How does CADA stimulate demand for cloud and AI technologies?

Summary As proposed, the Cloud and AI Development Act (CADA) stimulates demand for cloud and AI technologies primarily through the Cloud and AI Leadership Initiatives, which explicitly aim to "stimulate the Union's demand and promote the deployment and uptake of cloud and AI technologies across the public sector, and the private sector" (Article 3(1)(c)). This demand-side strategy is intrinsically linked to the EU's broader digital goals, specifically the target for the digital transformation of businesses established in Decision (EU) 2022/2481. By combining high-level leadership initiatives with concrete procurement mandates, risk assessment frameworks, and open-source promotion, CADA would create a resilient, sovereign market that actively pulls European cloud and AI solutions into widespread use.

Detail

The Cloud and AI Development Act addresses the EU's current dependence on non-European cloud providers not just by building supply (through data centre acceleration and infrastructure support), but by actively engineering demand. The proposal recognizes that a competitive European cloud ecosystem requires a robust market pull to match the supply-side investments. Without a guaranteed market for sovereign solutions, European providers would struggle to scale against established non-EU incumbents.

The Cloud and AI Leadership Initiatives as Demand Drivers

The core mechanism for stimulating demand is the establishment of the Cloud and AI Leadership Initiatives. Under Article 3(1)(c), these initiatives have the specific general objective of "stimulating the Union's demand and promoting the deployment and uptake of cloud and AI technologies across the public sector, and the private sector, in line with the digital target of digital transformation of businesses, established by Decision (EU) 2022/2481."

This provision links CADA directly to the Digital Decade Policy Programme. Decision (EU) 2022/2481 sets a target that at least 75% of Union enterprises should adopt cloud computing services, big data, and AI for their business operations by 2030. CADA operationalizes this target by embedding it into the strategic framework of the Leadership Initiatives, ensuring that public and private sector adoption is not left to market forces alone but is actively supported through coordinated EU-level actions. The Commission's explanatory memorandum notes that the rapid proliferation of AI has resulted in an unprecedented demand for computational capabilities, and the proposal aims to ensure that this demand is met with European capacity.

Operational Objectives for Adoption

While Article 3 sets the general direction, Article 4 breaks this down into specific operational objectives. Operational Objective 8 focuses on "increasing the adoption of AI technologies at regional and local level, and the uptake of cloud computing services provided by European cloud computing service providers." This objective mandates:

• Promoting broad adoption among private and public sector organizations, including SMEs and small mid-caps (SMCs), through the network of Experience and Acceleration Centres for AI (Article 5).
• Developing a common cloud and AI curriculum to build skills and reduce dependence on non-EU providers.
• Promoting the sharing of public sector data centre services and cloud computing services via the EuroCloud Federation.

These measures are designed to lower the barriers to entry for adoption, particularly for smaller entities that may lack the technical expertise to navigate complex cloud markets.

Public Procurement as a Primary Demand Signal

CADA leverages public procurement as a critical tool to stimulate demand for sovereign and innovative cloud solutions. Article 30 establishes mandatory procurement rules for public sector bodies, creating a guaranteed baseline market for compliant providers:

• Baseline Requirement: All public sector bodies whose activities are not identified as contributing to the preservation of public order must use cloud computing services recognized as having at least Union Assurance Level 1 (Article 30(2)).
• Critical Sectors: Contracting authorities in sectors critical to public order (e.g., national security, defence, justice, law enforcement) must only procure services recognized as having Union Assurance Levels 2, 3, or 4 (Article 30(3)).

These requirements create a substantial, predictable demand for European providers who can meet these sovereignty standards. The proposal explicitly states that public procurement frequently serves as a primary signal of market direction, with requirements imposed by public authorities tending to be mirrored by private-sector entities operating in regulated industries.

European Added Value in Procurement

To further steer demand towards European technologies, Article 32 requires contracting authorities to include European added value as part of the quality evaluation in public procurement procedures for innovative cloud computing services and AI systems. This non-price award criterion allows authorities to evaluate:

• The tenderer's contribution to strengthening the digital technology supply chain in the Union.
• The integration of technologies developed in the Union.
• The use of hardware components designed or manufactured in the Union.

This ensures that procurement decisions actively support the development of a European cloud and AI ecosystem, rather than merely purchasing the cheapest available solution. The proposal clarifies that these criteria should be "ancillary and not decisive in the award of the contract," ensuring they remain proportionate to the core technical and financial criteria.

