Summary As proposed in the Cloud and AI Development Act (CADA), a public authority that purchases cloud, AI, or data centre services through the Commission's central purchasing framework is deemed to have fulfilled its obligations under applicable Union public procurement law. This legal mechanism, established in Article 39(1) of the proposal, applies specifically to contracts awarded by the Commission acting as a central purchasing body under Chapter IV. By relying on this framework, Member State contracting authorities avoid the need to run duplicate tendering procedures, thereby significantly reducing administrative burden while ensuring full compliance with Directive 2014/24/EU.

Detail

The proposed Cloud and AI Development Act (CADA) introduces a sophisticated framework designed to leverage the European Commission's purchasing power to secure resilient, sovereign cloud and AI services for the public sector. A critical component of this framework is the legal certainty it provides regarding compliance with existing EU public procurement rules. This mechanism is primarily governed by Article 39 of the proposal, which clarifies the applicable public procurement framework for entities participating in the Commission's common procurement activities.

The Legal Fiction of Compliance (Article 39(1))

The core provision addressing the intersection of Commission-led procurement and national compliance obligations is Article 39(1). It establishes a definitive legal status for participating entities:

"A participating entity shall be deemed to have fulfilled its obligations under applicable Union public procurement law where it acquires supplies or services by means of contracts awarded by the Commission under this Chapter, including through framework contracts concluded by or dynamic purchasing systems operated by the Commission acting as a central purchasing body, or any ancillary support services referred to in Article 37."

This clause creates a "legal fiction" of compliance. In standard public procurement scenarios, a contracting authority (such as a national ministry or a local municipality) must conduct its own tender process that strictly adheres to the principles of transparency, equal treatment, and non-discrimination as set out in Directive 2014/24/EU. This process is often resource-intensive, requiring detailed documentation, market analysis, and strict procedural adherence to avoid legal challenges.

However, when a Member State authority joins the Commission's common procurement framework (established under Articles 37–40 of the proposal), it effectively delegates the procurement activity to the Commission. By purchasing through the Commission, the national authority is considered to have met its legal duties under Union law. This is significant because it removes the risk that a national buyer might be accused of non-compliance due to procedural errors in a complex, high-value cloud or AI tender. The responsibility for ensuring the procurement process itself is lawful shifts to the Commission, which operates under its own financial rules (Regulation (EU, Euratom) 2024/2509) and the specific derogations and arrangements laid out in CADA.

Scope of Application: Chapter IV Contracts

The compliance guarantee in Article 39(1) is not unlimited; it applies specifically to contracts awarded by the Commission under Chapter IV of the proposal (Articles 37–40). This chapter establishes the conditions for the Commission to carry out procurement activities for three distinct categories of "participating entities":

  1. Union entities (institutions, bodies, offices, and agencies).
  2. Contracting authorities from Member States.
  3. Partner organisations selected by the Commission.

The framework empowers the Commission to:

  • Procure data centre services, cloud computing services, software, and AI systems on behalf of these entities.
  • Conclude framework contracts or operate dynamic purchasing systems (DPS).
  • Act as a wholesaler by acquiring and reselling these services to participating entities.

As long as the national authority purchases through these specific channels established by the Commission, the "deemed compliance" shield applies. This ensures that the procurement is treated as a single, Union-level exercise rather than a fragmented series of national tenders.

Reducing Duplicate Tendering

One of the primary drivers for this provision is the elimination of duplicate administrative efforts and the fragmentation of demand. Without a centralised mechanism, each Member State or public authority would need to run its own tender for cloud services, leading to fragmented demand, higher costs, and significant administrative overhead. Small and medium-sized authorities, in particular, often lack the specialized expertise required to tender for complex AI or sovereign cloud solutions.

