CADA

Summary As proposed, the Cloud and AI Development Act (CADA) does not provide a standalone legal definition for "routine procurement," but it creates a clear functional distinction based on regulatory obligations. Article 32(1) mandates the "Union added value" award criterion exclusively for "innovative cloud computing services and AI systems." Routine commodity purchases are exempt from this specific quality criterion but remain strictly bound by the baseline sovereignty requirements of Article 30 (Union assurance levels). Furthermore, Article 33 imposes specific monitoring and reporting obligations solely on the procurement of innovation, including a target for SME participation, which does not apply to routine buys.

Detail

The proposed CADA distinguishes between innovative and routine procurement not through a dictionary definition, but by attaching specific, mandatory obligations to the former that are absent in the latter. This structure allows the regulation to drive ecosystem development without overburdening standard public-sector purchasing processes.

The Mandatory "Union Added Value" Criterion (Article 32)

The primary operational difference lies in Article 32, which introduces a non-price award criterion designed to strengthen the European digital ecosystem.

Article 32(1) explicitly limits the scope of this obligation: "In public procurement procedures for innovative cloud computing services and AI systems, contracting authorities shall include, as part of the quality evaluation of the tender, non-price award criteria that allow them to evaluate the tenderer's contribution to the development of a European cloud and AI ecosystem."

The use of the word "shall" makes this mandatory, but only if the procurement is classified as "innovative." If a contracting authority is procuring a standard, off-the-shelf cloud service (e.g., generic storage or standard email hosting), Article 32 does not require the inclusion of these specific Union added value criteria.

When Article 32 does apply, Article 32(3) specifies the exact dimensions of the evaluation. Contracting authorities must assess:

• The extent to which the tenderer contributes to strengthening the digital technology supply chain in the Union, including the use of software or hardware designed or manufactured in the Union.
• The integration of technologies developed in the Union, including research and development results from Union-funded programmes.
• Whether the innovation required to deliver the service contributes to strengthening the security of supply and the development of a European cloud and AI ecosystem.
• Whether the service is delivered, to the greatest extent feasible, through critical computing, storage, and networking hardware components designed and/or manufactured in the Union. If not feasible, hardware from a third country may be considered if it contributes to strengthening security of supply.

Article 32(2) provides safeguards to ensure these criteria do not distort the market. The criteria must be:

• Linked to the subject matter of the contract.
• Not conferring unrestricted freedom of choice.
• Expressly set out in the procurement documents.
• Ancillary and not decisive in the award of the contract.

While the text of the proposal does not explicitly fix a point value in the articles, the explanatory memorandum notes that contracting authorities could consider a maximum weighting of 15 out of 120 points to ensure the criterion remains proportionate and subordinate to core technical and financial criteria.

Monitoring and Reporting Obligations (Article 33)

Article 33 reinforces the distinction by placing specific administrative burdens only on innovation procurement. Article 33(1) requires Member States to "monitor and report on their use of procurement of innovation in cloud computing services and AI systems."

This article aims to foster a market for European innovators. Article 33(4) sets a specific objective for Member States: "at least 25% of their procurement for cloud computing services and AI systems be awarded to innovative SMEs." Member States must include plans to achieve this objective in their national strategies under Article 7.

Routine procurements are not subject to this specific 25% SME innovation target or the associated annual reporting framework to the Commission. While general public procurement rules regarding SMEs still apply, the specific CADA innovation metrics do not.

Routine Procurement: The Baseline Sovereignty Obligation (Article 30)

It is a critical misconception that "routine" procurement is exempt from CADA. While routine buys are exempt from the Article 32 innovation criteria and Article 33 reporting, they are fully subject to the core sovereignty framework.

