Summary The proposed Cloud and AI Development Act (CADA) and the EU AI Act (Regulation (EU) 2024/1689) are complementary instruments that address frontier AI from distinct angles. As proposed, CADA provides funding, compute resources, and strategic prioritization for the development of frontier AI, while the AI Act imposes mandatory regulatory obligations on the market placement and operation of AI systems. Crucially, CADA does not exempt frontier AI projects from AI Act compliance; instead, it supports the ecosystem in which these regulated systems are built. A project designated as a "frontier AI priority project" under Article 8 of CADA remains fully subject to the AI Act's requirements for general-purpose AI models and high-risk systems.

Detail

To understand the interaction between these two frameworks, it is necessary to distinguish between the development support mechanisms of CADA and the market regulation mechanisms of the AI Act. The relationship is one of parallel tracks: one builds capacity, the other ensures safety and fundamental rights.

1. Definitions and Scope: Article 2(4) and Regulation (EU) 2024/1689

The foundation of the interaction lies in how both instruments define the technology and their respective scopes. Under CADA, Article 2(4) defines 'frontier AI' as:

"AI models or AI systems built upon such models that can perform a wide variety of tasks and that approach, reach or exceed the current state of the art."

This definition captures the technological ambition of the EU's next generation of AI. It aligns conceptually with the AI Act's focus on general-purpose AI (GPAI) models, particularly those posing systemic risks, though the legal frameworks serve fundamentally different purposes.

The AI Act, Regulation (EU) 2024/1689, is a product-safety and fundamental-rights regulation. It regulates the placing on the market and putting into service of AI systems. It imposes strict obligations on providers of GPAI models, including transparency, copyright compliance, and risk mitigation measures.

CADA, by contrast, is not a market access regulation. It is a framework for strengthening the EU's cloud and AI ecosystem. Its primary tool regarding frontier AI is the Cloud and AI Leadership Initiatives, which aims to support research, innovation, and large-scale capacity building. As stated in the CADA explanatory memorandum, the AI Act "does not cover aspects of sovereignty," which is the specific gap CADA is designed to fill.

2. CADA's Support Mechanism: Frontier AI Priority Projects

CADA introduces a specific mechanism to boost EU capabilities in frontier AI through Article 8, which outlines the criteria for designating a project as a "frontier AI priority project."

According to Article 8, the Commission may recognize projects as frontier AI priority projects if they meet the following cumulative criteria:

  1. They are pioneering projects focused on the support and scaling-up of frontier AI technologies.
  2. They are undertaken by a European digital infrastructure consortium established pursuant to Decision (EU) 2022/2481 or another legal entity eligible for funding under Union law.
  3. They involve the participation of at least three Member States.
  4. The participating Member States pool computing time and other relevant resources to support the implementation of the designated project.

Once designated, these projects receive significant support. Article 9 mandates that the Union and Member States ensure sufficient AI computing resources are allocated to these projects. Crucially, Article 9(2) states that the Union shall at least match the AI computing resources contributed by Member States to these frontier AI priority projects, within the limits of available European high-performance computing (EuroHPC) capacity.

This support is strategic: it aims to close the capacity gap and reduce dependencies on third-country providers. However, the text of CADA contains no provision suggesting that receiving this support alters the regulatory status of the resulting AI models under other Union law.

3. The AI Act's Regulatory Overlay

While CADA provides the resources and strategic backing, the AI Act provides the rules. The AI Act applies to any AI system placed on the EU market, regardless of whether it receives CADA support or is designated as a priority project.

If a frontier AI model developed under a CADA-priority project is subsequently placed on the market or put into service, it must comply with the AI Act. The regulatory obligations are triggered by the nature of the model and its use, not by its funding source. Specifically:

  • General-Purpose AI Obligations: If the frontier AI model qualifies as a GPAI under the AI Act, the provider must comply with the transparency and documentation obligations (e.g., Article 53), including drawing up technical documentation, providing information to downstream providers, and ensuring copyright compliance.
  • Systemic Risk Obligations: If the model presents systemic risks (e.g., exceeding the computational threshold of $10^{25}$ floating-point operations), it triggers the stricter obligations under Article 55 of the AI Act, such as model evaluation, adversarial testing, and reporting serious incidents to the AI Office.
  • High-Risk AI Systems: If the frontier AI model is integrated into a high-risk AI system (e.g., in healthcare, critical infrastructure, or law enforcement), the downstream provider of that system must comply with the high-risk obligations under Chapter III of the AI Act, including risk management, data governance, and human oversight.

The CADA proposal explicitly reinforces the AI Act. The explanatory memorandum notes that the AI Act "harmonises rules for AI systems and general-purpose AI models to be placed on the EU market" and "ensures a high level of protection of health, safety and fundamental rights." CADA does not seek to modify these rules but to ensure the EU has the sovereign capacity to develop compliant systems.

