CADA Frontier AI vs AI Act GPAI

Summary The proposed Cloud and AI Development Act (CADA) defines "frontier AI" in Article 2(4) as models that "approach, reach or exceed the current state of the art." This definition is distinct from the EU AI Act's classification of "general-purpose AI" (GPAI) models, particularly those posing systemic risk. While the AI Act imposes safety, transparency, and cybersecurity obligations on GPAI models, CADA uses the "frontier AI" designation primarily as an eligibility criterion to unlock access to European High-Performance Computing (EuroHPC) resources and funding for strategic projects. A single model can simultaneously be a GPAI under the AI Act and a frontier AI under CADA, but the two regimes serve different purposes: the AI Act governs safety and rights, while CADA governs capacity and sovereignty.

Detail

To understand the relationship between CADA's frontier AI concept and the AI Act's GPAI framework, it is necessary to examine the distinct legislative objectives, definitions, and operational mechanisms of each instrument. The AI Act (Regulation (EU) 2024/1689) is a risk-based regulatory framework designed to ensure the safety, fundamental rights protection, and transparency of AI systems placed on the EU market. CADA (COM(2026) 502 final), by contrast, is an industrial and capacity-building instrument aimed at strengthening the EU's cloud and AI ecosystem, reducing dependencies on third-country providers, and expanding domestic compute capacity.

Distinct Definitions and Scopes

The AI Act defines a "general-purpose AI model" in Article 3(63) as a model that displays significant generality and is capable of competently performing a wide range of distinct tasks. Models with systemic risk are a subset of these, identified by high-impact capabilities (often proxied by training compute exceeding 10^25 FLOPs) or significant market reach. These definitions trigger specific regulatory obligations for providers.

CADA adopts a different definition in Article 2(4): "‘frontier AI’ means AI models or AI systems built upon such models that can perform a wide variety of tasks and that approach, reach or exceed the current state of the art."

While there is conceptual overlap—both definitions target highly capable, general-purpose models—they are not identical. The AI Act's systemic-risk threshold is technical and quantitative (FLOPs), whereas CADA's frontier AI definition is qualitative and performance-based ("state of the art"). Consequently, a model might be a GPAI under the AI Act but not considered "frontier" under CADA if it does not push the boundaries of current capabilities, or vice versa. However, in practice, the most advanced models will likely fall into both categories.

Crucially, Article 2(4) explicitly separates the concept of frontier AI from the AI Act's regulatory categories. It does not reference the AI Act's GPAI definitions or systemic-risk thresholds. Instead, it focuses on the technological capability relative to the "current state of the art." This separation ensures that CADA's industrial policy tools can target the most advanced technologies regardless of whether they have yet triggered the specific thresholds of the AI Act.

Divergent Objectives: Safety vs. Sovereignty and Capacity

The core divergence lies in the purpose of the classification.

Under the AI Act, being classified as a GPAI with systemic risk triggers a rigorous set of obligations for providers, including:

• Conducting model evaluations and adversarial testing (Article 55).
• Assessing and mitigating systemic risks at the Union level.
• Ensuring adequate cybersecurity protection.
• Reporting serious incidents to the Commission and national authorities.
• Providing detailed technical documentation and transparency information to downstream providers.

Under CADA, the designation of "frontier AI" is primarily an eligibility criterion for support, not a compliance burden. Article 8 of CADA establishes criteria for the Commission to recognize projects as "frontier AI priority projects." These are pioneering projects focused on supporting and scaling up frontier AI technologies. The key benefit for these projects is outlined in Article 9, which mandates that the Union and Member States ensure sufficient AI computing resources are allocated to support their development. Specifically, the Union will match the AI computing resources contributed by Member States to these frontier AI priority projects, leveraging available EuroHPC capacity.

The explanatory memorandum of CADA reinforces this distinction, noting that the proposal aims to "support pioneering projects in frontier AI that develop frontier AI models and systems as strategic assets, including in key sectors such as cybersecurity" (Recital 34). This highlights the strategic, rather than regulatory, nature of the designation.

The "Stacking" of Obligations

A provider developing a leading-edge AI model in the EU will likely face both regimes simultaneously. The AI Act obligations apply because the model is being placed on the market or put into service. CADA's frontier AI provisions apply if the provider seeks to be recognized as a priority project to access subsidized or prioritized compute time.

It is crucial to note that CADA does not impose new safety or fundamental rights obligations on frontier AI models. Those remain the exclusive domain of the AI Act. CADA's focus is on the supply side of the ecosystem: building the infrastructure, funding the research, and ensuring that European developers have access to the massive compute resources required to train and maintain state-of-the-art models.

The "stacking" effect means that a provider must navigate two parallel tracks:

1. Regulatory Compliance (AI Act): Ensuring the model meets safety, transparency, and risk management requirements.
2. Strategic Eligibility (CADA): Demonstrating that the model qualifies as "frontier AI" to access compute resources and funding.

These tracks are independent. Compliance with the AI Act does not automatically grant CADA eligibility, and eligibility under CADA does not exempt a provider from AI Act obligations.

Role of the Commission and Member States

In the AI Act, the Commission (via the AI Office) supervises compliance with GPAI obligations, including conducting evaluations and imposing fines for non-compliance. In CADA, the Commission plays a facilitative role: it recognizes frontier AI priority projects (Article 8) and coordinates the allocation of compute resources (Article 9). Member States are responsible for contributing their own compute resources to match the Union's contribution, fostering a collaborative approach to scaling European AI capabilities.

