Marketplace Transparency

Are revoked recognitions published in the CADA central repository? Yes. CADA Article 23: What 'as soon as possible' means for transparency notifications Under the proposed Cloud and AI Development Act (CADA), cloud computing service providers must notify auditing organisations and national competent authori CADA Article 23: What happens if a CSP self-reports a change lowering its sovereignty tier? Under the proposed Cloud and AI Development Act (CADA), a cloud computing service provider (CSP) must immediately self-report any material change that affe CADA Article 23: What happens when a material change is reported? Under the proposed Cloud and AI Development Act (CADA), the integrity of the Union assurance framework relies on a rapid response mechanism to operational CADA Articles 22 vs 23: The Repository vs. The Notification Duty Under the proposed Cloud and AI Development Act (CADA), Article 22 and Article 23 form the backbone of the Union's cloud sovereignty transparency framework CADA Central Repository Fee: Is there a cost to be listed? No, there is no fee for being listed in the Cloud and AI Development Act (CADA) central repository. CADA Central Repository: How it aids auditors, NCAs and oversight As proposed, the Cloud and AI Development Act (CADA) establishes a central repository to serve as the single, authoritative source of truth for cloud compu CADA Central Repository: What data fields does each entry contain? The proposed Cloud and AI Development Act (CADA) establishes a central repository to list cloud computing services recognised under the Union sovereignty f CADA Central Repository: What it means for a cloud provider to be listed Under the proposed Cloud and AI Development Act (CADA), being listed in the central repository is the definitive proof that a cloud service has been formal CADA Central Repository: Who can access it and is it public? As proposed, the CADA central repository is fully open to the public. CADA: Do transparency obligations end when a provider exits the repository? No, the transparency obligations under the proposed Cloud and AI Development Act (CADA) do not simply cease when a cloud computing service provider exits t CADA Marketplace Transparency: How Articles 22 & 23 Build Trust The proposed Cloud and AI Development Act (CADA) establishes a marketplace transparency model anchored in Article 22 and Article 23 to verify the sovereign CADA Marketplace Transparency: The Public Register Explained As proposed, the Cloud and AI Development Act (CADA) would create a single, publicly accessible online register of cloud services that meet specific EU sov CADA Penalties for Failing to Disclose Changes: Article 23 & 24 Explained Under the proposed Cloud and AI Development Act (CADA), cloud computing service providers holding a Union assurance level must immediately notify national CADA Procurement: Can a buyer rely on the repository when a service is not listed? Under the proposed Cloud and AI Development Act (CADA), a public contracting authority generally cannot procure a cloud computing service that is not liste CADA Procurement & Central Repository: How Public Buyers Must Verify Sovereign Cloud Under the proposed Cloud and AI Development Act (CADA), public procurement is inextricably linked to the central repository established by Article 22. CADA Procurement Rules: When Public Bodies Must Use Recognised Cloud Services Under the proposed Cloud and AI Development Act (CADA), public-sector contracting authorities are legally required to procure cloud computing services that CADA Recognition vs Repository Listing: What's the Difference? Under the proposed Cloud and AI Development Act (CADA), recognition and repository listing are distinct but causally linked steps in the Union cloud comput CADA Repository Check: What Procurement Teams Must Verify Before Tendering Before launching a tender, a procurement team must consult the CADA central repository to verify that candidate cloud services hold the specific Union assu CADA Repository: Does one provider get one listing or many? Under the proposed Cloud and AI Development Act (CADA), a single cloud provider does not receive a single, monolithic listing for its entire corporate enti CADA Repository: How long are audit opinion revocations kept? Under the proposed Cloud and AI Development Act (CADA), the central repository of cloud computing services must publish and retain records of any revocatio CADA Repository: How long do revoked recognitions stay published? Under the proposed Cloud and AI Development Act (CADA), a revoked recognition or audit opinion must remain published in the central repository for five yea CADA Repository & Public Order: How Article 22 Links to Article 30(3) Under the proposed Cloud and AI Development Act (CADA), the central