CADA and the Interoperable Europe Act

Summary As proposed, the Cloud and AI Development Act (CADA) interacts with the Interoperable Europe Act (Regulation (EU) 2024/903) by anchoring its open-source strategy to the existing interoperability infrastructure of the Union. Specifically, CADA Article 43(2) mandates that the EU Open Source Solutions Catalogue (EU OSS Catalogue) "shall be hosted on the Interoperable Europe portal referred to in Article 8 of Regulation (EU) 2024/903." This creates a direct legal link where CADA's requirement for public-sector software reuse and "open source first" principles relies on the IEA's technical and governance framework. While CADA does not automatically trigger a full interoperability assessment for every cloud service, its digital solutions—such as the central repository of sovereign services and the EuroCloud Federation platform—may require evaluation under the IEA once operational details are finalized. The interaction ensures that CADA's push for digital sovereignty is built upon, rather than duplicating, the EU's established interoperability standards.

Detail

The relationship between the proposed Cloud and AI Development Act (CADA) and the Interoperable Europe Act (IEA) is one of functional dependency and strategic alignment. The IEA, Regulation (EU) 2024/903, establishes the foundational framework for public-sector interoperability across the Union, aiming to break down silos and ensure that digital public services can work seamlessly across borders. CADA, a proposal aimed at strengthening Europe's cloud and AI ecosystem, leverages this existing framework to achieve its specific objectives of technological sovereignty, reduced dependency on third-country providers, and the promotion of open-source solutions.

The Legal Anchor: Article 43 and the Interoperable Europe Portal

The most significant and explicit interaction between the two instruments is found in CADA Article 43, which establishes the EU Open Source Solutions Catalogue. This catalogue is designed to serve as a centralised point of access for software made available for reuse by Union entities and public sector bodies, thereby preventing fragmentation and maximizing the value of public expenditure.

CADA Article 43(2) provides the critical link: "The EU OSS Catalogue shall be hosted on the Interoperable Europe portal referred to in Article 8 of Regulation (EU) 2024/903 and shall be accessible electronically free of charge." This provision does not merely suggest a technical integration; it legally mandates that CADA's primary tool for open-source reuse must reside on the infrastructure established by the IEA. By doing so, CADA ensures that the software it promotes is not only open-source but also inherently interoperable, discoverable, and accessible through a portal that already adheres to Union-wide interoperability standards.

This hosting requirement supports CADA Article 42, which obliges Union entities and public sector bodies to make software available for reuse under an open-source licence using a catalogue or repository that is "connected to, and made accessible through, the EU OSS Catalogue." The IEA's portal acts as the central hub that makes this connectivity effective, ensuring that software developed in one Member State can be found and reused by another without technical or legal barriers.

Interoperability Assessments and CADA's Digital Solutions

While the IEA generally requires interoperability assessments for new digital solutions developed by public authorities, CADA introduces several specific digital solutions that interact with these requirements. These include the central repository of recognized cloud computing services (established under CADA Article 22) and the EuroCloud Federation platform (established under CADA Article 34).

The CADA proposal's explanatory memorandum and the accompanying digital dimensions statement clarify the approach to these assessments. The text notes that "the need for another interoperability assessment under the Interoperable Europe Act (Regulation EU 2024/903) will be evaluated once the operational details for the repository of recognised cloud computing services become available." Similarly, for the EuroCloud Federation platform, the proposal states that the need for an assessment "will be evaluated once the operational details for the EuroCloud platform become available."

This indicates a pragmatic, phased approach. CADA does not impose an immediate, blanket interoperability assessment on all its digital outputs. Instead, it acknowledges that these specialized platforms must align with the IEA's standards. The evaluation will occur once the technical specifications are finalized, ensuring that the platforms are designed to comply with or leverage the IEA's interoperability framework from the outset, rather than requiring retroactive fixes. This coordination prevents regulatory duplication while ensuring that CADA's sovereign cloud infrastructure remains interoperable with the broader European public sector.

Synergies in Public Procurement and Open Standards

The interaction extends beyond specific portals to the broader principles of public procurement and technical standards. CADA Article 32 requires contracting authorities to include "Union added value" criteria in public procurement for innovative cloud computing services and AI systems. This includes evaluating the tenderer's contribution to strengthening the digital technology supply chain in the Union, such as the use of software designed or manufactured in the Union.

The IEA's focus on interoperable, reusable solutions directly supports this objective. By providing a pool of vetted, interoperable open-source components via the EU OSS Catalogue, the IEA enables contracting authorities to meet CADA's "Union added value" criteria more effectively. Procuring solutions that are already interoperable and available on the IEA portal reduces the risk of vendor lock-in and ensures that new procurements contribute to a cohesive European digital ecosystem.

