Summary The proposed Cloud and AI Development Act (CADA) does not invent its own meaning of "AI system". Article 2(3) defines it by reference: "AI system" means an AI system as defined in Article 3, point (1) of Regulation (EU) 2024/1689 — the EU AI Act. So anything that is an AI system under the AI Act is an AI system under CADA, and nothing else is. CADA's focus is on the cloud infrastructure that hosts and delivers AI, not on the AI system itself. Because CADA is a proposal, the cross-reference could change before adoption.
Detail
For architects and CTOs scoping CADA, the key point is that "AI system" is a borrowed term. As proposed, Article 2(3) provides:
"'AI system' means an AI system as defined in Article 3, point (1), of Regulation (EU) 2024/1689".
Regulation (EU) 2024/1689 is the AI Act, and its Article 3(1) defines an AI system as a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment, and that — for explicit or implicit objectives — infers from the input it receives how to generate outputs such as predictions, content, recommendations or decisions that can influence physical or virtual environments. (The AI Act is the authoritative source for the exact wording; CADA simply points to it.)
By deferring to the AI Act, CADA keeps a single, harmonised meaning of "AI system" across EU law. The defining characteristics are familiar from that definition: the system is machine-based; it operates with some autonomy and may adapt after deployment; its core function is to infer outputs from inputs (which distinguishes it from fixed rule-based software); those outputs can be predictions, content, recommendations or decisions; and they can influence physical or virtual environments.
It helps to place this term alongside CADA's two original AI definitions. Article 2(4) defines "frontier AI" as AI models or systems that "approach, reach or exceed the current state of the art." Article 2(5) defines an "AI agent" as an AI system, or coordinated set of AI systems, that perceives and acts on its environment with a degree of autonomy, using tools. Both are particular kinds or configurations of AI systems; the baseline category in Article 2(3) is broader and sits beneath them.
There is one further connection worth drawing out. CADA's "cloud computing service" definition (Article 2(1), via NIS2) intersects with AI through Recital 10, which states that the cloud-service definition "encompasses on-demand access to AI systems as defined in Article 3, point (1), of Regulation (EU) 2024/1689 … hosted and operated remotely", but adds: "Only the delivery and making available of an AI system forms part of the service. The AI system itself and its underlying model are excluded from the scope of this definition." So the act of serving an AI system is cloud activity under CADA; the AI system and its model remain governed chiefly by the AI Act.
What this means for you
This alignment simplifies classification but demands discipline.
1. One definition, not two. You do not maintain a separate CADA test for what counts as AI. If your technology is an AI system under the AI Act, it is one under CADA. Reuse your existing AI Act analysis.
2. Infrastructure and sovereignty, not safety. The AI Act governs the safety, transparency and fundamental-rights dimensions of the AI system itself. CADA, by contrast, addresses the cloud infrastructure that hosts and delivers it. If you serve AI to public-sector customers, plan for the cloud platform to meet the relevant Union assurance level under the framework introduced in Article 16, with criteria in Annex II.
3. Model versus service. Per Recital 10, the model itself is not a cloud computing service. A pure model provider's primary burden sits under the AI Act; a provider offering on-demand access to that model (for example via an API) is providing a cloud computing service and would fall under CADA's provider obligations.
4. Buyers benefit from transparency. Organisations procuring AI workloads can, as proposed, use CADA's transparency and central-repository mechanisms (Articles 22 and 23) to identify the assurance level of the cloud services hosting their AI.
Common misconceptions
"CADA defines AI in its own way." No. Article 2(3) defers entirely to Article 3(1) of the AI Act. There is no separate CADA definition — only a reference — which keeps terms like "autonomy" and "inference" consistent across EU law.
"All AI-related software is in CADA's cloud scope." The cloud-service definition reaches on-demand access to AI systems, but Recital 10 expressly excludes the AI system and its underlying model from that definition. Development, training and internal use of a model are governed mainly by the AI Act and sectoral law; CADA's cloud obligations attach to the delivery mechanism.
"AI agent is just a synonym for AI system." They are distinct in CADA. An AI agent (Article 2(5)) is a specific kind of AI system that perceives and acts on its environment with autonomy, using tools. A simple predictive model is an AI system but need not be an agent — and CADA's leadership initiatives single out platforms for AI agents (operational objective 6, set out in Articles 3 and 4) as a policy focus.
Official sources
Related
- What distinguishes an AI agent from an ordinary AI system under CADA?
- How does CADA's AI system definition relate to the AI Act?
- Does a multi-agent system count as a single AI agent under CADA?
- Why does CADA's frontier AI definition have no fixed compute threshold?
- Why does CADA skip definitions 23 and 24 in Article 2?
This is general information about a draft EU regulation, not legal advice.