Summary Under the proposed Cloud and AI Development Act (CADA), national contracting authorities that acquire cloud computing services, software, or AI systems through the Commission's central purchasing framework are deemed to have fulfilled their obligations under applicable Union public procurement law (Article 39(1)). This mechanism effectively supersedes the need for parallel national tendering procedures for those specific services. However, the procedural rules governing the award of specific contracts under these frameworks are those applicable to Union institutions, not national law (Article 39(2)). This creates a streamlined, dual-layer compliance model where the Commission manages the framework establishment, and national authorities manage the specific call-offs under Union institutional rules.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, establishes a robust central procurement framework in Title IV, Chapter IV (Articles 37–40). This framework empowers the Commission to act as a central purchasing body for Union entities, national contracting authorities, and selected partner organisations. For legal teams and procurement officers, the interaction between this EU-level mechanism and national procurement regimes is defined by the "deemed compliance" principle in Article 39.

The "Deemed Compliance" Rule (Article 39(1))

The cornerstone of CADA's procurement interaction is Article 39(1). It establishes a legal fiction: a participating entity (including a national contracting authority) is "deemed to have fulfilled its obligations under applicable Union public procurement law" where it acquires supplies or services by means of contracts awarded by the Commission under this Chapter.

This applies specifically to:

  • Contracts awarded under framework agreements concluded by the Commission.
  • Contracts awarded under dynamic purchasing systems operated by the Commission.
  • Any ancillary support services referred to in Article 37 (e.g., technical infrastructure, advice, invoicing).

The practical effect is profound. By purchasing through the Commission's central award, a national authority does not need to conduct its own tendering procedure to satisfy the requirements of Directive 2014/24/EU or national transposing laws. The Commission's compliance with Union procurement rules at the framework level is sufficient to satisfy the national authority's legal obligations for the specific acquisition.

Application of Union Institutional Procedural Rules (Article 39(2))

While the obligation to tender is satisfied by the Commission's framework, the procedure for awarding the specific contract follows a different rulebook. Article 39(2) explicitly states that "the procedural provisions applicable to Union institutions shall apply to the procedures for the award of specific contracts under framework contracts or dynamic purchasing systems."

This creates a distinct separation of legal regimes:

  1. Framework Establishment: The Commission follows the Financial Regulation (Regulation (EU, Euratom) 2024/2509) and standard EU procurement directives to select the pool of providers.
  2. Specific Contract Award: When a national authority selects a provider from that pool (a "call-off"), it must follow the procedural rules that govern Union institutions, not its own national procurement code.

This ensures a uniform standard of governance across the Union for these specific contracts, preventing fragmentation where different Member States might apply divergent national rules to the same EU-wide framework.

Reducing Parallel National Tendering

The primary policy objective of this structure is to eliminate market fragmentation and administrative duplication. By centralising the initial tendering phase, CADA removes the need for every Member State to run parallel, resource-intensive tenders for identical cloud or AI services.

Article 39(3) reinforces this efficiency by requiring that a contracting authority acquiring services from the Commission "shall ensure, in its agreements with the contracting authorities it serves, compliance with any contractual requirements by which it is itself bound." This "cascade" mechanism ensures that the terms, conditions, and sovereignty standards set by the Commission are legally binding on the final national contract without requiring a new national tender to re-establish them.

Dynamic Purchasing Systems and Derogations

CADA introduces specific flexibility for dynamic purchasing systems (DPS) to ensure long-term accessibility. Article 39(5) provides a derogation from the standard Financial Regulation, allowing participating entities to request to join a DPS throughout its period of validity, subject to prior Commission approval.

Key constraints in Article 39(5) include:

  • Approval Timeline: The Commission must approve the request within 10 working days.
  • Capacity Cap: Approval is conditional on cumulative requests not exceeding 50% of the initial estimated quantities of the envisaged purchases.
  • Timing: This mechanism is available only to entities that accede to the agreement after the DPS has been launched.

This ensures that late-joining national authorities can still access the central framework without triggering a new national tender, provided the system has not reached its capacity limit.

What this means for you

For in-house counsel, procurement directors, and compliance officers in national public sector bodies, CADA Article 39 fundamentally alters the procurement workflow for cloud and AI services.

1. Shift in Compliance Burden

Your team no longer needs to design and execute a full national tender for services covered by the Commission's framework. Instead, your compliance focus shifts to:

  • Verifying that the service you need is covered by an active Commission framework or DPS.
  • Ensuring your internal selection process for the specific provider adheres to Union institutional procedural rules (Article 39(2)), rather than national law.
  • Documenting the link between your purchase and the Commission's awarded contract to trigger the "deemed compliance" shield of Article 39(1).

2. Contractual Cascading

Under Article 39(3), you cannot simply adopt the Commission's terms; you must ensure your final agreement with the provider includes all contractual requirements to which the Commission is bound. This includes sovereignty criteria, data protection clauses, and open-source obligations. Failure to incorporate these terms could jeopardise the legal validity of the contract and the "deemed compliance" status.

3. Managing Dynamic Purchasing Systems

If your authority was not part of the initial framework launch, you must monitor the dynamic purchasing systems established under CADA.

  • Action: Submit a request to join the DPS as soon as possible.
  • Constraint: Be aware of the 50% capacity cap on new participants. If the system is near capacity, your request may be denied, potentially forcing you to seek alternative procurement routes.
  • Timeline: Expect a decision within 10 working days (Article 39(5)).

4. Audit and Defense

In the event of a legal challenge or audit, your primary defense is the Commission's award decision. You must maintain a clear audit trail showing that:

  • The service was acquired via a contract awarded by the Commission.
  • The specific contract award followed Union institutional procedural rules.
  • The final agreement incorporated all mandatory Commission contractual requirements.

Common misconceptions

"CADA central procurement replaces all national procurement law." No. Article 39(1) only applies to services acquired by means of contracts awarded by the Commission under this specific Chapter. National authorities remain fully subject to national and Union procurement law for any services not covered by the central framework. The "deemed compliance" is a targeted exception, not a blanket exemption.

"The Commission signs the final contract for the Member State." Not necessarily. While the Commission establishes the framework, Article 39(2) clarifies that the procedural provisions applicable to Union institutions apply to the award of specific contracts. In many cases, the national authority itself awards the specific contract (call-off) from the framework, but it must do so following Union institutional rules, not national ones. The Commission does not automatically act as the contracting authority for every final transaction.

"Deemed compliance is automatic and unconditional." Compliance is conditional. It applies only if the acquisition is made strictly through the Commission's awarded contracts. If a national authority deviates from the framework terms, fails to pass down required contractual conditions (Article 39(3)), or attempts to use the framework for services outside its scope, the "deemed compliance" shield does not apply, and the authority may face legal challenges under national law.

Related

This is general information about a draft EU regulation, not legal advice.