Summary As proposed, the Cloud and AI Development Act (CADA) directly targets espionage, sabotage, and technology leakage from third-country cloud providers by linking public procurement to a tiered sovereignty framework. Under Article 30, contracting authorities whose activities contribute to the preservation of public order must procure only cloud services recognised at Union assurance levels 2, 3, or 4. These levels impose strict barriers against third-country data access, service disruption, and personnel coercion. This mechanism operationalises the risks identified in Recital 64, which states that addressing "technology leakage, sabotage and espionage by third-country actors is fundamental for preserving Union public order." By mandating higher assurance levels for critical sectors, CADA would reduce foreign-access exposure and ensure operational autonomy.

Detail

The proposed Cloud and AI Development Act (CADA) is a direct response to the EU's strategic dependence on a limited number of non-European cloud computing service providers, many of which are subject to third-country jurisdictions with extraterritorial legal reach. The proposal explicitly identifies the risks of "misuse (i.e. manipulation, remote access and control, sabotage, weaponisation)" and "access to information (i.e. access to sensitive information, unauthorised communication, technology leakage, data manipulation or exfiltration, espionage)" as critical threats to Union public order. These risks are detailed in Recital 50 and further emphasized in Recital 64, which states that identifying and addressing risks such as "technology leakage, sabotage and espionage by third-country actors is fundamental for preserving Union public order."

To mitigate these specific threats, CADA establishes a Union cloud computing sovereignty framework comprising four assurance levels (Article 16). The core mechanism for addressing espionage and sabotage is the linkage of procurement obligations to these assurance levels, specifically through Article 30.

The Public Order Procurement Mandate (Article 30)

Article 30 imposes binding procurement obligations on Union entities and Member State contracting authorities. The article distinguishes between general public sector activities and those that contribute to the preservation of public order.

  1. Baseline Requirement (Union Assurance Level 1): For public sector bodies whose activities have not been identified as contributing to the preservation of public order, Article 30(2) mandates the use of cloud computing services recognised as having Union assurance level 1.
  2. Public Order Requirement (Union Assurance Levels 2–4): For contracting authorities whose activities have been identified as contributing to the preservation of public orderβ€”specifically in sectors falling under Annex I or II of Directive (EU) 2022/2555 (NIS2), and in areas of national security, internal security, external border management, defence, justice, or law enforcementβ€”Article 30(3) imposes a stricter requirement. These authorities "shall only procure cloud computing services that have been recognised as having a Union assurance level 2, 3 or 4."

This tiered approach ensures that higher-risk environments, where espionage or sabotage would have catastrophic consequences for public order, are served only by providers meeting more rigorous sovereignty criteria.

How Assurance Levels Mitigate Espionage and Sabotage

The assurance levels, defined in Annex II, are cumulative. Moving from Level 1 to Levels 2, 3, and 4 introduces progressively stricter controls designed to neutralize the specific vectors of espionage and sabotage identified in the recitals.

Union Assurance Level 1 (Baseline) Level 1 requires the provider to be established in the Union, with infrastructure and assets located in the Union. Customer data must remain exclusively within the Union unless explicitly required otherwise by the public sector body. Crucially, if the provider is subject to third-country control, it must guarantee that no existing laws in that third country require the reporting of software vulnerabilities to third-country authorities before those vulnerabilities are known to have been exploited. This addresses the "technology leakage" and "remote access" risks by preventing third-country governments from gaining early insight into security flaws that could be exploited for espionage or sabotage.

Union Assurance Levels 2, 3, and 4 (Enhanced Sovereignty) For activities deemed to preserve public order, Article 30 requires Levels 2, 3, or 4. These levels introduce critical barriers against third-country interference:

  • Data Localization and AI Training Restrictions: At Level 2 and above, customer data (including metadata and telemetry) must remain exclusively within the Union. Furthermore, data generated by using the service cannot be used to train or fine-tune any AI system operated by a third country or a legal entity established in a third country. This prevents third-country actors from using EU public-sector data to improve their own AI capabilities, a form of indirect espionage and resource extraction.
  • Personnel and Control: Level 3 requires that personnel involved in the service provision are Union citizens. Level 4 extends this, requiring national security clearances for personnel handling classified information. This mitigates the risk of insider threats or coercion by third-country governments against non-Union nationals.
  • Prohibition of Third-Country Control: At Level 4, the audited provider and its subcontractors must not be subject to the control of a third country or a legal entity established in a third country. Level 3 allows for an exception only if the Commission has adopted an implementing act recognizing the third country as providing sufficient assurances (Article 18), which requires strict conditions such as no measures to compel service degradation or data access.
  • Software Supply Chain Transparency: Levels 2, 3, and 4 require a complete Software Bill of Materials (SBOM) and documented controls to block remote features that could tamper with or disrupt devices. This directly addresses the "sabotage" and "weaponisation" risks by ensuring that third-country software components cannot be remotely used to disrupt service continuity or degrade quality.

