Summary Public-sector buyers of AI systems face a dual compliance obligation under the existing EU AI Act and the proposed Cloud and AI Development Act (CADA). You must simultaneously satisfy the AI Act's high-risk safety and fundamental rights requirements and CADA's sovereignty-based procurement tiers. This creates two parallel compliance tracks for a single procurement: one ensuring the AI is safe and lawful, and another ensuring the underlying cloud infrastructure is sovereign and resilient against third-country interference. Crucially, Article 29 risk assessments may mandate that public AI systems be hosted on cloud services recognised at Union assurance Level 3 or 4, even if the AI system itself is fully compliant with the AI Act.

Detail

For public-sector procurement officers, the intersection of the AI Act (Regulation (EU) 2024/1689) and the proposed CADA (COM(2026) 502 final) represents a fundamental shift in how cloud and AI services are evaluated. While the AI Act focuses on the safety, transparency, and fundamental rights implications of the AI system itself, CADA focuses on the infrastructure beneath it: technological sovereignty, operational autonomy, and the reduction of dependencies on non-European providers. When procuring AI systems that run on cloud infrastructure, public buyers must navigate both regimes concurrently.

Two Compliance Tracks for One Procurement

The core challenge for buyers is managing two distinct regulatory frameworks that apply to the same procurement process. These tracks are cumulative, not alternative.

  1. The AI Act Track (Safety & Rights): Under the AI Act, public authorities must determine if the AI system they are procuring qualifies as "high-risk" (e.g., used in law enforcement, migration, justice, or critical infrastructure). If it is high-risk, the provider must demonstrate compliance with strict requirements regarding data governance, technical documentation, human oversight, and transparency. The buyer's role is to verify this conformity (e.g., checking for the EU declaration of conformity). The AI Act ensures the system is "safe" but does not regulate where the data is stored or who controls the provider.
  2. The CADA Track (Sovereignty & Resilience): Under CADA, the focus shifts to where the data is stored, who controls the infrastructure, and whether the service is vulnerable to extraterritorial laws (such as the US CLOUD Act). CADA introduces a "Union cloud computing sovereignty framework" with four assurance levels. Public buyers must ensure the cloud service hosting the AI meets the appropriate sovereignty tier based on a specific risk assessment.

An AI system can be fully compliant with the AI Act (safe and fair) but fail CADA requirements if it relies on non-sovereign cloud infrastructure that poses a risk to public order. Conversely, a cloud service may be fully sovereign under CADA but host an AI system that violates the AI Act. Both conditions must be met.

The Role of Article 29: Risk Assessments Drive Sovereignty Tiers

The mechanism that links these two regimes is the risk assessment mandated by Article 29 of CADA. This article requires Member States and Union entities to conduct risk assessments to determine which public sector activities contribute to the preservation of public order.

Article 29(1) states that Member States and Union entities shall carry out risk assessments that:

"(a) identify the public sector activities that use or will make use of cloud computing services, that contribute to the preservation of public order in sectors falling under Annex I or II of Directive (EU) 2022/2555 and in the areas of national security, internal security, external border management, defence, justice or law enforcement...; (b) determine which Union assurance level 2, 3, or 4 set out in Annex II of this Regulation is appropriate for the identified public sector activities."

This assessment is critical because it dictates the minimum sovereignty tier you must procure. Article 29(2) further requires that these assessments consider:

"(a) the sensitivity, criticality, and magnitude of the non-personal data processed, including the potential impact on public order and the nature, scope, context and purpose of processing of personal data...; (b) the risk and consequent impact on public order of unlawful access under Union law to such data by a third country or a legal entity established in a third country; (c) the risk and consequent impact on public order of possible service disruption;"

If your risk assessment under Article 29 determines that an AI use case (such as predictive policing, border control AI, or critical infrastructure monitoring) is critical to public order, it may push the required cloud assurance level to Level 3 or 4. These higher levels impose strict criteria, such as requiring that personnel are Union citizens, infrastructure is located exclusively in the Union, and the provider is not subject to third-country control. This is distinct from the AI Act's risk classification; an AI system might be "high-risk" under the AI Act but require only Level 2 cloud under CADA, or conversely, a lower-risk AI might require Level 4 cloud if the data sensitivity is extreme.

