Summary As proposed, the Cloud and AI Development Act (CADA) introduces a "Union added value" criterion in public procurement that explicitly evaluates a tenderer's contribution to the European cloud and AI ecosystem, including the use of EU-designed or manufactured hardware. While this creates a preferential environment for EU-based supply chains, the proposal includes specific, legally binding safeguards to prevent outright discrimination. The criterion is strictly ancillary and not decisive for the award, cannot confer unrestricted freedom of choice on the contracting authority, and explicitly allows for third-country hardware where EU alternatives are not feasible. Consequently, as drafted, the measure aims to operate within the limits of international trade commitments, particularly the WTO Agreement on Government Procurement (GPA), by framing the preference as a security and resilience measure rather than a protectionist ban.

Detail

The question of whether the "Union added value" criterion discriminates against non-EU bidders sits at the intersection of EU industrial policy, public procurement law, and international trade obligations. To answer this, we must examine the precise mechanics of Article 32 of the CADA proposal, the built-in limitations on its application, and the legal tension with the EU's commitments under the WTO GPA.

The Mechanics of Article 32: Preference, Not Prohibition

Article 32 of the CADA proposal requires contracting authorities to include non-price award criteria that evaluate a tenderer's contribution to the development of a European cloud and AI ecosystem. Crucially, the proposal does not ban non-EU bidders from participating in the procurement procedure. Instead, it creates a scoring mechanism that rewards specific supply chain characteristics, effectively creating a "preference" rather than an exclusion.

Under Article 32(1), contracting authorities must include these non-price award criteria as part of the quality evaluation of the tender. Article 32(3) then specifies the extent to which authorities must evaluate the tenderer on four specific dimensions:

  • The tenderer's contribution to strengthening the digital technology supply chain in the Union, including the use of software or hardware designed or manufactured in the Union (Article 32(3)(a)).
  • The tenderer's integration of technologies developed in the Union, including research and development results stemming from Union-funded programs (Article 32(3)(b)).
  • The extent to which the innovation required to deliver the service contributes to strengthening the security of supply and the development of a European cloud and AI ecosystem (Article 32(3)(c)).
  • The extent to which the service is delivered, to the greatest extent feasible, through critical computing, storage, and networking hardware components designed and/or manufactured in the Union (Article 32(3)(d)).

The final point, Article 32(3)(d), contains a vital caveat that directly addresses the feasibility of global supply chains. It states that the preference for EU hardware applies "to the greatest extent feasible." Furthermore, it explicitly provides an alternative: where EU hardware is not feasible, the service may be delivered through hardware components from a third country, provided that such components contribute to strengthening the security of supply and the development of a European cloud and AI ecosystem.

This clause acknowledges market realities where certain high-performance components (e.g., advanced semiconductors) may not yet be available from EU manufacturers. It prevents the criterion from becoming a de facto ban on non-EU infrastructure providers who rely on global supply chains, provided they can demonstrate a commitment to security and ecosystem development. This "feasibility" qualifier is the primary mechanism that allows non-EU bidders to remain competitive even if they cannot source all hardware within the Union.

Safeguards Against Discrimination: The "Ancillary" Rule and Freedom of Choice

The primary legal safeguard against claims of discrimination is the strict limitation on the weight and nature of this criterion. Article 32(2) sets four mandatory conditions for these non-price award criteria, which act as a firewall against arbitrary or protectionist application:

  1. They must be linked to the subject matter of the contract.
  2. They must not confer unrestricted freedom of choice on the contracting authority (Article 32(2)(b)).
  3. They must be expressly set out in the procurement documents or in the contract notice.
  4. They must be ancillary and not decisive in the award of the contract.

The term "ancillary" is legally significant in EU procurement law. It means that while Union added value can influence the final score, it cannot override the core technical and financial performance requirements. A non-EU bidder with superior technical specifications, lower total cost of ownership, or better security credentials cannot be automatically disqualified solely because they score lower on the Union added value metric. The criterion is designed to be a differentiator or a tie-breaker, not a gatekeeper. If a non-EU bidder offers a technically superior solution at a competitive price, the "ancillary" nature of the criterion ensures they cannot be rejected simply for lacking EU hardware.

Furthermore, the condition that the criteria must not confer unrestricted freedom of choice (Article 32(2)(b)) prevents contracting authorities from using the criterion as a pretext to award contracts to a preferred EU vendor without objective justification. The evaluation must be based on pre-defined, measurable indicators linked to the subject matter, ensuring that the process remains transparent and contestable.

The explanatory memorandum accompanying the proposal further clarifies the intended balance, suggesting a maximum weighting of 15 out of 120 points for the European added value criterion. This cap ensures that the majority of the evaluation (87.5%) remains focused on the service's actual performance, cost, and technical merit, aligning with the principle that procurement should be value-driven rather than purely geopolitical.

Tension with the WTO GPA and National Treatment

The core of the discrimination argument lies in the WTO Agreement on Government Procurement (GPA), to which the EU is a party. The GPA mandates "national treatment," meaning that once a procurement procedure is open to foreign suppliers, they must be treated no less favorably than domestic suppliers. Critics argue that favoring EU-designed hardware inherently discriminates against non-EU hardware, even if the final service is identical, potentially violating the principle of non-discrimination.

However, the CADA proposal navigates this by framing the criterion around "security of supply" and "ecosystem development" rather than origin alone. By allowing third-country hardware under Article 32(3)(d) when EU options are not feasible, the proposal attempts to remain compliant with GPA principles of non-discrimination while still pursuing legitimate public interest objectives, such as reducing critical dependencies.