Risk Assessments and Multi-Cloud Strategies

Article 29 requires Member States and Union entities to carry out risk assessments to determine which public sector activities contribute to the preservation of public order. These assessments must consider the sensitivity of data, the risk of unlawful access by third countries, and the risk of service disruption. Based on these assessments, authorities map their activities to the appropriate assurance levels.

Furthermore, Recital 65 encourages Union entities and Member States to consider multi-vendor or multi-cloud strategies as part of their procurement procedures. This diversification reduces the risk of a single point of failure, thereby enhancing resilience against both technical disruption and targeted sabotage.

What this means for you

For in-house counsel and compliance officers in the public sector or in regulated private sectors (such as those listed in NIS2 Annex I), CADA introduces concrete obligations and deadlines regarding cloud procurement and risk management.

1. Conduct and Update Risk Assessments (Deadline: 1 year after entry into force) Under Article 29(1), you must ensure your organization carries out a risk assessment to identify which activities contribute to the preservation of public order. This assessment must be completed within one year of the Regulation's entry into force and repeated every two years thereafter. The assessment must explicitly evaluate risks of third-country access and service disruption. If your activities fall under national security, defence, justice, or critical infrastructure, you will likely be classified as requiring higher assurance levels.

2. Adjust Procurement Specifications (Ongoing) Once your risk assessment is complete, you must align your cloud procurement procedures with Article 30.

  • If your activities are not public-order relevant, you must procure services with at least Union Assurance Level 1.
  • If your activities are public-order relevant (e.g., defence, law enforcement, critical energy infrastructure), you must procure services with Union Assurance Level 2, 3, or 4. You must update tender documents to explicitly require these assurance levels. Failure to do so constitutes a breach of the Regulation.

3. Verify Provider Recognition Before contracting, verify that the cloud provider is recognised in the central repository (Article 22) as offering the required assurance level. For Levels 2–4, this recognition is based on independent third-party audits (Article 20). Do not rely solely on self-certification for public-order activities.

4. Prepare for Migration (Transition Period: 12 months) If your current cloud provider does not meet the required assurance level, Article 29(6) mandates migration within a reasonable transition period not exceeding 12 months. You must plan for technical feasibility, continuity of service, and data portability. Delays beyond 12 months require justification based on technical constraints.

5. Monitor for Material Changes Under Article 23, recognised providers must notify authorities of material changes that could affect their assurance status. Compliance officers must monitor these notifications and be prepared to trigger contingency plans if a provider's assurance level is downgraded or revoked.

6. Penalties for Non-Compliance While CADA focuses on public procurement, non-compliance by public authorities can lead to administrative penalties and legal challenges. For private entities in critical sectors, Article 31 allows the Commission to require impact assessments and risk mitigation measures, potentially mirroring the public sector's assurance requirements.

Common misconceptions

Misconception 1: CADA bans all third-country cloud providers. This is incorrect. CADA does not impose a blanket ban. Providers subject to third-country control can still qualify for Union Assurance Level 1 if they meet specific criteria (e.g., no mandatory vulnerability reporting to third countries). For Levels 2 and 3, third-country-controlled providers may qualify if the Commission recognises the third country as providing sufficient assurances under Article 18. Only Level 4 strictly prohibits third-country control. The goal is risk mitigation, not outright exclusion, unless the risk is unmitigated.

Misconception 2: The GDPR is sufficient to address espionage risks. The GDPR focuses on personal data protection and privacy rights. It does not address operational autonomy, service continuity, or the strategic risks of technology leakage and sabotage. Recital 64 explicitly states that CADA complements the GDPR by addressing "operational autonomy" and "public order" concerns that go beyond data protection. CADA's assurance levels include requirements for software supply chain transparency and personnel citizenship that are absent from the GDPR.

Misconception 3: Only the defence sector is affected. While defence is a key area, Article 30 extends to any activity contributing to the preservation of public order, including national security, internal security, external border management, justice, law enforcement, and critical infrastructure sectors listed in NIS2 Annex I and II. This includes energy, transport, banking, and healthcare, depending on the national risk assessment.

Misconception 4: Self-certification is enough for high-risk activities. No. Article 19 allows self-assessment only for Union Assurance Level 1. For Levels 2, 3, and 4, which are required for public-order activities, independent third-party audits are mandatory (Article 20). Compliance officers must ensure that providers have undergone these audits and hold a valid positive audit opinion.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.