What is the EU supply chain criterion in Article 32 of CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), Article 32 mandates that public contracting authorities include non-price award criteria to evaluate a tenderer's contribution to the European cloud and AI ecosystem. Specifically, Article 32(3)(a) requires authorities to assess the extent to which a bidder "contributes to strengthening the digital technology supply chain in the Union, including the use of software or hardware designed or manufactured in the Union." As proposed, this is not a ban on non-EU components but a scoring mechanism to reward supply chains that enhance EU strategic autonomy. Bidders must evidence this contribution through supply chain mapping, certificates of origin, and documentation of design locations, ensuring their solutions integrate Union-made components where feasible.

Detail

Article 32 of the CADA proposal (COM(2026) 502 final) fundamentally shifts how public procurement for cloud computing services and AI systems is evaluated. While traditional procurement focuses on price and technical performance, Article 32 introduces a mandatory "Union added value" dimension. This provision is designed to leverage the purchasing power of the public sector to foster a resilient, sovereign, and competitive European digital industry.

The Legal Framework: Mandatory Non-Price Criteria

Article 32(1) establishes the obligation: "In public procurement procedures for innovative cloud computing services and AI systems, contracting authorities shall include, as part of the quality evaluation of the tender, non-price award criteria that allow them to evaluate the tenderer's contribution to the development of a European cloud and AI ecosystem."

Crucially, Article 32(2) sets the guardrails for these criteria to ensure they remain compatible with EU internal market rules. The criteria must be:

• Linked to the subject matter of the contract.
• Not confer unrestricted freedom of choice on the contracting authority.
• Expressly set out in the procurement documents or contract notice.
• Ancillary and not decisive in the award of the contract.

This means that while a bidder's supply chain strategy will influence the score, it cannot override the primary technical and financial requirements. The proposal's explanatory memorandum suggests a maximum weighting of 15 out of 120 points for these European added value criteria, ensuring proportionality.

The Supply Chain Criterion: Article 32(3)(a)

The core of the supply chain requirement is explicitly defined in Article 32(3)(a). This paragraph instructs contracting authorities to evaluate the extent to which:

"the tenderer contributes to strengthening the digital technology supply chain in the Union, including the use of software or hardware designed or manufactured in the Union;"

This criterion targets the foundational layers of the technology stack. It is not limited to the final service delivery (e.g., the cloud platform itself) but extends deep into the underlying components. The phrasing "designed or manufactured" is deliberate and broad:

• Designed: Captures intellectual property creation, architectural design, and engineering work performed within the Union.
• Manufactured: Captures the physical production of hardware components, such as servers, storage devices, networking equipment, and specialized accelerators (GPUs, TPUs).

By including both, the proposal acknowledges that sovereignty can be achieved through either domestic innovation (design) or domestic production (manufacturing). This is particularly relevant for the AI and cloud sectors, which rely heavily on specialized hardware and complex software stacks.

How Bidders Must Evidence Supply Chain Contribution

The CADA proposal does not prescribe a single, rigid template for evidence, leaving room for flexibility based on the specific tender. However, the requirement for "evaluation" implies a need for verifiable, transparent, and auditable proof. Bidders cannot simply claim compliance; they must demonstrate it.

1. Hardware Evidence For hardware components, bidders will likely need to provide:

• Certificates of Origin: Official documentation proving where the hardware was manufactured.
• Design Documentation: Evidence of where the product was designed (e.g., engineering drawings, R&D location records).
• Supply Chain Mapping: A detailed breakdown of the Bill of Materials (BOM) showing the origin of critical components (chips, memory, power supplies).
• Justification for Non-EU Components: If a critical component is not EU-designed or manufactured, the bidder may need to explain how its inclusion still contributes to "strengthening the security of supply" or the development of the European ecosystem, as referenced in Article 32(3)(d). This clause allows for third-country hardware if it supports the broader EU strategic goals, perhaps through joint ventures or technology transfer.

2. Software Evidence For software, the evidence trail focuses on development and maintenance:

• Development Location: Documentation showing where the code was written and by whom (e.g., employment contracts of developers, location of R&D centers).
• Jurisdiction and Governance: Proof that the software is governed by Union law and maintained within the Union.
• Component Transparency: A Software Bill of Materials (SBOM) indicating the origin of libraries, frameworks, and dependencies.
• Integration Proof: Demonstration of how the solution integrates EU-designed tools, models, or standards.

