What evidence supports a 'no suitable tender' derogation under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), a contracting authority may derogate from mandatory Union assurance levels if no suitable recognised services are available. Specifically, Article 30(4)(b) permits a derogation where a contracting authority "has launched a similar procurement process within the previous year but did not receive any suitable tenders or suitable participants." To lawfully invoke this exception, authorities must retain robust evidence of the prior tender's outcome, including the tender notice, evaluation reports, and proof that the lack of bids was not due to an "artificial narrowing down of the parameters." Failure to maintain this documentation risks invalidating the derogation and triggering enforcement actions by national competent authorities.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a rigorous framework for public procurement of cloud computing services. Article 30 mandates that contracting authorities procure services recognised at Union assurance level 1 as a baseline, and levels 2, 3, or 4 for activities contributing to the preservation of public order. However, the proposal acknowledges that market realities may occasionally prevent immediate compliance. Consequently, Article 30(4) provides a narrow set of exceptional derogations.

The specific provision relevant to market failures is Article 30(4)(b). It states that, on an exceptional basis and where duly justified, a contracting authority may decide not to procure recognised services if:

"the contracting authority has launched a similar procurement process within the previous year but did not receive any suitable tenders or suitable participants;"

This clause is not a blanket exemption. It is a conditional safeguard designed to prevent procurement paralysis when the market for sovereign cloud services has not yet matured to meet specific, legitimate needs. The burden of proof lies entirely with the contracting authority to demonstrate that the failure to receive suitable bids was a genuine market condition rather than a result of procedural mismanagement or restrictive specifications.

The Evidentiary Burden Under Article 30(4)(b)

To rely on Article 30(4)(b), the contracting authority must assemble a comprehensive evidentiary record. The text of the Regulation implies a high standard of proof, particularly when read in conjunction with Article 30(4)(a), which explicitly warns against an "artificial narrowing down of the parameters of the public procurement procedure." While (4)(a) addresses the unavailability of services in the central repository, the principle of non-distortion applies equally to (4)(b). If the previous tender was structured in a way that effectively excluded recognised providers, the derogation is invalid.

The evidence required must substantiate four distinct elements:

1. Temporal Proximity: The authority must prove the similar procurement was launched within the previous year (12 months) prior to the current decision. Evidence must include the publication date of the contract notice or the date of the invitation to tender.
2. Substantive Similarity: The prior process must be demonstrably "similar" to the current requirement. This involves comparing the scope, technical specifications, service type, and volume. A minor software update cannot justify a derogation for a major data-centre migration. The authority must document the functional and technical overlap between the two procurements.
3. Negative Outcome: There must be clear, auditable records showing that no suitable tenders were received or that no suitable participants emerged. This includes:
   • The original tender documents and technical specifications.
   • The official record of received bids (or the lack thereof).
   • The evaluation report detailing why any received bids were deemed "unsuitable" (e.g., failure to meet assurance level criteria, lack of technical capability).
4. Absence of Artificial Narrowing: Crucially, the authority must demonstrate that the failure was not caused by the authority itself. The authority must be prepared to show that the parameters of the previous tender were not "artificially narrowed" to exclude recognised providers. If the previous tender required features that only non-recognised, third-country providers could supply, the "no suitable tender" outcome is self-inflicted and cannot support a derogation.

Documentation and Audit Trail

While CADA does not prescribe a specific template for this evidence, the Regulation's emphasis on transparency and the enforcement powers of national competent authorities under Title IV, Chapter I (specifically Articles 25 and 26) necessitate a rigorous audit trail. Article 26 grants competent authorities the power to require information and inspect premises to verify compliance.

A compliant file for an Article 30(4)(b) derogation should include:

• The Prior Tender File: Full copies of the contract notice, specifications, and evaluation criteria used in the previous year.
• Market Analysis: A statement explaining why the parameters were set as they were, confirming they were necessary and proportionate, and not designed to exclude EU-assured providers.
• Evaluation Records: Detailed minutes or reports explaining why no bids were suitable. If bids were received but rejected, the specific reasons for rejection must be documented.
• Justification for Derogation: A formal decision record linking the prior failure to the current need, explicitly citing Article 30(4)(b) and confirming that the "previous year" condition is met.

This documentation is vital for the central repository (Article 22) and for potential audits. The national competent authority of establishment has exclusive competence for enforcing the sovereignty chapter (Article 25(4)) and may revoke recognition or impose penalties if a derogation is found to be unjustified.

What this means for you

For legal counsel, procurement officers, and compliance teams, the Article 30(4)(b) derogation is a high-stakes tool. It offers a necessary escape valve when market readiness lags behind policy ambition, but it demands strict administrative discipline.

1. Archive the "Failed" Tender Immediately Do not treat a failed tender as a closed file. If a cloud procurement within the last 12 months yielded no suitable bids, archive the entire file with a specific tag: "Potential CADA Derogation Evidence." Ensure the publication date and the evaluation outcome are clearly visible. If you launch a new tender today, you must be able to produce the file from last year instantly.

2. Conduct a "Self-Audit" of the Previous Tender Before invoking the derogation, review the previous tender's specifications. Ask: "Did we inadvertently require a feature that only a non-EU provider could offer?" If the answer is yes, the derogation is likely invalid. You may need to adjust the current tender's parameters to align with the capabilities of providers in the central repository (Article 22) rather than relying on the exception.

3. Document the "Similarity" Explicitly In your internal justification for the derogation, write a comparative analysis. Explain precisely how the previous tender was similar to the current one in terms of scope, technology, and risk profile. If the current tender is significantly larger or more complex, the "similar" requirement may not be met, and the derogation could be challenged.

4. Prepare for Enforcement Scrutiny Remember that Article 24 requires Member States to lay down rules on penalties that are "effective, proportionate and dissuasive." Article 26 empowers national authorities to impose fines or order the cessation of infringements. A poorly documented derogation, or one based on a tender that was artificially narrow, could be interpreted as a circumvention of the sovereignty framework. This could lead to the invalidation of the contract, financial penalties, and reputational damage.

Common misconceptions

Misconception 1: "Zero bids" automatically validates the derogation. Receiving zero bids is a necessary condition, but it is not sufficient. The authority must also prove the tender was launched within the previous year and that the lack of bids was not due to artificial narrowing of parameters. If the tender was poorly designed, the derogation fails.

Misconception 2: The derogation allows indefinite use of non-recognised services. Article 30(4) is an "exceptional basis" derogation. It is intended to address immediate, temporary market gaps. It is not a permanent license to bypass the sovereignty framework. Authorities are expected to adjust their procurement strategies to eventually procure recognised services. Repeated reliance on this derogation without market adaptation may trigger regulatory intervention.

Misconception 3: Only the final result matters; the process is irrelevant. The process is critical. National competent authorities will examine the quality of the prior procurement. If the tender notice was not widely disseminated, or if the evaluation criteria were vague or discriminatory, the "no suitable tender" outcome will be viewed as a procedural failure, not a market reality. The derogation would be invalid.

Related

• CADA Procurement Derogation: What if a previous tender received no suitable bids?
• What evidence justifies a CADA procurement derogation?
• CADA Article 39(5): The Derogation from Article 168 for DPS Access
• CADA and Pre-Commercial Procurement: How the Proposal Supports SMEs
• What happens if a CADA procurement derogation is challenged?

This is general information about a draft EU regulation, not legal advice.