How CADA tiers prevent foreign access to customer data

Summary The proposed Cloud and AI Development Act (CADA) prevents foreign access to customer data through a four-tier "Union cloud computing sovereignty framework" (Article 16). While Level 1 relies on strict data residency within the Union, Levels 2, 3, and 4 mandate active technical and legal measures to prevent third-country access to customer data, regardless of where the provider is established. Crucially, Annex II explicitly requires that "access by a third country... to customer data is prevented" for Levels 2 and 3 (Annex II 2.1(g)(ii), 3.1(g)(ii)). Level 4 goes further by prohibiting any third-country control over the provider entirely. These tiers ensure that public sector bodies can procure services with guaranteed data confidentiality and operational autonomy, addressing risks posed by extraterritorial laws like the US CLOUD Act.

Detail

The CADA proposal, COM(2026) 502 final, addresses the EU's strategic dependence on non-European cloud providers by establishing a harmonized framework of four Union assurance levels. This framework is designed to mitigate specific risks identified in the explanatory memorandum, including "unauthorised access to Union data" and "extraterritorial effects of legislation adopted by third countries." The mechanism for preventing foreign access evolves from simple data localization at Level 1 to comprehensive prohibitions on third-country control at Level 4.

The Four Assurance Levels and Data Access Prevention

The criteria for each level are set out in Annex II of the proposal. The progression of safeguards is cumulative, meaning higher levels must meet all lower-level criteria plus additional strictures.

Union Assurance Level 1: Baseline Data Residency Level 1 serves as the minimum baseline for public sector procurement where activities do not contribute to the preservation of public order (Article 30(2)). The primary mechanism for preventing foreign access at this level is strict data localization and establishment requirements.

• Data Residency: Annex II, Section 1.1(c) mandates that customer data, including metadata and telemetry, processed by the provider and its subcontractors "remain exclusively within the Union," unless the public sector body explicitly requires otherwise.
• Establishment: The provider must be established in the Union (Annex II, Section 1.1(a)).
• Subcontractor Control: If technical support is outsourced outside the Union, the provider must implement legal and technical measures to ensure traceability and security, ensuring that such outsourcing does not compromise operational autonomy (Annex II, Section 1.1(d)).
• Limitation: Level 1 does not explicitly prohibit third-country control over the provider, nor does it mandate the specific "prevention of access" clauses found in higher tiers. It relies on the physical location of data and the provider's establishment to create a jurisdictional barrier.

Union Assurance Level 2: Active Prevention of Third-Country Access Level 2 introduces independent third-party audits and stricter controls on personnel and software supply chains. It is the first tier to explicitly mandate active prevention of third-country data access, even if the provider is subject to third-country control.

• Preventing Access: Annex II, Section 2.1(g)(ii) requires that if the provider or its subcontractors are subject to third-country control, they must demonstrate that measures are in place to ensure that "access by a third country or by a legal entity established in a third-country to customer data is prevented." This is a positive obligation to block access, not merely to store data locally.
• Data Localization: Like Level 1, customer data must remain exclusively within the Union (Annex II, Section 2.1(c)).
• AI Training Restrictions: Data generated by using the service cannot be used to train or fine-tune AI systems operated by third countries and cannot be transferred outside the Union (Annex II, Section 2.1(f)).
• Cybersecurity: The service must obtain a European cybersecurity certificate of at least assurance level 'substantial' (Annex II, Section 2.1(e)).

Union Assurance Level 3: High Assurance with Limited Third-Country Control Level 3 is designed for activities contributing to the preservation of public order, such as those in sectors falling under NIS2 or involving national security, justice, or law enforcement (Article 29).

• Personnel and Infrastructure: All personnel involved in service provision must be Union citizens (conditional on public body requirements), and infrastructure/assets must be located in the Union (Annex II, Section 3.1(b) and (d)).
• Preventing Access: Similar to Level 2, Annex II, Section 3.1(g)(ii) mandates that measures prevent "access by a third country or by a legal entity established in a third-country to customer data."
• Third-Country Control Exception: Generally, providers subject to third-country control cannot qualify for Level 3. However, Annex II, Section 3.1(g) provides a derogation: a provider subject to third-country control may be audited for Level 3 if the Commission has adopted an implementing act recognizing that third country as providing sufficient assurances (Article 18). In such cases, the provider must still demonstrate that third-country access to customer data is prevented. This derogation is the only pathway for a third-country-controlled entity to reach Level 3.

Union Assurance Level 4: Maximum Sovereignty Level 4 is reserved for the most critical public sector activities, potentially including the hosting of EU classified information.

• No Third-Country Control: Annex II, Section 4.1(g) explicitly states that the audited provider and its subcontractors "are not subject to the control of a third country or a legal entity established in a third-country." There is no derogation for third-country control at this level.
• Preventing Access: While the absolute prohibition on third-country control inherently prevents foreign access, the tier also requires that sensitive customer data remain exclusively within the Union (Annex II, Section 4.1(c)).
• Cybersecurity: The service must obtain a European cybersecurity certificate of at least assurance level 'high' (Annex II, Section 4.1(e)).