Context Within the Broader Article 32 Framework

The supply chain criterion in Article 32(3)(a) operates in synergy with other criteria in the same article, creating a holistic view of "Union added value":

• Article 32(3)(b): Evaluates the integration of technologies developed in the Union, including research results from Union-funded programs.
• Article 32(3)(c): Assesses how the innovation required to deliver the service strengthens security of supply.
• Article 32(3)(d): Specifically addresses critical computing, storage, and networking hardware, allowing for third-country hardware only if it contributes to strengthening security of supply and the European ecosystem.

Together, these provisions ensure that the public sector procurement strategy is not just about buying "EU-made" products, but about actively building a resilient, self-sufficient, and innovative European digital infrastructure.

What this means for you

For cloud service providers, data centre operators, and AI solution vendors, Article 32(3)(a) represents a strategic imperative for accessing the EU public market. As proposed, your ability to win public contracts will increasingly depend on your supply chain transparency and your commitment to European technological sovereignty.

1. Map Your Supply Chain Immediately

You cannot evidence what you do not know. Conduct a comprehensive audit of your hardware and software supply chains.

• Hardware: Identify the origin of every critical component (servers, accelerators, networking gear). Distinguish between "designed in the EU" and "manufactured in the EU."
• Software: Map the development lifecycle. Where is the code written? Where are the R&D teams located? What is the origin of third-party libraries and dependencies?

2. Prepare Standardized Evidence Packs

Develop a standardized "Union Added Value" dossier for your bids. This should include:

• Origin Certificates: For all hardware components.
• Design Provenance: Documentation proving EU-based design and engineering.
• SBOMs: Detailed Software Bills of Materials with origin data.
• Strategic Justifications: If you must use non-EU components, prepare a clear argument on how this choice still supports EU security of supply (e.g., by enabling a critical EU-led project where no EU alternative exists yet).

3. Highlight Integration and Innovation

In your tender responses, do not just list components; explain the contribution.

• Explicitly state: "Our solution strengthens the EU digital supply chain by utilizing [X]% of hardware designed in the Union."
• Highlight partnerships with EU-based R&D institutions or the use of Union-funded technologies.
• Demonstrate how your supply chain choices reduce dependency on third countries and enhance the resilience of the EU's digital infrastructure.

4. Engage with EU Suppliers

Consider restructuring your supply chain to increase the proportion of EU-designed or manufactured components. Partnering with local hardware manufacturers or software developers can directly boost your score under Article 32(3)(a). This is not just a compliance exercise; it is a strategic move to align with the EU's long-term industrial policy.

5. Monitor Delegated Acts

The Commission is empowered to adopt delegated acts to update the criteria and evidence requirements. Stay informed about any future guidance on how to document "design" versus "manufacturing" or how to calculate the "extent" of contribution. Early preparation will give you a competitive edge as the regulation moves towards adoption.

Common misconceptions

Misconception 1: The criterion mandates the exclusive use of EU hardware and software. No. Article 32(3)(a) does not prohibit non-EU components. It requires authorities to evaluate the extent of the contribution. A bidder using non-EU components can still compete, but they may score lower on this specific criterion unless they can demonstrate how their choices support security of supply or the European ecosystem (as referenced in Article 32(3)(d)).

Misconception 2: "Designed or manufactured" only applies to final products. Incorrect. The criterion applies to the entire digital technology supply chain, including intermediate components. This covers chips, accelerators, software libraries, and middleware, not just the final server or cloud platform.

Misconception 3: This criterion is decisive in the award decision. False. Article 32(2)(d) explicitly states that non-price award criteria must be "ancillary and not decisive in the award of the contract." Core technical and financial criteria remain primary. The supply chain criterion acts as a differentiator, not a pass/fail gate.

Misconception 4: Only large providers can comply. While large providers may have more resources to map complex global supply chains, SMEs can also benefit. The CADA proposal emphasizes supporting SMEs. Smaller firms can leverage their agility to integrate EU-designed components or partner with local suppliers to demonstrate compliance. The criterion rewards genuine contribution, regardless of company size.

Related

• What is the security-of-supply criterion in Article 32 of CADA?
• CADA Article 32: What is the EU hardware criterion for public procurement?
• CADA Article 32: Is the Union added value criterion mandatory?
• How should providers evidence EU supply-chain contribution under CADA?
• Why does CADA add a Union added value criterion to procurement?

This is general information about a draft EU regulation, not legal advice.