Summary Under the proposed Cloud and AI Development Act (CADA), "sovereign cloud" and "air-gapped cloud" address different risks. Sovereignty, as proposed, is a legal and operational property — jurisdictional control, data residency in the Union, and resistance to third-country interference — organised into four "Union assurance levels" whose criteria are set out in Article 16 and Annex II. Air-gapping is a technical architecture that physically isolates a system from external networks. The highest assurance levels would impose strict controls (and may, in practice, lead providers to use highly restricted or isolated architectures), but CADA does not equate sovereignty with network isolation: a service would be sovereign because of who controls it and where data and people sit, not because it is unplugged.

Detail

In technical discussions the terms "sovereign cloud" and "air-gapped cloud" are often conflated, but under the proposed CADA they target different dimensions of risk: one is primarily legal and operational, the other technical and physical.

Sovereign cloud: jurisdictional and operational control

Article 16 of the CADA proposal would establish a "Union cloud computing sovereignty framework comprising four Union assurance levels," with the criteria set out in Annex II, that cloud computing service providers would have to meet to provide services to Union entities and public sector bodies. The stated objective is to mitigate the Union's dependence on a limited number of providers subject to third-country control — including, as Recital 46 puts it, "vulnerabilities arising from the extraterritorial application of third-country laws, potential disruptions affecting the continuity, quality and resilience of cloud computing services, reduced control and oversight over personal and non-personal data and infrastructure, and the risk of undue economic or political influence."

Recital 48 adds that the "tailored versions" of services offered by third-country providers "do not address the core sovereignty issues allowing for the extraterritorial reach of third-country laws and the possible degradation or disruption of the service." Sovereignty under CADA is therefore about autonomy and control, not network topology.

The Annex II criteria escalate across the four levels and cover, as proposed:

  1. Establishment and control. The provider and its subcontractors involved in providing the service must be established in the Union; at Union assurance levels 3 and 4 they must not be subject to the control of a third country or a legal entity established in a third country (with a narrow Article 18 derogation for "associated third countries" at level 3).
  2. Data residency. Customer data, including metadata and telemetry, must remain exclusively within the Union unless the public sector body explicitly requires otherwise.
  3. Personnel and infrastructure. Infrastructure, assets and personnel involved in providing the service must be located in the Union; at levels 3 and 4, personnel must be Union citizens and, where appropriate when handling classified information, hold national security clearance.
  4. Cybersecurity and supply chain. Higher levels require a European cybersecurity certificate (at least "substantial" for levels 2 and 3, "high" for level 4) and software supply-chain measures, including a software bill of materials (SBOM) and controls to block remote features that could materially tamper with or disrupt the service.

Air-gapped cloud: physical isolation

An air-gapped cloud is a computing environment physically isolated from unsecured networks such as the public internet, with no direct wired or wireless connection to external networks. Data transfer typically happens via controlled manual methods such as removable media.

Air-gapping provides strong protection against remote cyberattacks, malware propagation and unauthorised remote access. It does not, by itself, address the legal and jurisdictional risks CADA targets. An air-gapped system operated by a third-country-controlled provider could still be subject to foreign laws compelling data access or service disruption. Conversely, a CADA-aligned sovereign service may be internet-connected while relying on legal, technical and organisational measures to keep third-country actors from exerting control or gaining access.

The intersection: when sovereignty pushes toward isolation

Sovereignty and air-gapping can intersect in practice, especially at higher assurance levels. Annex II would require, at Union assurance levels 2 and 3, that where a provider is subject to third-country control the provider demonstrate that the "possibility of disruption of the service continuity and/or the degradation of the service quality by a third country" is prevented; at Union assurance level 4 such control is simply prohibited. CADA does not mandate air-gapping. But where the risk of remote tampering is judged unacceptable, a provider might choose logical or physical isolation as a control supporting the sovereign outcome — the air-gap is a means, not the definition of sovereignty.

Key differences summarised

Feature Sovereign cloud (CADA, as proposed) Air-gapped cloud
Primary focus Jurisdictional control, legal autonomy, operational resilience Physical isolation, network security
Basis Article 16 + Annex II of CADA Technical architecture; not defined in CADA
Data residency Exclusively in the Union unless explicitly waived Not inherently required
Provider control Not subject to third-country control (levels 3–4) Any entity, including third-country
Network connectivity May be internet-connected with robust controls Physically isolated from external networks
Risk addressed Extraterritorial laws, service disruption, data access Remote cyberattacks, malware, unauthorised remote access

What this means for you

For CTOs and architects evaluating cloud strategy under the proposed CADA, separate technical isolation from legal sovereignty:

  1. Compliance strategy. If your activities are identified through the Article 29 risk assessment as contributing to the preservation of public order, Article 30 would require procuring services recognised at Union assurance level 2, 3 or 4; otherwise level 1. Choosing an air-gapped solution would not by itself satisfy these obligations if the provider is third-country-controlled or data-residency criteria are unmet.
  2. Procurement. Prioritise services recognised under the framework via the Article 17 recognition mechanism (recognition attaches to the service, listed in the Article 22 central repository). Look for evidence against the Annex II criteria, not just network isolation.
  3. Architecture. For the most sensitive workloads at level 3 or 4, consider whether logical or physical isolation helps meet the disruption-resistance and control criteria — but ensure the underlying provider also meets the legal sovereignty criteria.
  4. Due diligence. Assess establishment, control structure and ability to resist third-country interference. An air-gapped solution from a non-sovereign provider may still carry significant legal and operational risk under CADA.

Common misconceptions

  • "Air-gapping makes a cloud sovereign." Air-gapping addresses technical security but does not change the provider's jurisdiction or legal obligations. A third-country-controlled provider with an air-gapped system would still be subject to third-country laws.
  • "Sovereign cloud must be air-gapped." CADA, as proposed, does not mandate air-gapping. Sovereign services may be internet-connected provided robust controls prevent third-country access, data exfiltration and service disruption.
  • "Data residency equals sovereignty." Data residency (Annex II, point 1.1(c)) is one criterion. Sovereignty as proposed also covers establishment, personnel location and citizenship, supply-chain security and freedom from third-country control. EU-resident data is not sufficient if the provider is third-country-controlled.

Related

This is general information about a draft EU regulation, not legal advice.