Summary Under the proposed Cloud and AI Development Act (CADA), Member States are required to monitor and report annually on their procurement of innovation in cloud computing services and AI systems. As mandated by Article 33(3), this yearly report must detail the size of participating economic operators, SME participation trends (including the number of contracts awarded, their share of total contract value as a percentage, and cross-border SME participation where available), and specific measures taken to improve SME access. This reporting mechanism feeds directly into national cloud and AI strategies and enables Commission oversight to ensure the EU meets its objective of awarding at least 25% of relevant innovation procurement to SMEs.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, establishes a robust framework to ensure that public procurement drives technological sovereignty and innovation. A critical component of this framework is Article 33, which imposes specific monitoring and reporting obligations on Member States regarding the procurement of innovative cloud computing services and AI systems. These provisions are designed to foster technological development, strengthen digital resilience, and ensure that public authorities can benefit from secure, efficient, and trustworthy digital solutions, with a particular focus on the inclusion of small and medium-sized enterprises (SMEs).

The Obligation to Monitor and Report

Article 33(1) explicitly states that "Member States shall monitor and report on their use of procurement of innovation in cloud computing services and AI systems." This is not a passive administrative task; it is a strategic requirement. Under Article 33(2), Member States must take appropriate measures to ensure that this monitoring and reporting actively identifies barriers to SME participation in procurement procedures.

The objective is twofold: first, to improve SME access to procurement markets; and second, to support the design of simplified, proportionate, and SME-friendly procurement strategies. This includes the division of contracts into lots where appropriate, promoting the participation of SMEs in innovation procedures foreseen under Directive 2014/24/EU, and encouraging pre-commercial procurement of cloud computing services and AI systems.

Specific Reporting Requirements Under Article 33(3)

The core of the reporting obligation is detailed in Article 33(3). Member States are required to inform the Commission on a yearly basis of specific, quantifiable information. This data is essential for the Commission to assess the effectiveness of the Union's strategy to boost domestic cloud and AI capabilities through public procurement.

The report must include the following three categories of data:

  1. Size of Economic Operators: The report must provide data on the size of the economic operators participating in such procurement. This allows for a granular understanding of the market landscape, distinguishing between micro, small, medium, and large enterprises to determine if larger entities are dominating or if a healthy mix of company sizes is present.
  2. SME Participation Trends: This is the most critical component of the report. Member States must provide detailed trends on SME participation, specifically including:
    • The number of contracts awarded to SMEs: A raw count of successful bids by SMEs.
    • The share of the total contract value: Expressed as a percentage, this metric indicates the financial weight of SME participation relative to the total procurement spend.
    • Cross-border SME participation: Where available, the share of cross-border SME participation must be reported. This metric is vital for assessing the functioning of the internal market and determining whether SMEs are successfully competing beyond their national borders, a key indicator of market integration.
  3. Measures Taken: Member States must report on the specific measures taken to improve SMEs' access to public procurement procedures. This qualitative data complements the quantitative metrics, allowing the Commission to understand how Member States are attempting to lower barriers. Examples might include training for procurement officers, the use of standardized templates, the implementation of the EU Open Source Solutions Catalogue, or the division of contracts into smaller lots.

Link to National Strategies and the 25% Target

The reporting requirement is inextricably linked to the broader strategic objectives of the CADA. Article 33(4) establishes a clear objective that Member States shall pursue: "at least 25% of their procurement for cloud computing services and AI systems be awarded to innovative SMEs."

To achieve this, Article 33(4) further mandates that Member States must include, in their national cloud and AI strategies (as required by Article 7), "plans on how they intend to achieve this objective." The yearly reports mandated by Article 33(3) serve as the primary mechanism for tracking progress toward this 25% target. By feeding this data back to the Commission, Member States enable EU-level oversight and allow for the identification of best practices or systemic barriers that may be hindering SME participation across the Union.

This creates a feedback loop: the national strategy sets the plan, the procurement actions generate the data, and the annual report measures the gap between the plan and reality. If the data shows that a Member State is consistently failing to meet the 25% target, the Commission can intervene with guidance or recommendations.

Supporting SME Access Beyond Reporting

Beyond mere data collection, Article 33(2) requires Member States to use the insights gained from monitoring to actively remove barriers. The CADA recognizes that SMEs often face disproportionate administrative burdens and lack the resources to navigate complex procurement processes. Therefore, the reporting framework is designed to highlight where these barriers exist so that targeted interventions can be made.

