CADA

Summary Under the proposed Cloud and AI Development Act (CADA), public bodies face a strategic choice between two distinct pathways for accessing cloud and data centre services. Chapter III establishes the EuroCloud Federation, a mechanism for public bodies to share existing, self-owned sovereign capacity with one another, strictly limited to cost-recovery fees and exempt from standard procurement rules. Chapter IV empowers the Commission to act as a central purchasing body, procuring commercial cloud and AI services at scale on behalf of Member States and Union entities to leverage collective bargaining power. The decision depends on whether the required capability exists within the public sector's own infrastructure (favoring sharing) or must be sourced from the commercial market (favoring procurement), balanced against specific sovereignty needs and cost-efficiency goals.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, introduces a dual-track framework designed to optimize the use of public resources while ensuring the Union's strategic autonomy. For public-sector bodies, the regulation distinguishes clearly between sharing existing public infrastructure and procuring new services from the market. These mechanisms are governed by separate chapters with distinct legal bases, operational models, and financial implications.

Sharing via the EuroCloud Federation (Chapter III)

The EuroCloud Federation, established under Article 34, is a voluntary framework designed to facilitate the sharing of public sector data centre services and cloud computing services between Union entities and public sector bodies. Its primary objective is to maximize the utility of existing public infrastructure, thereby reducing the need for new investments and fostering internal resilience.

Eligibility and Ownership The core condition for participation is ownership. Under Article 35(1), a member of the EuroCloud Federation (the "sharing entity") may share services with another member (the "using entity") only if the sharing entity directly, or indirectly through an intermediate legal entity, owns the hardware through which the service is made available. This provision ensures that the infrastructure remains under public control, aligning with the Act's sovereignty objectives. If the sharing entity acts through an intermediate legal entity, it must exercise decisive control over that entity, ensuring no direct private capital participation and that more than 80% of the entity's activities are performed for the sharing entity.

Governance and Security Before sharing services, the sharing entity must demonstrate to the Commission that it fulfills specific conditions, including the implementation of appropriate technical, operational, and organizational measures to ensure effective, secure, and resilient service provision (Article 35(2)). The Commission assesses these conditions and authorizes the sharing. This mechanism is anchored in public-sector cooperation governed solely by considerations of public interest, not commercial gain.

Financial Model and Procurement Exemption A critical feature of the EuroCloud Federation is its financial structure. Article 35(5) stipulates that any fee charged by the sharing entity to the using entity must be limited strictly to the costs incurred in relation to the sharing of the service. These costs are restricted to additional expenses such as allocating and isolating resources, managing access, and ensuring compliance with Union law. Crucially, these fees do not constitute a "pecuniary interest" or a public contract within the meaning of Directive 2014/24/EU. Consequently, sharing within the EuroCloud Federation does not fall under Union public procurement rules, allowing public bodies to access sovereign capacity without navigating complex tender processes, provided the capacity is owned by another public entity.

Procurement via the Commission (Chapter IV)

In contrast, Chapter IV establishes a framework for the Commission to carry out procurement activities for data centre services, cloud computing services, software, and AI systems. This mechanism is designed for acquiring services from the commercial market, leveraging the collective purchasing power of the Union to achieve economies of scale and better terms.

Central Purchasing Role Under Article 37, the Commission may act as a central purchasing body for Union entities, contracting authorities of Member States, and partner organisations. It can procure services on behalf of these entities by concluding framework contracts or operating dynamic purchasing systems. Additionally, the Commission may act as a wholesaler, acquiring services and reselling them to participating entities. This allows public bodies to access commercial cloud and AI services that meet specific Union assurance levels without each entity conducting its own individual procurement procedure.

Governance and Fees The procurement activities are governed by an agreement between the Commission and at least two Member States, overseen by a Steering Committee (Article 38). This committee provides strategic oversight, while the Commission manages the operational aspects, including the launch of procedures and the award of contracts. Participating entities contribute to the costs through fees levied by the Commission (Article 40). These fees are set to cover the direct and indirect costs incurred by the Commission in connection with the procurement activities, ensuring that the mechanism is financially self-sustaining.