Article 8 further specifies that frontier AI priority projects must involve "broad participation from entities across the Union, in particular through EDICs established pursuant Decision (EU) 2022/2481 or any other legal entity eligible for funding under Union law." This requirement emphasizes the collaborative, cross-border nature of CADA's support mechanism, contrasting with the individual provider-focused obligations of the AI Act.

What this means for you

For CTOs, AI architects, and SMEs evaluating the practical impact of these regulations, the distinction between frontier AI and GPAI has significant strategic and operational implications.

1. Strategic Positioning and Compute Access

If your organization is developing advanced AI models, you should assess whether your work qualifies as "frontier AI" under CADA. If it does, you may be eligible to apply for recognition as a frontier AI priority project. This recognition is not a regulatory hurdle but a gateway to valuable resources. Article 9 ensures that such projects receive prioritized access to EuroHPC capacity, with the Union matching Member State contributions. For European AI companies competing against well-funded third-country incumbents, this access to subsidized, high-performance compute is a critical competitive advantage.

To qualify, projects must meet the criteria in Article 8, including being a "pioneering project, focused on the support and scaling-up of frontier AI technologies" and involving participation from at least three Member States. This structure encourages collaboration and reduces the capital intensity of frontier AI development for individual firms.

2. Compliance Burden Remains with the AI Act

Do not expect CADA to simplify your safety compliance obligations. If your model is a GPAI with systemic risk under the AI Act, you must fully comply with Articles 53 and 55, including adversarial testing, risk assessments, and transparency reporting. CADA does not create a "safe harbor" or alternative compliance path. You must maintain two parallel tracks: one for AI Act regulatory compliance and one for CADA project eligibility and resource allocation.

The AI Act's penalties for non-compliance remain severe, with fines up to €35 million or 7% of total worldwide annual turnover for breaches of the prohibited practices (Article 5) and up to €15 million or 3% for other infringements. CADA does not alter these penalties or provide any relief from them.

3. SMEs and Startups

SMEs and startups developing cutting-edge AI should monitor the CADA implementation closely. The recognition of frontier AI priority projects (Article 8) requires broad participation from entities across the Union, including European digital infrastructure consortia. This structure is designed to foster collaboration and reduce the capital intensity of frontier AI development for individual firms. Engaging with these consortia could provide access to compute resources and expertise that would otherwise be out of reach.

Article 8 explicitly requires that frontier AI priority projects involve "broad participation from entities across the Union," which creates an opportunity for smaller players to join larger, cross-border initiatives. This aligns with CADA's broader objective of fostering a competitive and innovative EU cloud and AI ecosystem.

4. Long-Term Ecosystem Participation

CADA's focus on frontier AI is part of a broader strategy to build a sovereign EU AI ecosystem. By participating in frontier AI projects, companies contribute to the development of European capabilities in critical technologies. This alignment with EU strategic goals may also influence future procurement decisions, as CADA encourages the use of sovereign and trusted cloud and AI services in the public sector.

The Cloud and AI Leadership Initiatives (Title II of CADA) further support this ecosystem by advancing Union capabilities in frontier AI (Article 4(3)) and supporting the development of advanced platforms for the large-scale deployment of AI agents (Article 4(6)). These initiatives are designed to complement the regulatory framework of the AI Act by addressing the supply-side constraints that hinder European innovation.

Common misconceptions

Misconception 1: CADA replaces the AI Act for frontier models. No. CADA does not replace or override the AI Act. The AI Act remains the primary regulatory framework for AI safety, transparency, and fundamental rights. CADA complements it by addressing supply-side constraints, such as compute capacity and industrial competitiveness. A frontier AI model under CADA must still comply with all applicable AI Act obligations.

Misconception 2: All GPAI models are automatically frontier AI under CADA. While there is significant overlap, the definitions are distinct. A GPAI with systemic risk is defined by its compute scale and market reach under the AI Act. Frontier AI under CADA is defined by its performance relative to the "current state of the art." A model might be large enough to be a systemic-risk GPAI but not novel enough to be considered frontier AI under CADA. Conversely, a highly innovative model might be frontier AI but not yet meet the systemic-risk thresholds of the AI Act.

Misconception 3: Frontier AI designation under CADA creates new legal liabilities. The frontier AI designation in CADA is primarily an eligibility criterion for support and resource allocation, not a source of new legal liabilities. The liabilities for AI models stem from the AI Act, product liability directives, and other existing EU laws. CADA's focus is on enabling development through compute access and funding, not on imposing additional regulatory burdens.

Misconception 4: Only large hyperscalers can benefit from CADA's frontier AI provisions. While large companies are likely to be involved, CADA encourages broad participation through European digital infrastructure consortia and joint projects. SMEs and startups can participate as partners in frontier AI priority projects, gaining access to compute resources and collaborative opportunities that support their development. Article 8 explicitly requires "broad participation from entities across the Union," ensuring that the benefits of the initiative are not limited to a few large players.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• Do CADA frontier AI compute projects rely on Chips Act semiconductors?
• How does CADA support EHDS and FIDA AI use cases through compute access?
• CADA vs the Digital Networks Act: Connectivity vs. Compute
• CADA vs FIDA: How the Cloud Act interacts with Financial Data Access
• CADA and EuroHPC: How the EU matches compute for frontier AI

This is general information about a draft EU regulation, not legal advice.