How does sovereignty differ across the four CADA tiers?

Summary The proposed Cloud and AI Development Act (CADA) would establish a four-tier sovereignty framework, the "Union assurance levels", to help public-sector bodies procure cloud services according to their public-order risk. Under Article 16, the framework progresses from a baseline of EU establishment and data residency (level 1) to strict prohibitions on third-country control and mandatory Union citizenship for personnel (levels 3 and 4). Recital 51 describes sovereignty as having a "nuanced and layered nature", and in practice each tier builds on the one below. Meaningful protection against extraterritorial laws like the US CLOUD Act is achieved at levels 3 and 4, where the provider must be free of third-country control. CADA is a proposal and not yet in force.

Detail

CADA would introduce a harmonised "Union cloud computing sovereignty framework" to address the EU's dependence on non-European cloud providers and the risks of extraterritorial legal reach. Its core is Article 16, which defines four Union assurance levels; recital 51 explains the framework is meant to cater to "the nuanced and layered nature of sovereignty" by providing "four different levels of trusted offers." The detailed, auditable criteria for each level are in Annex II, and they tighten control over infrastructure, data, personnel, and legal jurisdiction as you move up.

Level 1: the baseline of trust

The minimum standard for any public-sector cloud service. It focuses on jurisdictional alignment and data residency but allows some operational flexibility.

• Establishment: the provider must be established in the Union.
• Infrastructure and data: infrastructure and assets (including subcontractors' involved in the service) must be located in the Union, and customer data — including metadata and telemetry — must remain exclusively within the Union, unless the public sector body explicitly requires otherwise.
• Outsourced support: where the provider outsources technical and operational support outside the Union, it must implement legal, technical, and organisational measures for traceability, security, and governance that do not compromise its operational autonomy (Annex II, 1.1(d)).
• Third-country control: if under third-country control, the provider must guarantee that no laws in that country require it to report software vulnerabilities to that country's authorities before they are known to have been exploited.
• Assessment: demonstrated through a self-assessment and an EU statement of conformity (Article 19).

Level 2: enhanced operational control

Adds stricter requirements on personnel, certification, and supply chains, and starts to restrict third-country influence over the service.

• Personnel and location: infrastructure, assets, and personnel (including subcontractors' involved in the service) must be located in the Union. Where the public sector body determines it necessary, the provider must make available personnel meeting additional screening and Union-citizenship requirements (Annex II, 2.1(d)).
• Cybersecurity: the service must obtain a European cybersecurity certificate of at least "substantial" assurance level (or an applicable national scheme until the EU scheme exists).
• Data usage: data generated by the service must not be used to train or fine-tune AI systems operated by third countries, and must not be transferred outside the Union.
• Third-country control mitigation: if the provider is under third-country control, it must implement measures so that the control cannot restrict the service, that third-country access to customer data is prevented, and that service disruption is prevented (Annex II, 2.1(g)).
• Software supply chain: a complete SBOM and documented controls to block remote features that could tamper with the service.
• Assessment: an independent third-party audit (Article 20).

Level 3: high sovereignty with a narrow derogation

For higher-risk public-order activities. It significantly restricts third-country involvement and mandates Union citizenship for personnel.

• Personnel: all personnel involved (including subcontractors') must be Union citizens, and those handling classified information must have national security clearance (Annex II, 3.1(d)).
• Third-country control: generally, the provider and its subcontractors must not be under third-country control. By way of derogation, a third-country-controlled provider may be audited for level 3 where the Commission has adopted the relevant implementing act for an associated third country (the mechanism in Article 18); even then, it must show the foreign control cannot restrict the service, access customer data, or disrupt continuity.
• Support: technical and operational support must be performed exclusively within the Union by personnel who are Union residents and by parties not under third-country control.
• Assessment: an independent third-party audit.

Level 4: maximum sovereignty

The highest tier, for the most sensitive data and critical infrastructure. It eliminates any third-country control.

• Third-country control: the provider and its subcontractors must not be under the control of a third country, with no derogation (Annex II, 4.1(g)).
• Software control: the provider must demonstrate effective control over software components, showing that no third country holds effective control over their design, development, maintenance, and evolution.
• Cybersecurity: the service must obtain a European cybersecurity certificate of at least "high" assurance level.
• Personnel: all personnel must be Union citizens, with national security clearance where appropriate.
• Assessment: an independent third-party audit.

Where foreign-law exposure drops

The driver for the higher tiers is protection against extraterritorial laws like the US CLOUD Act.

• Levels 1 and 2 do not provide immunity. They keep data in the EU but allow the provider to be under third-country control. If a US parent controls an EU subsidiary, US legal process can in principle still reach data held by the parent, even where the subsidiary meets the level 1 or 2 criteria.
• Level 3 offers strong protection but admits a narrow derogation: a third-country-controlled provider may qualify only via a recognised associated third country under Article 18, and must prove that foreign law cannot compel data access or disruption.
• Level 4 provides the strongest position by prohibiting any third-country control. With no foreign ownership or control, the jurisdictional hook for extraterritorial data requests is removed and the provider is fully subject to EU law.

What this means for you

For cloud service providers and data-centre operators, the four tiers create a clear pathway to public-sector contracts but demand rigorous compliance.

1. Map your service to a tier. You cannot simply claim "sovereign cloud" status. If you are a subsidiary of a non-EU hyperscaler, you are likely capped at level 2 unless you can legally and operationally ring-fence your EU operations to meet level 3 (via the Article 18 derogation) or restructure to meet level 4.
2. Invest in audit readiness. Levels 2–4 require independent third-party audits (Article 20). Prepare documentation, SBOMs, and personnel records; Annex III sets out detailed audit evidence the auditing organisation will request.
3. Restructure supply chains. For levels 3 and 4, support staff and the relevant subcontractors must be Union-based and Union citizens, which may require changes to global support models.
4. Prepare for transparency. You must report material changes that could affect your recognition (Article 23) — for example, a new foreign investor acquiring a stake.
5. Leverage the central repository. Once recognised, your service is listed in the Commission's central repository (Article 22), a key signal to public-sector buyers.

Common misconceptions

"Level 1 is enough for all public-sector use." Incorrect. Article 30(3) requires contracting authorities whose activities contribute to public order (for example defence, justice, critical infrastructure) to procure services at level 2, 3, or 4 based on a risk assessment. Level 1 is the baseline only for activities not identified as public-order relevant.

"Data residency equals sovereignty." Incorrect. Levels 1 and 2 keep data in the EU but do not prevent a foreign government from reaching it through the provider's parent. Protection from foreign legal compulsion requires the control restrictions at levels 3 and 4.

"Open-source software disqualifies a provider from higher tiers." Incorrect. The criteria focus on control and remote tampering: where open-source software is used, the provider must document controls to prevent remote features from tampering with the service (Annex II, level-specific paragraph (j)), but open source itself is not prohibited. Article 41 in fact promotes the use of open-source solutions.

"Level 3 lets any third-country provider qualify if it promises not to share data." Incorrect. The level 3 derogation is narrow: the Commission must first adopt the implementing act recognising the country as an associated third country (Article 18), which requires, among other things, that the country has no measures enabling it to compel data access or service disruption — a high bar few countries currently meet.

Related

• Why does CADA use four levels of sovereignty instead of one?
• Why is cloud sovereignty important for critical infrastructure? CADA
• Why is sovereignty described as layered or nuanced in CADA?
• CADA Sovereignty: Why Assessment is Per Service, Not Per Provider
• Why is sovereignty a competitiveness issue, not just a security one? | CADA

This is general information about a draft EU regulation, not legal advice.