Summary Under the proposed Cloud and AI Development Act (CADA), Union assurance level 1 and level 2 are the two lowest of four assurance levels in the Union cloud computing sovereignty framework. The headline procedural difference is the route to recognition: level 1 would be demonstrated by the provider's own conformity self-assessment and an EU statement of conformity (Article 19), whereas level 2 would require an independent third-party audit at the provider's expense, yielding a "positive" audit opinion (Article 20). Substantively, level 2 would add four things that level 1 does not require: personnel located in the Union (Annex II §2.1(b)), a European cybersecurity certificate of at least assurance level "substantial" (§2.1(e)), a documented software bill of materials and software-supply-chain controls (§2.1(i)), and a ban on using service-generated data to train third-country AI (§2.1(f)). Recognition is cumulative: a level 2 provider must also satisfy every level 1 criterion (Article 20(1)).

Detail

CADA, as proposed, would establish a Union cloud computing sovereignty framework "comprising four Union assurance levels, the criteria for which are set out in Annex II" (Article 16(1)). Levels 1 and 2 are the foundational tiers for most public-sector procurement. Both share a sovereignty floor — Union establishment, Union-located infrastructure, and customer data kept within the Union — but they differ in how compliance would be proven and in the technical criteria a service must meet.

The framework reads additively. The Annex II criteria are cumulative (Article 20(1)): a provider audited at a higher level "shall satisfy all the applicable cumulative criteria under Annex II applicable to the lower Union assurance levels," and "[f]ailure to meet any requirements of a lower assurance level shall preclude conformity with the higher Union assurance levels." Level 2 is therefore best understood not as a separate regime but as level 1 plus a defined set of additions.

Route to recognition: self-assessment vs. independent audit

The most immediate operational difference is how compliance would be demonstrated.

For level 1, the provider would carry out a "conformity self-assessment" of compliance with the level 1 criteria in Annex II (Article 19(1)). It would then issue an "EU statement of conformity" and, in doing so, "assume[] responsibility for the compliance" of the service with those criteria (Article 19(2)); the statement must be made publicly available (Article 19(3)). As proposed, an EU statement of conformity issued by a provider that is an SME "shall be directly and automatically recognised in all Member States without the need for prior recognition by the evaluating national competent authority" (Article 17(3)).

For level 2, the provider would instead undergo, at its own expense, an independent third-party audit to obtain an audit report and audit opinion from an auditing organisation (Article 20(1)). CADA does not describe these organisations as "accredited"; it sets criteria they must meet (Article 20(4)): independence and freedom from conflicts of interest (including no non-audit services to the provider in the preceding 12 months and a commitment not to provide them for 12 months after, no audit services in the prior 10 years, and no contingent fees), proven expertise and technical competence in auditing cloud services, and proven objectivity and professional ethics. The audit report must state a "positive" or "negative" opinion on compliance with the Annex II criteria for the relevant level; where "positive," it identifies the Union assurance level to be recognised under Article 17 (Article 20(5)). A further ongoing obligation distinguishes level 2: the audited provider must annually submit the report and "positive" opinion for review, which may confirm, update, or revoke it (Article 20(8)).

The recognition mechanics then diverge by evidence package. For level 1, the candidate submits the EU statement of conformity referred to in Article 19(2) plus all necessary evidence (Article 17(3)); for level 2, it submits the audit report, the "positive" audit opinion, and all evidence provided to the auditing organisation (Article 17(4)). On accepting an application, the evaluating national competent authority has 60 days to prepare a draft recognition decision and notify other Member States' authorities for review, to request further information, or to reject (Article 17(5)).

What level 2 adds over level 1 (Annex II §§1, 2)

Both levels require Union establishment of the provider (§1.1(a); §2.1(a)) and that customer data — including metadata and telemetry — remain exclusively within the Union unless the public sector body explicitly requires otherwise (§1.1(c); §2.1(c)). The substantive escalation lies in four areas.

1. Personnel location. Level 1 requires that the provider's infrastructure and assets (including those of subcontractors involved in the service) be located in the Union unless the public sector body requires otherwise (§1.1(b)); it addresses out-of-Union support only through traceability, security, and governance safeguards (§1.1(d)). Level 2 widens the localisation criterion to include personnel: the infrastructure, assets, and personnel of the audited provider and its involved subcontractors must be located in the Union (§2.1(b)), and technical and operational support (including sub-outsourcing) must be "initiated and performed exclusively within the Union" (§2.1(h)). A conditional citizenship rule also appears: where the public sector body determines that additional personnel screening and Union citizenship requirements are necessary, the provider must ensure personnel meeting them are available (§2.1(d)) — conditional and role-specific, not a blanket citizenship mandate. Blanket Union citizenship of personnel is a feature of level 3 and above.

2. Cybersecurity certification. Level 1 asks the provider to demonstrate that the service "complies with the state-of-the-art cybersecurity standards" (§1.1(e)) — a self-declared benchmark. Level 2 requires the audited service to obtain a European cybersecurity certificate of at least assurance level "substantial" (not "high") under a cloud certification scheme to be established under Regulation (EU) 2019/881 (the Cybersecurity Act) (§2.1(e)). As proposed, that scheme is not yet in place; until it exists, national certification schemes would apply where they exist, and absent any scheme the provider would have to demonstrate the highest cybersecurity standards under applicable Union law. This moves cybersecurity from a self-declared claim toward a certifiable, auditable benchmark.

