Summary Under the proposed Cloud and AI Development Act (CADA), Union assurance level 4 is the highest tier of the sovereignty framework. Both levels 3 and 4 are high-assurance tiers verified by independent third-party audit (Article 20), and both require Union establishment, Union-located infrastructure and personnel, Union-citizen staff, exclusive EU data localisation, and a Union-only support chain. Two things separate them. First, third-country control: at level 4 the provider and its subcontractors must not be under third-country control, with no derogation; at level 3 a third-country-controlled provider can still qualify if the Commission has recognised that country as "associated" under Article 18. Second, level 4 demands the strictest software supply-chain control (no third-country effective control over design and evolution) and the higher "high" cybersecurity certificate (level 3 requires "substantial"). CADA is a proposal (COM(2026) 502 final), not yet in force.

Detail

As proposed in Article 16, CADA's "Union cloud computing sovereignty framework" has four assurance levels, with the criteria in Annex II. Levels 3 and 4 are the high-assurance tiers, intended for public-sector activities that an Article 29 risk assessment identifies as contributing to the preservation of public order — with level 4 reserved for the most critical, such as defence. Both are verified by independent third-party audit (Article 20); self-assessment (Article 19) is available only at level 1. The criteria are cumulative, so a level 4 service must also meet every level 1, 2 and 3 criterion (Article 20(1)).

Union assurance level 4 — the highest tier

Level 4 sits at the top of the framework. Its cumulative criteria (Annex II §4.1) include:

  • No third-country control — absolute. The provider and its subcontractors involved in the service must not be subject to the control of a third country or a third-country entity (§4.1(g)). Unlike level 3, there is no Article 18 derogation at level 4.
  • Union establishment and location. The provider and subcontractors must be established in the Union, with infrastructure, assets and personnel located in the Union (§§4.1(a), (b)).
  • Data localisation. Customer data — including metadata and telemetry — that a risk assessment identifies as sensitive must remain exclusively within the Union at all times (§4.1(c)).
  • Union-citizen personnel. All personnel, including subcontractor staff, must be Union citizens, with the necessary national security clearance from a Member State where handling classified information (§4.1(d)).
  • Cybersecurity certificate — "high." The service must obtain a European cybersecurity certificate of at least assurance level "high" under a scheme established under Regulation (EU) 2019/881 (the Cybersecurity Act); until such a scheme exists, national schemes apply, or failing that the highest cybersecurity standards under Union law (§4.1(e)).
  • No AI training for third countries. Data generated by using the service may not be used to train or fine-tune any AI system operated by a third country or third-country entity, and may not be transferred outside the Union (§4.1(f)).
  • Strictest software-control test. Beyond the SBOM and dependency list, the provider must show that no third country or third-country entity holds or exercises effective control over the design, development, maintenance and evolution of the software components or products. Effective control expressly includes the ability to materially influence technical evolution, maintenance priorities, security remediation and long-term continuity (§4.1(i)).
  • Union-only support and subsidiary separation. Support must be initiated and performed exclusively within the Union by Union residents and by parties not under third-country control (§4.1(h)); and where the provider operates globally with a third-country subsidiary, it must enforce effective legal, technical and organisational separation between the Union parent and that subsidiary (§4.1(k)).

Union assurance level 3 — high assurance, with the Article 18 derogation

Level 3 shares most of level 4's stringency but differs on third-country control and on two graded requirements.

The third-country-control derogation. At level 3 the provider and subcontractors must, as a rule, not be under third-country control (Annex II §3.1(g)). The exception is the Article 18 mechanism: the Commission may, by implementing act, identify a third country as "associated," after which a provider controlled by that country (or an entity established there) may be audited against the level 3 criteria. (Annex II §3.1(g) cross-refers to "Article 19," but the operative provision is Article 18, "Associated third countries" — an apparent cross-reference error in the proposal.) Even under the derogation, the provider must still demonstrate that the third country's control does not restrict service delivery, that third-country access to customer data is prevented, that service disruption or degradation is prevented, and that it is not compelled to apply sanctions/embargoes unless legitimate under Member State or Union law (§3.1(g)(i)-(iv)); it should also allow reasonable access to the code.