repository of recognised cloud services (Article 22) serves as the mandatory verificati CADA Repository vs EUCS: How the Sovereign Cloud Register Complements Cybersecurity Certification The CADA central repository and the European Cybersecurity Certification Scheme for Cloud Services (EUCS) serve distinct, complementary functions within th CADA Repository: What happens when a cloud service is discontinued? Under the proposed Cloud and AI Development Act (CADA), a cloud computing service provider must immediately notify its auditing organisation and national c CADA Transparency & Audits: How Material Changes Trigger Reassessment Under the proposed Cloud and AI Development Act (CADA), transparency is a dynamic, continuous obligation that is legally fused with the audit evidence regi CADA Transparency Checklist: How Cloud Providers Must Report Material Changes Under the proposed Cloud and AI Development Act (CADA), cloud computing service providers (CSPs) recognised at Union assurance levels 1 through 4 face a co CADA Transparency: Continuous Duty vs. Audit Cycle Under the proposed Cloud and AI Development Act (CADA), transparency obligations for cloud computing service providers are continuous and ongoing, not limi CADA Transparency Notification Chain: How Article 23 Works Under the proposed Cloud and AI Development Act (CADA), the transparency notification chain is a mandatory, sequential mechanism designed to preserve the i CADA Transparency Obligations: Do They Apply to All Assurance Levels? Yes, under the proposed Cloud and AI Development Act (CADA), transparency obligations apply universally to all cloud computing service providers recognised CADA Transparency Obligations: Why Article 23 Matters for Public Buyers The purpose of the Cloud and AI Development Act's (CADA) transparency obligations is to ensure that the "Union cloud computing sovereignty framework" remai CADA vs GDPR: How Transparency Obligations Differ for Cloud Providers The transparency obligations under the proposed Cloud and AI Development Act (CADA) are fundamentally distinct from those under the General Data Protection Can a buyer file a complaint about a misleading CADA repository listing? Yes, a public-sector buyer can raise concerns about the accuracy of a cloud service's listing in the central CADA repository, but the proposed regulation d Can a cloud provider lose its sovereignty tier for not disclosing a change? | CADA Yes, under the proposed Cloud and AI Development Act (CADA), a cloud provider can lose its recognised sovereignty tier if it fails to disclose material cha Can a CSP be penalised even after correcting a disclosed change under CADA? Yes, a cloud computing service provider (CSP) can still be penalised under the proposed Cloud and AI Development Act (CADA) even if it corrects a disclosed Can a foreign or non-EU cloud provider appear in the CADA central repository? As proposed, a non-EU cloud provider can appear in the CADA central repository only if its services are formally recognised as meeting one of the four Unio Can a private company use the CADA central repository to choose a cloud provider? Yes, private companies can and are encouraged to use the central repository of cloud computing services established under the proposed Cloud and AI Develop Do cloud providers apply directly to be listed in the CADA repository? No, cloud service providers do not apply directly to be listed in the Cloud and AI Development Act (CADA) central repository. Does a change of ownership trigger a CADA transparency notification? Yes, a change of ownership or control of a cloud computing service provider would trigger a mandatory transparency notification under the proposed Cloud an Does a security incident require a CADA transparency notification? Under the proposed Cloud and AI Development Act (CADA), a security incident does not automatically trigger a specific "incident report" to regulators. Does CADA repository listing guarantee full cloud sovereignty? No, inclusion in the CADA central repository does not guarantee that a cloud service is "fully sovereign." As proposed under Article 22, the repository ser Does CADA require a dedicated website for the central repository? Yes, as proposed, the Cloud and AI Development Act (CADA) explicitly requires the European Commission to host the central repository of recognised sovereig Does the CADA central repository list all four sovereignty tiers? Yes, as proposed, the CADA central repository lists cloud computing services recognised at all four Union assurance levels (levels 1, 2, 3, and 4). Does the CADA central repository replace national cloud certification lists? No, the CADA central repository does not replace national cloud certification lists or existing cybersecurity certification schemes like the European Cyber Does the