Summary As proposed, the Cloud and AI Development Act (CADA) would treat a cloud service as "truly sovereign" only where it holds a verified Union assurance level confirming the EU retains effective control over data, infrastructure, and operations, free from the extraterritorial reach of third-country laws. This status is not self-declared for the higher tiers: it requires formal recognition by a national competent authority against strict, tiered Annex II criteria, from basic data localisation (level 1) to Union-citizen personnel and freedom from third-country control (levels 3 and 4). CADA is a proposal and not yet in force.
Detail
Under CADA, cloud sovereignty would move from marketing language to a legally defined set of technical, operational, and legal safeguards. The proposal frames current market dependence on non-European providers as exposing the Union to critical strategic dependencies, including the risk of unilateral data access or service disruption by third countries.
The legal rationale: control under Union jurisdiction
Recital 46 sets out the foundational logic. The Union "still remains critically dependent on a limited number of cloud computing service providers subject to the control of third countries or legal entities established in third-countries", which exposes it to "critical strategic dependencies and concentration risks, including vulnerabilities arising from the extraterritorial application of third-country laws", potential service disruptions, and "reduced control and oversight over personal and non-personal data and infrastructure." The recital concludes that the ability "to retain control over infrastructure, data, assets and technology systems under Union and national jurisdiction has become an imperative policy objective." This drives the Union cloud computing sovereignty framework in Article 16.
The four-tier assurance framework
Article 16 establishes a Union cloud computing sovereignty framework comprising four Union assurance levels (1 to 4), the criteria for which are set out in Annex II. Recital 52 frames it as "a proportionate framework to ensure that public order is preserved by maintaining control and agency by public-sector bodies", noting that "most public services would not require the highest levels of assurance."
Level 1 โ basic sovereignty. The baseline for public-sector procurement. The provider must be established in the Union; infrastructure and assets (including those of subcontractors involved in the service) must be located in the Union; and customer data, including metadata and telemetry, must remain exclusively within the Union โ in each case unless the public sector body explicitly requires otherwise. The provider must show compliance with state-of-the-art cybersecurity standards and give full transparency on subcontractors. Where it is under third-country control, it must guarantee that no laws in that country require reporting of software vulnerabilities to that country's authorities before they are known to have been exploited.
Level 2 โ enhanced sovereignty. Adds stricter controls on personnel and supply chains. The audited provider and the subcontractors involved must be established in the Union, and their infrastructure, assets, and personnel must be located in the Union. The service must obtain a European cybersecurity certificate of at least "substantial" assurance level (or, until such an EU scheme exists, an applicable national scheme or the highest applicable standards). Data generated by the service must not be used to train or fine-tune any AI system operated by a third country, and must not be transferred outside the Union. Where the public sector body determines it necessary, the provider must make available personnel meeting additional screening and Union-citizenship requirements. The provider must implement software-supply-chain measures, including an SBOM and controls to block remote features that could tamper with the service; and, where under third-country control, demonstrate that the control cannot restrict the service, access customer data, or disrupt continuity.
Level 3 โ high sovereignty. For more sensitive activities. The personnel involved, including subcontractors' personnel, must be Union citizens and, where appropriate, hold national security clearance for classified information. The provider and subcontractors must, in principle, not be subject to third-country control, unless the Commission has adopted the relevant implementing act for an associated third country (Article 18). Technical and operational support must be performed exclusively within the Union by personnel who are Union residents and by parties not under third-country control. Where the provider maintains a third-country subsidiary, it must demonstrate effective legal, technical, and organisational separation between the Union parent and that subsidiary.
Level 4 โ maximum sovereignty. For the most critical use cases. Personnel must be Union citizens with, where appropriate, national security clearance. Customer data identified through a risk assessment as sensitive must remain exclusively within the Union. The service must obtain a European cybersecurity certificate of at least "high" assurance level. There is an absolute prohibition on third-country control of the provider or its subcontractors, with no derogation. The provider must also retain effective control over software components, demonstrating that no third country holds effective control over their design, development, maintenance, and evolution.
The role of audits and recognition
Sovereignty under CADA is not self-assessed for levels 2โ4. Article 20 provides for assessment by independent auditing organisations against the Annex II criteria, resulting in an audit report and a "positive" or "negative" opinion. For level 1, the provider issues an EU statement of conformity based on a self-assessment (Article 19). Only after the national competent authority of establishment evaluates the evidence and the recognition takes effect across the Union (Article 17) is the service recorded in the Commission's central repository of recognised services (Article 22).
What this means for you
For cloud service providers and data-centre operators, CADA would turn sovereignty from a value proposition into a compliance regime.
1. Map your control structures. Scrutinise corporate governance and supply chain. If you are subject to third-country control (for example via shareholding or board composition), be ready to show that the control cannot be exercised to access EU customer data or disrupt service. For levels 3 and 4, third-country control is generally prohibited, save for the narrow Article 18 derogation at level 3.
2. Prepare for independent audits. Levels 2โ4 require independent third-party audits (Article 20). Maintain comprehensive documentation, including SBOMs, data-flow diagrams, and personnel records.
3. Segment your infrastructure. If you operate globally, implement effective legal, technical, and organisational separation between your Union operations and any third-country subsidiary (Annex II criterion (k) at levels 2โ4) โ including no privileged access for the subsidiary to Union production environments or customer data.
4. Align with procurement needs. Public-sector buyers would mandate specific levels based on Article 29 risk assessments. Level 1 is the minimum for non-public-order services; levels 2โ4 would be required for activities contributing to public order, national security, or defence.
Common misconceptions
"'Sovereign cloud' just means data stays in Europe." Data localisation is required at all levels but is not sufficient. CADA's concept also requires control over the operators of the service, the software running it, and the legal jurisdiction governing the provider. A service can keep data in the EU yet fail the criteria if it is controlled by a third-country entity that could compel data access.
"Any EU-based provider is automatically sovereign." An EU-established provider must still meet the specific criteria. At level 1, an EU provider under third-country control must guarantee that no foreign law forces premature vulnerability reporting; at higher levels, personnel citizenship and cybersecurity certification become mandatory.
"Sovereignty is a one-time certification." Recognition is ongoing. Providers must report any material changes that may affect their recognition (Article 23), and the evaluating authority may revoke recognition where a provider supplied incorrect or misleading information (Article 17(11)).
"The US CLOUD Act is the only threat." The CLOUD Act (ยง 2713) is a prime example of extraterritorial access, but the Annex II criteria address the absence of any third-country measures that could compel data access, service disruption, or degradation, regardless of the specific law or country.
Related
- CADA Sovereignty: Why Assessment is Per Service, Not Per Provider
- Why are Member State sovereign cloud labels fragmented? CADA's answer
- Sovereign cloud vs air-gapped cloud: the difference under CADA
- Sovereign cloud vs ordinary cloud: the difference under CADA
- What is sovereign compute for frontier AI under CADA?
This is general information about a draft EU regulation, not legal advice.