For a country to be recognised under Article 18, it must meet cumulative criteria (Article 18(1)): a GDPR adequacy decision (Article 45 of Regulation (EU) 2016/679); no control measures conflicting with the lawful-access rules for non-personal data in Article 32(2)-(3) of the Data Act (Regulation (EU) 2023/2854); no measures to compel service disruption or to force application of sanctions/embargoes (save where legitimate under Member State or Union law); no measures impeding state-of-the-art technologies; an open market to Union cloud services; and equivalent access for Union-controlled providers to that country's public procurement (Article 18(1)(a)-(f)).

Cybersecurity certificate — "substantial." Level 3 requires at least "substantial", one step below level 4's "high" (§3.1(e)).

Software supply chain. Level 3 requires the SBOM, dependency list, controls to block remote tampering, source-code audits and migration plans for third-country components (§3.1(i)) — but not level 4's "no third-country effective control over design and evolution" test. Other criteria largely mirror level 4: Union establishment and location, exclusive EU data localisation, Union-citizen personnel, Union-resident support, and separation from any third-country subsidiary.

Key differences at a glance

Feature Union assurance level 3 Union assurance level 4
Third-country control Allowed only if the country is recognised under Article 18 and the safeguard criteria are met Prohibited — no derogation
Cybersecurity certificate At least "substantial" At least "high"
Software supply chain SBOM, anti-tampering controls, source-code audits, migration plans All of level 3 plus no third-country effective control over design, development, maintenance and evolution
Data localisation Customer data (incl. metadata/telemetry) exclusively in the Union Same, focused on data identified as sensitive by risk assessment
Typical use High-sensitivity public-order activities Most critical activities (e.g. defence, highest-sensitivity functions)

What this means for you

For providers and data centre operators, the level 3 / level 4 line is mainly about ownership and software control.

  1. Check who controls you. If a third-country entity controls your business, level 4 is closed — there is no derogation. Level 3 is open only if the Commission has recognised your controlling country under Article 18, and you must still prove the safeguard criteria.
  2. Plan the cybersecurity step-up. Level 3 needs "substantial"; level 4 needs "high." Track the development of the EU cloud cybersecurity certification scheme under the Cybersecurity Act, and rely on national schemes or equivalent standards in the interim, as Annex II allows.
  3. Prove software control for level 4. Level 4 auditors will test whether any third party has effective control over your software's design, maintenance priorities, security remediation and long-term continuity (Annex II §4.1(i)). Maintain SBOMs and evidence of independent control, not just anti-tampering controls.
  4. Staff and locate to the strictest tier you target. Both levels require Union-citizen personnel and Union-located infrastructure and assets, plus Union-resident support and separation from third-country subsidiaries.
  5. Follow the risk assessments. Public bodies use Article 29 risk assessments to set the required level for each activity, and the methodology must ensure the highest assurance for the most critical activities, including defence (Article 29(3)). Level 4 is most likely for those; level 3 for other high-sensitivity public-order activities.

Common misconceptions

  • "Level 3 and level 4 differ only in the cybersecurity certificate." No. The decisive difference is third-country control — prohibited outright at level 4, permitted at level 3 only via Article 18 — and level 4's stricter software-control test. The certificate ("substantial" vs "high") is one difference among several.
  • "I can self-assess for level 3 or 4." No. Self-assessment (Article 19) is available only at level 1. Levels 2, 3 and 4 require an independent third-party audit (Article 20).
  • "A third-country subsidiary is fine if it doesn't touch EU data." At both levels, a provider operating globally with a third-country subsidiary must enforce effective legal, technical and organisational separation from the Union parent (Annex II §§3.1(k), 4.1(k)).
  • "Level 4 is only for defence." Defence is the clearest case, but level 4 applies to any public-sector activity a risk assessment identifies as needing the highest assurance to preserve public order.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.