Summary The Interoperable Europe Act (IEA), Regulation (EU) 2024/903, is the EU's legal framework for ensuring digital public services work seamlessly across borders. As proposed, the Cloud and AI Development Act (CADA) references the IEA to anchor two critical elements: the definition of an 'open source licence' and the hosting location of the EU Open Source Solutions Catalogue (EU OSS Catalogue). Specifically, Article 2(25) of CADA adopts the IEA's definition, while Article 43(2) mandates that the catalogue be hosted on the Interoperable Europe portal established by the IEA. For public sector bodies, this means CADA's open-source obligations are not standalone; they are structurally integrated into the existing EU public sector interoperability framework.

Detail

To understand the operational mechanics of CADA's open-source provisions, one must first understand its reliance on the Interoperable Europe Act (IEA). The IEA (Regulation (EU) 2024/903) establishes a comprehensive framework for digital interoperability across the Union's public sector. Its primary objective is to prevent digital silos, reduce administrative costs, and ensure that public services can exchange data and function effectively across Member States.

CADA, currently a proposal (COM(2026) 502 final), does not operate in a regulatory vacuum. Instead, it explicitly leverages the IEA to create a cohesive ecosystem for public sector technology. This relationship is not merely philosophical; it is codified in specific articles that tie CADA's definitions and infrastructure directly to the IEA's legal text and technical portals.

1. Defining "Open Source Licence" via Cross-Reference

CADA relies on the IEA for its foundational legal definitions to ensure consistency across EU digital legislation. Article 2 of the CADA proposal, which sets out definitions, specifically addresses the term 'open source licence'.

Under Article 2(25) of the CADA proposal, an 'open source licence' is defined by direct reference to Article 2, point (12), of Regulation (EU) 2024/903 (the Interoperable Europe Act).

This cross-reference is legally significant for several reasons:

  • Uniformity: It prevents the creation of a fragmented or conflicting definition of "open source" within the cloud and AI sector. By adopting the IEA's definition, CADA ensures that any software classified as "open source" for the purposes of CADA's obligations (such as those in Article 41 regarding the promotion of open-source solutions) meets a single, EU-wide standard.
  • Legal Certainty: The IEA's definition is well-established within the context of public sector interoperability. It generally encompasses licences that permit users to run, study, change, and distribute the software, often with conditions that modified versions remain under the same licence terms.
  • Compliance Alignment: Compliance officers must verify that software intended for CADA compliance meets the specific criteria of the IEA. A licence that claims to be "open" but restricts modification or redistribution in ways that violate the IEA's definition would not qualify under CADA.

2. Hosting the EU Open Source Solutions Catalogue

The most operational and visible link between the two acts is the EU Open Source Solutions Catalogue (EU OSS Catalogue). Article 43 of the CADA proposal mandates that the Commission provide and maintain this centralised catalogue to facilitate access to software made available for reuse by Union entities and public sector bodies.

Crucially, Article 43(2) of the CADA proposal specifies the technical infrastructure for this catalogue:

"The EU OSS Catalogue shall be hosted on the Interoperable Europe portal referred to in Article 8 of Regulation (EU) 2024/903."

This integration serves multiple strategic purposes:

  • Centralisation: It prevents the fragmentation of open-source repositories. Instead of scattered, national, or departmental lists, CADA directs all relevant public sector software reuse to a single, authoritative hub managed under the IEA framework.
  • Interoperability by Design: By hosting the catalogue on the Interoperable Europe portal, CADA ensures that the metadata, search functionalities, and technical specifications of the listed software align with the IEA's interoperability standards. This facilitates the discovery and integration of software that is already compliant with broader EU digital standards.
  • Accessibility: The Interoperable Europe portal is designed to be accessible electronically free of charge. This ensures that the CADA-mandated catalogue is easily navigable for all public sector bodies, including smaller entities and those with limited technical resources.

3. The Public Sector Interoperability Framework

Beyond specific articles, the alignment between CADA and the IEA is rooted in the broader public sector interoperability framework. The IEA promotes the use of open standards, open specifications, and open-source components to build digital public services. CADA reinforces this by encouraging public sector bodies to use and facilitate the reuse of open-source solutions (Article 41 of CADA).

