How will CADA funding be reviewed and reported?

Summary Under the proposed Cloud and AI Development Act (CADA), the European Commission would be required to evaluate the Regulation's effectiveness five years after it enters into force, with subsequent reviews every five years. These evaluations would result in public reports detailing the effective application and enforcement of the law. Concurrently, Article 7(5) mandates that Member States reassess their national cloud and AI strategies at least every three years based on key performance indicators. These mechanisms ensure continuous monitoring of support measures, such as the Cloud and AI Leadership Initiatives, and provide transparency on the progress of the EU's cloud and AI ecosystem.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, establishes a rigorous framework for monitoring, reporting, and reviewing its implementation. As a proposal, these mechanisms are not yet legally binding; however, if adopted, they would create a structured feedback loop between the Commission, Member States, and stakeholders to ensure the Act meets its strategic objectives of strengthening Europe's cloud and AI ecosystem.

The Commission's Five-Year Review Cycle

The primary mechanism for evaluating the Regulation itself is established in Article 47 of the proposal. This article stipulates that the Commission shall evaluate the Regulation five years after its entry into force. Following this initial evaluation, the Commission would conduct further reviews every five years thereafter.

The Explanatory Memorandum provides critical context for this timeline, stating that "Five years after its entry into force, the Commission should review the functioning of this proposed Regulation and submit a report to the European Parliament and to the Council." Crucially, the Memorandum specifies that "These reports will be public and detail the effective application and enforcement of the proposed Regulation."

The purpose of these reviews extends beyond simple compliance checking. They are designed to assess whether the measures set out in CADA are achieving their intended goals, such as:

• Increasing computing capacity and AI developed in the EU.
• Ensuring attractive conditions for the deployment of sustainable computing capacity.
• Addressing concerns regarding data sovereignty and operational continuity.
• Helping protect public order by making cloud supply more resilient.

The review process would also inform potential amendments. As noted in Article 47(2), where appropriate, the evaluation report "shall be accompanied by a proposal for amendment of this Regulation." This ensures the legal framework remains responsive to rapid technological developments and market shifts.

National Strategy Reassessment: The Three-Year Cycle

While the Commission reviews the overarching Regulation, Member States bear the responsibility for strategic planning and implementation within their territories. Article 7 of the proposal requires Member States to establish national cloud and AI strategies within one year of the Regulation's entry into force.

Article 7(5) introduces a specific reassessment cycle for these national strategies. It mandates that "Member States shall assess their national strategies at least every three years on the basis of key performance indicators and, where necessary, update them."

This three-year cycle serves several critical functions:

1. Alignment with EU Objectives: It ensures that national efforts remain consistent with the Regulation's objectives and contribute to the associated digital targets established under the Digital Decade Policy Programme.
2. Performance Tracking: The assessment is based on Key Performance Indicators (KPIs) defined within the strategies themselves. These KPIs would likely cover metrics such as the deployment of data centre capacity, the adoption of cloud services by SMEs, and the progress of Experience and Acceleration Centres for AI.
3. Dynamic Adaptation: If gaps are identified or if the strategic landscape shifts (e.g., new technological breakthroughs or changes in global market dynamics), Member States are required to update their strategies accordingly.

The Commission plays a supervisory role in this process. Article 7(5) further states that "The Commission shall monitor the adoption and revision of the national strategies." Additionally, Article 6(6) notes that the European Artificial Intelligence Board (AI Board) shall "advise and assist the Member States as regards the coordination of national strategies" and "facilitate exchange of best practices."

Public Reporting on Effectiveness and Support Measures

The reporting obligations under CADA are designed to ensure transparency and accountability regarding the use of public funds and the effectiveness of support measures. The public reports generated from the Commission's five-year reviews would cover several key areas:

1. Effective Application and Enforcement The reports would detail how the Regulation is being applied across Member States. This includes an analysis of the enforcement of the sovereignty framework (Title IV), the designation of data centre acceleration zones (Title III), and the implementation of the Cloud and AI Leadership Initiatives (Title II). The Explanatory Memorandum emphasizes that these reports will "detail the effective application and enforcement," providing a clear picture of whether the legal framework is functioning as intended.

