Summary Under the proposed Cloud and AI Development Act (CADA), public procurement of innovative cloud services and AI systems does not mandate that all hardware be designed or manufactured in the EU. Article 32(3)(d) explicitly permits contracting authorities to award contracts to providers using third-country hardware if EU-based alternatives are not feasible due to market availability or technical requirements. However, this is not a free pass: even when EU hardware is unavailable, the third-country hardware used must still demonstrate that it contributes to strengthening the security of supply and the development of the European cloud and AI ecosystem.

Detail

The proposed Cloud and AI Development Act (CADA) introduces a "Union added value" criterion into public procurement procedures for innovative cloud computing services and AI systems. This mechanism is designed to help contracting authorities evaluate tenders not just on price, but on how well the proposed solution reinforces the EU's digital sovereignty and industrial base.

A critical question for cloud service providers, data centre operators, and hardware suppliers is whether this criterion acts as a protectionist barrier that excludes non-EU hardware. The short answer is no. The legislation is carefully calibrated to account for the realities of the global semiconductor and hardware supply chain, acknowledging that a total ban on third-country components is currently neither technically feasible nor strategically optimal.

The Role of Article 32 in Public Procurement

Article 32 of the CADA proposal requires contracting authorities to include non-price award criteria that evaluate a tenderer's contribution to the development of a European cloud and AI ecosystem. Article 32(2) sets out strict general conditions for these criteria: they must be linked to the subject matter of the contract, not confer unrestricted freedom of choice, be expressly set out in procurement documents, and remain ancillary and not decisive in the final award.

Article 32(3) provides the specific evaluation points. While points (a) through (c) focus on strengthening the digital supply chain, integrating EU-developed technologies, and contributing to security of supply through innovation, point (d) addresses hardware directly. This is the specific provision governing the use of non-EU components.

Article 32(3)(d): The Hardware Feasibility Test

Article 32(3)(d) states that contracting authorities shall evaluate the extent to which the service is delivered, "to the greatest extent feasible with regard to market availability and technical requirements, through critical computing, storage and networking hardware components designed and/or manufactured in the Union."

This phrasing is the cornerstone of the regulation's approach to hardware. It establishes a clear preference for EU hardware ("to the greatest extent feasible") but immediately qualifies this preference with two objective constraints that prevent the rule from becoming an absolute ban:

  1. Market Availability: If EU-designed or manufactured hardware does not exist, is not available in sufficient quantities, or is not commercially viable for the specific use case, the provider is not penalised for sourcing elsewhere. This acknowledges the current gap in the EU's semiconductor manufacturing capacity for certain high-performance components.
  2. Technical Requirements: If EU hardware cannot meet the specific performance, latency, power efficiency, or architectural needs of the cloud service or AI system, the use of non-EU hardware is permissible. This ensures that public sector innovation is not stifled by a lack of domestic technical capability.

The "Fallback" Requirement: Contributing to Security of Supply

The provision does not leave a free pass for any foreign hardware. The text of Article 32(3)(d) continues: "...or, where this is not feasible, through hardware components from a third country that contributes to strengthening the security of supply and the development of a European cloud and AI ecosystem."

This creates a two-tier evaluation framework for hardware:

  • Tier 1 (Preferred): Hardware designed or manufactured in the Union.
  • Tier 2 (Acceptable Fallback): Hardware from a third country, provided that its use still contributes to strengthening security of supply and the EU ecosystem.

Crucially, the "fallback" option is conditional. The third-country hardware must not merely be "available"; it must actively contribute to the EU's strategic goals. In the context of the CADA proposal, "contributes to strengthening the security of supply" could involve:

  • Diversification: Sourcing from a third country that diversifies the supply chain away from a single dominant jurisdiction, thereby reducing systemic risk.
  • Interoperability: Hardware that is interoperable with EU-developed software stacks, open-source middleware, or European data spaces.
  • Local Value-Add: Providers that demonstrate a long-term commitment to the EU market, including local support, maintenance, and data sovereignty guarantees, even if the silicon was fabricated abroad.
  • Strategic Alignment: Hardware that supports the broader goals of the Cloud and AI Leadership Initiatives, such as energy efficiency or integration with European innovation projects.

