What is technological autonomy in the EU cloud and AI strategy (CADA)?

Summary As framed by the proposed Cloud and AI Development Act (CADA), technological autonomy is the Union's capacity to develop, deploy and operate cloud and AI technologies without critical dependence on third-country providers. The proposal would pursue this by strengthening homegrown capabilities across the cloud stack — from processors and accelerators to open-source software and frontier and physical AI — so the EU retains control over its data, infrastructure and digital supply chains, while reducing critical (not all) external dependencies.

Detail

The proposed CADA frames technological autonomy not merely as data protection but as a strategic imperative for the Union's economic security and competitiveness. The explanatory memorandum stresses reducing critical external dependencies by "strengthening homegrown cloud and AI capabilities and infrastructure."

Autonomy across the cloud stack

CADA would advance technological autonomy through the Cloud and AI Leadership Initiatives, whose operational objectives are set out in Article 4. Operational objective 2 (Article 4(2)) is squarely about "supporting the development and deployment of cloud computing stacks supporting the Union's technological autonomy," and includes:

• Hardware and semiconductors: developing AI-optimised servers and baseline software based on processors, accelerators and quantum accelerators designed and manufactured in the Union (Article 4(2)(b)).
• Open cloud stacks: developing and piloting secure, resilient and performant open cloud computing stacks covering on-device edge, connectivity, data and AI tools, backend and service layers for strategic sectors (Article 4(2)(a)).
• Middleware and data spaces: boosting data availability for AI via open-source middleware platforms underpinning common European data spaces (Article 4(2)(c)).

Autonomy here means control not just over hosted data but over the underlying hardware, software and interfaces. This is reinforced by Article 1, which lists "reducing dependencies on critical technologies" among the Regulation's measures.

The role of open source

Open source is positioned as a lever for technological autonomy. Article 4(2)(d) provides for fostering the creation of open-source software foundations supporting open-source components, and Article 4(2)(e) for a catalogue of European open cloud computing solutions. Separately, Article 41 would require the Union and Member States to take measures to encourage Union entities and public sector bodies to use, and facilitate the reuse of, open standards and components released under an open-source licence when building their cloud and AI stack. The aim is to limit vendor lock-in, improve security through transparency, and reduce reliance on third-country proprietary technologies.

Frontier AI and physical AI as strategic assets

Technological autonomy extends to advanced AI. The proposal treats frontier AI and physical AI as strategic assets for competitiveness and reduced dependence.

• Frontier AI: operational objective 3 (Article 4(3)) supports pioneering projects that develop frontier AI models and systems as strategic assets, including in key sectors such as cybersecurity. The memorandum notes frontier AI has become a critical strategic asset, and that strengthening the Union's capacity to develop and govern it is essential to align the AI transition with Union values and long-term interests.
• Physical AI: operational objective 4 (Article 4(4)) focuses on advancing capabilities in physical AI models and systems — including a European physical AI stack for robotics, autonomous vehicles and drones — and fostering their deployment across strategic sectors. The memorandum highlights physical AI (systems that perceive and act in the physical environment) as essential to mitigating external dependencies and fostering industrial competitiveness.

Sovereignty framework and Union assurance levels

To operationalise autonomy in procurement, CADA would introduce the Union cloud computing sovereignty framework with four assurance levels (Article 16), with criteria set out in Annex II. The framework gives harmonised, auditable criteria so that public sector bodies and critical industries can procure services offering operational autonomy, data confidentiality and protection against third-country interference. Article 16(1) requires providers to meet those criteria to serve Union entities and public sector bodies.

What this means for you

For CTOs, architects and SMEs, the push for technological autonomy under the proposed CADA has practical implications:

1. Supply-chain diversification. Evaluate your cloud and AI supply chains for dependence on third-country providers. The proposal encourages European providers and open-source alternatives to reduce exposure to extraterritorial laws and potential service disruption.
2. Open-source adoption. Open standards and components would matter more. The EU Open Source Solutions Catalogue (Article 43), hosted on the Interoperable Europe portal, would provide a centralised catalogue of software made available for reuse by Union entities and public sector bodies.
3. Compliance with assurance levels. If you serve the public sector or critical industries, you may need independent audits (for Union assurance levels 2 to 4) to demonstrate compliance — including that infrastructure, personnel and data remain in the Union and that you are not subject to third-country control that could compromise continuity or data access.
4. Participation in the Leadership Initiatives. SMEs and start-ups may benefit from the Cloud and AI Leadership Initiatives, which support research, innovation and deployment across the stack, including frontier and physical AI.

Common misconceptions

• Autonomy means isolation. It does not. The proposal aims to reduce critical dependencies, not all of them, and provides a route for cooperation with "associated third countries" that meet specific safeguards (Article 18, for Union assurance level 3).
• Open source is a panacea. Open source is a key lever but not a standalone solution. Autonomy also needs hardware capability, governance, security standards, skills and sustainable funding.
• Only large providers are affected. While hyperscalers dominate today, the proposal aims to create openings for smaller EU-based providers — for example through the European public sector cloud federation (the "EuroCloud Federation," Article 34) and other measures that pool demand and support the European ecosystem.

Official sources

• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• Cloud Sovereignty & Digital Decade 2030: How CADA Links Capacity to Autonomy
• What is strategic autonomy and how does CADA support it?
• What is operational autonomy and why can't a foreign provider guarantee it under CADA?
• What is open strategic autonomy in EU digital policy, and how does CADA reflect it?
• What is economic security in the EU's digital strategy under CADA?

This is general information about a draft EU regulation, not legal advice.