How do the four CADA assurance levels differ from each other?

Summary — As proposed, the Cloud and AI Development Act (CADA), COM(2026) 502 final, would establish "a Union cloud computing sovereignty framework comprising four Union assurance levels" (Article 16(1)), with criteria set out in Annex II. The levels are cumulative: a provider seeking a higher level must satisfy every criterion of the lower levels (Article 20(1)). They differ progressively across the same dimensions — establishment, data residency, personnel and citizenship, cybersecurity certification, software-supply-chain control, third-country control and the assessment method. Level 1 (§1.1) is the baseline, shown by self-assessment (Article 19); Levels 2, 3 and 4 (§§2.1, 3.1, 4.1) each require an independent third-party audit (Article 20). Third-country control rules tighten by level: tolerated at Level 1 subject to a vulnerability-reporting guarantee, conditionally tolerated at Level 2 and (by narrow derogation) Level 3, and prohibited outright at Level 4. For in-house counsel, the practical questions are which level a given workload requires under Article 30 and whether a candidate vendor can credibly evidence it.

Detail

Article 16(1) provides that the framework comprises "four Union assurance levels, the criteria for which are set out in Annex II, that cloud computing service providers shall meet in order to provide their cloud computing services to Union entities and public sector bodies." The Commission would be empowered to amend the levels by delegated act (Article 16(2)) and would review Annex II and Annex III "at least every 18 months" (Article 16(3)). The recitals describe the four-level design as reflecting "the nuanced and layered nature of sovereignty," with most public services not requiring the highest levels.

A structural point governs everything below: the levels are cumulative. Article 20(1) states that a provider audited at a higher level "shall satisfy all the applicable cumulative criteria under Annex II applicable to the lower Union assurance levels," and that "[f]ailure to meet any requirements of a lower assurance level shall preclude conformity with the higher Union assurance levels." Each level adds requirements to the one below rather than replacing them.

The dimensions on which the levels diverge can be compared directly.

Level 1 — baseline (Annex II §1.1; self-assessment under Article 19)

Level 1 would require the provider to be established in the Union (§1.1(a)), with infrastructure and assets — including those of subcontractors involved in the service — located in the Union, and customer data (including metadata and telemetry) kept exclusively within the Union at any time, both subject to an "unless the public sector body explicitly requires otherwise" carve-out (§1.1(b)-(c)). The provider would also demonstrate state-of-the-art cybersecurity (§1.1(e)) and full transparency on subcontractors (§1.1(f)). Where it is under third-country control, §1.1(g) would require a guarantee, demonstrated by independent sources, that no law or practice in that country requires it to report software-vulnerability information to that country's authorities before those vulnerabilities are known to have been exploited.

Level 1 is demonstrated by a conformity self-assessment (Article 19(1)). The provider issues an "EU statement of conformity" and, by doing so, would "assume[] responsibility for the compliance" of the service with the Level 1 criteria (Article 19(2)). Where the provider is an SME, an EU statement of conformity issued under Article 19(2) "shall be directly and automatically recognised in all Member States without the need for prior recognition" (Article 17(3)).

Level 2 — independent audit, personnel and supply-chain controls (Annex II §2.1)

Level 2 adds an independent third-party audit (Article 20) and extends the location requirements: both the audited provider and its subcontractors must be established in the Union (§2.1(a)), and infrastructure, assets and personnel involved must be located in the Union (§2.1(b)). On personnel screening, §2.1(d) is conditional, not a blanket rule: only where the public sector body determines that additional personnel screening and Union citizenship requirements are necessary must the provider ensure that personnel meeting those requirements are available.

The service would need a European cybersecurity certificate of at least assurance level "substantial" under a cloud scheme to be established under Regulation (EU) 2019/881 (Cybersecurity Act), with national schemes or, failing those, the highest applicable Union-law standards applying until such a scheme exists (§2.1(e)). Data generated by use of the service may not be used to train or fine-tune any AI system operated by a third country or third-country-established entity, and may not be transferred outside the Union "in any case" (§2.1(f)). Where the provider or subcontractors are under third-country control, §2.1(g) would require legal, technical and organisational measures ensuring that (i) the control does not restrain delivery or undermine capabilities, (ii) third-country access to customer data is prevented, (iii) disruption or degradation by a third country is prevented, and (iv) the provider is not obliged to give effect to third-country restrictive measures unless legitimate under Member State or Union law. Support, including sub-outsourcing, must be initiated and performed exclusively within the Union (§2.1(h)). The software-supply-chain criteria (§2.1(i)) add a complete, up-to-date SBOM and dependency list for the auditing organisation, controls to block remote features in third-country-owned or -licensed components, source-code audits of security-relevant third-country components, and a documented migration plan; and §2.1(k) would require effective legal, technical and organisational separation between a globally operating provider's Union parent and any third-country subsidiary.

