Summary Under the proposed Cloud and AI Development Act (CADA), Union Assurance Level 4 imposes the strictest data residency regime in the framework. Crucially, for data identified as sensitive following a risk assessment, the requirement to remain exclusively within the Union is absolute: there is no exception allowing a public sector body to authorize transfers outside the EU. Furthermore, Annex II 4.1(f) mandates that all data generated by the service must never leave the Union and must never be used to train or fine-tune AI systems operated by third countries.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a four-tiered Union cloud computing sovereignty framework. Article 16 sets out this framework, with the specific criteria for each level detailed in Annex II. Union Assurance Level 4 is designed for the most critical public sector activities, including those involving classified information or functions essential to preserving public order.

For legal counsel and compliance officers, the distinction between Level 4 and lower levels regarding data residency is not merely a matter of degree but of legal structure. The removal of specific derogation clauses at Level 4 creates a non-waivable obligation for sensitive data.

The Core Residency Rule: Risk-Assessed Sensitive Data

The primary data residency obligation for Level 4 is found in Annex II, Section 4.1(c). Unlike Levels 1, 2, and 3, which apply residency rules to "customer data" broadly, Level 4 specifically targets data that has undergone a specific classification process.

The text of Annex II 4.1(c) requires that:

"the customer data, including metadata and telemetry data, which, following a risk assessment, is identified as sensitive, that is processed, stored and transferred by the audited provider and the subcontractors which are involved in the provision of the service, remain exclusively within the Union and at any time, including before, during or after the configuration or use of the service;"

This provision introduces two critical legal constraints that differ from lower assurance levels:

  1. The "Sensitive" Trigger: The absolute residency obligation applies specifically to data "identified as sensitive" following a risk assessment. This assessment is not performed by the provider but by the Member State or Union entity procuring the service, in accordance with Article 29. The provider must align their technical controls with the specific data sets identified as sensitive in that assessment.
  2. The Absence of the "Explicit Requirement" Derogation: In Annex II sections for Levels 1, 2, and 3, the residency clauses include the phrase: "unless the public sector body explicitly requires otherwise." This clause is deliberately absent from Annex II 4.1(c).
    • Legal Consequence: At Level 4, once data is classified as sensitive, the public sector body cannot legally authorize its transfer outside the Union. The residency requirement is mandatory and non-derogable. This ensures that for the most critical public order functions, operational autonomy is preserved against any potential pressure or error in judgment by the contracting authority.

The "No Foreign AI Training" and Geographic Lock

Beyond the residency of sensitive data, Annex II, Section 4.1(f) imposes a comprehensive prohibition on the use of service-generated data for non-EU AI development. This rule applies to all data generated by using the audited service, regardless of whether it was classified as sensitive in the risk assessment.

The text of Annex II 4.1(f) states:

"the data generated by using the audited service are not used to train or fine-tune any AI system operated by a third country or a legal entity established in a third-country, and are not transferred outside the Union in any case;"

This creates a dual-layer protection mechanism:

  • Geographic Lock: The data "are not transferred outside the Union in any case." This is an absolute prohibition on cross-border data flows for generated data.
  • Usage Lock: The data "are not used to train or fine-tune any AI system operated by a third country." This prevents the "data drain" phenomenon where EU public sector data is used to improve the competitive advantage of foreign AI models, even if the data itself remains within the EU.

The Role of Risk Assessments (Article 29)

The application of these strict Level 4 rules is contingent upon the risk assessment mechanism established in Article 29. Member States and Union entities must carry out these assessments to determine which public sector activities contribute to the preservation of public order.

  • Identification of Sensitive Data: Under Article 29(2), the risk assessment must consider the "sensitivity, criticality, and magnitude of the non-personal data processed," as well as the nature and scope of personal data processing. Only data identified as sensitive through this process triggers the absolute residency rule of Annex II 4.1(c).
  • Determining the Assurance Level: If the risk assessment concludes that an activity requires Level 4 assurance, the contracting authority must procure only services recognized at that level.
  • Migration Obligations: If a risk assessment necessitates a migration to a Level 4 provider, Article 29(6) mandates that the migration must occur within a "reasonable transition period that shall not exceed 12 months," taking into account technical feasibility, continuity of service, and data portability.

Verification and Independent Auditing

Compliance with Level 4 data residency is not a matter of self-declaration. Article 20 requires that providers seeking Level 4 recognition undergo independent third-party audits. The audit evidence required is detailed in Annex III.

For Level 4, auditors must verify:

  • Data Flow Diagrams: Evidence demonstrating that sensitive data does not leave the Union (Annex III, Criterion C).
  • Contractual Controls: Proof that subcontractors are bound by the same absolute residency rules and cannot transfer data outside the Union (Annex III, Criterion C).
  • Technical Controls: Implementation of geographically restricted network controls and privileged access management to prevent unauthorized data exfiltration (Annex III, Criterion H).
  • AI Training Prohibitions: Evidence that data generated by the service is not used for foreign AI training (Annex III, Criterion F).

What this means for you

For in-house legal teams and public procurement officers, the Level 4 data residency rules necessitate a fundamental shift in strategy from "data localization" to "risk-based data classification."

  1. Execute Rigorous Risk Assessments First: You cannot apply Level 4 controls blindly. You must first conduct the risk assessment mandated by Article 29 to explicitly identify which data sets are "sensitive." Only this identified subset is subject to the absolute, non-waivable residency rule of Annex II 4.1(c). Non-sensitive data may have different residency treatments, though the AI training ban remains universal.
  2. Audit the Entire Subcontractor Chain: Level 4 requires that all subcontractors involved in the provision of the service keep sensitive data exclusively in the Union. Your contracts must explicitly forbid data transfers outside the EU for sensitive data, and you must verify that these clauses are enforceable and technically implemented by every tier of your supply chain.
  3. Decouple Residency from AI Training Policies: Even if you have robust data residency controls, you must separately ensure that no data generated by the service is used to train third-country AI models. This is a separate, absolute obligation under Annex II 4.1(f) that applies to all generated data, not just sensitive data.
  4. Prepare for 12-Month Migration Windows: If your current cloud provider does not meet Level 4 criteria, you have a maximum of 12 months to migrate sensitive workloads to a compliant provider. Begin architectural planning now to ensure data portability and minimal service disruption.
  5. Understand the Penalty Regime: Non-compliance with the sovereignty framework triggers the penalty provisions in Article 24. Member States must lay down rules for penalties that are "effective, proportionate and dissuasive." Furthermore, recipients of the service have the right to seek compensation for any damage or loss suffered due to an infringement.

Common misconceptions

"All data must stay in the EU at Level 4." Correction: This is a common over-simplification. Under Annex II 4.1(c), the absolute residency requirement applies specifically to data "identified as sensitive" following a risk assessment. Non-sensitive data may be treated differently regarding residency, though the prohibition on foreign AI training (Annex II 4.1(f)) applies to all data generated by the service.

"We can allow data transfers if the public sector client agrees." Correction: This is legally incorrect for Level 4 sensitive data. The clause "unless the public sector body explicitly requires otherwise," which appears in Levels 1, 2, and 3, is removed in Level 4. The residency requirement for sensitive data is absolute and cannot be waived by the client.

"Level 4 is just 'Level 3 but stricter'." Correction: While Level 4 builds on the foundation of Level 3, the removal of the public-sector override clause for sensitive data creates a distinct legal obligation. It shifts the burden from a conditional requirement (where the client can opt-out) to a mandatory statutory requirement for the protection of public order.

Related

This is general information about a draft EU regulation, not legal advice.