Summary The proposed Cloud and AI Development Act (CADA) and the Apply AI Strategy are complementary pillars of the EU's digital sovereignty agenda. As proposed, CADA provides the regulatory and infrastructural foundationβ€”specifically through compute capacity expansion, sovereign cloud assurance levels, and public procurement rulesβ€”while the Apply AI Strategy defines the high-level policy objectives for AI adoption across strategic sectors. CADA "underpins" the Strategy by ensuring that public and private entities have access to trusted, sustainable, and sovereign computing resources necessary to deploy AI at scale. The Commission's explanatory memorandum explicitly states that CADA supports the Apply AI Strategy's objectives by tackling cross-cutting challenges in AI development and deployment.

Detail

The relationship between the proposed Cloud and AI Development Act (CADA) and the Apply AI Strategy is one of structural support and operational alignment. While the Apply AI Strategy, communicated by the European Commission in October 2025, outlines a roadmap to harness AI's transformative potential across key industry sectors and the public sector, CADA establishes the legal and technical framework required to make that adoption feasible, secure, and sovereign.

As stated in the explanatory memorandum of CADA, the proposal "underpins" the objectives of the Apply AI Strategy by introducing targeted measures aimed at supporting the development and deployment of cloud and AI, increasing access to compute capacity, and building trust in cloud computing services. The Apply AI Strategy focuses on boosting adoption and tackling cross-cutting challenges in AI development, whereas CADA addresses the supply-side bottlenecksβ€”such as data centre capacity deficits and reliance on non-European cloud providersβ€”that could otherwise hinder that adoption.

Strategic Alignment and "Grand Challenges"

CADA operationalizes the goals of the Apply AI Strategy through its "Cloud and AI Leadership Initiatives." Article 3 of CADA sets out the general objective of these initiatives, which include stimulating demand and promoting the deployment of cloud and AI technologies across the public and private sectors. This is directly linked to the "grand challenges" defined in Annex I of CADA, which are large-scale, cross-sectoral initiatives addressing strategic technological challenges.

For instance, Grand Challenge 5 focuses on "Industrial AI," aiming to accelerate the development and uptake of sectoral AI models in strategic industrial sectors. This aligns with the Apply AI Strategy's focus on sectors such as healthcare, transport, manufacturing, and energy. Similarly, Grand Challenge 8 targets "Public Sector AI," developing models based on high-quality data for critical domains like healthcare, public administration, and crisis management. These challenges serve as the mechanism through which CADA translates the high-level ambitions of the Apply AI Strategy into concrete research, innovation, and deployment projects.

Compute Capacity and Infrastructure

A core tenet of the Apply AI Strategy is the need for robust digital infrastructure to support AI workloads. CADA addresses this by setting a framework for the accelerated deployment of data centres across the Union. Article 10 requires Member States to designate "data centre acceleration zones" to facilitate the rapid deployment of capacity, while Article 15 mandates the Commission to monitor the compute capacity gap. By aiming to triple EU data centre capacity within five to seven years, CADA ensures that the computational resources required by the Apply AI Strategy's initiatives are physically available and geographically balanced within the EU, reducing latency and dependency on external infrastructure.

Sovereignty and Trust

The Apply AI Strategy emphasizes technological sovereignty, and CADA provides the tools to achieve it. Article 16 of CADA establishes a Union cloud computing sovereignty framework with four assurance levels. This framework allows public sector bodies to assess and procure cloud services that meet specific sovereignty criteria, mitigating risks associated with third-country laws that may compel data access or service disruption. This is crucial for the Apply AI Strategy's goal of ensuring that AI development and deployment align with Union values and security standards.

Furthermore, Article 29 requires Member States and Union entities to conduct risk assessments to determine which public sector activities require higher levels of assurance (Levels 2, 3, or 4). This ensures that sensitive AI applications, particularly those in critical sectors like defence, justice, and healthcare, are hosted on infrastructure that guarantees operational autonomy and data confidentiality.

