How does CADA's frontier AI definition compare to the AI Act's GPAI with systemic risk?

Summary The proposed Cloud and AI Development Act (CADA) defines "frontier AI" in Article 2(4) as AI models — or systems built on them — that can perform a wide variety of tasks and that "approach, reach or exceed the current state of the art." That is a capability test with no compute number. The EU AI Act instead classifies general-purpose AI (GPAI) models as carrying "systemic risk," with a presumption tied to a training-compute threshold of 10^25 floating-point operations. As proposed, CADA's frontier AI label is a gateway to support and compute access (Articles 8–9), whereas the AI Act's systemic-risk classification triggers safety, evaluation and transparency obligations.

Detail

In-house counsel should keep two overlapping frameworks apart: CADA's capability-driven support regime and the AI Act's risk-based safety regime. Both touch the most advanced models, but with different tests, purposes and consequences.

CADA's capability-based definition

Under the proposal, Article 2(4) defines frontier AI as:

"AI models or AI systems built upon such models that can perform a wide variety of tasks and that approach, reach or exceed the current state of the art."

This is qualitative and relative — it tracks a moving benchmark (the "current state of the art") rather than a fixed metric. CADA's enacting articles set no minimum parameter count, energy figure or compute threshold for frontier AI.

The definition is operationalised as a gateway. Projects recognised as frontier AI priority projects (against the criteria in Article 8) become eligible for support, and Article 9 addresses the allocation of AI computing resources to them. As proposed, frontier AI status is principally about access to public compute and participation in the proposal's grand challenges, not about compliance penalties.

The AI Act's compute-threshold presumption

The EU AI Act (Regulation (EU) 2024/1689) regulates GPAI models by reference to potential harm. Its general-purpose AI provisions, including systemic-risk classification, sit in Articles 51–56. Article 51 governs the classification of GPAI models with systemic risk: a model is presumed to have high-impact capabilities — and so systemic risk — when the cumulative training compute, measured in floating-point operations, exceeds 10^25, unless the provider rebuts the presumption.

Crossing into systemic-risk status brings obligations set out in the AI Act's GPAI provisions (within Articles 51–56), including model evaluation and adversarial testing, assessment and mitigation of systemic risks, serious-incident reporting, and cybersecurity protection for the model. Providers crossing the threshold must also notify the Commission, and systemic-risk models carry detailed technical-documentation duties.

Key differences for compliance officers

Practical implications for model developers

1. Dual classification is likely. A model above 10^25 FLOPs that triggers AI Act systemic risk will very likely also "approach or exceed the current state of the art" and be frontier AI under CADA. The reverse is not guaranteed: a highly capable but compute-efficient model could be frontier under CADA yet fall below the AI Act's compute presumption.
2. Divergent workflows. For the AI Act, track training compute meticulously; crossing the threshold pulls you into systemic-risk obligations and Commission notification, with penalties on GPAI providers under Article 101. For CADA, frontier status is an opportunity — you may seek recognition as a frontier AI priority project (Article 8) to access compute under Article 9, in coordination with national strategies (Article 7).
3. Documentation overlap. Both regimes lean on robust technical documentation. CADA's "state of the art" framing implies you should be able to evidence capability relative to peers; the AI Act's documentation duties will likely serve as a de facto baseline.

What this means for you

For in-house counsel and compliance officers, map your model pipeline against both definitions:

• Audit your compute logs. Keep accurate, auditable training-FLOP records; that determines whether the AI Act's 10^25 presumption bites.
• Watch the benchmarks. CADA's test is relative, so track state-of-the-art benchmarks; strong performers may qualify for CADA support. Engage national competent authorities early about Article 8 recognition.
• Start systemic-risk work now. The AI Act is already in force; if you exceed the threshold, begin evaluation, mitigation and notification without waiting for CADA's adoption.
• Align with national strategies. CADA would have Member States adopt national cloud and AI strategies (Article 7); aligning frontier projects with them supports eligibility for compute under Article 9.

Common misconceptions

• "Frontier AI and systemic-risk GPAI are the same." They are not. Frontier AI is a CADA capability-and-competitiveness concept; systemic-risk GPAI is an AI Act safety concept. A model can be frontier without being systemic-risk, and vice versa.
• "CADA fines you for the frontier AI rules." As proposed, CADA's frontier AI provisions (Articles 8–9) are incentive-based. CADA penalties (Article 24) attach to the sovereignty framework, not to the frontier AI definition. AI Act fines on GPAI providers fall under the AI Act's Article 101.
• "The 10^25 FLOP threshold is a hard cut-off." It is a rebuttable presumption under the AI Act. A provider can argue a model lacks systemic risk despite exceeding it, and the Commission can designate systemic risk below it. CADA has no numeric threshold at all.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)

Related

• Why does CADA's frontier AI definition have no fixed compute threshold?
• How does CADA's AI system definition relate to the AI Act?
• Who can act as an auditing organisation under CADA?
• What is software under CADA? Article 2 definition explained
• What is hardware under CADA? Definition and scope explained

This is general information about a draft EU regulation, not legal advice.