Article 30 establishes the minimum assurance levels for all public-sector cloud procurement:

• Article 30(2): Public sector bodies whose activities have not been identified as contributing to the preservation of public order must use cloud computing services recognised as having Union assurance level 1.
• Article 30(3): Contracting authorities whose activities have been identified as contributing to the preservation of public order (e.g., defense, justice, law enforcement, critical infrastructure) must procure services recognised as having Union assurance levels 2, 3, or 4.

Therefore, a routine purchase of standard cloud storage must still meet the Union assurance level 1 criteria (e.g., establishment in the Union, data remaining in the Union, as detailed in Annex II). The "routine" label only exempts the buyer from the additional innovation-focused quality criteria and reporting, not from the baseline sovereignty requirements.

Defining "Innovative" in Practice

While CADA does not provide a rigid definition of "innovative" in Article 32, the context of Article 33 and the Cloud and AI Leadership Initiatives (Title II) suggests the term refers to:

1. Services that address new or emerging technological challenges.
2. Procurement that supports the development of European cloud and AI ecosystems.
3. Solutions that may involve pre-commercial procurement or innovation partnerships.

Article 33(5) encourages contracting authorities to use preliminary market consultations and matchmaking with European SMEs and start-ups to identify these innovative solutions, further implying that "innovation" is linked to the development of new capabilities rather than the acquisition of existing commodities.

What this means for you

For public-sector procurement officers and legal teams, this distinction dictates how tender documents are structured and how bids are evaluated.

1. Classify your procurement early: Before drafting your tender, determine if your buy is "innovative." If you are buying a standard, commodity cloud service (e.g., basic SaaS for HR or standard storage), it is likely routine. If you are buying a novel AI-driven solution, a custom cloud architecture, or a service that contributes to the European ecosystem's development, it is likely innovative.
2. Apply Article 32 only if innovative: If your procurement is innovative, you must include the Union added value criteria in your quality evaluation. You cannot ignore them. You should define clear metrics for how you will assess the tenderer's contribution to the European supply chain (e.g., percentage of EU-manufactured hardware, use of EU-developed software).
3. Track your innovation spend: If you engage in innovative procurement, you must monitor and report on it annually to the Commission, including data on SME participation. Ensure you have internal processes to track whether awards go to innovative SMEs, aiming for the 25% target.
4. Never skip Article 30: Regardless of whether your buy is innovative or routine, you must verify that the provider meets the relevant Union assurance level. For routine buys, this is Level 1. For critical public-order activities, it is Level 2, 3, or 4. Check the central repository (Article 22) to confirm the provider's recognition status.
5. Leverage innovation for SMEs: Use the innovation procurement framework to actively seek out European SMEs and start-ups. The proposal encourages matchmaking and simplified procedures for these entities.

Common misconceptions

• "Routine procurement means I don't need to worry about sovereignty." False. Article 30 applies to all public-sector cloud procurement. Routine buys must still meet Union assurance level 1. The sovereignty framework is the baseline; innovation criteria are an add-on.
• "Union added value means I must buy only European hardware." False. Article 32(3)(d) allows for hardware from third countries if it contributes to strengthening security of supply and the European ecosystem, provided EU-manufactured hardware is not feasible. The criterion is about contributing to the ecosystem, not absolute exclusivity.
• "Innovative procurement is only for high-tech R&D labs." False. Any public authority can engage in innovative procurement if the service addresses a new need or uses novel technology. The key is whether the procurement contributes to the development of the European cloud and AI ecosystem.
• "I can choose whether to apply Article 32." False. If your procurement falls under "innovative cloud computing services and AI systems," Article 32(1) uses the word "shall," making it mandatory. You cannot opt out of the Union added value criterion for innovative buys.

Related

• CADA National Strategies: The 25% Innovative SME Procurement Target
• CADA for Procurement Officers: Buying AI Systems & Cloud Infrastructure
• What counts as an innovative cloud or AI procurement under CADA?
• CADA Article 39: How buying through the Commission satisfies EU procurement law
• Will small public bodies be able to afford CADA procurement fees?

This is general information about a draft EU regulation, not legal advice.