Summary Under the proposed Cloud and AI Development Act (CADA), Article 32 mandates that contracting authorities include specific non-price award criteria in public procurement procedures for innovative cloud computing services and AI systems. These criteria must evaluate a tenderer's contribution to the European cloud and AI ecosystem. As proposed, the four specific evaluation areas are: (a) strengthening the EU digital supply chain (including EU-designed/manufactured software and hardware); (b) integration of EU-developed technologies and Union-funded R&D results; (c) innovation that strengthens security of supply; and (d) the use of critical computing, storage, and networking hardware designed or manufactured in the Union. Crucially, these criteria must be ancillary and not decisive in the award of the contract, ensuring they complement rather than override technical and financial value.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, seeks to rebalance the EU's digital market by leveraging public procurement to reduce dependencies on third-country providers. While the Act establishes a sovereignty framework (Title IV, Chapter I) based on assurance levels, Article 32 introduces a distinct demand-side mechanism: the "Union added value" criterion. This provision transforms public procurement from a purely price-and-performance exercise into a strategic tool for industrial policy.

The Legal Mandate: Article 32(1) and (2)

Article 32(1) establishes a binding obligation: "In public procurement procedures for innovative cloud computing services and AI systems, contracting authorities shall include, as part of the quality evaluation of the tender, non-price award criteria that allow them to evaluate the tenderer's contribution to the development of a European cloud and AI ecosystem."

This mandate applies specifically to innovative procurements. It does not replace the general procurement rules but adds a layer of strategic evaluation. To prevent these criteria from distorting the internal market or violating the principle of equal treatment, Article 32(2) imposes strict procedural safeguards. Any non-price criteria applied must:

  • Be linked to the subject matter of the contract;
  • Not confer unrestricted freedom of choice on the contracting authority;
  • Be expressly set out in the procurement documents or the contract notice; and
  • Be ancillary and not decisive in the award of the contract.

The "ancillary and not decisive" requirement is the legal linchpin. It ensures that while Union added value is a factor, it cannot be the sole determinant of the winner. The primary award criteria must remain the most economically advantageous tender (MEAT) based on quality and price. Recital 67 of the explanatory memorandum suggests a practical ceiling for this weighting: contracting authorities "could consider a maximum weighting of 15 out of 120 points" for European added value, ensuring it remains subordinate to core performance criteria.

The Four Specific Criteria: Article 32(3)

Article 32(3) provides a non-exhaustive list of the specific dimensions contracting authorities must evaluate. While authorities may add other criteria, the text explicitly defines four pillars of Union added value:

1. Strengthening the Digital Supply Chain (Article 32(3)(a))

The first criterion evaluates "the extent to which the tenderer contributes to strengthening the digital technology supply chain in the Union, including the use of software or hardware designed or manufactured in the Union."

This provision targets the foundational layer of the technology stack. It moves beyond simple "made in Europe" labels to focus on the design and manufacturing origins of critical components. For software, this implies evaluating where the code is developed and maintained. For hardware, it assesses the origin of the physical components. The goal is to incentivize tenderers to source and develop within the EU, thereby reducing reliance on external supply chains that may be subject to geopolitical disruption.

2. Integration of EU Technologies and R&D Results (Article 32(3)(b))

The second criterion assesses "the extent to which the tenderer has integrated technologies developed in the Union, including research and development results stemming from Union funded research and development programmes and makes use of tools, such as standards, specification, software, models or other technology developed in the Union."

This creates a feedback loop between public investment in research and public procurement. It rewards providers who utilize the outputs of EU-funded programmes (such as Horizon Europe or the Digital Europe Programme). Furthermore, it explicitly values the adoption of EU-developed standards and specifications, promoting interoperability and reducing lock-in to proprietary, non-EU technical standards. This criterion encourages the ecosystem to build upon existing European intellectual property and technical frameworks.

3. Innovation for Security of Supply (Article 32(3)(c))

The third criterion evaluates "the innovation required to deliver the service contributes to strengthening the security of supply and the development of a European cloud and AI ecosystem."

Unlike the previous two criteria which focus on origin, this criterion focuses on impact. It requires authorities to assess whether the specific innovation proposed by the tenderer enhances the Union's strategic autonomy. Does the solution reduce a critical dependency? Does it introduce a new capability that was previously unavailable in the EU market? This links technical innovation directly to the broader policy objective of strategic autonomy and resilience against external shocks.

4. Critical Hardware Components (Article 32(3)(d))

The fourth and most specific criterion evaluates "the extent to which the service is delivered, to the greatest extent feasible with regard to market availability and technical requirements, through critical computing, storage and networking hardware components designed and/or manufactured in the Union."

