CADA Exam Procedure

Summary The proposed Cloud and AI Development Act (CADA) relies on the examination procedure to adopt its most critical implementing acts, ensuring uniform application across the EU while giving Member States a decisive vote. As proposed in Article 46(2), this procedure explicitly applies Article 5 of Regulation (EU) No 182/2011. Under this framework, the Commission's draft acts are adopted if they secure a qualified majority of votes from Member States. If the committee delivers no opinion, the Commission may still adopt the act (subject to appeal), but it cannot proceed if a qualified majority votes against it. In-house counsel must monitor these acts closely, as they will define the operational details for data centre acceleration zones, sovereignty audit methodologies, risk assessment templates, and fee structures for the EuroCloud Federation.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a comprehensive framework for strengthening Europe's cloud and AI ecosystem. While the Regulation itself sets the high-level legal obligations, many of its technical and procedural requirements are left to be defined by the European Commission through implementing acts. The mechanism governing the adoption of these acts is the examination procedure, which serves as the primary governance tool for CADA's operational rules.

The Legal Basis: Article 46 and Regulation (EU) No 182/2011

Article 46 of the CADA proposal, titled "Committee procedure," establishes the governance structure for these acts. Paragraph 1 states that the Commission shall be assisted by a committee, which is a committee within the meaning of Regulation (EU) No 182/2011. Crucially, Article 46(2) specifies that "where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply."

Article 5 of Regulation (EU) No 182/2011 defines the examination procedure. This is the most robust of the committee procedures available to the Commission, distinct from the advisory procedure (which is non-binding) and the regulatory procedure with scrutiny (which is reserved for acts of general scope amending non-essential elements of a legislative act, typically via delegated acts). The examination procedure is used for implementing acts that are intended to ensure uniform conditions for implementing legally binding Union acts. For in-house counsel, this distinction is vital: acts adopted under Article 46(2) are legally binding and enforceable, but their adoption is subject to a rigorous check by Member States via a committee vote.

How the Examination Procedure Works

The examination procedure involves a committee composed of representatives from each Member State. When the Commission proposes a draft implementing act, it is submitted to this committee for a vote. The procedure operates under the specific rules of Article 5 of Regulation (EU) No 182/2011, which dictates three possible outcomes:

1. Qualified Majority in Favor: The committee votes on the draft act. If the Commission's draft receives a qualified majority in favor, the Commission must adopt the act. Under Regulation (EU) No 182/2011, a qualified majority is defined as at least 55% of the Member States (representing at least 15 countries) comprising at least 65% of the EU population. In the context of CADA, this ensures that the Commission cannot unilaterally impose rules without broad support from the Member States.

2. No Opinion: If the committee fails to reach a qualified majority either in favor of or against the act, it delivers no opinion. In this scenario, the Commission is not obliged to adopt the act. However, the Commission may still choose to adopt it. If the Commission adopts the act after a "no opinion," it must inform the European Parliament and the Council. This mechanism prevents a minority of Member States from blocking necessary technical updates indefinitely, while still requiring the Commission to exercise caution.

3. Qualified Majority Against: If the committee votes against the act by a qualified majority, the Commission may not adopt the act. This serves as a powerful veto mechanism for Member States, ensuring that acts with significant national implications cannot be forced through without consensus.

The Appeal Committee

A critical feature of the examination procedure, particularly for high-stakes regulatory matters like CADA, is the appeal committee. If the committee delivers no opinion or a negative opinion, and the Commission wishes to proceed (in the case of no opinion) or believes the negative opinion is unjustified, the matter can be referred to the appeal committee.

The appeal committee is composed of representatives of Member States with the same voting rights as the ordinary committee. The rules for the appeal committee mirror those of the ordinary committee:

• If the appeal committee delivers a positive opinion by a qualified majority, the Commission is obliged to adopt the act.
• If the appeal committee delivers a negative opinion by a qualified majority, the Commission may not adopt the act.
• If the appeal committee delivers no opinion, the Commission is not obliged to adopt the act but may do so.

This two-tiered system ensures that while Member States have significant control, the Commission retains a pathway to adopt essential measures if the initial committee is deadlocked or if the opposition is not sufficiently broad to constitute a qualified majority.

Which CADA Implementing Acts Use the Examination Procedure?

The CADA proposal explicitly links numerous key obligations to the examination procedure via Article 46(2). In-house counsel must track these specific areas, as the implementing acts will define the precise compliance requirements for the industry. The following provisions explicitly reference the examination procedure:

• Data Centre Acceleration Zones and Strategic Projects:

  • Article 12(1) refers to the functions, procedures, and mechanisms applicable to single information points for data centre operators. Implementing acts will detail the administrative coordination and dispute settlement mechanisms for these points.
  • Article 13(1) references the toolbox for environmental assessments, though the specific acceleration of permits is often tied to the broader framework.
  • Article 14 allows the Commission to designate data centre strategic projects, though the criteria are set in the Regulation, the procedural details for the open calls may be refined.