3. Software supply chain (SBOM). Level 1 requires full transparency about subcontractors and due diligence over them (§1.1(f)) but does not require a software bill of materials. Level 2 does: the provider must document and make available to the auditing organisation a complete, up-to-date software bill of materials — "SBOM" as defined in Regulation (EU) 2024/2847 (the Cyber Resilience Act), Article 3, point (39) — together with a dependency list (§2.1(i)(i)). Where software components are provided, owned, or licensed by a third-country-established legal entity, level 2 adds documented controls to block remote features that could materially tamper with or disrupt a system (including during updates), source-code audits of security-relevant components, and a migration plan should the vendor fail or a third country impose restrictions (§2.1(i)(ii)). Comparable controls apply to open-source-licensed software (§2.1(j)).

4. Use of data for AI training. Level 1 contains no express prohibition on the downstream use of data for AI training. Level 2 prohibits using data generated by use of the audited service to train or fine-tune any AI system operated by a third country or a third-country-established legal entity, and bars transfer of such data outside the Union "in any case" (§2.1(f)).

Level 2 also addresses third-country control more demandingly. Where a provider or its subcontractors are under third-country control, level 2 requires demonstrated legal, technical, and organisational measures ensuring that the control does not constrain delivery, that third-country access to customer data is prevented, that disruption or degradation by a third country is prevented, and that the provider is not obliged to give effect to third-country restrictive measures unless legitimate under Member State or Union law (§2.1(g)).

Enforcement

If a recognised provider fails to comply, Member States would lay down penalty rules for "infringements of [this] Chapter" by providers, which must be "effective, proportionate and dissuasive" (Article 24(1)); the assessment criteria include the nature, gravity, scale, and duration of the infringement and the provider's annual Union turnover in the preceding financial year (Article 24(2)). Recipients of the service would also have a right, under Union and national law, to seek compensation for damage or loss resulting from an infringement of the Chapter I obligations (Article 24(3)). Chapter I is the sovereignty-framework chapter; it is not labelled "Autonomy."

What this means for you

For in-house counsel and compliance teams, the move from level 1 to level 2 is a move from self-declared, provider-assumed conformity to externally audited assurance with an annual review cycle.

  1. Map workloads to the right minimum level first. Where a risk assessment under Article 29 identifies activities as contributing to the preservation of public order — in the NIS2 sectors (Annex I or II of Directive (EU) 2022/2555) and in national security, internal security, external border management, defence, justice, or law enforcement — contracting authorities would only be able to procure services recognised at level 2, 3, or 4 (Article 30(3)). Activities not so identified would use level 1 (Article 30(2)). Classifying workloads is the gating step that determines whether self-assessment is even available to your vendor.
  2. Do not rely on self-declarations for level 2. Require the audit report and the "positive" audit opinion, and confirm the auditing organisation meets the Article 20(4) independence, competence, and objectivity criteria. Avoid treating the organisation as "accredited" — there is no accreditation requirement in the proposal as drafted.
  3. Build the annual review into vendor contracts. Level 2 conformity is not a one-off; the report and opinion must be resubmitted annually and may be updated or revoked (Article 20(8)). Contracts should oblige the vendor to maintain its "positive" opinion and to notify material changes (Article 23).
  4. Use the SBOM right. Level 2's §2.1(i) gives a contractual hook to obtain a complete SBOM and dependency list and to require third-country-component controls, source-code audits of security-relevant components, and a documented migration plan.
  5. Check the AI-training and data-transfer ban. Where your organisation generates data through the service, §2.1(f) provides express protection against third-country AI training and out-of-Union transfer; align your data-processing terms with it.
  6. Plan timelines. Member States would designate national competent authorities within one year of entry into force (Article 25(1)); the evaluating authority then has a 60-day assessment window for an accepted application (Article 17(5)). Note that the underlying European cybersecurity certification scheme for cloud is, as proposed, still "to be established," which may affect when level 2 certification is practically obtainable.

Common misconceptions

  • "Level 1 is just a lighter level 2." The criteria are cumulative (Article 20(1)), so level 2 does include all of level 1 — but level 1 is a distinct, self-assessment route (Article 19) aimed at lower-risk workloads, and the SME automatic-recognition derogation (Article 17(3)) is designed to ease market entry, not merely reduce burden.
  • "Level 2 requires all personnel to be EU citizens." Level 2 requires personnel to be located in the Union (§2.1(b)); Union citizenship applies only where the public sector body determines it is necessary for specific roles (§2.1(d)). Blanket citizenship requirements appear at level 3 and above.
  • "Level 2 needs the 'high' cybersecurity certificate." Level 2 requires at least assurance level "substantial" (§2.1(e)); "high" is the level 4 requirement.
  • "The level 2 certificate exists today." As proposed, the certificate would come from a cloud scheme under Regulation (EU) 2019/881 that is still to be established; in the interim, national schemes or a demonstration of the highest applicable standards would apply (§2.1(e)).
  • "The auditing organisation must be accredited." The proposal sets independence, competence, and objectivity criteria (Article 20(4)); it does not use the word "accredited."

Official sources

Related

This is general information about a draft EU regulation, not legal advice.