How do CADA and the AI Act together govern public-sector generative AI?

Summary As proposed, the Cloud and AI Development Act (CADA) and the AI Act do not compete; they operate on distinct layers of the public-sector generative AI stack. The AI Act governs the safety, risk classification, and transparency of the generative AI model itself, while CADA governs the sovereignty tier of the cloud infrastructure hosting it. For public-sector bodies, this means procurement is triggered by CADA's Article 29 risk assessments and Article 30 procurement mandates, which dictate which "Union assurance levels" of cloud services are permitted based on public order relevance, independent of the AI model's risk class.

Detail

The intersection of the proposed Cloud and AI Development Act (CADA) and the existing AI Act creates a dual-compliance framework for public-sector generative AI. To navigate this, procurement officers must distinguish between the application layer (regulated by the AI Act) and the infrastructure layer (regulated by CADA).

1. The AI Act: Governing the Model and Risk Class

The AI Act (Regulation (EU) 2024/1689) applies to the generative AI system or model itself. Its primary focus is on fundamental rights, safety, and transparency.

• General-Purpose AI (GPAI) vs. High-Risk: Most generative AI models fall under the AI Act's Chapter V as General-Purpose AI models. Providers of these models have specific transparency obligations, such as publishing summaries of training data and complying with copyright laws (Article 53). If the generative AI is integrated into a high-risk application (e.g., critical infrastructure, law enforcement, or biometrics), the downstream provider must comply with the strict requirements for high-risk AI systems (Chapter III), including robustness, accuracy, and human oversight.
• Public-Sector Specifics: The AI Act does not dictate where the model must be hosted or who can provide the hosting infrastructure. It focuses on the behavior and output of the AI system. For public-sector deployers, the AI Act imposes obligations on monitoring the system's performance, keeping logs, and ensuring human oversight (Article 26 of the AI Act).

2. CADA: Governing the Sovereignty Tier of the Cloud

CADA (COM(2026) 502 final) addresses the strategic autonomy and resilience of the cloud infrastructure that hosts these AI systems. It introduces a "Union cloud computing sovereignty framework" with four assurance levels (Union assurance levels 1–4).

• Sovereignty Levels: CADA Annex II defines criteria for these levels. Level 1 is the baseline for general public-sector use. Levels 2, 3, and 4 require increasing degrees of data localization, personnel screening, and absence of third-country control. For example, Level 4 requires that personnel involved in service provision are Union citizens and that the provider is not subject to third-country control.
• Procurement Mandates: CADA Article 30 explicitly links procurement decisions to the results of risk assessments. It states that contracting authorities whose activities are identified as contributing to the preservation of public order (via Article 29) must only procure cloud computing services recognized as offering Union assurance levels 2, 3, or 4. Other public-sector bodies must use services recognized as offering at least Union assurance level 1.

3. The Trigger: Article 29 Risk Assessments

The critical link between the two regulations for public-sector buyers is CADA Article 29. This article obliges Member States and Union entities to carry out risk assessments to determine which public-sector activities concern public order.

• Scope of Assessment: Article 29(1) requires assessments to identify activities using cloud computing services that contribute to preserving public order in sectors listed in Annex I or II of the NIS2 Directive, as well as national security, internal security, external border management, defence, justice or law enforcement, including the prevention, investigation, detection and prosecution of criminal offence.
• Determining the Assurance Level: Based on this assessment, authorities must determine which Union assurance level (2, 3, or 4) is appropriate. Article 29(2) lists factors to consider, including the sensitivity, criticality, and magnitude of the data processed, the risk of unlawful access by a third country, and the risk of service disruption.
• Impact on Generative AI: If a public body uses generative AI for a function deemed to preserve public order (e.g., analyzing sensitive law enforcement data or managing critical energy grid operations), the cloud service hosting that AI must meet the higher assurance levels dictated by the Article 29 assessment, regardless of whether the AI model itself is classified as high-risk under the AI Act.

4. Combined Procurement Workflow

For a public-sector officer procuring generative AI, the process involves two parallel compliance checks:

1. AI Act Compliance: Verify that the AI provider has met their obligations (e.g., transparency for GPAI, conformity assessment for high-risk systems). Ensure the deployer (the public body) implements necessary human oversight and monitoring.
2. CADA Compliance: Conduct or rely on the national risk assessment under CADA Article 29. If the use case is linked to public order, ensure the cloud provider hosting the AI holds a valid recognition for the required Union assurance level (2, 3, or 4) under CADA Article 17. Procure only from providers listed in the central repository of recognized services (CADA Article 22).

What this means for you

For public-sector procurement officers, this dual framework requires a shift from evaluating AI solely on technical performance to evaluating the sovereign resilience of the hosting environment.

• Map Your Use Cases to Article 29: You must determine if your generative AI use case falls under activities preserving public order. If it does, you cannot use a standard commercial cloud offering unless it has been formally recognized under CADA's sovereignty framework for the appropriate assurance level.
• Separate the Vendor from the Infrastructure: You may contract with an AI model provider that is non-EU, but if the hosting infrastructure is EU-based and recognized under CADA, the sovereignty requirements are met at the infrastructure layer. However, CADA Annex II criteria for higher assurance levels (3 and 4) may impose restrictions on third-country control over the provider as well, depending on the specific criteria met.
• Audit the Cloud, Not Just the Code: Your due diligence must extend to the cloud computing service provider's audit reports. Under CADA Article 20, independent third-party audits are required for assurance levels 2–4. You must verify that the provider has a "positive" audit opinion and is listed in the Commission's central repository.
• Monitor for Changes: CADA Article 23 requires cloud providers to notify authorities of material changes that could affect their assurance level. Procurement contracts should include clauses requiring immediate notification if a provider's sovereignty status is downgraded or revoked.

Common misconceptions

• "If the AI model is high-risk under the AI Act, the cloud must be Level 4." Incorrect. The AI Act's risk classification (high-risk vs. general-purpose) does not automatically dictate the CADA assurance level. The CADA level is determined by the public order relevance of the specific public-sector activity, as assessed under Article 29. A high-risk AI system used for non-critical administrative tasks may only require Level 1 or 2 cloud assurance, while a low-risk AI tool used in defense planning may require Level 4.
• "CADA replaces the AI Act for public buyers." Incorrect. CADA does not repeal or replace the AI Act. They are complementary. The AI Act ensures the AI system is safe and respectful of fundamental rights; CADA ensures the infrastructure hosting it is resilient against third-country coercion and disruption. You must comply with both.
• "Only EU-based providers can offer compliant services." Incorrect. CADA allows for the recognition of third-country providers under specific conditions. Article 18 allows the Commission to identify third countries that provide sufficient assurances (e.g., adequacy decisions, no extraterritorial data access laws) to allow their providers to qualify for Union assurance level 3. However, level 4 generally requires stricter EU establishment and control criteria.
• "Generative AI hosted on private cloud is exempt." Incorrect. CADA applies to cloud computing services as defined in the NIS2 Directive. If the public sector procures or uses cloud computing services (including private cloud configurations managed by a provider), the sovereignty framework applies. The key is whether the service falls under the definition of a cloud computing service and is used by a contracting authority.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Data Act (Regulation (EU) 2023/2854)

Related

• CADA and the AI Act: Dual Compliance for Public-Sector AI Buyers
• How does CADA interact with the AI Act for AI deployed by public administrations?
• Does the Data Act govern cloud contracts that CADA tiers depend on?
• Why is CADA part of the EU tech sovereignty package with the Chips Act 2.0?
• Why does CADA call the Data Act an 'enabler'?

This is general information about a draft EU regulation, not legal advice.