How does CADA define what counts as a trusted cloud service?

Summary As proposed, the Cloud and AI Development Act (CADA) would define a trusted cloud service through a harmonised "Union cloud computing sovereignty framework" comprising four graduated "Union assurance levels" (Article 16). Rather than a single binary, trust would be determined by cumulative criteria in Annex II — from basic establishment and data-localisation requirements at level 1 to strict prohibitions on third-country control and mandatory Union citizenship for personnel at levels 3 and 4. Providers would undergo a conformity self-assessment (level 1) or independent third-party audits (levels 2–4) to gain formal recognition.

Detail

From binary trust to graduated assurance

Recital 51 sets out the logic: to address sovereignty risks and provide appropriate mitigations, it is "necessary to establish a Union cloud computing sovereignty framework determining criteria for trusted cloud computing services," and to "cater for the nuanced and layered nature of sovereignty, the framework should provide for four different levels of trusted offers (‘Union assurance levels')."

Article 16(1) formalises this: the Chapter would establish a Union cloud computing sovereignty framework comprising four Union assurance levels, the criteria for which are set out in Annex II, that providers must meet to provide their services to Union entities and public sector bodies. This moves away from a "trusted vs. untrusted" binary toward a proportionate framework where the level required depends on the sensitivity of the public order interests involved.

The four Union assurance levels

The levels form a ladder of trust: a provider audited at a higher level must satisfy all the cumulative criteria of the lower levels, and failure to meet any lower-level requirement precludes conformity with the higher level (Article 20(1)).

Union assurance level 1: the baseline. Under Annex II, point 1.1, providers must meet cumulative criteria including:

• Establishment: the provider is established in the Union (1.1(a)).
• Infrastructure and assets: infrastructure and assets, including those of subcontractors involved in the service, are located in the Union unless the public sector body explicitly requires otherwise (1.1(b)).
• Data localisation: customer data, including metadata and telemetry, remains exclusively within the Union, unless explicitly required otherwise (1.1(c)).
• Subcontracting transparency: full transparency around subcontractors, with due diligence, contractual obligations, and ongoing oversight (1.1(f)).
• Cybersecurity: the service complies with state-of-the-art cybersecurity standards (1.1(e)).
• Third-country control: if subject to third-country control, the provider guarantees — demonstrated by independent sources — that no laws or practices in that third country require reporting software vulnerabilities to third-country authorities before they are known to have been exploited (1.1(g)).

Recognition at level 1 is based on a conformity self-assessment and an EU statement of conformity (Article 19). For SMEs, that statement is directly and automatically recognised in all Member States without prior recognition by a national competent authority (Article 17(3)).

Union assurance level 2: enhanced security and supply-chain integrity. Annex II, point 2.1, adds:

• Personnel location: infrastructure, assets, and personnel of the provider and relevant subcontractors are located in the Union (2.1(b)). (Union citizenship is not generally required at level 2, but where a public sector body determines additional screening and Union-citizenship requirements are necessary, the provider must ensure qualifying personnel are available (2.1(d)).)
• Cybersecurity certification: a European cybersecurity certificate of at least assurance level "substantial" under a scheme established under Regulation (EU) 2019/881 (or national schemes until one is available) (2.1(e)).
• AI training restrictions: data generated by using the service is not used to train or fine-tune any AI system operated by a third country or third-country legal entity, and is not transferred outside the Union (2.1(f)).
• Supply chain: a complete, up-to-date Software Bill of Materials (SBOM); for third-country-owned components, controls to block remote tampering features, source-code audits of security-relevant components, and a documented migration plan (2.1(i)).
• Support localisation: technical and operational support initiated and performed exclusively within the Union (2.1(h)).

Recognition at level 2 requires an independent third-party audit with a "positive" opinion (Articles 17(4), 20).