Public Procurement and Innovation

CADA also supports the Apply AI Strategy through its procurement provisions. Article 32 introduces "Union added value" criteria for public procurement of innovative cloud computing services and AI systems. This allows contracting authorities to favour solutions that strengthen the EU's digital supply chain, such as those using hardware or software designed in the Union. Article 33 further mandates that Member States monitor their procurement of innovation, with an objective that at least 25% of such procurement be awarded to innovative SMEs. These measures create a demand-side pull for European AI technologies, directly supporting the Apply AI Strategy's aim to boost the competitiveness of the EU's AI ecosystem.

Complementary Policy Instruments

CADA does not operate in isolation. It works alongside other instruments like the AI Act, which regulates the safety and fundamental rights aspects of AI systems, and the Data Act, which facilitates data access. The Apply AI Strategy acts as the strategic compass, identifying where AI should be deployed, while CADA builds the roads and vehicles to get there. The proposal is consistent with the Digital Decade Policy Programme, which sets targets for cloud adoption and edge node deployment, further reinforcing the integrated nature of these policy instruments.

What this means for you

For public-sector and procurement officers, understanding the interplay between CADA and the Apply AI Strategy is essential for future-proofing your organization's digital infrastructure and AI adoption plans.

  1. Align Procurement with Sovereignty Levels: When planning future cloud or AI procurements, you must consider the Union assurance levels defined in CADA. Article 30 mandates that contracting authorities whose activities contribute to public order (as identified in risk assessments under Article 29) must only procure cloud services recognized as offering Union assurance levels 2, 3, or 4. This means you cannot simply choose the cheapest or most feature-rich global provider if their sovereignty credentials do not meet the required level for your specific use case.
  2. Conduct Risk Assessments: You are required to conduct risk assessments under Article 29 to determine the sensitivity of your data and the criticality of your AI applications. These assessments will dictate the assurance level you need. For non-critical activities, Union assurance level 1 is the minimum requirement. For activities in sectors like healthcare, defence, or justice, higher levels will likely be mandatory.
  3. Leverage Union Added Value Criteria: In your tender documents for innovative AI systems or cloud services, you can and should include non-price award criteria that evaluate the tenderer's contribution to the European cloud and AI ecosystem (Article 32). This includes assessing whether the solution uses EU-designed hardware or software, or integrates technologies developed in the Union. This supports the broader goal of technological sovereignty.
  4. Monitor Innovation Procurement: Member States are encouraged to ensure that at least 25% of innovation procurement for cloud and AI is awarded to SMEs (Article 33). As a procurement officer, you should track your participation in these initiatives and report on SME involvement, as this data will be monitored by the Commission.
  5. Utilize the EuroCloud Federation: Consider participating in the European public sector cloud federation (EuroCloud Federation) established under Article 34. This platform facilitates the sharing of data centre and cloud computing services between public sector bodies, allowing you to access secure, sovereign capacity that might not be available through traditional commercial procurement.

Common misconceptions

Misconception 1: CADA replaces the Apply AI Strategy. CADA does not replace the Apply AI Strategy; it complements it. The Strategy remains the high-level policy document outlining objectives and priorities, while CADA provides the binding legal framework and funding mechanisms to achieve those objectives. They are designed to work in tandem.

Misconception 2: All cloud services must be "sovereign" under CADA. CADA does not mandate that all public sector cloud services must be at the highest sovereignty level. It introduces a tiered system (Union assurance levels 1–4). Most public services will only require Level 1, which involves a conformity self-assessment. Higher levels (2–4) are reserved for activities identified as contributing to public order through risk assessments.

Misconception 3: The Apply AI Strategy has legal force. The Apply AI Strategy is a communication from the Commission and does not have the binding force of law. CADA, as a proposed Regulation, would be binding in its entirety and directly applicable in all Member States once adopted. The Strategy sets the direction; CADA provides the legal teeth.

Misconception 4: CADA only applies to cloud providers. While CADA imposes obligations on cloud computing service providers (e.g., transparency, audits), it also places significant obligations on public sector bodies and contracting authorities. These include conducting risk assessments, applying sovereignty criteria in procurement, and monitoring innovation procurement.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.