Summary The Cloud and AI Development Act (CADA), proposed as COM(2026) 502 final, is an EU legislative framework that would strengthen Europe's cloud and AI ecosystem — boosting compute capacity, reducing strategic dependence on non-EU providers, and safeguarding public order — by establishing the Cloud and AI Leadership Initiatives, accelerating data-centre deployment through designated zones, creating a four-tier cloud sovereignty framework for public procurement, and promoting open-source solutions and joint purchasing.

Detail

CADA is a proposal by the European Commission to strengthen Europe's cloud and AI ecosystem. Its full title is "Proposal for a Regulation of the European Parliament and of the Council establishing a framework for strengthening the cloud and AI ecosystem at Union level," and it was published on 3 June 2026 as COM(2026) 502 final. The proposal rests on a dual legal basis: Article 114 TFEU (harmonising the internal market) and Article 173(3) TFEU (industrial competitiveness and innovation).

Core objectives and structure Article 1 sets out the subject matter: a framework to strengthen the cloud and AI ecosystem, in particular by establishing the Cloud and AI Leadership Initiatives; setting a framework for accelerated data-centre deployment; enabling a sovereign cloud and AI offer to safeguard the Union's public order; reducing dependencies on critical technologies; and fostering cloud adoption across the public sector. Article 1 also states two general objectives: ensuring the conditions for the competitiveness and innovation capacity of the Union's cloud and AI ecosystem, and improving the functioning of the single market through a uniform legal framework that increases the Union's resilience and strategic autonomy.

Boosting compute capacity and innovation To address the EU's compute-capacity deficit, CADA would establish the Cloud and AI Leadership Initiatives (Article 3). These would support cutting-edge technologies, including next-generation resource-efficient data-centre technologies, open cloud computing stack technologies, frontier AI, and physical and industrial AI. Member States would adopt national cloud and AI strategies, consistent with the Regulation's objectives, within one year of entry into force (Article 7).

Accelerating data-centre deployment CADA would set a framework for accelerated data-centre deployment, introducing "data centre acceleration zones" where Member States streamline permitting and ensure sustainable development (Articles 10-13). The Commission's accompanying assessment aims to triple EU data-centre capacity over the next five-to-seven years and reach the needed capacity by 2035. The proposal also lets the Commission designate certain data-centre projects as "strategic projects" (Article 14) and monitor the capacity gap (Article 15).

Sovereignty and public procurement A central pillar is the "Union cloud computing sovereignty framework," which would establish four assurance levels for cloud-computing services (Article 16, Annex II). Following risk assessments (Article 29), contracting authorities whose activities are not identified as contributing to public order would use, as a minimum, Union assurance level 1 services; for activities identified as contributing to public order, they must only procure services recognised at level 2, 3, or 4 (Article 30). The framework targets risks such as unlawful third-country access to data, service disruption, and dependency vulnerabilities.

Reducing dependence on non-EU providers The proposal targets reliance on a limited number of non-EU hyperscalers. By harmonising sovereignty criteria and levelling the playing field for European providers, CADA aims to increase the market share of EU-based providers. It also promotes open-source solutions (Articles 41-43) and establishes a European public sector cloud federation, the "EuroCloud Federation" (Article 34), to facilitate sharing of secure, resilient public-sector cloud and data-centre services.

What this means for you

For public-sector and procurement officers, CADA as proposed would change how cloud and AI services are sourced and managed.

  • Mandatory sovereignty assessments. You would conduct risk assessments (Article 29) to determine the appropriate Union assurance level, weighing data sensitivity and criticality to public order.
  • Updated procurement criteria. Procurement procedures would have to reflect the sovereignty framework — specifying minimum assurance levels and, for innovative services, applying "Union added value" criteria (Article 32).
  • National strategy alignment. Your cloud strategy would need to align with your Member State's national cloud and AI strategy, to be adopted within one year of entry into force (Article 7).
  • Open-source promotion. There is a strong push toward open-source solutions; procurement officers should weigh open standards and components to support sovereignty and reduce vendor lock-in.
  • EuroCloud Federation participation. You may opt to join the EuroCloud Federation on a voluntary basis to share secure public-sector cloud and data-centre services across the EU.

Common misconceptions

  • CADA replaces the AI Act. CADA and the AI Act are complementary but distinct. The AI Act addresses the safety, fundamental-rights impact, and market placement of AI systems; CADA addresses the underlying cloud infrastructure, compute capacity, and sovereignty.
  • All cloud services must be EU-owned. CADA would not ban non-EU providers. It creates a tiered system in which third-country providers can still be used if they meet specific criteria (for example, the Article 18 route to Union assurance level 3) and pass the required audits.
  • CADA is only about hardware. Data-centre deployment is one component, but CADA also covers software stacks, open-source development, procurement, and AI research initiatives.
  • Sovereignty criteria are fixed. The Commission is empowered to amend the Annex II criteria by delegated act and must review Annexes II and III at least every 18 months to reflect legal and technical developments (Article 16).

Official sources

Related

This is general information about a draft EU regulation, not legal advice.