Furthermore, Article 33(5) obliges Union entities and contracting authorities to promote:

  • Preliminary market consultations: Engaging with the market before launching a tender to understand capabilities.
  • Matchmaking: Connecting public buyers with innovative solutions provided by European SMEs and start-ups.
  • Favorable contract clauses: Developing public contract clauses that are favorable for innovative SMEs.

The data reported under Article 33(3) helps validate whether these promotional activities are translating into actual contract awards. If a Member State reports high levels of matchmaking activity but low contract awards to SMEs, it signals a need to adjust the procurement strategy.

Commission Oversight and Guidance

The Commission plays a central role in overseeing this process. By receiving yearly reports from all Member States, the Commission can assess the overall effectiveness of the EU's strategy. If the data reveals that certain Member States are consistently failing to meet the 25% SME target or if cross-border participation remains low, the Commission can issue guidance to address these issues.

The reporting also feeds into the broader monitoring of the CADA's implementation. While Article 29 focuses on risk assessments for public order, the procurement data from Article 33 helps contextualize these assessments. For instance, if a Member State reports high levels of dependency on a single non-EU provider in its risk assessment, the Commission can correlate this with the procurement data to see if innovation procurement is being used effectively to diversify the supply chain and support European SMEs.

What this means for you

For public-sector bodies, procurement officers, and national authorities, the reporting requirements under Article 33 of the proposed CADA mean that data collection and analysis must become a standard, integrated part of the procurement workflow. You cannot simply award contracts and move on; you must track specific metrics related to the size of the winning bidders and their status as SMEs.

Key actions for procurement officers and national authorities:

  1. Integrate Data Collection: Ensure that your procurement management systems can capture and report on the size of economic operators (micro, small, medium, or large) and whether they are SMEs. You will need to distinguish between the number of contracts awarded and the total value of those contracts to calculate the percentage share.
  2. Track Cross-Border Participation: Where possible, identify if winning SMEs are from other Member States. While Article 33(3) notes this data is required "where available," procurement officers should make a genuine effort to collect this data, as it is a key indicator of the internal market's health.
  3. Document Measures Taken: Keep a detailed record of the specific steps your authority has taken to improve SME access. This might include breaking down contracts into smaller lots, using open-source solutions, providing targeted support to SMEs during the tender process, or conducting preliminary market consultations. You will need to report on these measures annually.
  4. Align with National Strategy: Ensure that your local procurement practices align with your Member State's national cloud and AI strategy. Since the national strategy must include a plan to achieve the 25% SME procurement target, your individual procurement decisions contribute directly to this national goal.
  5. Prepare for Annual Reporting: Be ready to submit this data to the relevant national authority, which will then compile it for the yearly report to the Commission. Accurate and timely reporting is essential for the Commission to provide effective guidance and support.

Common misconceptions

Misconception 1: Reporting is only about the final award. Many procurement officers believe that reporting only involves submitting data on who won the contract. However, Article 33(3) also requires reporting on the measures taken to improve SME access. This means you must document and report on the proactive steps you took during the procurement process to facilitate SME participation, not just the outcome.

Misconception 2: Cross-border data is optional and unimportant. While Article 33(3) states that cross-border SME participation data should be reported "where available," this does not mean it is unimportant. On the contrary, cross-border participation is a key indicator of the internal market's functioning. Procurement officers should make a genuine effort to collect this data, as it helps identify barriers to cross-border trade and can inform future policy adjustments.

Misconception 3: The 25% target is a strict mandatory quota for every contract. The 25% target for SME procurement is an objective that Member States shall pursue, not a strict quota that applies to every individual tender. It is an aggregate target for the Member State's overall procurement of cloud and AI innovation. However, procurement officers should still strive to design contracts in a way that facilitates SME participation, such as through lotting, to help meet this national objective.

Misconception 4: Only large procurements need to be reported. The reporting requirement applies to the procurement of innovation in cloud computing services and AI systems generally. While the focus is on innovation procurement, the data on SME participation should reflect the broader landscape of how SMEs are engaging with public sector cloud and AI needs. Excluding smaller procurements from your internal tracking could lead to an inaccurate picture of SME participation trends.

Related

This is general information about a draft EU regulation, not legal advice.