When CADA requires public bodies to share and reuse software (Article 42 of CADA), it mandates that this software be made available in a catalogue connected to the EU OSS Catalogue. Because that catalogue lives on the IEA portal, the software is inherently part of the broader interoperability ecosystem. This creates a synergistic effect: software developed or procured under CADA's incentives becomes part of the IEA's interoperable infrastructure, which in turn makes it more likely to be reused by other public bodies, furthering both acts' goals of efficiency, innovation, and strategic autonomy.

What this means for you

For in-house counsel, compliance officers, and IT strategists in the public sector or those providing services to the public sector, the intersection of CADA and the IEA creates specific obligations and strategic considerations.

1. Licence Verification and Due Diligence

Because CADA ties its definition of "open source licence" to the IEA, you must verify that any software you classify as open source for CADA compliance purposes actually meets the criteria set out in Regulation (EU) 2024/903.

  • Action: If you are developing or procuring software intended for reuse under Article 42 of CADA, ensure the licence allows for the necessary freedoms (use, study, change, distribute) as defined by the IEA.
  • Risk: Ambiguous or proprietary licences that claim to be "open" but restrict modification, redistribution, or commercial use may not qualify. Using such software could lead to non-compliance with CADA's reuse obligations and potential procurement challenges.

2. Catalogue Submission and Metadata Standards

If your organisation develops software that it holds intellectual property rights over and wishes to make available for reuse under an open-source licence, Article 42 of CADA requires you to do so via a catalogue connected to the EU OSS Catalogue.

  • Action: Since this catalogue is hosted on the Interoperable Europe portal, you must adhere to the portal's submission guidelines. This likely involves providing specific metadata, technical documentation, and interoperability statements that align with IEA standards.
  • Impact: Failure to provide accurate, interoperable metadata could hinder the discoverability and reuse of your software, undermining the policy goals of both acts and reducing the return on investment for public R&D.

3. Interoperability by Design

CADA encourages the use of open standards and open-source components (Article 41). The IEA provides the technical framework for what "interoperable" means in this context.

  • Strategy: When selecting or developing cloud and AI solutions, compliance teams should evaluate whether the software components are compatible with the IEA's interoperability building blocks.
  • Benefit: This is not just a technical preference; it is a strategic requirement for ensuring that public sector investments are sustainable, reusable, and not locked into proprietary ecosystems that may conflict with future EU mandates.

4. Monitoring Regulatory Updates

Both the IEA and CADA are evolving. The IEA is already in force, while CADA is a proposal.

  • Action: Compliance officers should monitor the implementation of the IEA, particularly regarding the development of the Interoperable Europe portal and the specific technical standards it adopts.
  • Future Outlook: As CADA is implemented, the Commission will issue implementing acts detailing how the EU OSS Catalogue will function on the IEA portal. Early familiarity with the IEA's infrastructure will position your organisation to comply with CADA's reuse and open-source obligations efficiently.

Common misconceptions

Misconception 1: CADA replaces the Interoperable Europe Act. No. CADA does not replace the IEA. Instead, it complements it. The IEA provides the overarching framework for digital interoperability and the technical portal. CADA focuses specifically on strengthening the cloud and AI ecosystem, using the IEA's infrastructure (the portal) and definitions (open source licence) to achieve its goals. They are separate regulations with distinct but overlapping objectives.

Misconception 2: Any software labelled "open source" automatically complies with CADA. No. CADA defines "open source licence" by referencing the IEA. Therefore, a licence must meet the specific criteria of Regulation (EU) 2024/903 to qualify. Some licences may be marketed as "open" but may contain restrictions that violate the IEA's definition (e.g., restrictions on commercial use or modification). Compliance officers must verify the licence text against the IEA's definition.

Misconception 3: The EU OSS Catalogue is a separate, standalone system. The EU OSS Catalogue is not a standalone system. It is hosted on the Interoperable Europe portal, as mandated by Article 43(2) of CADA. This means it is integrated into the broader IEA ecosystem. Users will interact with it through the IEA portal's interface, and its data standards will align with IEA requirements.

Misconception 4: Only large public bodies need to worry about the IEA-CADA link. While large bodies may have more resources, the IEA applies to all public sector bodies, and CADA's obligations for software reuse (Article 42) apply to Union entities and public sector bodies generally. Smaller entities must also ensure that any software they reuse or share complies with the open-source definitions and catalogue requirements linked to the IEA.

Related

This is general information about a draft EU regulation, not legal advice.