Summary Under the proposed Cloud and AI Development Act (CADA), the EU Open Source Solutions Catalogue (EU OSS Catalogue) would serve as a centralized, free-to-access repository for software developed by or for public sector bodies. For Small and Medium-sized Enterprises (SMEs), this provides a significant competitive advantage by offering free access to high-quality, reusable public-sector software that can be integrated into commercial cloud and AI solutions. As proposed, Article 43 mandates that the Commission maintain this catalogue, hosted on the Interoperable Europe portal, ensuring it is accessible free of charge. This mechanism allows SMEs to reduce development costs, accelerate time-to-market, and build sovereign, compliant offerings by leveraging public investment. Crucially, the proposal includes mechanisms to track the reuse of this software, enabling SMEs to demonstrate their contribution to the European digital supply chain in public procurement evaluations.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, aims to strengthen Europe's cloud and AI ecosystem by reducing dependencies on non-European providers and fostering a more competitive, sovereign market. A key pillar of this strategy is the promotion of open source software as a lever for technological sovereignty. Within this framework, the EU Open Source Solutions Catalogue plays a central role in facilitating the reuse of public-sector software, directly benefiting private sector actors, particularly SMEs.

The Legal Basis: Article 43 and the Centralized Repository

Article 43 of the CADA proposal establishes the Commission's specific obligation to "provide and maintain an EU Open Source Solutions Catalogue ('EU OSS Catalogue') as a centralised catalogue to access software made available for reuse by Union entities and public sector bodies."

This is not merely a passive list; it is a mandated infrastructure. The proposal requires that when a Union entity or public sector body makes software available for reuse under an open source licence, it must do so using a catalogue or repository that is connected to, and made accessible through, the EU OSS Catalogue (as reinforced by Article 42). This ensures that valuable public-sector code is not siloed in disparate, hard-to-find internal repositories but is instead aggregated into a single, searchable, and machine-readable platform.

The proposal explicitly states that the catalogue shall be "hosted on the Interoperable Europe portal referred to in Article 8 of Regulation (EU) 2024/903" and shall be "accessible electronically free of charge." This "free of charge" mandate is critical for SMEs, removing financial barriers to accessing high-quality, pre-vetted software components.

Strategic Benefits for SMEs

For Small and Medium-sized Enterprises (SMEs) operating in the cloud and AI space, the EU OSS Catalogue offers several distinct strategic advantages under the proposed framework:

1. Cost Efficiency and Accelerated Development Developing robust, secure, and compliant cloud infrastructure or AI models from scratch is resource-intensive. By accessing pre-developed, tested, and often standardized public-sector software components via the EU OSS Catalogue, SMEs can significantly reduce their research and development costs. They can build upon existing solutions rather than reinventing the wheel, allowing them to allocate more resources to innovation, customization, and value-added services. This aligns with the CADA objective of fostering innovation and reducing the "race to the bottom" in public procurement.

2. Access to High-Quality, Compliant Code Public sector software often undergoes rigorous security and compliance checks before deployment. By reusing software that has already been vetted for public use, SMEs can enhance the trustworthiness and security of their own offerings. This is particularly valuable when targeting public sector clients, as the software already aligns with public procurement standards and interoperability requirements. The catalogue effectively acts as a quality seal, reducing the due diligence burden on SMEs.

3. Enhanced Competitiveness in Public Procurement CADA encourages public authorities to prioritize open source solutions (Article 41). SMEs that integrate or build upon software from the EU OSS Catalogue are better positioned to meet these preferences. Demonstrating the use of EU-developed, open-source components can strengthen an SME's bid in public tenders. Specifically, under Article 32, contracting authorities must include "non-price award criteria" to evaluate a tenderer's contribution to the European cloud and AI ecosystem. Reusing software from the EU OSS Catalogue serves as concrete evidence of such contribution, potentially increasing the weight of an SME's bid in the quality evaluation.

4. Facilitating Sovereignty and Supply Chain Transparency The CADA framework places a strong emphasis on sovereignty and reducing third-country dependencies. By utilizing software from the EU OSS Catalogue, SMEs can more easily demonstrate compliance with sovereignty requirements, particularly for services targeted at the public sector. This aligns with the Union assurance levels (Article 16), where transparency and control over the software supply chain are critical criteria. Using code that is explicitly developed within the Union and made available under open source licences helps satisfy the "Union added value" criteria.

Tracking Reuse and Measuring Impact

The CADA proposal recognizes the importance of tracking the uptake and reuse of open source software to ensure the catalogue's effectiveness and to measure the return on public investment. While Article 43 establishes the catalogue itself, the broader regulatory framework includes mechanisms for monitoring.