4. Complementary Instruments, Not Competing Regimes

The relationship between CADA and the AI Act is additive, not substitutive. The CADA explanatory memorandum states that the proposal "reinforces key objectives of the AI Act" by addressing the infrastructure and sovereignty gaps that the AI Act does not cover.

Therefore, the relationship operates as follows:

  • CADA asks: "How do we build more frontier AI capacity in Europe, reduce dependency on third countries, and ensure we have the compute resources to do so?"
  • AI Act asks: "How do we ensure that the frontier AI models we build are safe, transparent, and respect fundamental rights?"

A project can be a CADA frontier AI priority project and be subject to AI Act GPAI obligations simultaneously. Receiving CADA support does not create a regulatory safe harbor, nor does it provide a derogation from the AI Act's requirements. The two instruments operate in parallel: CADA accelerates the supply of sovereign AI capacity, while the AI Act governs the safety and rights of the AI systems produced.

What this means for you

For in-house counsel, compliance officers, and project managers in organizations developing or deploying frontier AI, the interplay between these two regulations requires a dual-track strategy. You must manage the eligibility for CADA support while simultaneously ensuring full compliance with the AI Act.

1. Separate Compliance Silos

Do not assume that participation in a CADA-funded initiative exempts your organization from AI Act obligations. You must maintain two distinct compliance tracks:

  • CADA Track: Focus on eligibility for frontier AI priority project status. This involves coordinating with Member States and consortia to meet the criteria in Article 8 (e.g., participation of three Member States, pooling of resources) and adhering to the resource allocation rules in Article 9.
  • AI Act Track: Focus on the technical and legal obligations of the AI Act. If your model qualifies as a GPAI or systemic-risk model, you must prepare for the Commission's supervision, adversarial testing, and incident reporting requirements under Articles 51–55 of the AI Act.

2. Documentation Synergies

While the obligations are distinct, the documentation required may overlap. CADA's support for frontier AI requires demonstrating the strategic value, technical sophistication, and cross-border nature of the project. The AI Act requires detailed technical documentation (Annex XI of the AI Act) for GPAI models, including information on training data, model architecture, and testing results. Organizations should aim to align their internal technical documentation processes to satisfy both the evidentiary needs of CADA priority project applications and the transparency requirements of the AI Act, ensuring that the data used to prove "state-of-the-art" capabilities for CADA also supports the "systemic risk" assessment for the AI Act.

3. Compute Resource Management

Article 9 of CADA highlights the allocation of compute resources. Compliance officers should monitor how compute resources are sourced and allocated. If your organization is accessing EuroHPC capacity through CADA mechanisms, ensure that the usage policies and data governance frameworks comply with both the CADA's sovereignty objectives (e.g., data remaining in the Union, as per the broader sovereignty framework) and the AI Act's data governance requirements for training data (e.g., ensuring training data is free from bias and respects copyright).

4. Monitoring Thresholds

The AI Act's systemic risk threshold (currently $10^{25}$ FLOPs) is a critical trigger. CADA supports the scaling of frontier AI, which may naturally push models toward or beyond this threshold. Compliance teams must have robust monitoring systems to detect when a model approaches this threshold, as crossing it triggers immediate notification obligations to the Commission under the AI Act. CADA support does not delay or waive these notifications.

Common misconceptions

Misconception 1: CADA replaces the AI Act for frontier AI. Reality: CADA does not replace the AI Act. It is a funding and capacity-building instrument. The AI Act remains the primary regulatory framework for market access and safety. A model can be fully supported by CADA and still be non-compliant with the AI Act. The CADA explanatory memorandum explicitly states that the AI Act "does not cover aspects of sovereignty," implying that CADA fills a gap, not a regulatory void.

Misconception 2: Only "high-risk" AI systems are regulated by the AI Act. Reality: The AI Act regulates general-purpose AI models (including frontier AI) independently of whether they are embedded in high-risk systems. Even if a frontier AI model is used for research or internal purposes initially, if it is placed on the market, it triggers GPAI obligations. CADA support does not alter this status.

Misconception 3: CADA frontier AI priority projects are only for EU-based companies. Reality: While CADA emphasizes European sovereignty and requires participation of at least three Member States for priority projects (Article 8), the AI Act applies to providers regardless of where they are established if they place systems on the EU market. The interplay means that non-EU entities collaborating on CADA projects must still navigate the AI Act's extraterritorial reach.

Misconception 4: CADA support guarantees AI Act compliance. Reality: CADA support guarantees access to resources and strategic prioritization, not regulatory compliance. A project can receive CADA funding and still fail to meet the AI Act's requirements for transparency, risk management, or fundamental rights protection.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.