Summary The Apply AI Strategy (COM(2025) 723 final, 8 October 2025) is the European Commission's roadmap to accelerate AI adoption across industry and the public sector. The proposed Cloud and AI Development Act (CADA, COM(2026) 502 final) is designed to underpin it by building the infrastructure and trust frameworks AI uptake requires: the Cloud and AI Leadership Initiatives, expanded data centre capacity, and a sovereignty framework for public procurement. As proposed, the two are complementary — strategy plus legislative scaffolding — not interchangeable.

Detail

The Apply AI Strategy, formally the Communication from the Commission to the European Parliament and the Council, 'Apply AI strategy' (COM(2025) 723 final), was published on 8 October 2025. It sets out concrete actions to harness AI's potential, with a focus on boosting adoption across strategic industrial sectors and the public sector, and on strengthening the EU's technological sovereignty.

CADA (COM(2026) 502 final) is designed to support the Apply AI Strategy by tackling the structural bottlenecks to AI uptake: limited compute capacity, dependence on non-European providers, and the absence of harmonised trust frameworks for public procurement. CADA's own explanatory memorandum states that the proposal "reinforces key objectives of the AI Act" and complements the EU's broader digital policy framework, including the Apply AI Strategy.

1. Leadership Initiatives

CADA's Title II establishes the Cloud and AI Leadership Initiatives. Article 3(1) sets their general objective as "promoting research and innovation activities and achieving large-scale capacity throughout the Union's cloud and AI ecosystem." Article 4 then details operational objectives that mirror the Apply AI Strategy's goals, including:

  • Operational objective 5: accelerating the development and uptake of industrial AI across the Union's strategic sectors.
  • Operational objective 7: increasing the development and adoption of AI models and systems across the Union's public sectors.
  • Operational objective 8: promoting the broad adoption of AI by private and public sector organisations, including SMEs and small mid-caps, through the network of Experience and Acceleration Centres for AI ("Centres for AI", Article 5).

The Centres for AI are to operate in line with the "AI first" principle defined in the Apply AI Strategy (Article 5(2)).

2. Compute capacity and infrastructure

The Apply AI Strategy stresses the need for robust digital infrastructure. CADA's Title III addresses this. The Commission's explanatory memorandum states the proposal aims to triple EU capacity in the next five-to-seven years and reach the needed capacity by 2035. Article 10 would require Member States to designate "data centre acceleration zones" where deployment is facilitated through faster permitting and grid coordination — providing the hardware foundation for the AI applications the strategy promotes.

3. Trust through sovereignty and procurement

CADA's Title IV establishes a Union cloud computing sovereignty framework that matters for public bodies facing heightened security requirements.

  • Risk assessments: Article 29 requires Member States and Union entities to run risk assessments determining which Union assurance level (2, 3 or 4) is appropriate for public-sector activities with public-order relevance.
  • Public procurement: Article 30 requires contracting authorities to procure cloud at the level their risk assessment indicates — level 1 for non-public-order activities (Article 30(2)), and level 2, 3 or 4 for public-order-relevant activities (Article 30(3)).
  • EU added value: Article 32 requires non-price award criteria in procurement of innovative cloud services and AI systems, letting authorities evaluate a tenderer's contribution to the European cloud and AI ecosystem, including the use of software or hardware designed or manufactured in the Union.

Separately, Article 34 establishes the European public sector cloud federation ("EuroCloud Federation") to promote sharing of public-sector data centre and cloud services, helping smaller public bodies access capabilities they could not procure alone.

What this means for you

For public-sector procurement officers and IT decision-makers, the Apply AI Strategy and CADA together point toward integrating AI while prioritising sovereignty.

  • Risk assessments would be required. Under Article 29, Member States and Union entities must run risk assessments to set the appropriate assurance level — a prerequisite for compliant procurement, not optional.
  • Sovereign procurement for sensitive activities. For public-order-relevant activities, you would procure only providers recognised at Union assurance level 2, 3 or 4 (Article 30(3)), shifting the focus from lowest price to verified sovereignty.
  • Consider the EuroCloud Federation. Article 34 offers a route for smaller bodies to access shared sovereign capacity.
  • Use EU-added-value criteria. Article 32 lets you reward bids that strengthen the European supply chain.
  • Align with the national strategy. Each Member State must establish a national cloud and AI strategy under Article 7, consistent with the "AI first" principle.

Common misconceptions

  • "CADA replaces the Apply AI Strategy." No. As proposed, CADA is the legislative and infrastructural scaffolding to implement the strategy's policy goals. They are complementary.
  • "The sovereignty framework only applies to large hyperscalers." No. Union assurance levels apply to any provider seeking to serve Union entities and public bodies, including smaller EU providers, which can seek recognition under Article 17.
  • "Public bodies can keep using any provider for everything." Under Article 30, non-public-order activities require level 1 services; public-order-relevant activities require levels 2, 3 or 4.
  • "The EuroCloud Federation is a new commercial cloud provider." No. Article 34 is a mechanism for sharing existing public-sector data centre and cloud services, not a new commercial entity.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.