Article 43 mandates that the Commission maintain the catalogue, and the proposal implies a mechanism for monitoring the catalogue's usage through the broader reporting obligations on public procurement. Specifically, Article 33 requires Member States to monitor and report on their use of "procurement of innovation in cloud computing services and AI systems," including the "number of contracts awarded to SMEs" and their share of total contract value.

Furthermore, the proposal establishes a "network of Open Source Programme Offices (OSPO Network)" under Article 44 to facilitate the exchange of information and best practices. This network, combined with the centralised nature of the EU OSS Catalogue, allows for the tracking of reuse. While the specific KPIs for "third-party reuse" are not enumerated in the text of Article 43 itself, the framework is designed to capture this data. The Commission is empowered to adopt implementing acts to specify the procedures and templates for participation, ensuring that the catalogue remains dynamic and responsive to market needs.

For SMEs, this tracking capability is a double-edged sword: it ensures the ecosystem is monitored, but it also provides a verifiable record of their contribution. SMEs can leverage this transparency by showcasing their integration of catalogue-hosted software in their marketing and procurement submissions. This not only highlights their commitment to open source and European sovereignty but also provides concrete evidence of their alignment with EU digital policy goals, which can be crucial for winning public contracts.

What this means for you

If you are an SME operating as a cloud service provider, data centre operator, or AI developer, the EU OSS Catalogue presents a tangible opportunity to enhance your service offerings while reducing costs. Here's how you can act under the proposed CADA:

  • Explore the Catalogue Early: As soon as the EU OSS Catalogue becomes operational (following the entry into force of the Regulation), regularly browse it for software components relevant to your stack. Look for middleware, security tools, data management systems, or AI models that can be integrated into your solutions. The catalogue will be hosted on the Interoperable Europe portal, making it easily accessible.
  • Integrate and Customize: Use the reusable software as a foundation for your products. Customize it to meet specific client needs or to add proprietary value, ensuring you maintain a competitive edge while benefiting from the initial public investment. Remember that the software is available under open source licences, so ensure you comply with the specific terms (e.g., attribution, copyleft provisions).
  • Highlight Sovereignty and Compliance: In your sales materials and public procurement bids, explicitly mention your use of software from the EU OSS Catalogue. This demonstrates your commitment to European digital sovereignty and can be a differentiator in tenders that prioritize EU-added value (Article 32). You can cite your integration of public code as evidence of strengthening the digital technology supply chain in the Union.
  • Engage with the Open Source Community: Participate in the broader open source ecosystem supported by CADA, including the network of Open Source Programme Offices (OSPO Network) established under Article 44. This can provide access to best practices, technical support, and collaborative opportunities with other public and private entities.
  • Monitor Regulatory Updates: Stay informed about implementing acts and guidance issued by the Commission regarding the EU OSS Catalogue. Understanding the specific requirements for reuse and attribution will ensure your compliance and maximize your benefits.

Common misconceptions

Misconception 1: The EU OSS Catalogue is only for public sector use.

  • Reality: While the catalogue is populated by software from public sector bodies, it is explicitly designed to be accessible to all, including private sector companies and SMEs. The goal is to foster reuse across the entire ecosystem, driving innovation and reducing duplication. Article 43 states the catalogue is to "access software made available for reuse," without restricting access to public entities.

Misconception 2: Software in the catalogue is free of all obligations.

  • Reality: The software is available under open source licences, which come with specific terms and conditions (e.g., attribution, copyleft provisions). SMEs must carefully review the licence terms for each piece of software they reuse to ensure compliance. The "free of charge" access refers to the cost of downloading and accessing the catalogue, not the legal obligations of the licence.

Misconception 3: SMEs cannot contribute to the catalogue.

  • Reality: While Article 42 primarily mandates public sector bodies to publish their reusable software, the broader CADA framework encourages collaboration. SMEs may partner with public entities or contribute to open source projects that are subsequently listed, enhancing their reputation and influence in the ecosystem. The OSPO Network under Article 44 is designed to facilitate such exchanges.

Misconception 4: Using catalogue software automatically guarantees sovereignty compliance.

  • Reality: While using EU-developed software is a strong indicator of sovereignty, compliance with Union assurance levels (Article 16) involves a broader set of criteria, including data location, personnel screening, and cybersecurity certifications. SMEs must still undergo the necessary audits and assessments to achieve formal recognition. The catalogue is a tool to help, not a substitute for the full compliance process.

Related

This is general information about a draft EU regulation, not legal advice.