CADA repository list third-country associations for cloud services? The proposed Cloud and AI Development Act (CADA) central repository does not explicitly list the specific third countries associated with a cloud service. How can SMEs use the CADA repository to find compliant cloud services? As proposed, the Cloud and AI Development Act (CADA) would establish a central, public repository of cloud computing services recognised as meeting specifi How do CADA transparency obligations affect cloud contracts and SLAs? As proposed, the Cloud and AI Development Act (CADA) imposes strict, ongoing transparency obligations on cloud service providers seeking Union assurance re How does a cloud provider get listed in the CADA central repository? To appear in the CADA central repository, a provider must first obtain recognition for its service at one of the four Union assurance levels under Article How does a cloud service get listed in the CADA central repository? A cloud computing service is not listed in the CADA central repository by applying to the European Commission. How does a provider correct or update its CADA repository listing? Under the proposed Cloud and AI Development Act (CADA), a cloud computing service provider cannot directly edit its entry in the central repository of reco How does CADA help buyers compare sovereign cloud providers? As proposed, the Cloud and AI Development Act (CADA) establishes a single, publicly accessible central repository to help public-sector buyers compare sove How does CADA prevent false sovereignty claims by cloud providers? The proposed Cloud and AI Development Act (CADA) would prevent "sovereignty washing"—where providers falsely claim high levels of trust—by replacing self-d How does CADA transparency reduce vendor lock-in concerns for buyers? As proposed, the Cloud and AI Development Act (CADA) would significantly reduce vendor lock-in concerns by mandating a central, public repository of cloud How does CADA transparency support cross-border cloud procurement in the EU? As proposed, the Cloud and AI Development Act (CADA) establishes a single, publicly accessible central repository of cloud services recognised for Union as How does the CADA central repository improve the EU cloud market? As proposed, the Cloud and AI Development Act (CADA) would establish a central repository of cloud computing services to fundamentally improve the EU cloud How does the CADA repository support EU digital sovereignty goals? The proposed Cloud and AI Development Act (CADA) establishes a central repository of recognised cloud computing services to operationalise the EU's digital How do I check a cloud service's sovereignty tier in the CADA repository? Under the proposed Cloud and AI Development Act (CADA), you would check a cloud service's sovereignty tier in the central repository of cloud computing ser How do public-sector buyers use the CADA central repository? Under the proposed Cloud and AI Development Act (CADA), the central repository would be the place public-sector buyers check to confirm a cloud service's r How is the CADA central repository kept up to date? The proposed Cloud and AI Development Act (CADA) ensures the integrity of its central repository through a strict, multi-layered notification chain rather How often is the CADA central repository updated? As proposed, the Cloud and AI Development Act (CADA) central repository of recognised cloud computing services is not updated on a fixed calendar schedule How public buyers verify CADA sovereignty claims against the central repository Under the proposed Cloud and AI Development Act (CADA), public buyers cannot rely on vendor marketing to verify sovereignty. How quickly is a revocation reflected in the CADA central repository? Under the proposed Cloud and AI Development Act (CADA), there is no fixed statutory deadline (e.g., 24 or 48 hours) for a revocation to appear in the centr How should a CSP build an internal process for CADA transparency notifications? Under the proposed Cloud and AI Development Act (CADA), cloud computing service providers (CSPs) holding a recognized Union assurance level must establish How should a CTO factor the CADA central repository into a cloud strategy? As proposed, the Cloud and AI Development Act (CADA) would establish a central repository of cloud computing services recognized under specific Union assur Is the CADA central repository a marketplace to buy cloud services? No, the CADA central repository is not a marketplace where public-sector bodies can purchase cloud services. Is the CADA central repository publicly available? Yes, as proposed, the Cloud and AI Development Act (CADA) central repository of recognised cloud computing services would be publicly available. What are the CADA penalty criteria for transparency breaches? As