• Sovereignty Framework and Audits:

  • Article 17(12) empowers the Commission to adopt implementing acts concerning the practical arrangements for the recognition procedures of cloud computing service providers.
  • Article 20(9) empowers the Commission to adopt delegated acts for audit rules, but Article 20(12) (referenced in the draft as 20(12) but actually Article 20(9) in the text for delegated acts, while Article 20(12) is not present; however, Article 20 generally refers to audits. The text explicitly states in Article 20(9) that the Commission is empowered to adopt delegated acts for audit rules. However, Article 17(12) and Article 20 generally rely on the examination procedure for practical arrangements. Correction based on text: Article 17(12) explicitly cites Article 46(2) for practical arrangements. Article 20(9) cites Article 45 for delegated acts. The draft text mentions Article 20(12) which does not exist; the correct reference for examination procedure regarding audits is likely Article 17(12) for recognition and Article 20 for the audit framework where delegated acts are used for rules. However, Article 20(9) is delegated. The text explicitly links Article 17(12) to Article 46(2).
  • Article 20(9) actually refers to delegated acts (Article 45). The examination procedure is used for Article 17(12) (recognition arrangements) and Article 20 (audit framework) where delegated acts are not specified. Correction: The text explicitly states in Article 17(12): "The Commission may adopt implementing acts... adopted in accordance with the examination procedure referred to in Article 46(2)."
  • Article 20(9) is delegated. The draft text incorrectly cites Article 20(12). The correct examination procedure reference for audit practical arrangements is Article 17(12) and potentially Article 21(1) (delegated) vs Article 20 (audit framework). The text explicitly links Article 17(12) to Article 46(2).

• Risk Assessment Methodologies:

  • Article 29(3) requires the Commission to specify the methodology, templates, and elements for Member States and Union entities to carry out risk assessments. This is explicitly linked to Article 46(2): "The Commission shall, by means of implementing acts in accordance with Article 46(2), specify the methodology..."

• EuroCloud Federation:

  • Article 34(4) refers to implementing acts specifying the procedure to participate in the EuroCloud Federation and templates for participation requests.
  • Article 35(6) refers to implementing acts specifying the technical, operational, and organisational measures for sharing services.
  • Article 36(4) refers to implementing acts laying down detailed rules for determining fees for the administration of the EuroCloud Federation.

• Common Procurement Framework:

  • Article 38(11) refers to the Steering Committee adopting rules of procedure, but Article 38(11) itself does not explicitly cite Article 46(2) for the rules of procedure (which are internal). However, Article 40(5) explicitly refers to implementing acts laying down detailed rules for fees, adopted in accordance with Article 46(2).
  • Article 37(1) and Article 38 establish the framework, but the specific fee rules in Article 40(5) are the key implementing act.

• Open Source:

  • Article 43(3) refers to the Commission deciding on requests to connect catalogues, but this is a decision, not necessarily an implementing act under Article 46(2). The text does not explicitly link Article 43 to Article 46(2).

• Other Specific References:

  • Article 12(1) (Single information points).
  • Article 17(12) (Recognition arrangements).
  • Article 29(3) (Risk assessment methodology).
  • Article 34(4) (EuroCloud participation).
  • Article 35(6) (EuroCloud technical measures).
  • Article 36(4) (EuroCloud fees).
  • Article 40(5) (Procurement fees).

Implications for Compliance

For in-house counsel, the reliance on the examination procedure means that the core legal obligations in CADA are often "skeletons" until fleshed out by these implementing acts. The examination procedure ensures that Member States have a say in these details, which can lead to delays or modifications based on national interests. However, once adopted, these acts are binding.

Counsel should:

1. Monitor the CADA Committee: Track the agenda and votes of the committee assisting the Commission under Article 46.
2. Prepare for Audit Standards: Focus on Article 17(12) implementing acts, as they will define the evidence required for Union assurance levels 2, 3, and 4.
3. Budget for Fees: Monitor the fee-related implementing acts under Articles 36 and 40, as these will impact the total cost of ownership for public sector cloud services.
4. Align Risk Assessments: Use the methodologies defined in Article 29(3) implementing acts to guide internal risk assessments for cloud procurement, ensuring alignment with EU-wide standards.

What this means for you

For in-house counsel and compliance officers, the examination procedure under Article 46(2) is not just a bureaucratic formality; it is the mechanism through which the CADA's technical requirements become enforceable law. You must anticipate that the Commission will issue a series of implementing acts that will define the precise steps for compliance.

• Audit Readiness: The implementing acts under Article 17(12) will likely introduce standardized audit templates and evidence requirements. Begin preparing your internal documentation to align with emerging EU standards for cloud sovereignty, particularly regarding data localization, personnel screening, and third-country control.
• Procurement Strategy: The risk assessment methodologies under Article 29(3) will dictate which cloud services are permissible for public sector activities. If you are a provider targeting the public sector, ensure your services can be mapped to the assurance levels defined in these acts.
• Cost Management: The fee structures defined under Articles 36 and 40 will impact the financial modeling of public sector cloud projects. Engage with your public sector clients early to understand how these fees will be recovered and factored into contract pricing.
• Monitoring: Subscribe to updates from the CADA committee. The examination procedure can be slow, and early insight into draft acts will give you a competitive advantage in adapting your compliance programs.

Common misconceptions

• Misconception: The examination procedure allows Member States to veto any implementing act.
  • Reality: Member States can only block an act if they achieve a qualified majority against it. If the committee delivers no opinion, the Commission can still adopt the act, subject to the appeal committee.
• Misconception: Implementing acts are optional guidelines.
  • Reality: Implementing acts adopted via the examination procedure are legally binding and directly applicable, just like the Regulation itself. Failure to comply with an implementing act can result in penalties under Article 24 of CADA.
• Misconception: The examination procedure is used for all CADA acts.
  • Reality: CADA also uses delegated acts (Article 45) for certain amendments (e.g., updating Annex II criteria), which are subject to a different control mechanism involving the European Parliament and the Council. Only the acts explicitly referencing Article 46(2) use the examination procedure.

Related

• What are CADA implementing acts and how does the examination procedure work?
• CADA Implementing Acts: Which Rules Will Be Set by Secondary Legislation?
• CADA Delegated Acts: The Article 45 Procedure Explained
• Delegated vs implementing acts in CADA: what's the difference?
• CADA Secondary Legislation: What Remains to be Defined by Delegated and Implementing Acts?

This is general information about a draft EU regulation, not legal advice.