Summary Under the proposed Cloud and AI Development Act (CADA), Article 39(1) establishes a "deemed compliance" mechanism: a public-sector contracting authority that acquires cloud or AI services through the Commission's central purchasing body is legally considered to have fulfilled its obligations under applicable Union public procurement law. This means the authority does not need to run a separate, parallel national tender for those specific services, as the Commission's procedure satisfies the legal requirements. Furthermore, Article 39(2) clarifies that when awarding specific contracts under these frameworks, the procedural rules applicable to Union institutions apply, not national procurement codes. This structure simplifies compliance, reduces administrative burdens, and ensures uniformity across the EU, though it remains a proposal subject to the legislative process.
Detail
The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, introduces a transformative framework for public procurement in the cloud and AI sectors. A central pillar of this framework is the Commission's ability to act as a central purchasing body for Union entities, Member State contracting authorities, and selected partner organisations. Article 39 serves as the legal bridge that connects this centralised EU-level procurement activity with the national obligations of individual public buyers, fundamentally altering how public authorities can legally acquire these critical services.
The Legal Shield of Article 39(1): Deemed Compliance
The core innovation of Article 39(1) is the concept of "deemed compliance." The provision explicitly states: "A participating entity shall be deemed to have fulfilled its obligations under applicable Union public procurement law where it acquires supplies or services by means of contracts awarded by the Commission under this Chapter, including through framework contracts concluded by or dynamic purchasing systems operated by the Commission acting as a central purchasing body, or any ancillary support services referred to in Article 37."
In practical terms, this creates a legal safe harbour for public buyers. When a national ministry, local authority, or agency (the "participating entity") chooses to acquire services through the Commission's established framework, it is not merely purchasing a product; it is purchasing a compliance status. The national authority is relieved of the burden to verify whether the Commission's tender notice was sufficiently long, whether the evaluation criteria were proportionate, or whether the award decision was transparent. The regulation presumes that the Commission has correctly executed these steps in accordance with Union law.
Consequently, the national buyer is exempt from running its own separate competitive procedure for those specific goods or services. This removes the significant risk of legal challenges at the national level based on procedural errors in the tendering process, provided the buyer adheres strictly to the terms of the Commission's contract. This mechanism is particularly powerful for complex, high-stakes procurements like cloud infrastructure and AI systems, where technical specifications evolve rapidly and market dynamics are volatile. By relying on the Commission's expertise and resources, smaller public authorities can access state-of-the-art technologies without needing in-house procurement specialists capable of navigating the intricate details of EU public procurement directives.
Procedural Rules for Specific Contracts: Article 39(2)
While Article 39(1) handles the overarching compliance with public procurement law, Article 39(2) clarifies the specific procedural rules that apply when a participating entity actually signs a contract for a specific need. The article states: "The procedural provisions applicable to Union institutions shall apply to the procedures for the award of specific contracts under framework contracts or dynamic purchasing systems."
This distinction is crucial for understanding the operational reality of the system. The Commission establishes a framework agreement or a dynamic purchasing system (DPS). This initial stage is governed by EU financial rules and the specific derogations outlined in CADA. However, when a national authority wants to buy a specific quantity of cloud storage or a specific AI model under that framework, it must follow the procedural rules applicable to Union institutions, rather than its own national public procurement code.
This ensures uniformity across the Union. A ministry in Germany and a ministry in Portugal will follow the same procedural steps to "call off" a contract from the Commission's framework. This prevents fragmentation where different Member States might try to impose additional national procedural hurdles on top of the EU-level framework, which would undermine the efficiency and speed of the central purchasing model. It creates a single, harmonised administrative path for accessing sovereign cloud services across the single market.
The Role of the Commission as Central Purchasing Body
To understand the weight of Article 39, it is necessary to contextualise the Commission's role under Article 37. The Commission is empowered to act as a central purchasing body, procuring on behalf of Member States, concluding framework contracts, or operating dynamic purchasing systems. It can also provide ancillary support, such as technical infrastructure or advice.
