What is artificial narrowing of a procurement procedure under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), "artificial narrowing" is the prohibited practice of deliberately restricting procurement specifications to exclude recognised sovereign cloud services, thereby manufacturing a false justification for derogating from Union assurance requirements. Article 30(4)(a) explicitly forbids contracting authorities from claiming that no adequate alternative exists if that absence is the result of such artificial narrowing. This provision prevents public bodies from gaming tender processes to bypass sovereignty standards by designing contracts that only non-compliant, third-country providers can fulfill. Crucially, the absence of a suitable service must be genuine and verified against the central repository under Article 22, not engineered by overly restrictive parameters.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a rigorous sovereignty framework for public procurement of cloud computing services. Its primary aim is to mitigate risks associated with dependence on non-European providers by mandating the use of cloud services recognised at specific "Union assurance levels" (UALs). These levels range from Level 1 (baseline) to Level 4 (highest sovereignty), determined by risk assessments under Article 29.

However, the proposal acknowledges that market realities may occasionally prevent the immediate availability of a recognised service. Article 30(4) provides for derogations from the mandatory procurement of recognised services. Crucially, these derogations are not open-ended loopholes; they are tightly constrained by strict cumulative conditions to prevent abuse. One of the most significant safeguards against abuse is the explicit prohibition on "artificial narrowing."

The Prohibition on Artificial Narrowing

Article 30(4)(a) sets a high bar for contracting authorities seeking to bypass the sovereignty framework. It states that a derogation is permissible only if:

"the subject matter of the tender cannot be supplied by recognised cloud computing services available in the central repository referred to in Article 22, and no adequate or reasonable alternative or comparable cloud computing service exists, and such absence is not the result of an artificial narrowing down of the parameters of the public procurement procedure;"

This provision targets a specific type of procurement manipulation known as "artificial narrowing." It occurs when a contracting authority defines the technical, functional, or commercial parameters of a tender in a way that disproportionately excludes available European or sovereign alternatives, effectively ensuring that only a specific (often non-compliant) third-country provider can bid.

For example, if a public authority requires a highly specific, proprietary integration feature that is only supported by a dominant non-EU hyperscaler, and this feature is not essential for the core public service objective, the authority may be accused of artificially narrowing the parameters. By doing so, they create a situation where no recognised service fits the tender, allowing them to invoke the derogation under Article 30(4)(a) to bypass sovereignty requirements. CADA explicitly forbids this. The absence of a suitable recognised service must be genuine, not manufactured by overly restrictive tender design.

The Central Repository as the Benchmark

The concept of artificial narrowing is inextricably linked to the central repository established under Article 22. This repository is the official, Union-wide list of cloud computing services that have been formally recognised as meeting Union assurance levels 1 through 4. It is maintained by the Commission and updated by national competent authorities.

When assessing whether a derogation is justified, contracting authorities must first verify the availability of recognised services in this central repository. The prohibition on artificial narrowing implies a duty to design procurement procedures that are compatible with the services listed in the repository, unless there is a genuine, documented technical necessity that cannot be met by any service in the repository.

If a recognised service exists in the repository that can meet the core requirements, the authority cannot narrow the tender parameters to exclude it simply because a non-recognised provider offers a marginally more convenient, cheaper, or feature-rich solution. The "parameters" of the procedure must be broad enough to allow the services in the repository to compete. If the tender is designed such that only a non-recognised provider can satisfy the specs, the authority has artificially narrowed the procedure, rendering the derogation invalid.

Interaction with Other Derogation Conditions

Article 30(4) lists three cumulative conditions for a derogation. The "no artificial narrowing" clause is an integral part of condition (a). Even if other conditions are met, the presence of artificial narrowing invalidates the derogation:

• Article 30(4)(b): Allows a derogation if the authority launched a similar process within the previous year but received no suitable tenders. However, if that previous process was artificially narrowed, the lack of tenders is not a valid justification.
• Article 30(4)(c): Allows a derogation if applying the requirements would result in disproportionate cost. Yet, if the high cost is a result of excluding recognised alternatives through narrow specs, the derogation fails.

This structure ensures that a history of failed tenders or high costs cannot be used to justify a procurement process that was fundamentally flawed by exclusionary parameters. The burden of proof lies with the contracting authority to demonstrate that the absence of alternatives is not self-inflicted.

Penalties and Enforcement

While CADA primarily focuses on the obligations of cloud service providers, non-compliance with procurement rules by contracting authorities carries significant legal and financial risks. Article 24 outlines that Member States must lay down rules on penalties for infringements that are "effective, proportionate and dissuasive."

For contracting authorities, the risk is twofold:

1. Procurement Challenges: If a tender is challenged on the grounds that it artificially narrowed parameters to exclude sovereign alternatives, the procurement process may be annulled by national review bodies. This leads to project delays, reputational damage, and potential liability for damages.
2. Commission Oversight: The Commission monitors the application of the Regulation. If risk assessments (Article 29) or procurement practices are found to be inconsistent with the Union assurance framework, the Commission may intervene or issue guidance to correct systemic issues.

What this means for you

For in-house counsel, procurement officers, and compliance teams in public sector bodies, understanding "artificial narrowing" is critical to ensuring lawful procurement under the proposed CADA.

1. Audit Tender Specifications Early: Before drafting tender documents, conduct a thorough review of the services available in the CADA central repository (Article 22). Ensure that your technical specifications are functional rather than prescriptive, allowing multiple recognised providers to compete. Avoid specifying proprietary features unless they are strictly necessary for the public order objective and cannot be achieved by any recognised service.
2. Document the "Why": If you believe no recognised service can meet your needs, you must document why. This documentation must demonstrate that you have considered all available options in the repository and that the absence of a fit is not due to overly restrictive parameters. This evidence will be crucial if you later seek to invoke a derogation under Article 30(4).
3. Conduct Genuine Risk Assessments: Article 29 requires Member States and Union entities to conduct risk assessments to determine the appropriate Union assurance level. These assessments must be objective and not influenced by a pre-determined preference for a non-compliant provider. Artificial narrowing is often a symptom of a flawed risk assessment that ignores available sovereign alternatives.
4. Avoid "Vendor Lock-in" Tactics: Do not design procurement processes that implicitly favour a specific non-EU provider by including legacy integration requirements that cannot be reasonably migrated to a recognised service. CADA aims to reduce dependencies, not entrench them.

Common misconceptions

• Misconception 1: "Artificial narrowing" only applies to price.
  • Reality: It applies to all parameters of the procurement procedure, including technical specifications, functional requirements, and commercial terms. It is not limited to cost considerations.
• Misconception 2: If a non-EU provider is significantly cheaper, I can narrow the tender to include them.
  • Reality: Cost is a separate derogation condition (Article 30(4)(c)). Even if cost is disproportionate, you cannot artificially narrow the technical parameters to exclude recognised services. The absence of alternatives must be genuine, not engineered.
• Misconception 3: The central repository only lists EU-based providers.
  • Reality: The repository lists services that meet the Union assurance criteria, which can include providers from associated third countries that have been recognised under Article 18, provided they meet the strict sovereignty standards. The key is the assurance level, not just the geographic origin.

Related

• Does CADA replace the 2014 Procurement Directives? Sovereignty vs. Procedure
• Will small public bodies be able to afford CADA procurement fees?
• Why does CADA add a Union added value criterion to procurement?
• Who pays for CADA procurement fees? Article 40 explained
• CADA Procurement Compliance: Who is Responsible in a Public Body?

This is general information about a draft EU regulation, not legal advice.