Summary Annex II of the proposed Cloud and AI Development Act (CADA) is the definitive technical checklist that defines the cumulative criteria cloud providers must meet to achieve one of the four "Union assurance levels." As proposed, these criteria determine whether a service is sovereign enough for public sector procurement, ranging from basic EU establishment (Level 1) to strict personnel citizenship and the absence of third-country control (Levels 3 and 4). Crucially, Annex II applies to "software" as defined in the Cyber Resilience Act but explicitly excludes "hardware" from its scope. For in-house counsel, Annex II is the legal basis for compliance audits and procurement eligibility under Article 16.

Detail

Annex II of the CADA proposal serves as the regulatory core of the EU's cloud sovereignty framework. While Article 16 establishes the existence of the Union cloud computing sovereignty framework and its four assurance levels, Annex II provides the granular, cumulative criteria that providers must satisfy to be recognized at each level. Without meeting the specific criteria in Annex II, a provider cannot be recognized under Article 17 as offering a Union assurance level.

Scope: Software In, Hardware Out

A critical distinction in Annex II is its scope. The text explicitly states that for the purpose of the criteria under Union assurance levels 1, 2, 3, and 4, 'software' within the meaning of Regulation (EU) 2024/2847 (the Cyber Resilience Act) falls within the scope of the Annex. Conversely, 'hardware' is explicitly outside of the scope.

This distinction is legally significant. It means the sovereignty assessment focuses on data residency, personnel location, software supply chain transparency, corporate control, and the ability to prevent remote tampering, rather than the physical location of servers alone. While infrastructure location is a criterion, the regulation targets the control and composition of the software stack and the identity of the personnel managing it.

The Cumulative Nature of the Levels

The criteria in Annex II are strictly cumulative. A provider seeking recognition at a higher level must meet all criteria of the lower levels. For example, a provider cannot achieve Level 3 without first satisfying every requirement of Level 1 and Level 2. Failure to meet any criterion at a lower level precludes recognition at a higher level.

The Four Assurance Levels

Level 1: Basic EU Establishment

Level 1 serves as the baseline for public sector procurement where activities are not deemed to contribute to the preservation of public order. As set out in Annex II, Section 1, the cumulative criteria include:

  • Establishment: The cloud computing service provider must be established in the Union.
  • Infrastructure & Assets: The infrastructure and assets of the provider, including those of subcontractors involved in the service, must be located in the Union, unless the public sector body explicitly requires otherwise.
  • Data Residency: Customer data, including metadata and telemetry, processed, stored, and transferred by the provider and subcontractors must remain exclusively within the Union, unless the public sector body explicitly requires otherwise.
  • Subcontracting: If technical support is outsourced outside the Union, the provider must implement necessary legal, technical, and organizational measures to ensure traceability, security, and governance, ensuring operational autonomy is not compromised.
  • Cybersecurity: The provider must demonstrate that the service complies with state-of-the-art cybersecurity standards.
  • Transparency: The provider must provide full transparency on subcontractors, subjecting them to due diligence, contractual obligations, and ongoing oversight.
  • Vulnerability Reporting: Where the provider is subject to third-country control, it must guarantee that no laws or practices in that third country require reporting software vulnerabilities to foreign authorities prior to those vulnerabilities being known to have been exploited.

Level 2: Enhanced Sovereignty & Independent Audit

Level 2 introduces the requirement for independent third-party audits under Article 20 and stricter controls. Annex II, Section 2 adds the following cumulative criteria:

  • Personnel Location: The infrastructure, assets, and personnel of the provider and subcontractors must be located in the Union.
  • Personnel Screening (Conditional): If the public sector body determines that imposing additional personnel screening and Union citizenship requirements are necessary, the provider must ensure that personnel meeting those requirements are available. (Note: Mandatory citizenship is not required at Level 2 unless the public body explicitly demands it).
  • Cybersecurity Certification: The service must obtain a European cybersecurity certificate of at least assurance level 'substantial' under a European cybersecurity certification scheme (EUCS) covering cloud services. Until such a scheme is established, national schemes apply, or the provider must demonstrate compliance with the highest cybersecurity standards under applicable Union law.
  • AI Training Data: Data generated by using the service cannot be used to train or fine-tune any AI system operated by a third country or a legal entity established in a third country, and must not be transferred outside the Union in any case.
  • Third-Country Control Measures: If under third-country control, the provider must demonstrate measures ensuring that such control does not restrict service performance, access customer data, or disrupt service continuity.
  • Software Supply Chain: A complete and up-to-date Software Bill of Materials (SBOM) must be documented. Controls must block remote features that could tamper with software. Third-country software components must be subject to source code audits and have a documented migration plan.
  • Open Source: Controls must prevent the use of remote features in open-source software that could tamper with the system.
  • Support Location: Technical and operational support must be initiated and performed exclusively within the Union.