Level 3 — Union-citizen personnel and a narrow third-country derogation (Annex II §3.1)

Level 3 tightens personnel to a citizenship rule: personnel, including subcontractor personnel, involved in the service must be Union citizens and, where appropriate, hold national-security clearance issued by a Member State when handling classified information (§3.1(d)). Technical and operational support must be performed exclusively within the Union by personnel who are Union residents and by third parties not under third-country control (§3.1(h)). The cybersecurity certificate remains at least "substantial" — the same level as Level 2, not "high" (§3.1(e)).

The defining shift is third-country control. As a rule, the provider and its subcontractors must not be subject to third-country control (§3.1(g)). By way of derogation, a provider under third-country control may nonetheless be audited for Level 3 where the Commission has adopted an implementing act under Article 18 identifying the relevant "associated third country," available only where the country fulfils all six cumulative criteria in Article 18(1)(a)-(f) — see the misconceptions section below. Where the derogation applies, the provider must also demonstrate measures mirroring §2.1(g): allowing reasonable access to the code, preventing third-country data access, preventing disruption or degradation, and not being obliged to give effect to third-country restrictive measures unless legitimate under Member State or Union law. Where the provider maintains a third-country subsidiary, §3.1(k) — like §2.1(k) — would require effective legal, technical and organisational separation between the Union parent and that subsidiary. (The proposal imposes no narrower control, such as a prohibition on subsidiary access to customer-data systems or privileged accounts; §3.1(k) speaks only to that separation.)

Level 4 — highest tier, no third-country control (Annex II §4.1)

Level 4 is the highest tier. Personnel must be Union citizens with clearance where appropriate (§4.1(d)). On data residency, §4.1(c) drops the "unless the public sector body requires otherwise" carve-out: customer data identified as sensitive following a risk assessment must remain exclusively within the Union at any time. The cybersecurity certificate must be at least assurance level "high" — the only level requiring "high" (§4.1(e)). Critically, the provider and its subcontractors must not be subject to third-country control (§4.1(g)), and there is no Article 18 derogation at this level. The supply-chain criterion is also stricter: under §4.1(i)(ii) the provider must demonstrate that no third country or third-country entity holds or exercises "effective control over the design, development, maintenance, and evolution" of software components, where effective control includes the ability to materially influence technical evolution, maintenance priorities, security remediation and long-term continuity.

How the levels are assessed

Level 1 rests on the self-assessment and EU statement of conformity (Article 19). Levels 2, 3 and 4 require, at the provider's own expense, an independent third-party audit producing an audit report and a "positive" audit opinion (Article 20(1)). The auditing organisation is not described as "accredited"; instead Article 20(4) requires it to be independent and free of conflicts of interest, to have proven expertise and technical competence in auditing cloud services, and to have proven objectivity and professional ethics. The organisation assesses compliance on the basis of the audit evidence listed in Annex III (Article 21(1)), and the audited provider must annually resubmit the report and "positive" opinion for review (Article 20(8)).

What this means for you

For in-house counsel and compliance teams advising public sector bodies, Union entities or the providers serving them, the framework would reshape cloud procurement and vendor management.

1. Map the workload to a level before going to market. Under Article 30(2), Union entities and public sector bodies whose activities have not been identified as contributing to the preservation of public order "shall use cloud computing services that have been recognised under Article 17 as having a Union assurance level 1." Under Article 30(3), contracting authorities whose activities have been so identified — in NIS2 (Directive (EU) 2022/2555) Annex I or II sectors, and in national security, internal security, external border management, defence, justice or law enforcement — "shall only procure cloud computing services that have been recognised as having a Union assurance level 2, 3 or 4." The level is therefore driven by the activity, not by procurement preference.

