What barriers to SME participation must Member States address under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), Member States have a mandatory duty to actively identify and dismantle barriers preventing small and medium-sized enterprises (SMEs) from accessing public procurement for cloud computing services and AI systems. Article 33(2) explicitly requires authorities to use monitoring data to improve SME access, design simplified and proportionate procurement strategies, and divide contracts into lots "where appropriate." Furthermore, Member States must promote the use of innovation procedures and pre-commercial procurement to foster a competitive European ecosystem. The regulation sets an aspirational target for at least 25% of relevant procurement to be awarded to innovative SMEs, linking these obligations to national cloud and AI strategies.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, recognizes that public procurement is a primary signal of market direction. To reduce dependence on non-European providers and strengthen the Union's technological sovereignty, the Act mandates that public authorities actively support the participation of European SMEs and start-ups. Article 33 establishes a comprehensive framework for monitoring, reporting, and taking corrective action to ensure that smaller innovators are not excluded from the cloud and AI market.

Monitoring and Reporting as a Diagnostic Tool

The foundation of CADA's SME strategy is data-driven oversight. Article 33(1) obliges Member States to monitor and report on their use of procurement of innovation in cloud computing services and AI systems. This is not a passive administrative exercise; it is a diagnostic requirement. Member States must annually inform the Commission of:

• The size of the economic operators participating in such procurement.
• SME participation trends, including the number of contracts awarded to SMEs.
• The share of the total contract value awarded to SMEs (as a percentage).
• The share of cross-border SME participation, where available.
• Measures taken to improve SME access to public procurement procedures.

This data collection allows the Commission and Member States to identify systemic issues and track progress toward the Act's objectives.

Mandatory Actions to Remove Barriers (Article 33(2))

The core operational requirement is found in Article 33(2). Member States must ensure that the monitoring data is actively used to drive specific policy changes. The regulation mandates that authorities:

1. Identify barriers to SMEs participation in procurement procedures.
2. Improve access of SMEs to procurement markets.
3. Support the design of simplified, proportionate, and SME-friendly procurement strategies.
4. Promote the participation of SMEs in the innovation procedure foreseen under Directive 2014/24/EU.
5. Promote pre-commercial procurement of cloud computing services and AI systems.

Crucially, Article 33(2) explicitly states that these strategies must include the division into lots where appropriate. Large, monolithic contracts for complex cloud infrastructure or AI systems often present insurmountable financial and technical thresholds for smaller firms. By legally requiring authorities to consider dividing contracts into smaller, manageable lots, CADA aims to lower entry barriers. This allows SMEs to bid on specific components of a larger project (e.g., data migration, specific AI model training, or security services) rather than being forced to compete for the entire ecosystem against established hyperscalers.

Strategic Targets and National Integration

To translate these obligations into results, Article 33(4) establishes a clear strategic objective: Member States shall pursue the goal that at least 25% of their procurement for cloud computing services and AI systems be awarded to innovative SMEs.

This is not an isolated target. Member States must include concrete plans in their national cloud and AI strategies (required under Article 7) detailing how they intend to achieve this objective. This creates a direct link between high-level national industrial policy and day-to-day procurement practices, ensuring that SME support is embedded in the broader digital strategy.

Practical Measures for Contracting Authorities

Beyond national-level strategy, Article 33(5) imposes specific duties on Union entities and contracting authorities to facilitate SME engagement. They are required to promote:

• Preliminary market consultations: Engaging with potential suppliers early to understand capabilities and shape requirements.
• Matchmaking: Connecting public buyers with innovative solutions provided by European SMEs and start-ups.
• Favourable contract clauses: Developing public contract clauses that are specifically favourable for innovative SMEs.

These measures address the information asymmetry and administrative complexity that often disadvantage smaller firms. By engaging early and tailoring processes, authorities can help SMEs navigate the procurement landscape effectively.

Legal Context and Synergies

CADA's provisions complement existing EU public procurement rules, particularly Directive 2014/24/EU. While the Directive already permits the division of contracts into lots and the use of innovation partnerships, CADA elevates these practices from optional tools to mandatory considerations for cloud and AI procurement. The regulation acknowledges that the rapid pace of technological change in AI and cloud computing requires a more agile approach. By mandating the promotion of pre-commercial procurement (procurement of R&D services) and innovation procedures, CADA enables public authorities to act as "launch customers" for emerging European technologies, providing the revenue certainty and validation that SMEs need to scale.

The requirement to report on cross-border SME participation further aligns with the EU's goal of a single digital market. It encourages Member States to look beyond national borders, increasing the pool of potential suppliers and fostering competition across the Union.

What this means for you

For public-sector procurement officers, contracting authorities, and national policymakers, CADA introduces a proactive, non-negotiable duty to support SMEs in cloud and AI procurement.

1. Audit Your Procurement History: Review past cloud and AI contracts. Identify where large, undivided contracts may have excluded SMEs. Assess whether technical specifications were overly prescriptive, favoring incumbents.
2. Implement Lot Division: For future tenders, actively consider dividing contracts into lots. Instead of a single contract for a full cloud migration, create separate lots for data migration, application hosting, and security. This allows SMEs to bid for their specific areas of expertise.
3. Adopt Innovation Tools: Familiarize your team with the innovation procedure and pre-commercial procurement options under Directive 2014/24/EU. These tools are essential for procuring R&D services or solutions not yet on the market, where SMEs often excel.
4. Engage Early: Conduct preliminary market consultations. Reach out to SMEs and start-ups to understand their capabilities. Use this feedback to shape procurement documents, making them accessible and realistic.
5. Plan for the 25% Target: Ensure your organization contributes to national reporting. Work with national authorities to develop the plans required by Article 33(4) to reach the 25% target for innovative SMEs.

By adopting these measures, you not only comply with the proposed regulation but also actively contribute to building a resilient, diverse, and sovereign European cloud and AI ecosystem.

Common misconceptions

"CADA lowers technical standards for SMEs."

• Reality: CADA does not lower the technical or security standards required for cloud and AI services. The sovereignty framework and Union assurance levels (Article 16) apply equally to all providers. However, it encourages authorities to design procurement processes that allow SMEs to demonstrate compliance without facing disproportionate administrative burdens.

"SMEs must win 25% of all public contracts."

• Reality: The 25% target in Article 33(4) applies specifically to procurement of innovation in cloud computing services and AI systems, not to all public spending. It is a strategic objective to be pursued through national plans, not a rigid legal quota that triggers penalties if missed.

"Division into lots is purely optional."

• Reality: While the final decision on lot division rests with the contracting authority based on project specifics, Article 33(2) explicitly requires authorities to support strategies that include division into lots "where appropriate." Ignoring this possibility without justification may be seen as failing to remove barriers to SME participation.

"Only large enterprises can meet sovereignty requirements."

• Reality: The Union assurance levels (Article 16) are designed to be scalable. SMEs can achieve recognition at Union assurance level 1 through self-assessment, and higher levels through audits. CADA aims to level the playing field by ensuring that sovereignty criteria do not inadvertently exclude smaller European providers.

Related

• CADA Article 33: What must Member States report on innovation procurement?
• CADA Article 33: How often must Member States report innovation procurement data?
• Can Member States set a higher SME target than 25% under CADA?
• CADA SME Procurement Target: What Share of Cloud Contracts Must Go to SMEs?
• CADA Article 33: How Member States Report Innovation Procurement Data

This is general information about a draft EU regulation, not legal advice.