How are key performance indicators used in national cloud and AI strategies?

Summary Under the proposed Cloud and AI Development Act (CADA), Member States are legally required to establish national cloud and AI strategies that include a robust governance and monitoring framework. Article 7(5) of the proposal mandates that these strategies be assessed at least every three years on the basis of key performance indicators (KPIs) and updated where necessary. These KPIs are not merely advisory; they serve as the statutory mechanism for verifying alignment with the EU's "AI first" principle, ensuring consistency with Digital Decade targets, and tracking progress toward the Union's broader cloud and AI ecosystem objectives.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a rigorous accountability architecture for Member States regarding their national cloud and AI policies. The use of Key Performance Indicators (KPIs) is central to this framework, transforming national strategies from static policy documents into dynamic, measurable instruments of compliance.

The Statutory Obligation to Use KPIs

The core obligation is found in Article 7 of the proposal. Paragraph 2(a) explicitly requires that national strategies include "key objectives and priorities for cloud and AI adoption, in line with the 'AI first' principle, as well as a governance and monitoring framework to achieve those objectives and priorities."

The operationalization of this framework is defined in Article 7(5), which states: "Member States shall assess their national strategies at least every three years on the basis of key performance indicators and, where necessary, update them."

This provision creates a mandatory, recurring compliance cycle. The KPIs serve as the quantitative and qualitative metrics against which a Member State's progress is measured. If the assessment based on these KPIs reveals a deviation from the strategy's objectives or a failure to meet the "AI first" principle, the Member State is legally obligated to update the strategy to correct the course. This ensures that national policies remain responsive to technological evolution and market realities.

Alignment with Digital Decade Targets

The KPIs within national strategies do not operate in a vacuum; they must align with broader Union objectives. Article 7(4) requires that national strategies be "consistent with, and contribute to, the associated digital targets established under Article 4 of Decision (EU) 2022/2481 (the Digital Decade Policy Programme)."

Consequently, the KPIs selected by Member States must reflect progress toward specific EU-wide goals, including:

• The adoption of cloud computing services, big data, and AI by at least 75% of Union enterprises for their business operations.
• The deployment of at least 10,000 climate-neutral, highly secure edge nodes in the Union.

By tying national KPIs to these targets, CADA ensures that national monitoring frameworks feed into the Commission's own monitoring exercises under Article 15, which tracks the Union's compute capacity gap, data centre demand, and the size of the capacity gap.

The Role of the European Artificial Intelligence Board

The coordination of these KPIs and strategies is facilitated by the European Artificial Intelligence Board (the 'AI Board'), established under the AI Act. Article 7(6) of CADA specifies that the AI Board shall "advise and assist the Member States as regards the coordination of national strategies" and "facilitate exchange of best practices among Member States."

While Member States retain the discretion to define their specific KPIs, the AI Board acts as a forum for harmonization. This ensures that national strategies do not fragment the single market but rather support the unified objectives of the Cloud and AI Leadership Initiatives. The Board's role is to ensure that the methodologies used to measure KPIs are comparable across the Union, allowing for meaningful peer review and benchmarking.

Notification and Commission Monitoring

The KPI-driven assessment cycle triggers specific reporting obligations. Article 7(5) requires Member States to notify the Commission of their national strategies within three months of their adoption. Furthermore, the Commission is tasked with monitoring the adoption and revision of these strategies.

This creates a top-down oversight mechanism. If the Commission concludes that a Member State's strategy, as assessed by its KPIs, is not consistent with the Regulation's objectives, it can intervene. This ensures that the "AI first" principle and the strategic autonomy goals of CADA are not merely aspirational but are actively pursued and measured.

What this means for you

For in-house counsel, compliance officers, and public-sector procurement teams, the KPI-driven nature of national strategies has direct implications for strategic planning and contract management.

1. Procurement Criteria and Award Clauses CADA links national strategies directly to procurement obligations. Article 32 requires contracting authorities to include "European added value" criteria in public procurement for cloud and AI systems. Since national strategies (monitored via KPIs) must support the development of the European cloud and AI ecosystem (Article 7(2)(f)), your organization's procurement decisions may be scrutinized against these national KPIs. Ensure that tender evaluations explicitly document how awards contribute to the strategic objectives outlined in your Member State's national strategy.

2. Strategic Alignment Audits Compliance teams should audit their cloud and AI adoption roadmaps against the national strategy's KPIs. If your Member State's strategy sets a KPI for the adoption of sovereign cloud services or open-source solutions (promoted under Article 41), your organization's failure to align with these trends could expose it to regulatory risk, especially if you are a recipient of public funds or a critical entity under the NIS2 Directive.

3. Monitoring the Three-Year Cycle Mark your calendars for the three-year assessment cycle mandated by Article 7(5). As the national strategy is updated based on KPIs, the specific obligations or priorities for private sector entities (particularly those in high-criticality sectors under Article 31) may shift. Compliance officers must track these updates to ensure ongoing adherence to any newly emphasized sovereignty or sustainability requirements.

4. Data Reporting Obligations Be prepared for increased data reporting requirements. To measure KPIs effectively, national authorities will likely require detailed data from major cloud consumers and providers regarding capacity, energy efficiency, and sovereignty levels. Ensure your internal data governance frameworks can produce the necessary evidence to support national reporting, as the accuracy of these KPIs is essential for the Commission's monitoring.

Common misconceptions

Misconception 1: KPIs are purely voluntary best practices. In reality, Article 7(5) makes the assessment based on KPIs a statutory obligation. Failure to assess and update the strategy based on these indicators constitutes a breach of the Regulation's requirements. The KPIs are the legal benchmark for compliance, not optional metrics.

Misconception 2: National strategies are set in stone upon adoption. The proposal explicitly requires updates "where necessary" based on the three-year KPI assessment. Strategies are dynamic documents. Compliance officers should not rely on the initial version of a national strategy but must monitor for revisions that may alter procurement priorities or sovereignty requirements.

Misconception 3: KPIs only apply to the public sector. While Article 7 applies to Member States, the outcomes of these KPIs directly influence the private sector through procurement rules (Article 32) and the potential extension of impact assessments to high-criticality private entities (Article 31). The "ripple effect" of public KPIs shapes the market conditions for private cloud and AI adoption.

Misconception 4: The AI Board has no enforcement power. While the AI Board itself does not impose fines, it facilitates the coordination and best-practice exchange that underpins the Commission's monitoring. Significant deviations from KPI-driven objectives could trigger Commission scrutiny under the broader framework of the Digital Decade and CADA's monitoring provisions, potentially leading to corrective measures.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• Who coordinates national cloud and AI strategies across the EU under CADA?
• What role do quantum computers play in national cloud and AI strategies under CADA?
• CADA Article 7: The AI Board's role in national cloud and AI strategies
• Must national strategies support open hardware and software under CADA?
• Must national strategies include AI factories and gigafactories?

This is general information about a draft EU regulation, not legal advice.