How do CADA's tiers deliver immunity from foreign law?

Summary As proposed, CADA's four-tier sovereignty framework (Article 16) would offer increasing protection from foreign legal reach by mandating progressively stricter geographic, personnel and control requirements. Union assurance level 1 requires EU establishment and data residency; levels 2 to 4 progressively demand EU-based infrastructure and personnel and, at the top tiers, the absence of third-country control over the provider and its software supply chain — designed to prevent extraterritorial data access. No tier is a literal legal immunity; the framework works by limiting which services Union public bodies may procure. CADA is a proposal and not yet in force.

Detail

The Cloud and AI Development Act (CADA) proposal addresses the EU's dependence on non-European cloud providers by introducing a "Union cloud computing sovereignty framework" (Article 16). It is designed to mitigate risks associated with the "extraterritorial effect of legislation adopted by third countries," a concern reflected in Recital 5. The mechanism is not a single blanket exemption but a graduated set of technical, organisational and legal criteria that providers must meet to be recognised at one of four "Union assurance levels" (Article 16(1)), with the criteria set out in Annex II.

Recital 48 states that tailored service versions launched by providers in response to sovereignty concerns "do not address the core sovereignty issues allowing for the extraterritorial reach of third-country laws." CADA would instead create a harmonised mechanism aimed at ensuring "autonomy and control over its data, assets and digital infrastructure." Higher assurance levels require increasingly stringent barriers to foreign legal interference, effectively building a tiered structure of protection. (Because CADA is a proposal, none of this is yet binding, and CADA cannot repeal the foreign laws themselves — it works on the EU procurement side.)

Union assurance level 1: the baseline Level 1 is the minimum baseline for public-sector procurement (Article 30(2)). Under Annex II, the provider must be established in the Union (Annex II, 1.1(a)), and its infrastructure and assets, including those of subcontractors involved in the service, must be located in the Union unless the public-sector body explicitly requires otherwise (Annex II, 1.1(b)). Customer data must remain exclusively within the Union, again subject to that exception (Annex II, 1.1(c)). Where the provider is subject to third-country control, it must guarantee that no laws in that third country require it to report software vulnerabilities to that country's authorities before they are known to have been exploited (Annex II, 1.1(g)). This level provides only limited protection — chiefly data residency and basic operational autonomy — and does not by itself prohibit third-country control over the provider.

Union assurance level 2: enhanced operational sovereignty Level 2 adds stricter requirements to limit foreign legal reach through operational channels. The audited provider and its subcontractors involved in the service must be established in the Union (Annex II, 2.1(a)), and infrastructure, assets and personnel must be located in the Union (Annex II, 2.1(b)). Data must remain exclusively within the Union (Annex II, 2.1(c)).

The key enhancement is the requirement to neutralise third-country control. Where the provider is subject to such control, it must demonstrate measures ensuring that control does not restrain the provider's ability to perform the service, restrict infrastructure or undermine capabilities (Annex II, 2.1(g)(i)); must prevent third-country access to customer data (2.1(g)(ii)); and must prevent disruption of service continuity or degradation of quality by a third country (2.1(g)(iii)). Technical and operational support must be initiated and performed exclusively within the Union (Annex II, 2.1(h)), closing a common vector for foreign access via remote support teams.

Union assurance level 3: personnel and control separation Level 3 is among the levels available for activities contributing to the preservation of public order (Article 30(3)). It requires that personnel, including those of subcontractors, involved in the service be Union citizens (Annex II, 3.1(d)), and that support be performed within the Union by Union residents (Annex II, 3.1(h)).

Most significantly, level 3 in principle prohibits the provider and its subcontractors from being subject to third-country control (Annex II, 3.1(g)). A derogation exists only where the Commission has adopted an implementing act under Article 18 identifying an associated third country that fulfils cumulative criteria, including a relevant GDPR adequacy decision and the absence of measures enabling control that conflicts with EU lawful-access rules (Article 18(1)). Even then, the provider must demonstrate effective legal, technical and organisational separation between the Union parent company and any third-country subsidiary (Annex II, 3.1(k)). This tier would substantially limit the legal chain of control that foreign laws typically rely on.

Union assurance level 4: maximum sovereignty Level 4 is the highest tier, intended for the most critical activities. It shares level 3's strict personnel and establishment requirements (and adds national security clearance where appropriate) and tightens cybersecurity to certification at "high" level where a scheme exists (Annex II, 4.1(e)). The provider and subcontractors must not be subject to third-country control, with no derogation (Annex II, 4.1(g)). Support must be performed exclusively within the Union by Union residents and by third parties not subject to third-country control (Annex II, 4.1(h)).

Level 4 also requires effective control over software components, demonstrating that no third country or third-country entity holds or exercises effective control over the design, development, maintenance and evolution of those components (Annex II, 4.1(i)). This is aimed at preventing remote tampering or "kill switch" features. By combining EU personnel residency, a strict prohibition on third-country control and software supply-chain sovereignty, level 4 would offer the strongest insulation from extraterritorial legal reach.

What this means for you

For in-house counsel and compliance officers, CADA's tiered framework would turn public procurement into a rigorous sovereignty exercise.

• Risk assessments would be mandatory. Member States and Union entities would carry out risk assessments at least every two years (and whenever necessary) to determine which activities require level 2, 3 or 4 services (Article 29(1)). Providers serving critical-infrastructure or national-security customers would likely need level 3 or 4 recognition.
• Proof is audit-driven for levels 2-4. Recognition at these levels is not self-declared; it requires independent third-party audits and a "positive" audit opinion (Article 20). Auditors would examine corporate structure, personnel arrangements, data flows and the software supply chain. Recognition can be revoked where a provider supplied incorrect or misleading information (Article 17(11)).
• Structural changes may be required. Reaching level 3 or 4 may mean ensuring support staff are EU residents, legally separating EU subsidiaries from third-country parents, and removing remote-access capabilities held by non-EU entities.
• Penalties and compensation. Member States would set penalties for infringements (Article 24), and the proposal addresses compensation rules for infringements by providers.

Common misconceptions

• "Level 1 is sufficient for all public-sector use." Incorrect. Level 1 is the minimum for activities not identified as contributing to public order (Article 30(2)). Public-order activities must use level 2, 3 or 4 (Article 30(3)).
• "GDPR adequacy decisions guarantee sovereignty." Incorrect. Recital 61 makes clear that, for a level 3 derogation, the Commission would assess an adequacy decision among other factors; it would not by itself grant protection. The third country must also lack measures enabling intrusive control or service disruption.
• "Open-source software provides automatic immunity." Incorrect. While CADA encourages open source (Article 41), Annex II requires specific controls to prevent remote tampering or disruption via open-source components (Annex II, 2.1(j), 3.1(j), 4.1(j)); effective control over the supply chain must still be demonstrated.
• "A tier gives literal immunity from foreign law." Incorrect. CADA cannot repeal a third country's laws. The tiers work by requiring legal, technical and organisational measures and by limiting which services Union public bodies may procure, not by exempting providers from foreign legal process.

Official sources

• GDPR (Regulation (EU) 2016/679)

Related

• What does immunity from foreign law mean for a cloud service under CADA?
• Why is EU dependence on foreign cloud providers seen as a risk under CADA?
• Why can't GDPR deliver cloud sovereignty? CADA and the gap
• Lawful vs. Unlawful Access: Why 'Lawful' Foreign Orders Threaten EU Cloud Sovereignty under CADA
• What is operational autonomy and why can't a foreign provider guarantee it under CADA?

This is general information about a draft EU regulation, not legal advice.