How does CADA help governments adopt AI for public services?

Summary As proposed, the Cloud and AI Development Act (CADA) would transform how governments adopt AI by shifting from isolated procurement to a coordinated, sovereign ecosystem. The proposal explicitly aims to use AI to "support better decision-making, simplify administrative procedures and reduce unnecessary burdens" (Recital 22). To achieve this, CADA would mandate the sharing and reuse of training data and AI models across the Union's public sector, establish a network of "Centres for AI" to provide technical expertise, and create the EuroCloud Federation to share sovereign infrastructure. This framework ensures that public-sector AI adoption is not only efficient but also resilient against third-country dependencies.

Detail

The proposed Cloud and AI Development Act (CADA) addresses a critical gap in the EU's digital strategy: while the AI Act regulates the safety of AI systems, it does not address the infrastructure, data availability, or strategic autonomy required to deploy them at scale in the public sector. CADA would fill this gap by establishing a comprehensive framework for strengthening the cloud and AI ecosystem, with specific provisions designed to accelerate and secure AI adoption by governments.

1. Strategic Mandate: Better Decision-Making and Simpler Procedures

The proposal explicitly links the deployment of AI to the modernization of public administration. Recital 22 of the explanatory memorandum states that AI models and systems should be used to "support better decision-making, simplify administrative procedures and reduce unnecessary burdens, in particular for critical public domains such as healthcare."

To operationalize this vision, Article 1(1)(e) lists "fostering the adoption of cloud computing services across the public sector" as a core measure of the regulation. This is not merely a suggestion but a structural objective. Article 7 would require Member States to adopt national cloud and AI strategies within one year of the regulation's entry into force. These strategies must include specific measures to accelerate the deployment and uptake of AI in strategic public sectors, including healthcare, energy, and mobility. By mandating a coordinated national approach, CADA would prevent the fragmentation where individual departments or regions develop incompatible AI solutions, ensuring instead that public bodies can leverage AI to streamline services and improve citizen outcomes.

2. Breaking Silos: Sharing and Reuse of Training Data and AI Models

A primary barrier to public-sector AI adoption is the "reinvention of the wheel," where different ministries or Member States independently develop similar AI models or struggle to access high-quality training data. CADA would directly address this by institutionalizing the sharing of AI assets.

Article 4(7)(c), under the operational objectives of the Cloud and AI Leadership Initiatives, explicitly mandates the initiative to "promote the sharing and reusing of training data and AI models across the Union's public services." The explanatory memorandum notes that this is designed to "avoid fragmentation and enable the scaling-up of successful, user-oriented solutions." This provision would encourage public bodies to pool resources, allowing a successful AI model developed for healthcare in one Member State to be adapted and reused in another, significantly reducing development costs and time-to-market.

To facilitate this reuse, Article 42 imposes specific obligations on software and model sharing. When a Union entity or public sector body makes software (which includes AI models) available for reuse under an open-source licence, it must do so through a catalogue or repository that is connected to the EU Open Source Solutions Catalogue (established under Article 43). This centralization would ensure that AI tools developed with public funds are discoverable, auditable, and reusable by other public administrations, fostering a collaborative European public-sector AI ecosystem.

3. Technical Support: The Role of Centres for AI

Recognizing that many public bodies lack the specialized technical expertise required to evaluate, deploy, and govern AI systems, CADA would establish a dedicated support network. Article 5 requires each Member State to establish "Experience and Acceleration Centres for AI" (Centres for AI). These centres would build on the existing network of European Digital Innovation Hubs but with a specific focus on AI acceleration.

The objectives of the Centres for AI, as set out in Article 5(2), include:

• Supporting the integration and scaling-up of AI use cases in strategic industrial and public sectors.
• Accelerating the broad adoption of AI at regional and local levels, notably for public sector bodies.
• Helping organizations accelerate their digital transformation by connecting them with European providers of cloud and AI technologies.

Furthermore, Article 4(8)(a) tasks the Cloud and AI Leadership Initiatives with promoting broad AI adoption through this network. These centres would act as entry points to the European AI innovation ecosystem, providing public officials with access to testing facilities, skills training, and expert guidance. This support mechanism is crucial for ensuring that smaller public bodies can navigate the technical and regulatory complexities of AI adoption without being left behind.

