Summary As proposed, the Cloud and AI Development Act (CADA) would have the Union and Member States encourage public bodies to use and facilitate the reuse of open standards and components released under an open source licence when building their cloud and AI stack (Article 41). Where a public body chooses to make its own software available for reuse under an open source licence, it must do so via a catalogue connected to the EU Open Source Solutions Catalogue (Articles 42–43), and the Commission would set up a network of Open Source Programme Offices (Article 44). For CTOs and SMEs, this signals a structural tilt toward open standards in public procurement.

Detail

CADA treats open source as a strategic lever to cut vendor lock-in, improve auditability and strengthen the EU's digital autonomy. The relevant rules sit in Title IV, with related supply-side measures in the Cloud and AI Leadership Initiatives.

Open-source-first for the public sector Article 41 (titled "Promoting open source solutions and open source first") provides that the Union and Member States "shall take the necessary measures to encourage Union entities and public sector bodies to use and facilitate the reuse of open standards and components released under an open source licence when building their cloud and AI ecosystem or stack."

This is not a ban on proprietary software. The same article requires "taking into account functionalities, including security, total cost, and other relevant, duly justified objective criteria." So public buyers can still make pragmatic choices on technical merit and cost while operating under a default preference for open solutions. CADA's explanatory memorandum notes that access to source code enables auditability, fosters collaboration and reduces single-vendor dependency.

Sharing and reuse via the EU OSS Catalogue Article 42 provides that when a Union entity or public sector body makes software to which it holds intellectual property rights available for reuse under an open source licence, it "shall do so using a catalogue or repository that is connected to, and made accessible through, the EU OSS Catalogue referred to in Article 43."

Article 43 tasks the Commission with providing and maintaining the EU Open Source Solutions Catalogue ("EU OSS Catalogue") as a centralised catalogue to access software made available for reuse by Union entities and public sector bodies. It would be hosted on the Interoperable Europe portal referred to in Article 8 of Regulation (EU) 2024/903 and be accessible electronically free of charge. On the basis of objective and relevant criteria, the Commission would decide on requests to connect other catalogues or repositories to it.

Governance through the OSPO Network Article 44 requires the Commission to establish a network of Open Source Programme Offices ("OSPO Network") to facilitate cooperation on implementing the Chapter's obligations. Its tasks include exchanging information and best practices on technical, legal and organisational challenges (licensing, security, maintenance, procurement); promoting the sharing and reuse of open-source software by public bodies; contributing, on a voluntary and non-binding basis, to guidance, templates or recommendations; and collaborating on open-source projects of common interest. The Commission would convene and chair the network at least twice a year.

Open source in the Leadership Initiatives Open source is also woven into CADA's supply-side measures. Under Article 4(2) (operational objective 2), the Cloud and AI Leadership Initiatives would develop secure, resilient and performant open cloud computing stacks, boost data availability for AI via open-source middleware platforms, foster the creation of open-source software foundations, and establish a catalogue of European open cloud computing solutions.

What this means for you

For CTOs and architects:

  • Auditability as a selling point. As public bodies are encouraged toward open source, vendors who can show their solutions are open, auditable and free of hidden remote-access mechanisms gain an edge. CADA's sovereignty framework (Annex II) already emphasises supply-chain transparency, which open source supports.
  • Integration with the EU OSS Catalogue. If you build software for public-sector clients that they may release for reuse, anticipate connecting repositories to the EU OSS Catalogue (Articles 42–43) and structure code for discoverability.
  • Standardisation opportunities. Engaging now with European standardisation bodies and open-source foundations can shape the specifications underpinning future public cloud infrastructure (Article 4(2)).

For SMEs:

  • Lower barriers to entry. Promoting open standards and reuse aims to reduce total cost of ownership for public buyers, letting SMEs compete on innovation rather than being locked out by proprietary ecosystems.
  • Reusable components. The EU OSS Catalogue (Article 43) would provide a repository of reusable software, accelerating development.
  • OSPO support. The OSPO Network (Article 44) should make public-sector counterparts more standardised and knowledgeable on licensing and security.

Common misconceptions

"CADA bans proprietary software." As proposed, no. Article 41 uses "encourage" and "facilitate," and expressly weighs functionality, security, total cost and other objective criteria. It shifts the default preference, not outlaws proprietary technology.

"All public-sector software must be open-sourced." No. Article 42 applies only where a public body chooses to make software it owns available for reuse; it does not force open-sourcing of all internal tools. But if a body does share, it must use a catalogue connected to the EU OSS Catalogue.

"'Open source' has a single rigid meaning in CADA." CADA defines "open source licence" in Article 2(25) by reference to Article 2, point (12), of Regulation (EU) 2024/903 (the Interoperable Europe Act). The focus is on the ability to access, modify and redistribute code, not a single licence type like GPL or MIT.

Related

This is general information about a draft EU regulation, not legal advice.