Summary Under the proposed Cloud and AI Development Act (CADA), cloud computing service providers seeking recognition at Union Assurance Level 3 must adhere to two distinct data regimes. First, customer data (including metadata and telemetry) must remain exclusively within the Union, unless the public sector body explicitly requires otherwise. Second, data generated by using the audited service is subject to an absolute prohibition: it must never be transferred outside the Union and cannot be used to train or fine-tune any AI system operated by a third country or a legal entity established in a third country. These rules are codified in Annex II, Section 3.1(c) and 3.1(f) of the CADA proposal.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a tiered sovereignty framework to mitigate strategic dependencies and protect the Union's public order. Union Assurance Level 3 is designed for activities of high sensitivity, such as national security, defence, justice, and law enforcement. The data rules at this level are bifurcated: they distinguish between data input by the customer and data generated by the service itself, applying different transfer and usage restrictions to each.

1. Customer Data Residency: The "Explicit Requirement" Exception

The foundational rule for customer data at Level 3 is strict territorial confinement. Annex II, Section 3.1(c) mandates that:

"the customer data, including metadata and telemetry data, that is processed, stored and transferred by the audited provider and the subcontractors which are involved in the provision of the service, remain exclusively within the Union, unless the public sector body explicitly requires otherwise and at any time, including before, during or after the configuration or use of the service;"

This provision establishes a default "stay within the Union" obligation. It covers the entire lifecycle of the data: processing, storage, and transfer. Crucially, the scope extends to subcontractors involved in the service provision, ensuring that the residency requirement is not bypassed through outsourcing.

However, the text includes a specific, conditional exception: "unless the public sector body explicitly requires otherwise." This places the onus on the contracting authority (the public sector buyer) to actively authorize any cross-border data flow. If the public body does not explicitly state a requirement for data to leave the Union, the provider is legally bound to keep all customer data within EU borders. This exception applies at "any time," meaning it covers pre-configuration setup, active service usage, and post-configuration archival or deletion phases.

2. Generated Data: Absolute Prohibition on Export and Foreign AI Training

A stricter, non-derogable regime applies to data generated by the use of the cloud service. Annex II, Section 3.1(f) states:

"the data generated by using the audited service are not used to train or fine-tune any AI system operated by a third country or a legal entity established in a third-country and are not transferred outside the Union in any case;"

This clause imposes two absolute bans:

  1. No Foreign AI Training: Data generated by the service cannot be used to train or fine-tune AI systems operated by third countries or entities established there. This prevents the indirect enrichment of foreign AI capabilities using European public sector data.
  2. No Transfer "In Any Case": Unlike customer data, which has the "explicit requirement" exception, generated data must not be transferred outside the Union in any case. The text provides no mechanism for a public sector body to authorize the export of generated data. This creates a hard boundary for service-derived data, ensuring it remains permanently within the Union's jurisdiction.

3. Verification and Audit Evidence

Compliance with these data rules is not a matter of self-declaration. Under Article 16, Level 3 services require formal recognition via independent third-party audits (Article 20). Annex III details the specific evidence auditors must request to verify compliance:

  • For Customer Data (Criterion C): Auditors must examine data flow diagrams proving data does not leave the Union, access logs, and contractual agreements demonstrating that no data is transferred without public sector body approval. Evidence must show that subcontractors are technically unable to access data without authorization.
  • For Generated Data (Criterion F): Auditors must review contractual clauses explicitly prohibiting the use of generated data for foreign AI training. They must also inspect MLOps or deployment records confirming that build, test, and release locations are in the EU, and model cards stating that generated data does not leave the Union.

Failure to provide this evidence results in a "negative" audit opinion, preventing recognition at Level 3. Since Article 30(3) mandates that public procurement for activities contributing to public order must use services recognised at Level 2, 3, or 4, non-compliance effectively bars a provider from these critical contracts.

What this means for you

For Cloud Service Providers

Achieving Level 3 recognition requires a fundamental architectural and contractual shift. You must implement geo-fencing and strict access controls to physically and logically prevent customer data from leaving the EU, unless a specific public contract explicitly authorizes it. More critically, you must architect your systems to ensure that generated data (logs, telemetry, derived insights) is never exported or used in any AI training pipeline outside the Union. Your contracts with subcontractors must explicitly mirror these prohibitions, and you must maintain comprehensive audit trails to prove compliance to independent auditors.

For Public Sector Bodies (Contracting Authorities)

You hold the key to the customer data exception. If your operational needs require data to be processed outside the Union, you must explicitly require this in your procurement specifications. If you remain silent, the default rule under Annex II 3.1(c) keeps the data in the Union. However, be aware that you cannot authorize the export of generated data. Regardless of your requirements, any data generated by your use of the service must remain in the EU and cannot be used to train foreign AI models. This is a statutory limit that cannot be waived by the contracting authority.

For Private Sector Entities

While CADA does not mandate Level 3 procurement for the private sector, entities in critical sectors (under the NIS2 Directive) may conduct impact assessments under Article 31. Adopting Level 3 data standards can serve as a robust demonstration of sovereignty and security to regulators and clients, particularly for those handling sensitive data or seeking to avoid risks associated with foreign AI training.

Common misconceptions

Misconception 1: "If I encrypt the data, it can leave the EU." Incorrect. Encryption is a security measure (addressed in Annex II 3.1(e)) but does not override the residency requirement. Customer data must stay in the Union unless the public body explicitly requires otherwise. Generated data must never leave, regardless of encryption.

Misconception 2: "Customer data and generated data have the same transfer rules." Incorrect. This is a critical distinction. Customer data (Annex II 3.1(c)) can leave the Union if the public sector body explicitly requires it. Generated data (Annex II 3.1(f)) cannot leave the Union "in any case," nor can it be used to train foreign AI systems.

Misconception 3: "Level 3 bans all third-country software." Incorrect. Level 3 does not ban third-country software outright. However, if the provider is subject to third-country control, they must demonstrate that this control does not restrict service delivery or allow data access (Annex II 3.1(g)). Additionally, third-country software components must be subject to source code audits and have documented migration plans (Annex II 3.1(i)).

Misconception 4: "Only the primary provider is responsible for data residency." Incorrect. The rules apply to the audited provider and the subcontractors involved in the provision of the service. Providers must ensure their subcontractors adhere to these strict residency and non-training rules and provide evidence of this oversight to auditors.

Related

This is general information about a draft EU regulation, not legal advice.