Summary As proposed, the Cloud and AI Development Act (CADA) would turn the abstract idea of cloud sovereignty into a concrete, four-tier framework of "Union assurance levels." Article 16 establishes the levels; Annex II sets out the specific, auditable criteria — from data residency and personnel citizenship to freedom from third-country control — that providers must meet to be formally recognised. The graduated design lets public-sector bodies match the level of protection to a risk assessment, so sovereignty becomes a verifiable legal status rather than a marketing claim. CADA is a proposal and not yet in force.

Detail

The EU has lacked a harmonised definition of a "sovereign" or "trusted" cloud service. CADA would replace fragmented national standards with a single EU-wide framework built on the premise that sovereignty is layered, not binary. Recital 51 states that, "to cater for the nuanced and layered nature of sovereignty, the framework should provide for four different levels of trusted offers ('Union assurance levels')." This recognises that, while most public services would not need the highest protection, certain critical and national-security functions demand rigorous safeguards.

The four Union assurance levels

Article 16 establishes a Union cloud computing sovereignty framework comprising four Union assurance levels, the criteria for which are set out in Annex II. In practice the criteria tighten cumulatively, with each higher level adding to the controls of the levels below.

Union assurance level 1 — the baseline. Annex II requires, among other cumulative criteria, that the provider is established in the Union; that infrastructure and assets (including those of subcontractors involved in the service) are located in the Union unless the public sector body explicitly requires otherwise; and that customer data, including metadata and telemetry, remains exclusively within the Union unless the body explicitly requires otherwise. Providers must show compliance with "state-of-the-art cybersecurity standards" and give full transparency on subcontractors. Where the provider is under third-country control, it must guarantee that no laws in that country require it to report software vulnerabilities to that country's authorities before they are known to have been exploited (Annex II, 1.1(g)).

Union assurance level 2 — enhanced control and supply-chain security. The audited provider and the subcontractors involved must be established in the Union, and their infrastructure, assets, and personnel must be located in the Union. Where the public sector body determines it necessary, the provider must make personnel meeting additional screening and Union-citizenship requirements available. Data generated by the service must not be used to train or fine-tune any AI system operated by a third country or third-country entity, and must not be transferred outside the Union. Providers must implement software-supply-chain measures, including a complete software bill of materials (SBOM) and documented controls to block remote features that could tamper with the service. Where the provider is under third-country control, it must demonstrate measures ensuring that control cannot restrict the service, that third-country access to customer data is prevented, and that service disruption is prevented (Annex II, 2.1(g)).

Union assurance level 3 — personnel citizenship and a narrow derogation. The personnel involved in the service, including subcontractors' personnel, must be Union citizens and, where appropriate, hold national security clearance for classified information (Annex II, 3.1(d)). The provider and subcontractors must, in principle, not be subject to third-country control. By way of derogation, a third-country-controlled provider may be audited for level 3 where the Commission has adopted the relevant implementing act for an associated third country (the mechanism set out in Article 18); even then, the provider must demonstrate that the foreign control cannot restrict the service, access customer data, or disrupt continuity. Support must be performed exclusively within the Union by personnel who are Union residents and by parties not under third-country control.

Union assurance level 4 — maximum sovereignty. The criteria mirror level 3 but are stricter and admit no third-country-control derogation: the provider and its subcontractors must not be subject to the control of a third country or a third-country entity (Annex II, 4.1(g)). The service must obtain a European cybersecurity certificate of at least "high" assurance level (or, until such a scheme exists, the highest applicable standards). Providers must also demonstrate effective control over software components, showing that no third country holds effective control over their design, development, maintenance, and evolution.

The recognition and audit mechanism

CADA would not rely on self-declaration for the higher levels. Article 17 sets out the recognition mechanism. For level 1, a provider issues an EU statement of conformity following a self-assessment (Article 19). For levels 2, 3, and 4, the provider must undergo an independent third-party audit (Article 20) and submit the audit report and a "positive" audit opinion together with the supporting evidence (Article 17(4)).

The national competent authority of establishment evaluates the evidence and, if satisfied, prepares a draft recognition decision (Article 17(5)). That decision is notified to the other Member States for a 60-day review period during which they may raise a reasoned objection. Where none is raised, the conclusions are deemed accepted and the service is recognised throughout the Union at the relevant level (Article 17(7)). This mutual-recognition design lets a provider recognised in one Member State serve public bodies across the EU, limiting fragmentation. Note that for level 1, an EU statement of conformity issued by an SME is directly and automatically recognised across all Member States without prior recognition by the evaluating authority (Article 17(3)).

Linking assurance levels to procurement

The criteria are not just technical checkboxes — they drive procurement. Article 29 would require Member States and Union entities to run risk assessments identifying which public-sector activities contribute to the preservation of public order and which level (2, 3, or 4) is appropriate. Article 30 would then require contracting authorities to procure, as a minimum, level 1 (Article 30(2)); and, for activities identified as public-order relevant in NIS2 sectors or fields such as defence, justice, or law enforcement, to procure only services recognised at levels 2, 3, or 4 (Article 30(3)). This creates a direct market incentive to reach higher levels.

What this means for you

For cloud service providers and data-centre operators, CADA would make sovereignty a compliance and certification matter — and a competitive differentiator.

  1. Audit readiness. To serve the EU public sector at levels 2–4, prepare for rigorous independent audits. Map your internal controls, SBOMs, and data-flow documentation directly to the Annex II criteria; generic cybersecurity certifications alone would not suffice.
  2. Supply-chain scrutiny. Extend due diligence to subcontractors. Under Annex II, the relevant subcontractors are bound by the same location and control restrictions as the primary provider, so you will need contractual mechanisms to ensure compliance with data-residency and (at levels 3–4) Union-citizenship requirements.
  3. Third-country control. If your company is owned or controlled by a third-country entity, be ready to prove that the control cannot translate into operational interference or data access. Annex II criterion (k) at levels 2–4 requires effective legal, technical, and organisational separation between the Union parent and any third-country subsidiary.
  4. Strategic positioning. Decide which level fits your target market. Level 1 is the baseline for all public contracts, but levels 3 and 4 would be essential for high-value defence, law-enforcement, and critical-infrastructure work, where Union-citizenship and no-third-country-control criteria apply.

Common misconceptions

"Sovereignty is just about data residency." Residency is a core element of all four levels, but CADA's concept is broader. It also covers personnel citizenship (levels 3–4), supply-chain transparency and SBOMs, cybersecurity certification, and freedom from third-country control. A provider can keep data in the EU yet still fail level 3 if its personnel are not Union citizens or it is under foreign control without the required safeguards.

"Level 1 is optional for public-sector buyers." No. Under Article 30(2), Union entities and public-sector bodies whose activities are not public-order relevant would have to use services recognised at least at level 1 — the minimum entry ticket. Higher levels are mandatory only for activities identified through the risk assessment.

"Certification is a one-time event." Recognition is ongoing. Article 23 imposes transparency obligations to report material changes that may affect a provider's recognition. The evaluating authority may revoke recognition where a provider supplied incorrect or misleading information (Article 17(11)).

"Third-country providers are completely excluded." Not at every level. Level 4 prohibits third-country control, but levels 1 and 2 allow it subject to safeguards, and level 3 permits a narrow derogation tied to an associated third country recognised by the Commission (Article 18). The burden remains on the provider to prove that foreign laws cannot compromise the service or customer data.

Related

This is general information about a draft EU regulation, not legal advice.