The proposal explicitly references the right to protect public order. Recital 64 of the CADA proposal states that the Union retains the right, in accordance with Article III:2(a) of the WTO GPA, to adopt or maintain measures necessary to protect public morals, order, or safety. The CADA frames the reliance on non-EU cloud providers as a risk to public order and operational autonomy, citing risks such as extraterritorial access, service disruption, and economic coercion. Therefore, the Union added value criterion is presented not as a trade barrier, but as a proportionate measure to mitigate systemic risks associated with third-country dependencies.

The tension remains, however. While the proposal includes safeguards, the practical application of "feasibility" and the weighting of the criterion will be scrutinized. If a contracting authority interprets "feasible" too narrowly or applies the weighting in a way that effectively excludes non-EU bidders, it could trigger a dispute under the GPA. The proposal's reliance on the "ancillary" status is its strongest defense, as it ensures that the economic and technical value of the bid remains the primary determinant of the award.

The Role of Risk Assessments and the Broader Context

It is also important to distinguish the scope of Article 32 from the broader sovereignty framework. Article 32 applies specifically to "innovative cloud computing services and AI systems." For standard, non-innovative procurements, or for activities identified as contributing to the preservation of public order, the sovereignty framework in Articles 29–30 applies.

Under Article 30(3), contracting authorities whose activities contribute to the preservation of public order must procure only cloud computing services recognised as having a Union assurance level 2, 3, or 4. These levels have strict criteria regarding establishment, infrastructure location, and personnel citizenship (as detailed in Annex II). In those specific high-risk cases, non-EU providers may be excluded entirely if they cannot meet these sovereignty criteria.

Article 32, by contrast, applies to a broader range of procurements (specifically those involving innovation) and uses a softer, scoring-based approach. It does not mandate exclusion but rather incentivizes EU supply chain integration. This distinction is crucial: the "discrimination" risk in Article 32 is mitigated by its scoring nature, whereas the risk in Articles 29–30 is mitigated by the strict definition of "public order" and the proportionality of the risk assessment.

What this means for you

For cloud service providers, data centre operators, and hardware manufacturers, especially those headquartered outside the EU or relying heavily on non-EU hardware supply chains, Article 32 presents a strategic challenge rather than an outright barrier. The proposal, as drafted, requires a nuanced approach to tendering.

  1. Supply Chain Transparency and Mapping: You must be prepared to disclose the origin of your hardware and software components in granular detail. Bidders will need to map their entire supply chain to identify which components are EU-designed or manufactured. If you rely on non-EU hardware, you must proactively document why EU alternatives were not feasible (e.g., lack of technical capability, performance gaps) and how your solution still contributes to the EU's security of supply.
  2. Strategic Positioning on "Feasibility": Non-EU bidders should not assume they are disqualified. Instead, they should focus on the "feasibility" exception in Article 32(3)(d). Prepare evidence demonstrating that EU hardware cannot meet the specific technical requirements of the contract or that the use of third-country hardware is necessary to ensure the security of supply (e.g., by avoiding single points of failure).
  3. Leveraging Other Article 32(3) Criteria: If you cannot score high on the hardware criterion, maximize your score on the other dimensions. Emphasize the integration of EU-developed software, participation in EU-funded research and development programs, contributions to open-source ecosystems, or the use of EU-manufactured components in non-critical parts of the stack. These elements can help offset lower scores on the hardware criterion.
  4. Monitoring Weightings and Challenges: Keep an eye on the specific weightings applied by contracting authorities in their tender documents. While the proposal suggests a maximum of 15/120 points, individual authorities may apply lower weights. Ensure your technical and financial bids are strong enough to compensate for any potential deficit in the Union added value score. If you believe a contracting authority is using the Union added value criterion in a way that is decisive or confers unrestricted freedom of choice (violating Article 32(2)), you may have grounds for a legal challenge under EU procurement law.

Common misconceptions

Misconception 1: Non-EU bidders are banned from EU public cloud contracts under CADA.

  • Reality: Article 32 does not ban non-EU bidders. It introduces a scoring criterion that favors EU supply chains. Non-EU bidders can still win contracts if their technical and financial offers are superior, or if they can demonstrate that their use of non-EU hardware is necessary and contributes to security of supply. The criterion is "ancillary," not a gatekeeper.

Misconception 2: The Union added value criterion is the sole deciding factor in the award.

  • Reality: Article 32(2) explicitly states that the criterion must be "ancillary and not decisive" in the award of the contract. Contracting authorities cannot award a contract solely based on Union added value if it compromises technical performance or cost-effectiveness. The majority of the score must still be based on price and technical merit.

Misconception 3: Any use of non-EU hardware disqualifies a bidder.

  • Reality: Article 32(3)(d) explicitly allows for the use of third-country hardware if EU alternatives are not feasible, provided the solution still strengthens security of supply. This recognizes the current state of the global semiconductor and hardware market and prevents the criterion from becoming a protectionist barrier.

Misconception 4: This criterion automatically violates the WTO GPA.

  • Reality: The proposal is designed to operate within the GPA's exceptions for public security and order. By limiting the criterion's weight, ensuring it is ancillary, and allowing for non-EU hardware when necessary, it attempts to balance industrial policy with international trade obligations. While the legality will likely be tested in practice, the text includes specific safeguards to mitigate discrimination claims.

Related

This is general information about a draft EU regulation, not legal advice.