Does the AI Act's high-risk hosting need CADA tier 4 for defence AI?

Summary As proposed, the Cloud and AI Development Act (CADA) does not automatically mandate Union Assurance Level 4 for every defence-related cloud service, but Article 29(3) explicitly requires Member States to use "the highest level of assurance for the most critical public sectors activities including, but not limited to, defence." Consequently, defence AI systems classified as high-risk under the EU AI Act will likely require Union Assurance Level 4 if the associated sovereignty risk assessment determines that such a level is necessary to preserve public order. The AI Act's substantive obligations for high-risk AI systems apply in parallel with CADA's sovereignty requirements; compliance with one does not negate the other.

Detail

To understand the intersection of the EU AI Act and the proposed CADA regarding defence AI, it is necessary to disentangle two distinct regulatory frameworks: the AI Act, which governs the safety, fundamental rights, and transparency of AI systems, and CADA, which governs the sovereignty, operational autonomy, and procurement of cloud infrastructure.

The AI Act's Scope and Defence Exclusions

The EU AI Act (Regulation (EU) 2024/1689) establishes a risk-based approach to AI regulation. However, its scope contains specific exclusions relevant to defence. Article 2(3) of the AI Act states that the Regulation does not apply to AI systems where and in so far as they are placed on the market, put into service, or used exclusively for military, defence, or national security purposes. This exclusion is justified by Article 4(2) of the Treaty on European Union (TEU) and the specificities of Member States' national security competences.

Crucially, this exclusion is purpose-driven, not entity-driven. If an AI system developed for defence purposes is subsequently used for civilian purposes, or if a system is designed for dual-use (both civilian and defence), it may fall within the scope of the AI Act. For example, if a high-risk AI system used in defence is also used for law enforcement or public security, it must comply with the AI Act's requirements for high-risk AI systems, including risk management, data governance, transparency, and human oversight (Articles 9–15 of the AI Act). Therefore, for dual-use defence AI, the AI Act's obligations apply in parallel with any cloud sovereignty requirements.

CADA's Sovereignty Framework and Union Assurance Levels

CADA introduces a Union cloud computing sovereignty framework consisting of four Union Assurance Levels (UALs), detailed in Annex II of the proposal. These levels dictate the criteria cloud computing service providers must meet to serve Union entities and public sector bodies.

• Union Assurance Level 1: Requires the provider to be established in the Union, with infrastructure and data remaining within the Union. It allows for some subcontracting outside the Union if operational autonomy is preserved.
• Union Assurance Level 2: Stricter requirements, including Union establishment for subcontractors, Union location for personnel and infrastructure, and a ban on using data to train third-country AI systems. It requires a European cybersecurity certificate of at least "substantial" assurance.
• Union Assurance Level 3: Similar to Level 2 but requires Union citizenship for personnel and prohibits third-country control over the provider and subcontractors, unless a specific Commission decision allows for associated third countries with adequate safeguards.
• Union Assurance Level 4: The highest level of sovereignty. It requires Union establishment and location for all infrastructure, assets, and personnel. It mandates Union citizenship for personnel, a "high" assurance level cybersecurity certificate, and strictly prohibits third-country control. It also requires effective control over software components to ensure no third country can influence the technical evolution or maintenance of the components.

Article 29: Risk Assessments and the Defence Imperative

The link between defence AI and Union Assurance Level 4 is established through Article 29 of CADA, which mandates risk assessments.

Article 29(1) requires Member States and Union entities to carry out risk assessments to identify public sector activities that contribute to the preservation of public order. This explicitly includes activities in the areas of national security, internal security, external border management, defence, justice, or law enforcement.

Article 29(3) is the critical provision for defence AI hosting. It states: "The methodology shall specify how Member States use the highest level of assurance for the most critical public sectors activities including, but not limited to, defence."

This phrasing indicates that while CADA does not automatically assign Level 4 to every defence-related cloud service, the regulatory methodology will require the highest level of assurance for the most critical activities. Given that defence AI systems often process classified information, control critical infrastructure, or support military decision-making, they are likely to be classified as "most critical." Therefore, defence AI hosting will likely require Union Assurance Level 4 to ensure operational autonomy, prevent third-country access to sensitive data, and mitigate risks of service disruption or degradation.