Innovation Procurement and SME Support

Article 33 mandates that Member States monitor and report on their use of procurement of innovation in cloud and AI. It sets an objective that at least 25% of procurement for cloud computing services and AI systems be awarded to innovative SMEs. This provision stimulates demand from smaller, innovative European providers, preventing market dominance by a few large incumbents and fostering a diverse supply base. Member States are required to include plans in their national strategies on how they intend to achieve this objective.

Open Source and Interoperability

CADA also stimulates demand by reducing vendor lock-in and promoting interoperability. Article 41 encourages the use of open standards and components released under open source licences. Article 43 establishes the EU Open Source Solutions Catalogue, a centralized platform for accessing software made available for reuse by Union entities and public sector bodies. By facilitating the reuse of open-source solutions, CADA lowers barriers to entry for new providers and encourages public sector bodies to adopt flexible, interoperable cloud architectures. The proposal notes that open source plays an important role in ensuring transparency, security, and efficiency, and that access to source code enables auditability and fosters collaboration.

The EuroCloud Federation

Article 34 establishes the European public sector cloud federation (EuroCloud Federation). This platform facilitates the sharing of public sector data centre services and cloud computing services between Union entities and public sector bodies. By enabling Member States to share idle capacity and interconnect their cloud infrastructures, the EuroCloud Federation creates a larger, more efficient internal market for public sector cloud services, stimulating demand for federated, sovereign cloud solutions. The federation is designed to bring together national and European cloud initiatives that provide highly trusted and secure public-sector cloud capabilities.

What this means for you

For public-sector and procurement officers, CADA would introduce a structured, mandatory framework for cloud and AI procurement. Key implications include:

1. Mandatory Assurance Levels: You would be required to ensure that all cloud services procured meet at least Union Assurance Level 1. For critical functions, you would need to conduct risk assessments (Article 29) to determine if higher assurance levels (2, 3, or 4) are required.
2. European Added Value: You would be required to include European added value criteria in your procurement evaluations for innovative cloud and AI services. This means actively assessing how much a tenderer contributes to the EU's digital supply chain, including the use of Union-designed hardware.
3. Innovation Procurement: You should aim to award at least 25% of your cloud and AI procurement to innovative SMEs. This requires designing procurement procedures that are accessible to smaller providers, such as dividing contracts into lots.
4. Open Source Preference: You would be encouraged to use open standards and open-source solutions, leveraging the EU OSS Catalogue to find reusable software and reduce vendor lock-in.
5. Risk Assessments: You would need to conduct regular risk assessments to determine the appropriate assurance level for your cloud services, considering the sensitivity of data and the criticality of the service to public order.

For private-sector providers, CADA would create a significant market opportunity. By meeting the Union assurance levels and demonstrating European added value, providers could access the substantial public procurement market. The focus on SMEs and innovation procurement would also open doors for smaller, agile European companies that have previously struggled to compete with global hyperscalers.

Common misconceptions

• Misconception: CADA only focuses on building data centres.
  • Reality: While CADA includes significant supply-side measures (data centre acceleration zones, strategic projects), it equally emphasizes demand-side measures through procurement mandates, leadership initiatives, and open-source promotion. The proposal explicitly aims to "foster the adoption of cloud computing services across the public sector" (Article 1(1)(e)).
• Misconception: European added value criteria will make procurement more expensive.
  • Reality: Article 32 specifies that European added value criteria are ancillary and not decisive in the award of the contract. They are part of the quality evaluation and must be proportionate, ensuring that technical and financial criteria remain primary. The maximum weighting suggested is 15 out of 120 points.
• Misconception: All public sector bodies must use the highest level of sovereign cloud.
  • Reality: CADA adopts a risk-based approach. Only activities contributing to the preservation of public order require higher assurance levels (2, 3, or 4). Most public services only require Union Assurance Level 1, which can be demonstrated via self-assessment.
• Misconception: CADA prohibits the use of non-European cloud providers.
  • Reality: CADA does not ban non-European providers. Instead, it creates a framework where public sector bodies must choose providers that meet specific sovereignty and assurance criteria. Non-European providers can participate if they meet these standards (e.g., through the associated third-country mechanism in Article 18 for Level 3, or by establishing in the Union and meeting the criteria for Level 1 or 2).

Official sources

• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• What is operational objective 1 (advanced data centre technologies) under CADA?
• What cloud and AI technologies do the Leadership Initiatives support under CADA?
• How does CADA define cutting-edge cloud and AI technologies?
• Does CADA support test beds and pilot lines for new technologies?
• Why did the EU create the Cloud and AI Leadership Initiatives?

This is general information about a draft EU regulation, not legal advice.