels 3 and 4, personnel involved in providing the service would have to be Union citizens, with national security clearance where appropriate.
• Third-country control: at levels 3 and 4, the provider and its subcontractors must not be subject to the control of a third country or a third-country entity (subject only to the narrow "associated third country" route to level 3 under Article 18).
• Cybersecurity certification: a European cybersecurity certificate of at least "substantial" (levels 2–3) or "high" (level 4) under a scheme established pursuant to the Cybersecurity Act, where available.

Level 1 is self-assessed, with the provider issuing an EU statement of conformity (Article 19); levels 2–4 require an independent third-party audit (Article 20).

Why a separate instrument

Sovereignty would need a distinct legal instrument from the AI Act for several reasons:

1. Different risk profiles. The AI Act addresses risks to individuals (fundamental rights, safety, non-discrimination). CADA, as proposed, addresses risks to the Union's operational autonomy and the preservation of public order — distinct legal interests requiring different tools.
2. Procurement leverage. CADA would tie sovereignty directly to public procurement: under Article 30, contracting authorities whose activities are not identified as contributing to the preservation of public order must use recognised level 1 services, while those whose activities are so identified must procure only level 2, 3 or 4 services. The AI Act contains no such procurement mandate.
3. Infrastructure vs. application. The AI Act regulates the AI system; CADA would regulate the cloud infrastructure that hosts and enables it.
4. Geopolitical context. CADA responds to dependencies such as the risk of service disruption or extraterritorial data access by third-country governments — strategic-autonomy concerns outside the scope of product-safety regulation.

What this means for you

For in-house counsel and compliance officers, the distinction between the two regimes is central to risk management and procurement strategy.

• Dual compliance. Ensure any AI systems you deploy comply with the AI Act, and separately assess whether your cloud infrastructure would meet the appropriate CADA assurance level, especially if you advise a public sector body or a critical-sector entity.
• Risk assessments. Under Article 29, Member States and Union entities would have to run risk assessments to identify public sector activities contributing to the preservation of public order and to determine the appropriate level. Private entities listed in Annex I of the NIS2 Directive (Directive (EU) 2022/2555) "may" carry out similar assessments under Article 31. Begin mapping cloud dependencies now.
• Procurement. Contracting authorities would have to procure recognised services at level 1 (default) or levels 2–4 (for public-order activities), so tender specifications would need to incorporate the assurance criteria.
• Audit and evidence. Levels 2–4 would require independent third-party audits (Article 20), with annual review of the audit report and opinion. As a buyer, request audit evidence and check the Commission's central repository of recognised services (Article 22).
• Timing. CADA is a proposal. As proposed (Article 48), it would apply one year after entry into force, and Member States would have to designate national competent authorities within one year (Article 25). The AI Act is already in force, with prohibitions applying from 2 February 2025 and most high-risk obligations from 2 August 2026.

Common misconceptions

• "If my AI system complies with the AI Act, my cloud provider is safe." No. AI Act compliance does not guarantee that a provider is free from third-country laws that could compel foreign data access or service disruption. CADA, as proposed, targets that gap.
• "Cloud sovereignty is just data localisation." No. Localisation is one criterion. CADA's framework would also address third-country control, personnel citizenship, software supply chains, cybersecurity certification and protection against service disruption.
• "CADA replaces the AI Act." No. They are complementary. The AI Act regulates AI systems; CADA would regulate the cloud infrastructure that hosts them. You would need to comply with both.
• "Only the public sector needs to worry about CADA." The mandatory procurement obligations target public sector bodies and Union entities, but Annex I NIS2 entities may conduct similar assessments (Article 31), and demand signalling from the public sector is likely to pull the wider market along.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Cybersecurity Act (Regulation (EU) 2019/881)

Related

• CLOUD Act vs EU-US Data Privacy Framework vs CADA: which addresses sovereignty?
• CADA vs the Cybersecurity Act: what does each cover?
• CADA sovereignty risk assessment vs a NIS2 risk assessment
• How does CADA reinforce the EU AI Act?
• CADA harmonised EU sovereignty criteria vs divergent national cloud rules: why harmonisation?

This is general information about a draft EU regulation, not legal advice.