What criteria must a provider meet for CADA assurance level 3?

Summary As proposed, CADA Union assurance level 3 would require a cloud provider to keep infrastructure, assets and personnel within the EU, with the personnel involved in the service being Union citizens (plus national security clearance where appropriate for classified information). The provider and its involved subcontractors must generally be free from third-country control, unless their home country is identified by the Commission as an "associated third country" under Article 18. Level 3 is proven by an independent third-party audit (Article 20) and requires a European cybersecurity certificate of at least the "substantial" assurance level — not "high," which is reserved for level 4. The criteria are cumulative: a level 3 provider must also satisfy every level 1 and level 2 criterion (Article 20(1)). CADA is a proposal and is not yet in force.

Detail

Under the proposed Cloud and AI Development Act (CADA), Union assurance level 3 would be a high tier of sovereignty for cloud computing services, aimed at public-sector activities that contribute to public order, national security, or the processing of sensitive data. To be recognised, a provider would have to satisfy the cumulative criteria in Annex II, Section 3.1 — and, because the levels are cumulative (Article 20(1)), every criterion of levels 1 and 2 as well.

Unlike level 1, which relies on self-assessment (Article 19), level 3 would require an independent third-party audit under Article 20. The criteria below are quoted or closely paraphrased from the proposal.

1. Establishment and location (Annex II 3.1(a)–(c))

• Union establishment: the audited provider and the subcontractors involved in the service are established in the Union.
• Infrastructure, assets and personnel: all infrastructure, assets and personnel of the provider and its involved subcontractors are located within the Union.
• Data localisation: customer data, including metadata and telemetry, remains exclusively within the Union "at any time, including before, during or after the configuration or use of the service," unless the public sector body explicitly requires otherwise.

2. Personnel — Union citizenship (Annex II 3.1(d))

A defining feature of level 3. The personnel, including the personnel of subcontractors involved in the provision of the audited service, must be Union citizens; and "where appropriate," personnel handling classified information must also hold the necessary national security clearance issued by a Member State (classified information as defined in Article 2, point (21), of Regulation (EU) 2021/697). This is a blanket citizenship rule, in contrast to level 2, where citizenship applies only if the public sector body determines it necessary.

3. Cybersecurity certification (Annex II 3.1(e))

The audited service must obtain a European cybersecurity certificate of at least assurance level "substantial" under a cloud-computing scheme to be established under Regulation (EU) 2019/881 (the Cybersecurity Act). Until such a Union scheme exists, national certification schemes apply where they exist; absent any scheme, the provider must demonstrate that the service complies with the highest cybersecurity standards under applicable Union law. Note: this is the same "substantial" level as level 2 — not "high."

4. AI-training restriction (Annex II 3.1(f))

Data generated by using the audited service cannot be used to train or fine-tune any AI system operated by a third country or a legal entity established in a third country, and cannot be transferred outside the Union "in any case."

5. Third-country control and associated third countries (Annex II 3.1(g))

Generally, the provider and its involved subcontractors must not be subject to the control of a third country or a legal entity established in a third country.

A narrow derogation exists. A provider under third-country control may still be audited for level 3 where:

• the Commission has adopted an implementing act identifying that third country as an "associated third country" under Article 18 — which requires the third country to meet six cumulative criteria, including a GDPR adequacy decision (Article 45 of Regulation (EU) 2016/679), no measures conflicting with lawful access to non-personal data, no measures compelling service degradation or improper sanctions, no obstruction of state-of-the-art technologies, an open market to Union cloud services, and reciprocal procurement access; and
• even then, the provider demonstrates legal, technical and organisational measures ensuring that the third country's control does not restrict service delivery, that third-country access to customer data is prevented, and that disruption or degradation of the service is prevented — and the provider "should allow for reasonable access to the code."

(The Annex II text refers to an implementing act "under Article 19"; read with Article 18, which is the provision governing associated third countries, the associated-third-country mechanism is the operative route.)

6. Support and outsourcing (Annex II 3.1(h))

All technical and operational support, including subsequent sub-outsourcing, must be initiated and performed exclusively within the Union, by personnel who are Union residents, and by third parties not subject to third-country control.