This provision acknowledges the critical nature of the hardware layer (semiconductors, servers, networking gear) while introducing a necessary feasibility clause. Authorities must assess the use of EU-designed/manufactured hardware "to the greatest extent feasible." If EU hardware is not available or technically suitable, the criterion allows for hardware from a third country, provided that such components "contribute to strengthening the security of supply and the development of a European cloud and AI ecosystem." This ensures that the procurement does not stall due to supply shortages but still prioritizes the long-term development of the European industrial base.

Interaction with Other CADA Provisions

Article 32 operates alongside, but distinct from, the Union assurance levels (Article 16). While the assurance levels (L1–L4) determine eligibility based on sovereignty criteria (e.g., location of infrastructure, citizenship of personnel), Article 32 determines scoring based on industrial contribution. A provider could be eligible at Assurance Level 2 (meeting sovereignty criteria) but score higher on Union added value if they also demonstrate strong integration of EU R&D and supply chain localization.

Furthermore, Article 32 complements the risk assessment obligations under Article 29. While Article 29 determines which assurance level is required for a specific public order activity, Article 32 determines how to evaluate the quality of the tenderers competing for that contract.

What this means for you

For Public Sector Contracting Authorities

  • Mandatory Inclusion: You must include non-price criteria evaluating Union added value in all procurement procedures for innovative cloud and AI services. Omitting these criteria would be a breach of the proposed Regulation.
  • Drafting the Tender: Clearly define how you will measure "strengthening the supply chain" or "integration of R&D." Vague criteria risk legal challenges. Explicitly reference the four pillars of Article 32(3).
  • Weighting Strategy: Adhere to the "ancillary and not decisive" rule. As suggested in Recital 67, consider capping the weight of these criteria (e.g., 15/120 points) to ensure they do not override technical performance or price. Document your rationale for the weighting to demonstrate compliance with proportionality.
  • Feasibility Assessment: For the hardware criterion (32(3)(d)), be prepared to justify why EU hardware was or was not "feasible." This requires a market analysis prior to the tender launch.

For Cloud and AI Providers (Vendors)

  • Supply Chain Mapping: You must be able to prove the origin of your software and hardware. Prepare documentation showing where your code is written, where your servers are manufactured, and which components are designed in the EU.
  • R&D Integration: Highlight your use of EU-funded research results, European standards, and open-source tools developed in the Union. If you have participated in Horizon Europe or Digital Europe projects, make this a central part of your tender response.
  • Innovation Narrative: Do not just describe the technology; explain how it strengthens the EU's security of supply. Articulate how your solution reduces dependency on third countries or fills a gap in the European ecosystem.
  • Hardware Strategy: If you rely on non-EU hardware, be ready to demonstrate how your solution still contributes to the European ecosystem (e.g., through local assembly, integration, or R&D partnerships) and why EU alternatives were not feasible.

Timeline and Enforcement

  • Entry into Force: As proposed, CADA would enter into force 20 days after publication and apply one year later (Article 48). Authorities should begin updating their procurement templates immediately.
  • Penalties: While Article 32 does not list specific fines, Article 24 requires Member States to lay down rules on penalties for infringements that are "effective, proportionate and dissuasive." Non-compliance with Article 32 could lead to contract annulment, fines, or exclusion from future tenders.

Common misconceptions

"Union added value is the deciding factor."

  • Misconception: Providers with the highest EU content will automatically win.
  • Reality: Article 32(2)(d) explicitly states these criteria must be "ancillary and not decisive." They are a secondary quality factor. A provider with superior technical performance and lower price can still win even with a lower Union added value score, provided the criteria were applied fairly.

"Only EU-made hardware is acceptable."

  • Misconception: Using any third-country hardware disqualifies a bid.
  • Reality: Article 32(3)(d) includes a "greatest extent feasible" clause. If EU hardware is unavailable or technically unsuitable, third-country hardware is permitted, provided it contributes to the security of supply. The criterion is about maximizing EU content, not mandating 100% exclusivity where impossible.

"This applies to all cloud procurements."

  • Misconception: Every cloud service tender must use these criteria.
  • Reality: Article 32(1) limits the scope to "innovative cloud computing services and AI systems." Standard, non-innovative procurements (e.g., basic IaaS for office productivity) may not trigger this specific mandate, though other CADA provisions (like sovereignty levels) may still apply.

"It's just about hardware."

  • Misconception: The focus is solely on physical components.
  • Reality: The criteria are holistic. Article 32(3)(a) covers software design; (b) covers R&D results and standards; (c) covers innovation impact. Hardware is only one of four pillars.

Related

This is general information about a draft EU regulation, not legal advice.