Must national strategies support open hardware and software under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), Member States are legally required to include specific measures in their national cloud and AI strategies to support cloud computing stack technologies built upon open hardware and software. As proposed in Article 7(2)(g), these measures must aim to "strengthen technological sovereignty and enhance the competitiveness of strategic European industries." This requirement is not merely aspirational; it is a binding obligation that aligns national policy with the Union's Operational Objective 2 (cloud stacks) and the broader open-source provisions found in Title IV, Chapter V.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a dual-track approach to reducing the EU's dependence on third-country providers. While the Act creates a sovereignty framework for procurement (Title IV), it simultaneously mandates that Member States proactively build the domestic capacity to supply those sovereign services. A critical component of this capacity-building is the requirement for national strategies to explicitly support open hardware and software ecosystems.

The Mandatory Requirement: Article 7(2)(g)

Article 7 of the proposal obliges Member States to establish national cloud and AI strategies within one year of the Regulation's entry into force. These strategies are not optional guidelines but must contain a specific set of measures to ensure alignment with Union objectives.

Article 7(2)(g) explicitly mandates that national strategies include:

"measures to support the development of cloud computing stack technologies built upon open hardware and software to strengthen technological sovereignty and enhance the competitiveness of strategic European industries;"

This provision is significant because it targets the foundational layers of the technology stack. By specifying "open hardware," the proposal addresses dependencies at the physical level, such as processors, accelerators, and server architectures. By specifying "open software," it targets the middleware, operating systems, and management layers that orchestrate cloud resources. The dual focus ensures that the EU builds autonomy not just in the software running on the cloud, but in the hardware that powers it and the open standards that allow different systems to interoperate.

The stated purpose is twofold: to "strengthen technological sovereignty" (reducing the risk of supply chain disruption or foreign control) and to "enhance the competitiveness of strategic European industries" (creating a market for EU-based innovators).

Alignment with Operational Objective 2

The requirement in Article 7(2)(g) is the national-level implementation mechanism for Operational Objective 2 of the Cloud and AI Leadership Initiatives, as defined in Article 4.

Article 4(2) sets out the Union-level operational objective:

"supporting the development and deployment of cloud computing stacks supporting the Union's technological autonomy"

To achieve this, Article 4(2) details specific actions, including:

• Developing and piloting "secure, resilient and performant open cloud computing stacks" covering edge, connectivity, data, and AI tools.
• Developing "AI-optimised servers and baseline software based on processors, accelerators and quantum accelerators designed and manufactured in the Union."
• Boosting data availability via "open-source middleware platforms."

Article 7(2)(g) ensures that Member States do not operate in a silo. By requiring national strategies to support these specific technologies, the proposal creates a cohesive ecosystem where national funding, research grants, and industrial policy directly feed into the Union's goal of building a sovereign, open cloud stack. Without this national mandate, the Union-level objectives in Article 4 could lack the necessary domestic implementation support.

Integration with Broader Open Source Provisions

The emphasis on open hardware and software in national strategies is part of a comprehensive "open source first" architecture within CADA. While Article 7(2)(g) focuses on the development and strategic support of these technologies, Title IV, Chapter V (Articles 41–44) focuses on their adoption and reuse by the public sector.

• Article 41 requires Union entities and public sector bodies to encourage the use and reuse of open standards and components released under an open-source licence when building their cloud and AI ecosystem.
• Article 42 mandates that when public bodies make software available for reuse, they must do so via a catalogue connected to the EU Open Source Solutions Catalogue (EU OSS Catalogue).
• Article 43 establishes the EU OSS Catalogue as a centralized, accessible repository for reusable software.
• Article 44 creates a network of Open Source Programme Offices (OSPOs) to facilitate coordination and best practice sharing.

Article 7(2)(g) acts as the supply-side counterpart to these demand-side measures. While Articles 41–44 create a guaranteed market for open solutions by the public sector, Article 7(2)(g) ensures that Member States actively cultivate the supply of open hardware and software technologies to meet that demand. This creates a virtuous cycle: national strategies foster the development of open stacks, and public procurement rules ensure those stacks are adopted.

Strengthening Technological Sovereignty

The explanatory memorandum accompanying the proposal clarifies that the EU's current dependence on a limited pool of third-country providers poses risks to operational autonomy and security. The focus on "open hardware and software" in Article 7(2)(g) is a direct response to these risks:

1. Auditability and Security: Open source allows for greater transparency, enabling independent verification of code and hardware designs to detect backdoors or vulnerabilities.
2. Interoperability: Open standards prevent vendor lock-in, allowing public bodies to switch providers or integrate multi-cloud solutions without being trapped in proprietary ecosystems.
3. Supply Chain Resilience: By supporting technologies built on open hardware, the EU reduces reliance on proprietary, closed supply chains that could be disrupted by geopolitical events or foreign export controls.

What this means for you

For technology leaders, SMEs, and industry stakeholders, the Article 7(2)(g) mandate signals a shift in the European market landscape:

• New Funding Streams: As Member States draft their national strategies to comply with Article 7(2)(g), expect the emergence of specific grant programs, R&D tax credits, and innovation funds targeted at open hardware (e.g., open RISC-V processors) and open cloud software stacks. SMEs developing these technologies should monitor national calls for proposals closely.
• Procurement Shifts: Public sector procurement will increasingly favor solutions that are interoperable and built on open standards. Architects and vendors should prioritize open-source components and open hardware designs to align with the "open source first" principle of Article 41 and the strategic direction of Article 7.
• Strategic Partnerships: The requirement for national strategies will likely spur collaboration between national OSPOs, hardware manufacturers, and open-source communities. SMEs should consider engaging with these national bodies to influence strategy development and secure early access to pilot projects.
• Market Validation: The explicit mention of "open hardware" in a binding legislative proposal provides strong market validation for open-source hardware initiatives, potentially attracting private investment that was previously hesitant due to regulatory uncertainty.

Common misconceptions

• Misconception: "CADA bans proprietary hardware and software."
  • Reality: CADA does not ban proprietary solutions. Article 7(2)(g) requires Member States to support the development of open alternatives to strengthen sovereignty. Proprietary solutions remain part of the market, but the Act creates a policy environment that actively favors open, sovereign alternatives for public sector use and strategic development.
• Misconception: "Open hardware only refers to chips made in the EU."
  • Reality: While Article 4(2)(b) mentions developing processors "designed and manufactured in the Union," Article 7(2)(g) broadly refers to "open hardware." This encompasses the design and architecture of hardware (e.g., open instruction sets), which can be manufactured globally but must be open to ensure auditability and prevent vendor lock-in. The goal is sovereignty through openness, not necessarily 100% local manufacturing of every component.
• Misconception: "National strategies are just high-level documents with no teeth."
  • Reality: Article 7 makes the adoption of these strategies mandatory. Furthermore, Article 7(5) requires Member States to assess their strategies every three years based on key performance indicators, and the Commission monitors their adoption. The specific inclusion of Article 7(2)(g) means that omitting support for open hardware and software would be a failure to comply with the Regulation's requirements.

Official sources

• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• Must national strategies include AI factories and gigafactories?
• Must national strategies follow the 'AI first' principle under CADA?
• Must national cloud and AI strategies align with EU Digital Decade targets?
• How often must national cloud and AI strategies be reviewed under CADA?
• How do national strategies support the Centres for AI under CADA?

This is general information about a draft EU regulation, not legal advice.