Decision Criteria: Capability, Sovereignty, and Cost

The choice between sharing via the EuroCloud Federation and procuring via the Commission is not arbitrary; it depends on a strategic assessment of three primary factors:

1. Capability and Availability:

   • Sharing: If a public body requires capacity that is already available within the public sector's own infrastructure (e.g., spare capacity in another Member State's data centre), sharing via the EuroCloud Federation is the preferred route. This utilizes idle resources and strengthens internal resilience.
   • Procurement: If the required capability does not exist within the public sector, or if the scale of demand exceeds the available public capacity, procurement is necessary. This is the path for acquiring new, commercial-grade services that the public sector does not currently own.

2. Sovereignty Needs:

   • Sharing: This mechanism inherently supports the highest levels of sovereignty by ensuring that data and infrastructure remain strictly within public ownership. It is ideal for activities identified as contributing to the preservation of public order under Article 29, where the risk assessment may require Union assurance levels 2, 3, or 4.
   • Procurement: While procurement allows access to commercial services, the public body must ensure that the selected provider meets the required Union assurance level. The Commission's procurement framework aims to aggregate demand for services that meet these standards, but the engagement is with commercial providers who may be subject to third-country control (subject to Article 18 derogations for Level 3).

3. Cost Efficiency:

   • Sharing: The financial model is strictly cost-recovery. Fees are limited to the actual costs incurred by the sharing entity, excluding profit margins. This can be significantly more cost-effective than commercial rates, provided the infrastructure exists.
   • Procurement: This involves market prices, but the Commission's central purchasing power can negotiate better terms than individual public bodies could achieve alone. Public bodies must assess whether the cost of developing or accessing public capacity is lower than the market rate for commercial services, factoring in the administrative fees levied by the Commission.

What this means for you

For public-sector procurement officers and IT strategists, the CADA proposal requires a structured decision-making process before initiating any action.

• Assess Internal Capacity First: Before launching a tender for commercial cloud services, check if the required capacity is available within the EuroCloud Federation. Use the catalogue provided by the Commission to identify potential sharing entities. If a public entity in another Member State has spare, sovereign capacity, sharing may be faster, more cost-effective, and more compliant with sovereignty goals than procurement.
• Leverage Central Procurement for Scale: If commercial services are necessary (e.g., for specific AI models or capacity not available publicly), consider participating in the Commission's procurement activities. This approach reduces administrative burden and leverages collective bargaining power. Ensure your entity is part of the agreement between the Commission and Member States to benefit from these framework contracts.
• Compliance with Sovereignty Levels: Regardless of the path chosen, ensure that the services meet the required Union assurance level determined by your risk assessment under Article 29. For sharing, verify that the sharing entity has demonstrated compliance with Article 35 conditions. For procurement, ensure that the tender criteria reflect the necessary sovereignty standards (e.g., Level 2, 3, or 4 for public-order-relevant activities).
• Financial Planning: For sharing, budget for cost-recovery fees, which should be minimal and transparent. For procurement, budget for market rates plus any administrative fees levied by the Commission. Both models aim to optimize costs, but the financial implications and risk profiles differ significantly.

Common misconceptions

"The EuroCloud Federation is a new cloud provider." No. The EuroCloud Federation is a framework for sharing existing public sector capacity. It does not involve the Commission or any public body building new commercial cloud services to sell on the open market. It is a mechanism for resource optimization among public entities.

"Procurement under CADA replaces national procurement rules entirely." While the Commission acts as a central purchasing body, national procurement rules still apply to the initial agreement and the participation of entities. The Commission's role is to streamline and aggregate demand, not to eliminate national oversight. The procurement activities are conducted under a specific agreement that derogates from standard Financial Regulation rules only for the specific procedures managed by the Commission.

"Sharing cloud services is always free." Sharing is not free, but it is cost-recovery based. Fees are limited to the actual costs incurred by the sharing entity, excluding profit margins. This is distinct from commercial procurement, which includes market-driven pricing and profit.

"Only EU-based providers can be procured under CADA." While the CADA emphasizes sovereignty and EU-added value, it does not explicitly ban third-country providers. However, procurement decisions must consider sovereignty risks, and public bodies may be required to procure services meeting specific Union assurance levels. For Level 3, a third-country provider may be eligible only if the Commission has adopted an implementing act under Article 18 confirming sufficient assurances.

Related

• How can a public body share spare capacity via EuroCloud?
• Can a public body both share and use services in the EuroCloud Federation?
• EuroCloud Federation vs Commission Procurement: What CADA Means for Public Buyers
• What counts as a public sector body for EuroCloud Federation membership under CADA?
• What can the Commission procure under CADA Chapter IV?

This is general information about a draft EU regulation, not legal advice.