By centralising the procurement, the Commission leverages economies of scale. National buyers benefit from pre-negotiated terms, competitive pricing, and vetted suppliers that have undergone rigorous Union-level assessment. Crucially, Article 39(1) ensures that this efficiency does not come at the cost of legal compliance. The national authority does not need to justify why it did not run a tender, nor does it need to document its own selection process, because the Commission's process stands in for its own. This effectively removes the barrier of "procurement fatigue" for public bodies seeking to adopt advanced digital technologies.

Procedural Rules for Specific Contracts

While the general framework is managed by the Commission, Article 39(2) specifies that the procedural provisions applicable to Union institutions apply to the award of specific contracts under framework contracts or dynamic purchasing systems. This ensures that even when a Member State entity "calls off" a specific contract from a framework agreement managed by the Commission, the underlying procedural integrity is maintained at the Union level. The rules governing the initial award of the framework contract by the Commission extend to the specific execution of services by the participating entity.

Furthermore, Article 39(3) adds a layer of contractual consistency. It states that a contracting authority that has acquired services from the Commission as a central purchasing body must ensure, in its agreements with the contracting authorities it serves, compliance with any contractual requirements by which it is itself bound. This prevents the "re-tendering" of Commission-bought services by a national body to its own sub-authorities without adhering to the original terms secured by the Commission. It ensures that the benefits of the centralised procurement (such as specific sovereignty clauses or security standards) are preserved throughout the supply chain.

Dynamic Purchasing Systems and New Participants

The proposal also addresses the flexibility of dynamic purchasing systems (DPS). Article 39(5) introduces a derogation from the standard Financial Regulation, allowing participating entities to join a DPS throughout its period of validity, subject to Commission approval. This means a Member State authority can enter a pre-existing Commission-led procurement system without waiting for a new tender cycle, further streamlining access to cloud and AI services while maintaining the compliance shield of Article 39(1). This flexibility is vital in a rapidly evolving market where technology specifications change frequently.

What this means for you

For public-sector procurement officers, legal advisors, and IT directors in Member States, this provision offers a streamlined, low-risk path to acquiring cloud and AI services.

  • Risk Mitigation: You can rely on the Commission's procurement processes to satisfy your legal obligations under Directive 2014/24/EU. This significantly reduces the legal risk associated with running complex, high-stakes tenders for emerging technologies like AI, where market standards are still evolving.
  • Administrative Efficiency: You do not need to dedicate internal resources to the full tendering process for services covered by the Commission's framework. Your role shifts from "buyer" (managing the tender) to "user" (utilizing the Commission's procurement outcomes), freeing up staff for implementation and operational tasks.
  • Strategic Sourcing: By participating in the Commission's framework, you gain access to competitive pricing and terms negotiated at a European scale, which may be difficult to achieve at a national or local level due to smaller market leverage.
  • Contractual Adherence: When using these services, ensure you adhere to the terms set by the Commission. If you are a central body reselling these services to other public entities, you must pass on the contractual requirements as per Article 39(3) to maintain the integrity of the framework.

Common misconceptions

  • "The Commission can buy anything for me." The compliance guarantee only applies to services procured under Chapter IV (data centre services, cloud computing services, software, and AI systems). It does not cover general goods, construction, or services outside this specific scope.
  • "I don't need to check the Commission's contracts." While you are deemed compliant with procurement law, you are still bound by the contractual terms awarded by the Commission. You must ensure that the specific contract or framework agreement meets your operational needs and that you comply with any obligations passed down to you, especially if you are reselling services to other entities.
  • "This replaces all national procurement rules." Article 39(1) deems you compliant with Union public procurement law for the specific transaction. It does not exempt you from other national legal requirements, such as internal financial controls, data protection laws (GDPR), or security regulations (NIS2), which still apply to the use of the purchased services.
  • "Only large Member States can participate." The framework is open to all contracting authorities from Member States. The Commission's role as a central purchasing body is specifically designed to help smaller authorities access the market more effectively by pooling demand and reducing the barrier to entry.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.