Article 39 ensures that when the Commission exercises these powers, the resulting contracts are legally robust for all participants. The "deemed compliance" clause effectively transfers the liability for procedural compliance in the tendering phase from the national buyer to the Commission's procurement process. This is a significant shift from traditional public procurement, where the contracting authority bears the full burden of ensuring every step of the tender complies with national and EU law. Under CADA, the Commission assumes this burden for the services it procures, and the national buyer benefits from that assumption of responsibility.
What this means for you
For public-sector procurement officers and legal counsels, Article 39 offers a streamlined, lower-risk path to acquiring advanced cloud and AI capabilities. Instead of drafting complex technical specifications, managing lengthy tender processes, and defending against potential legal challenges, you can participate in the Commission's centralised procurement activities.
Key takeaways for procurement officers:
- Elimination of Duplicate Tenders: You do not need to run a separate national tender for services available through the Commission's framework contracts or dynamic purchasing systems. The Commission's procedure satisfies your legal obligations under EU public procurement law, as proposed in Article 39(1).
- Enhanced Legal Certainty: By purchasing through the Commission, you are protected from claims that your procurement process was flawed, as long as you follow the terms of the Commission's contract. This reduces the risk of costly legal disputes and contract cancellations that often plague complex IT procurements.
- Access to Centralised Expertise: You benefit from the Commission's technical and legal expertise in cloud and AI procurement. The Commission is tasked with ensuring that the procurement activities are effective, efficient, and compliant with the highest standards, including the sovereignty criteria of CADA.
- Uniform Procedures: When calling off specific contracts under a framework agreement, you will follow the procedural rules applicable to Union institutions, not your national procurement code. This simplifies cross-border coordination and ensures consistency in how public bodies across the EU access these services.
- Strategic Alignment: Participating in the Commission's procurement activities aligns your organisation with the EU's strategic goals of technological sovereignty and reduced dependence on non-European providers. The Commission's procurement criteria will likely emphasise these values, helping you meet broader policy objectives.
Procurement officers should familiarise themselves with the Commission's framework contracts and dynamic purchasing systems as they become available. They should also ensure that their internal processes are adapted to follow the procedural rules applicable to Union institutions when awarding specific contracts under these frameworks.
Common misconceptions
Misconception 1: Deemed compliance means you can ignore all procurement rules. Reality: Article 39(1) deems you compliant with Union public procurement law for the specific purchase made through the Commission. It does not exempt you from other legal obligations, such as data protection laws (GDPR), cybersecurity requirements (NIS2), or internal financial regulations. You must still ensure that the service meets your operational needs and complies with other applicable EU and national laws.
Misconception 2: You can mix and match Commission services with your own tendered services freely without distinction. Reality: While you can use the Commission's services for some needs and run your own tenders for others, you cannot use the Commission's framework to circumvent your obligations for services not covered by that framework. If you need a service that is not available through the Commission's central purchasing activities, you must run a separate tender that complies with national and EU procurement law. The "deemed compliance" only applies to the specific contracts awarded by the Commission under this Chapter.
Misconception 3: The Commission's procurement rules are identical to national rules. Reality: Article 39(2) explicitly states that the procedural provisions applicable to Union institutions govern the award of specific contracts under framework agreements or dynamic purchasing systems. These rules may differ significantly from your national public procurement code. Procurement officers must learn and apply these EU institutional procedures, not their national ones, when calling off contracts from the Commission's frameworks.
Misconception 4: You are liable for the Commission's procedural errors. Reality: One of the main benefits of Article 39(1) is that the liability for procedural compliance in the tendering process shifts to the Commission. If a supplier challenges the Commission's tender process, it is the Commission that must defend its actions, not the national buyer. The national buyer is protected by the "deemed compliance" clause, provided they have purchased through the Commission's established channels.
Official sources
Related
- CADA Article 39: How Commission Frameworks Deem Compliance for Cloud Procurement
- CADA Article 39(5): The Derogation from Article 168 for DPS Access
- CADA Article 32: What 'ancillary and not decisive' means for tender scoring
- CADA Article 30: Do Union entities and national bodies face different cloud procurement rules?
- Can a provider be excluded from a CADA tender for lacking recognition?
This is general information about a draft EU regulation, not legal advice.