How does CADA's AI system definition relate to the AI Act?

Summary As proposed, the Cloud and AI Development Act (CADA) aligns its "AI system" definition with the EU AI Act for coherence. Article 2(3) of CADA cross-references Article 3, point (1), of Regulation (EU) 2024/1689 (the AI Act), so the same boundary applies. The result is that the AI Act continues to govern the AI system itself (safety, transparency, fundamental rights), while CADA addresses the cloud service delivering it and the autonomy/procurement layer the AI Act does not cover. CADA also adds two strategic terms — frontier AI and AI agents — that sit on top of the shared "AI system" base.

Detail

CADA is designed to strengthen Europe's cloud and AI ecosystem by addressing dependencies on third-country providers and boosting domestic capacity. To avoid fragmentation, it harmonises core terminology with the existing AI Act.

Direct cross-reference to the AI Act

The alignment is in Article 2(3) of the CADA proposal:

"‘AI system’ means an AI system as defined in Article 3, point (1), of Regulation (EU) 2024/1689."

By importing the AI Act definition by reference, CADA ensures that anything classified as an "AI system" under the AI Act carries the same classification under CADA where CADA applies. For counsel, this means the technical assessments and documentation prepared for AI Act purposes can be reused for CADA scoping — provided CADA's own demand-side and autonomy measures are actually triggered.

Scope and exclusions

CADA's Recital 10 marks the boundary. It clarifies that the definition of "cloud computing service" "encompasses on-demand access to AI systems as defined in Article 3, point (1), of Regulation (EU) 2024/1689 ... hosted and operated remotely," but that "[o]nly the delivery and making available of an AI system forms part of the service. The AI system itself and its underlying model are excluded from the scope of this definition."

So the service delivering the AI falls within CADA's cloud framework, while the AI system itself remains governed by the AI Act's rules on high-risk systems, transparency, and fundamental rights. CADA does not duplicate the AI Act's product-safety and market-surveillance regime; it focuses on infrastructure, autonomy, and procurement.

Frontier AI and AI agents

CADA adds two defined terms that build on, but are distinct from, the general "AI system" definition.

1. Frontier AI (Article 2(4)): "AI models or AI systems built upon such models that can perform a wide variety of tasks and that approach, reach or exceed the current state of the art." This is broadly comparable in spirit to the AI Act's focus on the most capable general-purpose AI models, but it is tailored to CADA's aim of supporting large-scale strategic R&D — including, as proposed, "frontier AI priority projects" recognised under Article 8 and supported with computing resources under Article 9.

2. AI agents (Article 2(5)): "an AI system or a coordinated set of AI systems, that can perceive and act upon their environment, with a degree of autonomy, using tools as needed to achieve specific goals and adapt to changing inputs and contexts." CADA would foster secure platforms for deploying such agents, particularly in industrial and public sector contexts.

These terms do not replace the AI Act's "AI system" definition. They carve out subsets of strategic importance, letting CADA target support, while the shared base definition keeps consistency with the AI Act for everything else.

Coherence with Regulation (EU) 2024/1689

The intended coherence between CADA and the AI Act runs through the proposal's recitals and explanatory memorandum: the AI Act harmonises rules for AI systems to protect health, safety, and fundamental rights, and CADA complements it by addressing autonomy and operational aspects the AI Act does not cover.

In practice, compliance teams manage two parallel but interconnected tracks:

1. The AI Act: product safety, risk management, transparency, and fundamental rights.
2. CADA: cloud autonomy and assurance levels, public procurement requirements, and strategic deployment of compute capacity.

For example, a public sector body procuring a high-risk AI system would need it to meet the AI Act's requirements and — where the service is in scope — be delivered via a cloud service recognised at the appropriate Union assurance level. The shared "AI system" definition lets the same component be evaluated under both frameworks without definitional conflict.

What this means for you

For in-house counsel, the alignment simplifies scoping but adds operational layers.

• Unified scoping: You need not invent a separate "AI system" definition for CADA. Your AI Act inventory is the starting point.
• Dual obligations: Where a cloud-hosted AI system is in scope, it should meet the AI Act's product requirements and — via the delivering service — the relevant Union assurance level for public sector use.
• Procurement implications: As proposed, Member States and Union entities conduct risk assessments under Article 29 to set the required Union assurance level (levels 2-4 where there is public-order relevance), and contracting authorities procure accordingly under Article 30.
• Strategic R&D: If you build frontier AI or AI agents, you may be relevant to the Cloud and AI Leadership Initiatives. Map your projects against Articles 2(4) and 2(5), and the frontier AI priority project criteria in Article 8.
• Timing: As proposed, CADA would apply one year after its entry into force (Article 48). Start mapping AI systems against CADA's criteria early.

Common misconceptions

• Misconception: CADA replaces the AI Act for cloud-hosted AI.
  • Reality: It complements it. The AI Act governs the AI system's safety and rights impact; CADA governs the autonomy and operation of the cloud service delivering it. Both can apply.
• Misconception: Only large tech companies are affected by CADA's AI definitions.
  • Reality: CADA's procurement rules (Article 30) reach any entity providing in-scope cloud services to public sector bodies. SMEs must also meet the relevant assurance levels to stay eligible.
• Misconception: Frontier AI and AI agents are new safety categories.
  • Reality: They are strategic definitions for CADA's support initiatives. They remain subject to the AI Act's existing rules; CADA focuses on supporting their development within an autonomous framework, not on new safety standards.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)

Related

• How does CADA's frontier AI definition compare to the AI Act's GPAI with systemic risk?
• Why does CADA's frontier AI definition have no fixed compute threshold?
• Who can act as an auditing organisation under CADA?
• What is software under CADA? Article 2 definition explained
• What is hardware under CADA? Definition and scope explained

This is general information about a draft EU regulation, not legal advice.