4. Sovereign Infrastructure: The EuroCloud Federation and Assurance Levels

For public-sector AI to be truly resilient, the underlying infrastructure must be secure and sovereign. CADA would establish a "Union cloud computing sovereignty framework" comprising four assurance levels (Article 16). This framework is critical for public-sector AI because it dictates which cloud services can be used for different levels of sensitivity.

• Risk Assessments: Under Article 29, Member States and Union entities must conduct risk assessments to identify public sector activities that contribute to the preservation of public order (e.g., national security, justice, law enforcement).
• Procurement Rules: Article 30(2) would require public bodies whose activities are not identified as critical to public order to use cloud services recognized as having at least Union assurance level 1. Conversely, Article 30(3) would mandate that those with activities critical to public order procure services with Union assurance levels 2, 3, or 4.

To facilitate the sharing of capacity among these sovereign providers, CADA would establish the EuroCloud Federation (Article 34). This federation would allow Union entities and public sector bodies to voluntarily share data centre services and cloud computing services. Article 35 sets out the conditions for this sharing, ensuring that it is anchored in public-sector cooperation and free of charge (except for cost recovery). This mechanism would enable smaller public bodies to access high-quality, sovereign AI and cloud infrastructure without building it from scratch, fostering a collaborative public-sector cloud ecosystem that reduces dependency on non-European providers.

What this means for you

For public-sector procurement officers, IT leaders, and policy makers, CADA would introduce a structured, mandatory path for AI adoption that balances innovation with strategic autonomy.

• Mandatory Risk Assessments: You would be required to conduct risk assessments for your AI and cloud usage under Article 29. This is not a one-time task; it must be completed by the date of entry into force plus one year, and then repeated every two years. These assessments will determine the minimum "Union assurance level" your cloud providers must meet, directly influencing your procurement strategy.
• Access to Specialized Support: You would no longer be alone in evaluating AI tools. The Centres for AI (Article 5) in your Member State would provide specialized support, including access to testing environments, skills training, and connections to European providers. Utilizing these centres would be essential for meeting compliance requirements and identifying suitable, sovereign AI solutions.
• Reuse Over Build: Before commissioning new AI development, you would be expected to check the EU Open Source Solutions Catalogue (Article 43). CADA encourages the reuse of existing public-sector software and models. If your department develops a new AI model, you may be required to make it available for reuse through this catalogue, contributing to the broader public good and reducing duplication of effort.
• Sovereign Procurement Criteria: When drafting tenders for cloud-based AI services, you would be required to include criteria that align with the Union assurance levels. For critical services, you could not simply buy the cheapest global solution; you would be required to procure from providers recognized under the CADA framework (Article 30). This ensures that the services you buy are resilient against third-country interference and data access risks.

Common misconceptions

• Misconception: "CADA bans non-European AI providers entirely."
  • Reality: CADA does not ban non-European providers. It creates a tiered system. Non-European providers can potentially qualify for Union assurance level 3 if their home country is recognized by the Commission as providing sufficient safeguards under Article 18. However, for most public-sector use cases, the framework strongly incentivizes the use of EU-based or EU-compliant sovereign services to mitigate dependency risks.
• Misconception: "The EuroCloud Federation is a single, centralized EU cloud."
  • Reality: The EuroCloud Federation (Article 34) is a network that facilitates the sharing of existing national and European cloud capacities. It is not a single cloud provider. It allows public bodies to interconnect and share resources, but each member retains control over their own infrastructure and data.
• Misconception: "Public bodies can use any AI model they find online."
  • Reality: While CADA promotes open source, public bodies must still comply with the sovereignty framework. Using an AI model hosted on a non-compliant cloud infrastructure could violate the assurance level requirements determined by your risk assessment (Article 29). The hosting and processing environment must meet the same sovereignty standards as the software itself.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)

Related

• When must public administrations comply with CADA? Entry into force, strategies and procurement deadlines
• What sovereign-cloud pressure does CADA place on the public sector?
• What sovereign-cloud pressure does CADA create for financial services?
• CADA Article 32: What is the Union added value criterion in public procurement?
• What is the minimum cloud assurance level for public-sector procurement under CADA?

This is general information about a draft EU regulation, not legal advice.