Union assurance level 3: high sovereignty and personnel citizenship. Annex II, point 3.1, adds:

• Union citizenship: all personnel, including subcontractor personnel, involved in the service are Union citizens; where appropriate, they must hold national security clearance for handling classified information (3.1(d)).
• Third-country control: by default, the provider and subcontractors are not subject to third-country control (3.1(g)). A derogation allows audit for level 3 where the Commission has recognised the third country as providing sufficient assurances under Article 18 (and the provider then demonstrates the protective measures in 3.1(g)(i)–(iv)).
• Support: technical and operational support performed within the Union by Union-resident personnel and by third parties not subject to third-country control (3.1(h)).

Union assurance level 4: maximum sovereignty. Annex II, point 4.1, mirrors level 3 and adds:

• Cybersecurity certification: a European cybersecurity certificate of at least assurance level "high" (4.1(e)).
• Effective control over software: the provider demonstrates that no third country or third-country legal entity holds or exercises effective control over the design, development, maintenance, and evolution of software components — including the ability to materially influence technical evolution, security remediation, and long-term continuity (4.1(i)(ii)).
• No derogation: third-country control is prohibited with no Article 18 exception (4.1(g)).

The recognition mechanism

Meeting the criteria is not enough; providers must be formally recognised. Under Article 17, providers apply to the national competent authority of establishment; for levels 2–4 they submit the audit report and a "positive" audit opinion (Article 17(4)). The evaluating authority assesses the evidence within 60 days and, if satisfied, prepares a draft recognition decision and notifies other Member States for a 60-day review (Article 17(5)). If no reasoned objection is raised, the service is recognised across the Union at the applicable level (Article 17(7)) — a one-stop-shop that prevents fragmentation. The Commission would maintain a publicly available central repository of recognised services (Article 22).

What this means for you

For cloud providers and data centre operators, CADA would create a structured compliance pathway that directly affects access to the European public sector market.

1. Assess your posture. Map current operations against the Annex II criteria. Even for level 1, document subcontractor transparency and state-of-the-art cybersecurity.
2. Prepare for audits. For levels 2–4 you cannot rely on self-declaration. Make internal controls — SBOMs, supply-chain dependencies, and data lineage for AI training — audit-ready.
3. Personnel and location. For level 2 and above, ensure personnel involved in service delivery are located in the Union; for levels 3 and 4, ensure they are Union citizens. Demonstrate effective separation from any third-country parent or subsidiary (Annex II, points 2.1(k)/3.1(k)/4.1(k)).
4. Engage competent authorities. Identify the national competent authority in your Member State of establishment; early dialogue can clarify how technical measures will be assessed.
5. Monitor third-country recognition. If you are controlled by a third-country entity, track the Commission's Article 18 decisions; only providers from recognised third countries could qualify for level 3.

Common misconceptions

• "Trusted means only EU-owned providers." CADA would not ban third-country-controlled providers outright. Level 1 admits them subject to the vulnerability-reporting guarantee; level 3 admits them only where the Commission recognises their country under Article 18. The focus is on control and risk mitigation, not ownership alone.
• "Level 1 is just a paper exercise." Level 1 relies on self-assessment but still requires meeting cumulative criteria, and national competent authorities can investigate and impose penalties (Article 24). Incorrect or misleading information can lead to revoked recognition (Article 17(11)).
• "You can pick and choose criteria within a level." The Annex II criteria are cumulative; all must be met, and failure on any one precludes that level and any higher level (Article 20(1)).
• "CADA replaces the AI Act or GDPR." It would complement them. CADA focuses on sovereignty, operational autonomy, and public order risks; providers must still comply with applicable AI Act and data protection rules.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• GDPR (Regulation (EU) 2016/679)
• Cybersecurity Act (Regulation (EU) 2019/881)

Related

• CADA Sovereignty: Why Assessment is Per Service, Not Per Provider
• What makes a cloud service truly sovereign under CADA?
• What is data sovereignty, and how does the EU's CADA define it?
• What does immunity from foreign law mean for a cloud service under CADA?
• How is sovereignty enforced once a service is recognised under CADA?

This is general information about a draft EU regulation, not legal advice.