7. Software supply-chain transparency (Annex II 3.1(i)–(j))

• SBOM: a complete, up-to-date software bill of materials (SBOM) and a list of identified dependencies, documented and made available to the auditing organisation.
• Third-country software: where software components are provided, owned or licensed by a third-country entity, documented controls to block remote features that could materially tamper with or disrupt systems; source-code audits of security-relevant components; and a documented migration plan should the vendor fail or a third country impose restrictions.
• Vulnerability reporting: where the provider is under third-country control, a guarantee (demonstrated by independent sources) that no law or practice in that third country requires reporting software-vulnerability information to its authorities before those vulnerabilities are known to have been exploited.
• Open source: documented controls to prevent remote features or mechanisms that could materially tamper with or disrupt a device, system or software.

8. Legal separation of subsidiaries (Annex II 3.1(k))

Where the provider offers services outside the Union and maintains a subsidiary in a third country, it must demonstrate effective legal, technical and organisational separation between the Union parent company and that subsidiary.

What this means for you

For cloud service providers and data centre operators targeting the EU public sector, achieving CADA level 3 would be a structural undertaking, not just a technical upgrade.

Audit and certification are mandatory. You could not self-certify for level 3; you would have to engage an independent auditing organisation under Article 20 and obtain a "positive" opinion, and secure a "substantial" cybersecurity certificate (Annex II 3.1(e)). Note that the proposal sets independence, competence and objectivity conditions for the auditor (Article 20(4)) — it does not describe the organisation as "accredited."

Workforce restructuring. The Union-citizenship requirement for all personnel involved in the service (Annex II 3.1(d)) is a major operational constraint. If support teams, developers or infrastructure engineers are outside the EU or do not hold EU citizenship, you would need to restructure. The same applies to subcontractor staff, and you must be able to evidence citizenship to the auditor.

Data and AI isolation. You would need to architect for absolute EU data localisation and implement technical controls preventing service-generated data from training third-country AI models (Annex II 3.1(f)) — backed by contractual clauses with sub-processors and monitoring of data flows.

Third-country control strategy. If a non-EU entity controls you, you generally could not qualify for level 3 unless your home country is designated an "associated third country" under Article 18 — which requires that country to meet all six cumulative criteria. Otherwise you may need to separate your EU operations into a legally and operationally independent entity free from third-country control.

Software supply-chain due diligence. Maintain a detailed SBOM, audit third-country components for remote-tampering risk, and keep a documented migration plan in case geopolitical restrictions arise (Annex II 3.1(i)).

Common misconceptions

"Level 3 is just about data staying in the EU." Data localisation is required, but level 3 is distinguished above all by personnel Union citizenship (Annex II 3.1(d)) and freedom from third-country control (3.1(g)). Data localisation is required from level 1 onward; the personnel and control restrictions are what tighten sharply at level 3.

"I can self-assess for level 3 if I have strong internal controls." No. Article 20 requires independent third-party audits for levels 2, 3 and 4; self-assessment is only permitted for level 1 (Article 19). The auditing organisation must meet the Article 20(4) conditions — the proposal does not call it "accredited."

"If my EU subsidiary is legally independent, I can qualify even if my parent is foreign-controlled." Not automatically. Annex II 3.1(g) requires that the provider and its involved subcontractors are not subject to third-country control. Legal separation alone may not suffice if the parent retains strategic control, veto rights, or access to code or data. You must demonstrate effective legal, technical and organisational separation, and may need the Article 18 associated-third-country route.

"Level 3 requires the 'high' cybersecurity certificate." No. Level 3 requires at least "substantial" (Annex II 3.1(e)). The "high" level is the level 4 requirement (Annex II 4.1(e)).

"Open-source software is exempt from scrutiny." No. Annex II 3.1(j) requires documented controls to prevent remote features or mechanisms that could materially tamper with or disrupt the service, including where open-source software is used.

Official sources

• GDPR (Regulation (EU) 2016/679)
• Cybersecurity Act (Regulation (EU) 2019/881)

Related

• What criteria must a provider meet for CADA assurance level 4?
• What criteria must a provider meet for CADA assurance level 2?
• What criteria must a provider meet for CADA assurance level 1?
• Who must meet CADA Union assurance levels?
• What must a US hyperscaler do to reach a CADA assurance level?

This is general information about a draft EU regulation, not legal advice.