Furthermore, CADA Article 41 encourages Union entities and public sector bodies to "use and facilitate the reuse of open standards and components released under an open source licence when building their cloud and AI ecosystem or stack." This "open source first" principle aligns perfectly with the IEA's mandate to promote interoperability through open standards. The two regulations create a synergistic environment where the promotion of open-source software (CADA) and the requirement for interoperability (IEA) reinforce each other, driving a more resilient and sovereign digital infrastructure.

Implementation Timelines and Deadlines

The Interoperable Europe Act is already in force, with its provisions applying from March 2024. CADA, as a proposal, is not yet in force. However, once adopted, CADA's provisions regarding the EU OSS Catalogue (Article 43) and open-source reuse (Article 42) will build upon the existing IEA infrastructure.

Public authorities and Union entities must be prepared to integrate their software reuse practices with the EU OSS Catalogue on the Interoperable Europe portal as soon as CADA enters into application. While the exact transition periods for CADA will be defined in the final text, the reliance on the IEA portal means that the technical infrastructure is already in place. Early alignment with IEA standards will facilitate compliance with CADA's future obligations, ensuring a smooth transition for public-sector bodies.

What this means for you

For in-house counsel, compliance officers, and IT strategists in the public sector or in organizations providing services to the public sector, the interaction between CADA and the IEA creates specific obligations and strategic opportunities:

1. Software Reuse Obligations: If your organization is a Union entity or public sector body, you must ensure that any software you hold intellectual property rights over and wish to make available for reuse is published in a catalogue connected to the EU OSS Catalogue on the Interoperable Europe portal (CADA Article 42). This requires aligning your internal software asset management with the IEA's portal standards and ensuring that your repositories are technically capable of connecting to the central catalogue.
2. Procurement Strategy: When procuring cloud computing services or AI systems, you should actively consider the "Union added value" criteria (CADA Article 32). Leveraging interoperable, open-source solutions available via the EU OSS Catalogue can demonstrate compliance with these criteria and support the broader goal of technological sovereignty. Procurement teams should prioritize vendors who can integrate with the IEA ecosystem.
3. Interoperability Compliance: Ensure that any new digital solutions you develop or procure comply with the IEA's interoperability requirements. As CADA's specific platforms (like the EuroCloud Federation and the sovereign services repository) come online, verify that they are designed to integrate with the Interoperable Europe portal. This proactive approach will minimize the need for redundant interoperability assessments and ensure seamless cross-border functionality.
4. Open Source First: Adopt an "open source first" approach where appropriate, as encouraged by CADA Article 41. This not only supports CADA's goals of reducing dependency on third-country providers but also aligns with the IEA's promotion of open standards. This strategy can reduce licensing costs, mitigate vendor lock-in, and enhance the long-term sustainability of public-sector IT systems.

Common misconceptions

• Misconception: CADA replaces the Interoperable Europe Act.
  • Reality: CADA complements the IEA. It uses the IEA's infrastructure (the Interoperable Europe portal) to host the EU OSS Catalogue but does not supersede the IEA's broader interoperability framework. The IEA remains the governing law for public-sector interoperability.
• Misconception: All cloud services under CADA must undergo an IEA interoperability assessment immediately.
  • Reality: The IEA applies to public-sector digital solutions. CADA's cloud sovereignty framework applies to cloud computing services used by public sector bodies. While CADA's specific platforms (like the EuroCloud Federation) may require interoperability assessments under the IEA once operational details are finalized, private cloud providers are not directly subject to the IEA, though their services must meet CADA's sovereignty and interoperability standards.
• Misconception: The EU OSS Catalogue is a new, separate platform that will be built from scratch.
  • Reality: CADA Article 43(2) explicitly states the EU OSS Catalogue will be hosted on the existing Interoperable Europe portal. This ensures continuity, leverages existing investment in the IEA's infrastructure, and avoids the creation of redundant digital silos.

Related

• Where is the CADA EU Open Source Catalogue hosted? Interoperable Europe portal
• Does the Interoperable Europe Act mandate interoperability for CADA cloud services?
• CADA & Interoperable Europe Act: How the EuroCloud Federation works
• CADA Repositories & Interoperable Europe: Do they need an assessment?
• EuroCloud Federation & Interoperable Europe: How CADA Links Infrastructure and Software

This is general information about a draft EU regulation, not legal advice.