Level 3: High Assurance & Mandatory Citizen Personnel

Level 3 is designed for activities contributing to the preservation of public order. Annex II, Section 3 mandates stricter requirements:

  • Union Citizenship (Mandatory): The personnel, including those of subcontractors, must be Union citizens. Where appropriate, personnel must also have the necessary national security clearance issued by a Member State when handling classified information.
  • No Third-Country Control (with Derogation): Generally, the provider and subcontractors must not be subject to the control of a third country or a legal entity established in a third country. However, a derogation exists: a provider subject to third-country control may be audited for Level 3 where the Commission has adopted an implementing act under Article 18 identifying that third country as providing sufficient assurances.
  • Support Personnel: Technical and operational support must be performed by Union residents and by third parties not subject to third-country control.
  • Strict Separation: If the provider has subsidiaries in third countries, effective legal, technical, and organizational separation must be enforced.

Level 4: Maximum Sovereignty

Level 4 represents the highest tier, intended for highly sensitive or classified data. Annex II, Section 4 requires:

  • High Cybersecurity Certification: The service must obtain a European cybersecurity certificate of at least assurance level 'high'.
  • Strict No Third-Country Control: No derogation is available. The provider and subcontractors must not be subject to the control of a third country or a legal entity established in a third country.
  • Software Control: The provider must demonstrate effective control over software components, ensuring no third country holds effective control over the design, development, maintenance, or evolution of those components.
  • Personnel: Personnel must be Union citizens, with security clearance where appropriate.

What this means for you

For in-house counsel, compliance officers, and public procurement teams, Annex II is not merely a technical guideline; it is the legal foundation for liability and market access.

1. Procurement Eligibility and Risk Assessment

Under Article 30, public sector bodies must procure at least Level 1 services as a baseline. However, for activities identified in risk assessments (per Article 29) as contributing to the preservation of public orderβ€”such as defense, justice, law enforcement, or critical infrastructureβ€”authorities must procure only services recognized at Level 2, 3, or 4.

  • Action: Map your organization's operations against Annex II immediately. If you serve the public sector, determine which level you can credibly claim. Misrepresentation of compliance with Annex II criteria can lead to contract termination and penalties under Article 24.

2. Audit Preparation and Evidence

Levels 2, 3, and 4 require independent third-party audits. Auditors will verify compliance strictly against the criteria in Annex II. You must prepare:

  • SBOMs: Complete, up-to-date Software Bills of Materials for all components.
  • Personnel Records: Proof of Union citizenship and location for all staff and subcontractors involved in service delivery (mandatory for Level 3/4).
  • Data Flow Maps: Evidence that no data leaves the Union and is not used for third-country AI training.
  • Control Structures: Legal and technical evidence that third-country shareholders or subsidiaries cannot access data or disrupt service.

3. Software Supply Chain Management

Annex II places heavy emphasis on software supply chain transparency. You must identify all dependencies, including open-source components. If you use third-country software, you must have source code audit rights and a documented migration plan in case of vendor failure or third-country restrictions. The "hardware out of scope" rule means you cannot rely on physical server location alone; you must prove control over the software stack.

4. Penalties and Compensation

Article 24 outlines penalties for infringements of the sovereignty chapter. Member States will define specific rules, but penalties must be "effective, proportionate and dissuasive." Factors include the gravity of the infringement and financial benefits gained. Additionally, recipients of cloud services have the right to seek compensation for damages caused by a provider's infringement of these obligations.

Common misconceptions

"Hardware location is the only factor." Incorrect. Annex II explicitly states that "hardware" is outside its scope. Sovereignty is determined by software control, data residency, personnel location, and corporate governance. While infrastructure location is a criterion, the regulation targets the control of the software and the identity of the personnel.

"Level 1 is just about being an EU company." Incorrect. Level 1 requires strict data residency and infrastructure location within the Union (unless explicitly waived by the public body), state-of-the-art cybersecurity compliance, and full transparency on subcontractors. It is a substantive baseline, not just a corporate registration check.

"Third-country providers can never qualify." Incorrect. Providers under third-country control can qualify for Level 1 and Level 2 if they meet strict criteria (e.g., no forced vulnerability reporting, effective separation). For Level 3, a derogation is possible if the Commission recognizes the third country under Article 18. Level 4 strictly prohibits third-country control.

"Open source is automatically compliant." Incorrect. Using open-source software does not exempt you from Annex II criteria. You must implement controls to prevent remote features in open-source components from tampering with the system and must monitor for changes in ownership or control of the open-source projects.

"Level 2 requires mandatory Union citizenship for all staff." Incorrect. At Level 2, Union citizenship for personnel is conditional: it is only required "if the public sector body determines that imposing additional personnel screening and Union citizenship requirements are necessary." Mandatory citizenship is a requirement only for Level 3 and Level 4.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.