proposed in COM(2026) 502 final, the Cloud and AI Development Act (CADA) requires Member States to establish penalties for cloud computing service provi What are the transparency obligations on cloud providers under CADA? Under the proposed Cloud and AI Development Act (CADA), a cloud computing service provider that has been recognised at a Union assurance level must, as soo What counts as a material change in circumstances under CADA Article 23? Under the proposed Cloud and AI Development Act (CADA), a "material change in circumstances" is any event or update that could compromise a cloud provider' What evidence supports a CADA transparency notification decision? Under the proposed Cloud and AI Development Act (CADA), a cloud computing service provider must notify its auditing organisation and national competent aut What examples of material changes must a CSP report under CADA? Under the proposed Cloud and AI Development Act (CADA), cloud computing service providers (CSPs) face a continuous, proactive obligation to report "materia What happens when a recognition is amended or revoked under CADA Article 23? Under the proposed Cloud and AI Development Act (CADA), a cloud computing service provider's Union assurance recognition is dynamic, not static. What information does the CADA central repository show about cloud services? As proposed in the Cloud and AI Development Act (CADA), the central repository would be the publicly available record of cloud computing services that have What is a recognised cloud computing service provider under CADA Article 23? Under the proposed Cloud and AI Development Act (CADA), a "recognised cloud computing service provider" is a provider whose cloud services have been formal What is Article 22 of CADA (the central repository of cloud services)? Article 22 of the proposed Cloud and AI Development Act (CADA) establishes the central repository of cloud computing services — a publicly available regist What is Article 23 of the Cloud and AI Development Act (CADA)? Article 23 of the proposed Cloud and AI Development Act (CADA) sets out the transparency obligations on recognised cloud computing service providers. What is the CADA central repository of cloud computing services? The central repository is a publicly available, EU-wide register that the European Commission would establish and maintain to list cloud computing services What is the role of the national competent authority of establishment in the CADA repository? Under the proposed Cloud and AI Development Act (CADA), the national competent authority (NCA) of establishment serves as the sole gatekeeper for the EU's What should a buyer do if a service is revoked in the CADA repository mid-contract? If a cloud computing service loses its Union assurance level recognition mid-contract, the revocation is published in the central repository and remains vi When must a cloud provider report changes under CADA? Under the proposed Cloud and AI Development Act (CADA), cloud computing service providers holding a Union assurance level recognition must notify their aud Who enforces CADA transparency obligations on cloud providers? Under the proposed Cloud and AI Development Act (CADA), the national competent authority of establishment holds exclusive competence to enforce transparenc Who maintains the CADA central repository of cloud services? Under the proposed Cloud and AI Development Act (CADA), the European Commission is legally responsible for establishing and maintaining the central reposit Who must cloud providers notify of changes under CADA? Under the proposed Cloud and AI Development Act (CADA), cloud computing service providers recognised under the Union sovereignty framework must immediately Who registers a cloud service in the CADA central repository? Under the proposed Cloud and AI Development Act (CADA), cloud computing service providers do not register their own services in the central repository. Who sets the penalties for CADA transparency infringements? Under the proposed Cloud and AI Development Act (CADA), the European Union does not set fixed fine amounts for transparency infringements. Why does CADA keep revoked recognitions visible for five years? Under the proposed Cloud and AI Development Act (CADA), the European Commission's central repository must retain records of revoked cloud computing service Why list in the CADA repository? Public procurement access & market advantage As proposed in the Cloud and AI Development Act (CADA), listing in the central repository is effectively mandatory for cloud providers seeking to serve the Why must NCAs notify other Member States of recognition changes under CADA? Under the proposed Cloud and AI Development Act (CADA), national competent authorities (NCAs) are legally required to notify all other Member States and th