Integration with the Broader Procurement Framework

It is vital to understand that the Union added value criterion is only one part of the evaluation. Article 32(2)(d) explicitly states that these non-price criteria must be "ancillary and not decisive in the award of the contract." The primary award criteria must remain technical and financial criteria directly connected to performance.

Furthermore, the CADA proposal suggests a maximum weighting for these European added value criteria. The explanatory memorandum (Recital 67) notes that contracting authorities could consider a maximum weighting of 15 out of 120 points for European added value. This ensures that while EU hardware is a positive factor, it cannot override a significantly superior technical or financial offer based on non-EU hardware, provided the feasibility tests in Article 32(3)(d) are met.

What this means for you

For cloud service providers, data centre operators, and hardware suppliers relying on global supply chains, Article 32 offers clarity and a degree of flexibility, but it demands rigorous documentation.

1. Document Your Feasibility Analysis

If you intend to bid for public sector contracts using non-EU hardware, you must be prepared to justify why EU hardware was not feasible. Your tender documentation should clearly articulate:

  • Market Availability: Evidence that EU-designed or manufactured components (such as specific GPUs, CPUs, or networking gear) were not available in the required quantities, timelines, or at a viable cost for the specific project.
  • Technical Requirements: A technical justification showing that available EU hardware could not meet the specific performance benchmarks (e.g., FLOPs, latency, power efficiency) required for the proposed service.

2. Demonstrate Ecosystem Contribution

Even when using third-country hardware, you must show how your solution contributes to the EU cloud and AI ecosystem. This might involve:

  • Highlighting how your hardware integrates with EU-developed software, open-source stacks, or European data spaces.
  • Demonstrating how your supply chain strategy reduces risk for the public sector (e.g., through multi-vendor strategies or long-term supply agreements).
  • Emphasising local value-adds, such as EU-based maintenance, support, and cybersecurity compliance.

3. Leverage the "Ancillary" Nature of the Criterion

Remember that the Union added value criterion is not decisive. If your technical and financial offer is superior, the use of non-EU hardware should not automatically disqualify you, provided you meet the feasibility and contribution tests. Focus your bid on delivering high-quality, secure, and efficient services, using the hardware criterion as a secondary differentiator rather than the primary hurdle.

4. Monitor Secondary Legislation

The CADA proposal empowers the Commission to adopt delegated acts and implementing acts to refine these criteria. Keep an eye on future guidance regarding what constitutes "market availability" and "technical requirements," as these definitions will become more precise over time.

Common misconceptions

Misconception 1: CADA bans non-EU hardware in public procurement. This is false. Article 32(3)(d) explicitly allows for the use of third-country hardware where EU hardware is not feasible. The law recognises the current limitations of the EU hardware manufacturing base and does not impose an absolute ban.

Misconception 2: Any non-EU hardware is acceptable if EU hardware is unavailable. This is also false. The third-country hardware must still "contribute to strengthening the security of supply and the development of a European cloud and AI ecosystem." Providers cannot simply default to the cheapest or most convenient foreign hardware without considering its strategic impact on EU resilience.

Misconception 3: The hardware criterion is the most important factor in winning a tender. Incorrect. Article 32(2)(d) states that the Union added value criteria must be "ancillary and not decisive." Technical performance, price, and security remain the primary drivers of the award decision. The hardware origin is a secondary, weighted factor.

Misconception 4: Only the final hardware manufacturer's origin matters. The criterion focuses on hardware components "designed and/or manufactured in the Union." This allows for a nuanced view where, for example, a provider might use EU-designed chips manufactured abroad, or vice versa, as long as the overall contribution to the EU ecosystem is demonstrated.

Related

This is general information about a draft EU regulation, not legal advice.