Parallel Compliance Obligations

It is a common misconception that CADA's sovereignty requirements replace the AI Act's safety requirements. They do not. The AI Act and CADA address different dimensions of risk:

1. AI Act: Focuses on the AI system itself—its accuracy, robustness, cybersecurity, data quality, and impact on fundamental rights.
2. CADA: Focuses on the cloud infrastructure hosting the AI—its location, the nationality of the personnel managing it, the control over the software supply chain, and the legal jurisdiction applicable to the provider.

For a dual-use defence AI system hosted on a cloud platform, the provider must comply with the AI Act's high-risk requirements (if the system is placed on the market or put into service for non-excluded purposes) AND the cloud provider must hold the appropriate Union Assurance Level (likely Level 4 for defence) under CADA.

What this means for you

For in-house counsel and compliance officers in the defence and dual-use AI sectors, the following actions are imperative as CADA progresses through the legislative procedure:

1. Conduct Dual Risk Assessments: You must prepare for two distinct assessments. First, assess your AI system's risk level under the AI Act (prohibited, high-risk, limited risk, or minimal risk). Second, under CADA Article 29, conduct a sovereignty risk assessment to determine the required Union Assurance Level for your cloud infrastructure. For defence applications, assume the requirement will be Union Assurance Level 4.
2. Audit Your Cloud Supply Chain: If you use third-country cloud providers, you must evaluate their compliance with Union Assurance Level 4 criteria. This includes verifying that all infrastructure, assets, and personnel are located in the Union, that personnel are Union citizens, and that no third country exercises control over the provider or its software components. Article 2(21) of CADA defines "control" broadly, including ownership, governance, and commercial links.
3. Prepare for Procurement Restrictions: Article 30 of CADA mandates that contracting authorities whose activities are identified as contributing to public order (including defence) must only procure cloud services recognised as offering Union Assurance Levels 2, 3, or 4. For the most critical defence activities, this will effectively mean Level 4. Ensure your procurement documents specify these sovereignty criteria.
4. Monitor Delegated Acts: Article 29(3) empowers the Commission to specify the methodology for risk assessments. Pay close attention to the delegated acts that will define "highest level of assurance" and "most critical activities." These acts will clarify the exact scope of Level 4 requirements for defence AI.
5. Ensure Parallel Compliance: Do not assume that securing a sovereign cloud provider exempts you from AI Act obligations. If your AI system is high-risk under the AI Act, you must still implement risk management systems, data governance practices, and transparency measures, regardless of the cloud provider's sovereignty level.

Common misconceptions

Misconception 1: CADA replaces the AI Act for defence systems. Correction: CADA does not replace the AI Act. The AI Act excludes AI systems used exclusively for defence, but dual-use systems remain subject to the AI Act. CADA adds a layer of sovereignty and procurement rules on top of the AI Act's safety and fundamental rights requirements.

Misconception 2: Union Assurance Level 1 is sufficient for defence AI. Correction: Article 29(3) explicitly directs Member States to use the highest level of assurance for critical defence activities. Union Assurance Level 1 allows for some third-country subcontracting and does not require Union citizenship for personnel, which is insufficient for the operational autonomy required in defence contexts. Level 4 is the likely standard.

Misconception 3: "Defence" AI is entirely exempt from EU regulation. Correction: The AI Act's exemption applies only to AI systems used exclusively for military, defence, or national security purposes. Many AI systems in the defence sector are dual-use (e.g., logistics, communication, surveillance) and may be used for civilian or law enforcement purposes. These systems remain within the scope of the AI Act and must comply with its high-risk requirements.

Misconception 4: CADA's sovereignty framework applies only to public sector bodies. Correction: While CADA's procurement obligations (Article 30) primarily target public sector bodies and Union entities, the sovereignty framework (Articles 16–24) applies to cloud computing service providers seeking to serve these entities. Private sector entities operating in sectors of high criticality (listed in Annex I of NIS2) may also be required to conduct impact assessments similar to those in Article 29, as per Article 31 of CADA.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Cybersecurity Act (Regulation (EU) 2019/881)

Related

• Do AI Act high-risk systems need a specific CADA sovereignty tier?
• If my cloud is EUCS-high certified, what extra does CADA Tier 3 demand?
• CADA vs EHDS: How the Cloud Act governs health data hosting
• Does health data under EHDS need a CADA sovereignty tier?
• Does FIDA financial data infrastructure need a CADA tier?

This is general information about a draft EU regulation, not legal advice.