2. Risk assessment drives the classification. Article 29(1) provides that Member States and Union entities carry out risk assessments to identify public-sector activities using cloud services that contribute to the preservation of public order. The proposal does not fix a cadence for these assessments, so do not assume a fixed review interval. Counsel should be engaged in scoping these assessments, since they determine whether Article 30(2) or 30(3) applies and, at Level 4, what counts as "sensitive" data.

3. Deepen due diligence on ownership and supply chain. Because third-country control and supply-chain criteria tighten by level, due diligence should test ownership structure, personnel location, citizenship and residency where relevant, SBOM and dependency controls, and — at Level 4 — whether any third-country entity exercises "effective control" over component design and maintenance. A provider under third-country control cannot reach Level 4 at all, and can reach Level 3 only via an Article 18 implementing act resting on the six-part cumulative test; treat such a decision as a gating condition, not a given.

4. Prepare for audit and the annual cycle. Levels 2-4 require an independent audit (Article 20) and annual resubmission of the report and "positive" opinion (Article 20(8)). Material changes affecting the audit or recognition must be notified to the auditing organisation and the national competent authority of establishment as soon as possible (Article 23(1)).

5. Account for enforcement and compensation. Member States would lay down penalties for infringements of this Chapter that are "effective, proportionate and dissuasive" (Article 24(1)), assessed against non-exhaustive criteria including turnover (Article 24(2)). Recipients would have a right to seek compensation for damage or loss from an infringement of Chapter I obligations (Article 24(3)).

Common misconceptions

• "Third-country providers are simply banned." Not at Levels 1 and 2, where third-country control is tolerated subject to specific guarantees, nor necessarily at Level 3. A third-country-controlled provider may be audited for Level 3 only where the Commission has identified the country as an "associated third country" under Article 18. That decision is available only where the country meets all six cumulative criteria of Article 18(1): (a) it is subject to a relevant adequacy decision under Article 45 GDPR; (b) it has no measures enabling control conflicting with the Data Act (Regulation (EU) 2023/2854) lawful-access rules in Article 32(2)-(3); (c) it has no measures to compel service degradation or disruption, and none obliging the provider to give effect to restrictive measures unless legitimate under Member State or Union law; (d) it has no measures impeding the provision of state-of-the-art technologies or services; (e) it maintains an open market to Union cloud services; and (f) it grants equivalent procurement access to Union-controlled providers. Adequacy under GDPR is only one of the six. At Level 4 there is no derogation at all.

• "Level 3 requires the 'high' cybersecurity certificate." No. Level 3 requires at least "substantial" (§3.1(e)), the same as Level 2. Only Level 4 requires "high" (§4.1(e)).

• "Level 2 means all staff must be EU citizens." No. At Level 2, Union citizenship for personnel applies only where the public sector body determines it necessary (§2.1(d)). A blanket Union-citizenship requirement for personnel first appears at Level 3 (§3.1(d)).

• "The audit is done by a government-accredited body." The proposal does not use the term "accredited." Article 20(4) instead defines the auditing organisation by independence and absence of conflicts of interest, proven technical competence in auditing cloud services, and proven objectivity and professional ethics.

• "All public sector bodies will need Level 4." No. Most activities would fall under Level 1 (Article 30(2)); Levels 2-4 apply only where the activity is identified as contributing to the preservation of public order (Article 30(3)). The recitals describe the framework as proportionate, noting that most public services would not require the highest levels.

• "CADA replaces the AI Act." No. CADA addresses the sovereignty, security and operational autonomy of cloud services; the AI Act addresses risks of AI systems. A provider may have to comply with both.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• GDPR (Regulation (EU) 2016/679)
• Cybersecurity Act (Regulation (EU) 2019/881)
• Data Act (Regulation (EU) 2023/2854)

Related

• CADA Assurance Levels: The Roadmap from Level 1 to Level 4
• What are the four CADA Union assurance levels in the sovereignty framework?
• CADA Data Residency: How Rules Differ Across Assurance Levels 1–4
• Who must meet CADA Union assurance levels?
• Which CADA tier should a public-sector buyer require? A guide to Union Assurance Levels

This is general information about a draft EU regulation, not legal advice.