Mandatory Procurement Rules Under Article 30

Once the risk assessment under Article 29 is complete, Article 30 sets out the binding procurement obligations. It creates a baseline and a heightened requirement based on the results of the risk assessment.

Article 30(2) establishes the minimum baseline for all public sector bodies:

"Union entities and public sectors bodies whose public sector activities have not been identified as contributing to the preservation of public order under the risk assessment referred to in Article 29(1) shall use cloud computing services that have been recognised under Article 17 as having a Union assurance level 1."

However, for activities identified as critical, Article 30(3) imposes stricter rules:

"Contracting authorities, including the entities acting on their behalf, whose activities have been identified as contributing to the preservation of public order under Article 29(1) in sectors falling under Annex I or II of Directive (EU) 2022/2555 and in the areas of national security, internal security, external border management, defence, justice or law enforcement... shall only procure cloud computing services that have been recognised as having a Union assurance level 2, 3 or 4."

This means that for high-stakes AI procurements, you cannot simply buy the cheapest or most technically advanced solution if it does not carry the required CADA sovereignty recognition. You must procure from providers who have undergone independent audits (for levels 2-4) or self-assessment (for level 1) and are listed in the central repository of recognised services.

What this means for you

As a public-sector procurement officer, you must integrate CADA requirements into your tender specifications alongside AI Act compliance checks. Here is how to operationalize this:

  1. Conduct the Article 29 Risk Assessment Early: Before drafting tender documents, determine if the AI system's use case falls under "public order" preservation (e.g., justice, defense, critical infrastructure). If it does, you must identify the required Union assurance level (2, 3, or 4). This assessment must be updated every two years or whenever necessary.
  2. Verify Dual Compliance in Tenders: Your tender documents should explicitly require:
    • AI Act Compliance: Proof that the AI system is CE-marked and compliant with high-risk requirements (if applicable).
    • CADA Recognition: Evidence that the underlying cloud computing service hosting the AI is recognised at the appropriate Union assurance level (as determined by your Article 29 assessment). You can verify this via the central repository maintained by the Commission.
  3. Check for Exceptions: Be aware of the derogations in Article 30(4). You may decide not to procure a recognised service only in exceptional circumstances, such as when no adequate alternative exists, or if applying the requirements would lead to disproportionate costs. However, these exceptions are narrow and require justification.
  4. Monitor the Central Repository: Ensure that the provider you select is listed in the central repository of recognised cloud computing services. If a provider's recognition is revoked or amended, you must be prepared to migrate services within a reasonable transition period (not exceeding 12 months, per Article 29(6)).

Common misconceptions

"If the AI Act says it's safe, I don't need CADA." This is incorrect. The AI Act addresses safety and fundamental rights but does not address sovereignty or operational autonomy. A provider can be AI Act-compliant while still being subject to third-country laws that allow data access or service disruption, which CADA aims to prevent.

"CADA only applies to cloud providers, not AI buyers." While CADA imposes audit and recognition obligations on providers, Article 30 places direct obligations on contracting authorities (buyers) to procure only from recognised services. Your procurement choices are legally constrained by the sovereignty tier determined in your risk assessment.

"Level 1 is sufficient for all public sector AI." No. Article 30(3) mandates that activities contributing to public order (such as law enforcement AI) must use services recognised at Level 2, 3, or 4. Level 1 is only the minimum for non-critical public sector activities.

"The AI Act's high-risk classification automatically triggers CADA Level 4." Not necessarily. The AI Act classifies the system's risk to rights and safety. CADA classifies the infrastructure's risk to public order. While they often overlap (e.g., law enforcement AI), the specific CADA level (2, 3, or 4) depends on the specific risk assessment under Article 29, which considers data sensitivity and third-country access risks, not just the AI's function.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.