2. Performance of Support Measures CADA introduces significant support measures, including:

• Cloud and AI Leadership Initiatives: These initiatives aim to support research, innovation, and large-scale capacity deployment. The reviews would assess their success in fostering cutting-edge technologies like frontier AI and physical AI.
• Experience and Acceleration Centres for AI: Under Article 5, Member States must establish these centres. The reports would evaluate their role in accelerating digital transformation and supporting SMEs.
• Data Centre Acceleration Zones: The effectiveness of these zones in streamlining permitting and increasing capacity would be a key metric.
• EuroCloud Federation: The reports would assess the progress of the European public sector cloud federation in facilitating the sharing of data centre and cloud services.

3. Progress of the Ecosystem The reports would evaluate the overall progress of the EU's cloud and AI ecosystem. This includes metrics related to:

• Installed computing capacity (MW IT load) and aggregate compute power.
• The EU share of global installed computing capacity.
• The reduction of dependencies on third-country providers.
• The adoption of sovereign cloud services by public sector bodies.

Coordination with Existing Frameworks

The CADA review mechanisms are not designed to operate in isolation. They are explicitly coordinated with existing EU monitoring frameworks to avoid duplication and ensure data efficiency.

The Explanatory Memorandum states that CADA "complements the Digital Decade Policy Programme by leveraging the existing yearly monitoring exercise." This synergy ensures that data collection is streamlined and that CADA's specific goals are integrated into the broader EU digital strategy.

Furthermore, Article 15 establishes a specific mechanism for the Commission to "monitor the Union progress in increasing the compute capacity available, the volume of demand for data centre capacity, and the size of the capacity gap." This ongoing monitoring feeds into the broader five-year review, ensuring that the Commission has up-to-date data on the capacity gap and the effectiveness of measures to close it.

What this means for you

For public-sector bodies, cloud providers, and stakeholders involved in the EU cloud and AI ecosystem, the review and reporting mechanisms under CADA have significant practical implications:

• Strategic Alignment and Updates: Your organization's cloud and AI strategies should be aligned with your Member State's national strategy. Since these strategies are reassessed every three years, you must stay informed about updates to ensure your activities remain compliant and supportive of national goals.
• Data Contribution: Be prepared to provide data on your activities, particularly regarding the deployment of data centres, the use of sovereign cloud services, and the adoption of AI systems. This data is essential for Member States to conduct their three-year assessments and for the Commission to compile its five-year public reports.
• Feedback and Advocacy: The review process offers a formal channel for feedback. If you encounter challenges in implementing CADA measures—such as difficulties in accessing the EuroCloud Federation or barriers in the permitting process for data centres—you should report these to your national competent authority. This feedback can directly inform the Commission's evaluation and potential future amendments.
• Long-Term Planning: The five-year review cycle provides a degree of regulatory stability, but it also signals that the framework is subject to change. Long-term IT and infrastructure planning should account for the possibility of regulatory amendments based on the findings of these public reports.

Common misconceptions

"CADA reviews happen annually." Clarification: The Regulation itself is reviewed by the Commission every five years. However, Member States must reassess their national strategies at least every three years. Additionally, the Commission monitors capacity gaps and other metrics on an ongoing basis, but the formal public report on the Regulation's effectiveness is a quinquennial event.

"The reports are internal documents." Clarification: The Explanatory Memorandum explicitly states that the Commission's reports on the review of the Regulation "will be public." This ensures transparency and allows all stakeholders to assess the effectiveness of the Act and the use of public funds.

"CADA funding is managed entirely by the Commission." Clarification: While the Commission monitors and reports on the ecosystem, the actual funding for many CADA initiatives comes from existing EU programmes (like Horizon Europe and the Digital Europe Programme) and national budgets. The Commission's role in the review is to evaluate the effectiveness of these combined efforts, not to manage every individual grant.

Official sources

• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• Who decides which CADA projects get funding? Commission vs Member States
• IPCEI-CIS and CADA: How EU Funding Powers Sovereign Cloud
• GBER and CADA: How State Aid Exemptions Apply to Cloud & AI Funding
• What is the capacity gap and how does it trigger funding under CADA?
• What is EuroHPC and how does it support CADA compute funding?

This is general information about a draft EU regulation, not legal advice.