Summary As proposed in the Cloud and AI Development Act (CADA), Union Assurance Level 3 is explicitly designed to enable the secure hosting of EU classified information. However, this capability is strictly conditional: personnel involved in the serviceβ€”including those of subcontractorsβ€”must be Union citizens and, where appropriate, hold the necessary national security clearance issued by a Member State. This clearance is defined by Regulation (EU) 2021/697. While Level 3 permits a limited derogation for providers subject to third-country control (via Article 18), it mandates that all staff handling classified data meet these rigorous citizenship and clearance standards.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, establishes a four-tier "Union cloud computing sovereignty framework" to safeguard the Union's public order. Union Assurance Level 3 represents a critical tier for public sector activities involving high sensitivity, specifically those requiring the handling of classified information.

The Legal Basis for Handling Classified Information

The proposal explicitly confirms that Level 3 services are capable of hosting classified data. Recital 62 of the explanatory memorandum states: "to provide consistency across the Union, Union assurance levels 3 and 4 should allow for the secure hosting of EU classified information." This provision ensures that public sector bodies dealing with national security, defense, and law enforcement can rely on a harmonized EU standard for cloud services.

However, the ability to host such data is not merely a technical certification; it is a personnel-driven requirement. The framework recognizes that the greatest risk to classified information often stems from human access. Therefore, the criteria for Level 3 are built around the identity and vetting of the individuals managing the infrastructure.

Personnel Requirements: Citizenship and Clearance

The core of the Level 3 personnel requirement is found in Annex II, Section 3.1(d). This section mandates that for a cloud computing service to be recognized at Union Assurance Level 3, the personnel involved in the provision of the serviceβ€”including those of subcontractorsβ€”must be Union citizens.

Crucially, the text adds a mandatory condition for classified workloads: "where appropriate, the personnel must also have the necessary national security clearance issued by a Member State when handling classified information." The proposal cross-references Article 2, point (21), of Regulation (EU) 2021/697 (the European Defence Fund Regulation) for the definition of "classified information." This ensures that the term is not interpreted loosely but aligns with the strict EU standards for protecting sensitive data.

This means that a cloud provider cannot simply claim Level 3 status for a classified workload. They must demonstrate that the specific individuals with logical or physical access to the data are not only citizens of an EU Member State but have also undergone the specific vetting process required by their national authorities to hold a security clearance. If a provider cannot guarantee that every person touching the classified data meets these criteria, the service cannot be recognized at Level 3 for that purpose.

Subcontractors and Access to Sensitive Data

CADA as proposed does not allow providers to outsource the risks associated with classified data to unvetted third parties. The framework explicitly addresses the role of subcontractors in Annex II, Section 3.2.

This section defines the scope of subcontractors relevant to Level 3. It states that for Union assurance level 3, subcontractors are third parties that have a direct contractual relationship with the cloud computing service provider, contribute to the provision and delivery of the service, and "may require access to classified or sensitive information, as defined in Article 2, point (22), of Regulation (EU) 2021/697."

This definition is significant for two reasons:

  1. Inclusion in the Audit Scope: Because these subcontractors may access classified information, they fall squarely within the audit criteria of Level 3. The cloud provider must ensure that these subcontractors are established in the Union and that their personnel also meet the citizenship and clearance requirements of Annex II, Section 3.1(d).
  2. Chain of Responsibility: The primary provider remains responsible for the compliance of its entire supply chain. If a subcontractor lacks the necessary security clearance or is not a Union citizen, the entire service fails the Level 3 criteria for handling classified data. The provider must implement "legal, technical and organisational measures" to ensure that no unauthorized person, including those at the subcontractor level, can access the data.

The Third-Country Derogation (Article 18)

A distinct feature of Level 3, compared to Level 4, is its flexibility regarding ownership and control. Annex II, Section 3.1(g) states that generally, the audited provider and its subcontractors must not be subject to the control of a third country. However, it provides a specific derogation: a provider subject to third-country control may still be audited for Level 3 if the Commission has adopted an implementing act under Article 18 (Associated third countries).

Article 18 allows the Commission to identify third countries that provide sufficient assurances (e.g., adequacy decisions under the GDPR and safeguards against extraterritorial access). If such a decision exists, a provider controlled by that third country can qualify for Level 3, provided they demonstrate that the third country cannot exercise control in a way that compromises the service or forces the provider to comply with restrictive measures.

This makes Level 3 a viable option for certain international providers that have established robust legal and technical firewalls, whereas Level 4 strictly prohibits any third-country control (Annex II, Section 4.1(g)). However, even under this derogation, the personnel requirements remain absolute: the staff handling the classified data must still be Union citizens with the requisite national security clearance.

The Role of Risk Assessments and Procurement

The decision to use Level 3 for classified information is not automatic for all public bodies. Under Article 29, Member States and Union entities must conduct risk assessments to determine which assurance level is appropriate for their activities. These assessments must identify activities that contribute to the preservation of public order, including those in national security, defense, and law enforcement.

If a risk assessment determines that an activity involves classified information, Article 30(3) mandates that the contracting authority shall only procure cloud computing services recognized as offering Union Assurance Level 2, 3, or 4. For the specific handling of classified data, Level 3 (or 4) is effectively required because Level 2 does not explicitly mandate the security clearance provisions found in Level 3.

What this means for you

For public-sector procurement officers, IT security managers, and cloud service providers, the Level 3 framework introduces a high bar for compliance when dealing with classified data.

  1. Verify Clearance, Not Just Citizenship: Do not assume that a provider's Level 3 recognition automatically covers your specific classified workload. You must verify that the specific personnel assigned to your project hold the national security clearance required for your data's classification level. Request evidence of these clearances during the tendering process.
  2. Audit the Entire Supply Chain: Ensure your contract explicitly requires the provider to disclose all subcontractors who may access classified or sensitive information. Verify that these subcontractors are also established in the Union and that their personnel meet the Union citizenship and clearance requirements of Annex II, Section 3.1(d).
  3. Check the Derogation Status: If your preferred provider is subject to third-country control, verify whether the Commission has adopted an implementing act under Article 18 for that specific third country. Without this act, the provider cannot qualify for Level 3, regardless of their technical capabilities.
  4. Consult the Central Repository: Before issuing a tender, consult the central repository of recognized services (established under Article 22) to identify providers that have already been audited and recognized for Level 3. This reduces administrative burden and ensures you are selecting from a pre-vetted pool of compliant providers.

Common misconceptions

"Level 3 is only for EU-owned companies." This is incorrect. While providers must be established in the Union, Level 3 allows for a derogation where a provider subject to third-country control can qualify if the Commission has adopted an implementing act under Article 18. Level 4, however, strictly prohibits third-country control.

"Any EU citizen can handle classified data." No. Annex II, Section 3.1(d) is explicit: personnel must be Union citizens and, where appropriate, hold the necessary national security clearance issued by a Member State. Citizenship alone is insufficient for classified workloads.

"Level 3 automatically applies to all public sector cloud." No. Level 1 is the baseline for most public sector activities. Level 3 is reserved for activities identified in risk assessments (under Article 29) as contributing to the preservation of public order and involving sensitive or classified information.

"Subcontractors are exempt from clearance rules." No. Annex II, Section 3.2 explicitly includes subcontractors who may require access to classified or sensitive information within the scope of Level 3. They must meet the same citizenship and clearance standards as the primary provider's staff.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.