The Role of Data Residency and Technical Safeguards

Data residency is a foundational pillar across all tiers, but its function evolves. By requiring customer data to remain "exclusively within the Union" (Annex II, Sections 1.1(c), 2.1(c), 3.1(c), and 4.1(c)), CADA ensures that data is physically and legally subject to EU jurisdiction. This reduces the risk of foreign laws compelling data transfer, as the data is not stored in jurisdictions where such laws apply.

For Levels 2–4, data residency is reinforced by specific technical and operational prohibitions:

• AI Training: Data generated by using the service cannot be used to train or fine-tune any AI system operated by a third country (Annex II, Sections 2.1(f), 3.1(f), 4.1(f)).
• Support Operations: Technical and operational support must be initiated and performed exclusively within the Union (Annex II, Sections 2.1(h), 3.1(h), 4.1(h)).
• Software Supply Chain: Providers must implement controls to block remote features that could tamper with or disrupt the system, and ensure source code audits for third-country components (Annex II, Sections 2.1(i), 3.1(i), 4.1(i)).

Audit and Verification Mechanisms

To ensure these criteria are met, CADA introduces a robust verification framework:

• Self-Assessment (Level 1): Providers issue an EU statement of conformity based on self-assessment (Article 19).
• Independent Audit (Levels 2–4): Providers must undergo independent third-party audits (Article 20). Auditing organizations must assess compliance with the specific criteria in Annex II, including the prevention of third-country data access. The audit report must include a "positive" or "negative" opinion (Article 20(5)).
• Central Repository: Recognized services are listed in a central repository maintained by the Commission (Article 22), providing transparency for public buyers.

What this means for you

For in-house counsel, compliance officers, and public procurement teams, the CADA proposal introduces significant operational and contractual obligations.

1. Contractual and Technical Overhaul If you aim to qualify for Levels 2–4, you must review and amend your technical architecture and legal contracts. You must implement and document measures that technically block third-country access to customer data. This may involve:

• Implementing geographically restricted network controls to prevent administrative access from outside the Union.
• Ensuring no remote support or maintenance is performed from third countries.
• Drafting contractual clauses with subcontractors that explicitly prohibit third-country data access and service disruption.

2. Supply Chain Due Diligence You must conduct deep due diligence on your subcontractors. For Level 3 and 4, subcontractors must also meet the location and citizenship requirements. For Level 2, you must ensure that if any part of your supply chain is subject to third-country control, the necessary legal and technical safeguards are in place to prevent data access by that third country. The audit evidence required includes a complete Software Bill of Materials (SBOM) and data flow diagrams (Annex III).

3. Audit Readiness Prepare for independent third-party audits. You will need to provide evidence of your software bill of materials (SBOM), data flow diagrams, and access logs to auditors. Ensure your documentation demonstrates that you have tested and verified that third-country entities cannot access customer data. The audit opinion must be "positive" for recognition (Article 20).

4. Procurement Strategy for Public Sector Buyers Public sector bodies must conduct risk assessments to determine the appropriate assurance level for their activities (Article 29). If your activities contribute to public order (e.g., critical infrastructure, justice, defense), you must procure services recognized at Level 2, 3, or 4. Ensure your procurement documents explicitly require these assurance levels and the specific "prevention of access" criteria.

5. Penalties and Enforcement Member States must lay down rules on penalties for infringements of the sovereignty framework (Article 24). Penalties must be effective, proportionate and dissuasive. While specific fine amounts are left to Member States, the criteria for imposing penalties include the nature, gravity, and duration of the infringement, as well as the financial benefits gained. Non-compliance could result in loss of recognition, exclusion from public procurement, and significant fines.

Common misconceptions

Misconception 1: Level 1 prevents all foreign access. Level 1 ensures data resides in the EU and requires the provider to be established in the EU. However, it does not explicitly mandate the same level of active technical prevention of third-country access as Levels 2–4, nor does it prohibit third-country control of the provider. It is a baseline, not a high-sovereignty guarantee.

Misconception 2: Third-country providers can never qualify for Level 3. While generally prohibited, Annex II, Section 3.1(g) allows for a derogation. If the Commission adopts an implementing act recognizing a third country as providing sufficient assurances (Article 18), providers subject to that third country's control may be audited for Level 3, provided they demonstrate that third-country access to customer data is prevented.

Misconception 3: Data residency alone is sufficient for sovereignty. Data residency is necessary but not sufficient. Levels 2–4 require additional measures, such as personnel citizenship (Level 3/4), prevention of third-country control (Level 4), and restrictions on using data for AI training. Sovereignty under CADA is a multi-layered concept involving data, personnel, infrastructure, and legal control.

Misconception 4: The "substantial" cybersecurity level applies only to Level 4. The requirement for a European cybersecurity certificate of at least assurance level 'substantial' applies to both Level 2 and Level 3 (Annex II 2.1(e), 3.1(e)). Only Level 4 requires the higher 'high' assurance level (Annex II 4.1(e)).

Official sources

• Data Act (Regulation (EU) 2023/2854)

Related

• CADA vs the Data Act: How Article 18 Blocks Foreign Data Access
• CADA Sovereignty Tiers: Protection Against Foreign Law Explained
• CADA public sector body: definition, data residency powers & assurance tiers
• CADA Data Training Ban: Can Cloud Providers Train AI on Customer Data?
• How do CADA sovereignty tiers help reduce foreign cloud dependency?

This is general information about a draft EU regulation, not legal advice.