What does the CADA committee procedure (comitology) involve?

Summary Under the proposed Cloud and AI Development Act (CADA), the Commission would be assisted by a committee when adopting its implementing acts, as set out in Article 46. The committee is one "within the meaning of Regulation (EU) No 182/2011," and Article 46(2) applies Article 5 of that Regulation — the examination procedure. In plain terms: Member State representatives consider and vote on the Commission's draft measures before they can be adopted. This comitology process is how CADA's operational detail — audit methodologies, risk-assessment templates, fee rules — gets finalised, and it gives Member States a structured say in those rules.

Detail

Why CADA needs a committee

CADA covers technical, fast-moving terrain — sovereign-cloud assurance levels, data-centre permitting, risk assessments — and cannot spell out every operational detail in its primary text. It therefore empowers the Commission to adopt implementing acts that set uniform conditions for applying the Regulation. To keep that power in check, CADA channels it through a comitology committee, established by Article 46.

Article 46: the legal basis

Article 46 is short but load-bearing. As proposed:

1. The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.
2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

By tying the committee to Regulation (EU) No 182/2011 (the Comitology Regulation), CADA plugs into the EU's standard system for supervising implementing powers. By pointing specifically to Article 5, it mandates the examination procedure.

What the examination procedure is

The examination procedure is the more rigorous of the two main comitology procedures. It is used for implementing measures of general scope and in sensitive policy areas, to ensure they are applied uniformly across the EU. It does not let the committee change CADA's substance — that is reserved to the legislature, or, for non-essential elements, to delegated acts under Article 45. The procedure works, in plain terms, like this:

1. Drafting. The Commission prepares a draft implementing act — for example, an audit methodology or a risk-assessment template.
2. Submission. The draft goes to the CADA committee, composed of representatives of all Member States and chaired by the Commission.
3. Opinion (by qualified majority).
   • Positive opinion: the Commission adopts the act.
   • No opinion: the Commission may generally adopt the act, subject to the limits in Regulation (EU) No 182/2011.
   • Negative opinion: the Commission may not adopt the act; it may refer the matter to the appeal committee, which can deliver a further opinion.

This gives Member States a direct, structured voice in the technical rules that affect their markets and public-sector procurement.

A few mechanics are worth spelling out, because they determine how much weight the committee really carries:

• Qualified majority is calculated under the Treaty rule — broadly, 55% of Member States representing at least 65% of the EU population. No single large Member State can carry or block a measure alone; coalitions matter.
• The chair (the Commission) does not vote, and may amend the draft during the procedure to build the majority it needs — so the committee stage is often a negotiation, not a single up-or-down vote.
• The appeal committee is a second-chance forum at a more senior (often ministerial-adviser) level; it is engaged where the ordinary committee returns a negative opinion, and gives the Commission a route to revisit the measure rather than abandon it outright.
• The Parliament and Council keep only a right of scrutiny: either may signal that a draft exceeds the implementing powers conferred by CADA, but neither has the outright veto it would hold over a delegated act under Article 45.

Which CADA rules use this procedure

Article 46(2)'s examination procedure is triggered across several areas of the proposal, including:

• Risk-assessment methodology — the methodology, templates and elements for Member States and Union entities to carry out risk assessments (Article 29(3)), and specifying the assurance level for a public-sector activity where a Member State's assessment is found inadequate (Article 29(5)).
• Recognition procedures — practical arrangements for recognising cloud computing service providers at the Union assurance levels (Article 17(12)).
• Third-country recognition — decisions identifying third countries whose providers may be audited against the Union assurance level 3 criteria (Article 18(1)).
• Centres for AI — the procedure for establishing the Experience and Acceleration Centres for AI (Article 5(4)).
• EuroCloud Federation — the procedure and template for joining the Federation (Article 34(4)) and the technical, operational and organisational measures for service sharing (Article 35(6)).
• Fees — detailed rules for fees financing the EuroCloud Federation (Article 36(4)) and the Commission's common procurement activities (Article 40(5)).

For compliance officers, these acts turn high-level duties into actionable detail. Article 20, for example, requires independent audits at the higher assurance levels; it is the implementing acts adopted via Article 46 that will set out how parts of that regime are operated in practice.

What this means for you

For in-house counsel and compliance officers, the committee procedure is less an abstract governance point than a forward indicator of your compliance obligations.

1. Watch the pipeline. The primary text sets the what; the implementing acts set the how. Because they pass through the examination procedure, drafts are typically circulated to the committee and results published, often after a public consultation that previews the final rules.

2. Prepare for standardised processes. The audit-related rules (Article 20(9) is delivered by delegated act, but the risk-assessment and recognition mechanics come by implementing act) and the Article 29(3) risk-assessment methodology will standardise expectations EU-wide. Build documentation and controls that can map onto a prescribed methodology.

3. Public-sector procurement. Public bodies conduct risk assessments under Article 29; the methodology arrives via Article 46 implementing acts. If you supply the public sector, you need to understand that methodology to ensure your services meet the assurance level it points to.

4. Budget for fees. EuroCloud Federation and common-procurement fees will be set by implementing acts (Articles 36(4) and 40(5)) under the examination procedure. Track these so finance teams can plan cost-recovery charges.

5. Mind the timing gap. Because the procedure requires Member State engagement, detailed rules can lag the primary law. Adopt a "compliance-ready" posture — robust internal controls that can adapt once the implementing acts are published.

6. Know which committee you are dealing with. CADA establishes a single committee that assists the Commission across the Regulation's implementing-act empowerments, from recognition procedures to fee rules. That means the same forum of Member State representatives shapes a wide spread of operational detail — so the national official who sits on it is a useful point of contact whatever the specific implementing act at issue, and industry positions are often best coordinated to land with that committee through national channels.

Common misconceptions

"The committee can change CADA's core rules." No. The committee only assists with implementing acts that secure uniform application. Substantive change to CADA requires a legislative amendment, and changes to non-essential elements run through delegated acts under Article 45 — not this committee.

"The Commission can impose rules unilaterally." Under the examination procedure, a negative committee opinion blocks adoption, subject to the appeal-committee mechanism in Regulation (EU) No 182/2011. Member States have real leverage.

"Implementing acts are optional guidance." Once adopted, they are binding EU law. If the Commission prescribes a template for audit reports, providers must use it to be recognised under CADA.

"The process is slow and opaque." Comitology can take time, but it is structured and documented: drafts are typically consulted on and committee outcomes recorded, and building consensus early can speed acceptance.

Related

• Who sits on the CADA comitology committee?
• CADA Governance: The Steering Committee vs. Comitology and the EuroCloud Federation
• CADA Governance: Comitology Committee vs EuroCloud Steering Committee
• What role does the European Economic and Social Committee play in CADA governance?
• CADA Delegated Acts: The Article 45 Procedure Explained

This is general information about a draft EU regulation, not legal advice.