Summary Under the proposed Cloud and AI Development Act (CADA), the European Commission may act as a central purchasing body (CPB) for cloud, AI, and data centre services. For the specific contracts awarded by participating entities under these Commission-led frameworks, Article 39(2) of the proposal mandates that the procedural provisions applicable to Union institutions apply, rather than standard national procurement rules. Furthermore, Article 39(3) imposes a strict "pass-through" obligation: any contracting authority acting as an intermediary must ensure that downstream agreements with the bodies they serve strictly comply with the contractual requirements established in the original Commission contract. As proposed, this creates a harmonised, two-tier compliance model where the initial procurement is centralised, but the execution of specific contracts follows EU institutional procedures and preserves the integrity of the original terms.

Detail

The proposed CADA (COM(2026) 502 final) introduces a novel procurement architecture designed to leverage the collective purchasing power of the Union while ensuring legal certainty for Member States. This architecture is detailed in Title IV, Chapter IV, specifically within Article 39, which governs the "Applicable public procurement framework."

The Dual-Layer Compliance Model

The proposal distinguishes between the initial procurement procedure conducted by the Commission and the subsequent award of specific contracts by participating entities (Member State authorities, Union entities, or partner organisations).

1. Procedural Provisions for Specific Contracts (Article 39(2)) When a participating entity awards a specific contract under a framework agreement or a dynamic purchasing system (DPS) established by the Commission, it does not apply its own national procurement procedures. Instead, Article 39(2) explicitly states: "The procedural provisions applicable to Union institutions shall apply to the procedures for the award of specific contracts under framework contracts or dynamic purchasing systems."

This is a significant departure from standard public procurement practice. Normally, a national authority would apply national law transposing the EU Public Procurement Directives. Under the proposed CADA, the procedural rules shift to those governing the EU institutions themselves (primarily the Financial Regulation and its implementing rules). This ensures that the selection process for specific contracts remains consistent with the high standards of transparency, non-discrimination, and equal treatment applied at the Union level, preventing fragmentation across Member States.

2. The Mandatory Pass-Through of Terms (Article 39(3)) A critical safeguard in the proposal is the obligation to maintain the integrity of the original contract terms. Article 39(3) stipulates: "A contracting authority that has acquired data centre services, cloud computing services, software and AI systems from the Commission as a central purchasing body shall ensure, in its agreements with the contracting authorities it serves, compliance with any contractual requirements by which it is itself bound."

This provision creates a vertical chain of compliance. If the Commission negotiates specific data sovereignty clauses, cybersecurity standards, or open-source requirements with a provider, these terms are "locked in." A national authority acting as an intermediary cannot dilute these terms when reselling or providing the service to a local municipality, hospital, or school. The intermediary is legally bound to enforce the exact same requirements downstream. This prevents "term leakage" where critical sovereignty or security conditions might be lost in the distribution chain.

Legal Certainty and Exemptions

To facilitate the uptake of this mechanism, Article 39(1) provides a legal shield. It states that a participating entity is "deemed to have fulfilled its obligations under applicable Union public procurement law" when it acquires services through contracts awarded by the Commission under this Chapter. This deeming provision removes the need for national authorities to conduct a separate full procurement procedure, provided they adhere to the specific rules for awarding specific contracts (Article 39(2)) and the pass-through obligations (Article 39(3)).

Flexibility for Dynamic Purchasing Systems

The proposal also addresses the need for agility in the rapidly evolving cloud and AI markets through Article 39(5). It allows participating entities to request accession to a dynamic purchasing system (DPS) throughout its validity period, subject to a cap: the cumulative requests must not exceed 50% of the initial estimated quantities. This derogation from standard rules allows the system to scale as demand grows, provided the Commission approves the request within 10 working days. However, this flexibility is strictly limited to new acceding entities and does not alter the rights of those already participating.

What this means for you

For legal counsel, procurement officers, and compliance teams in public sector bodies, the proposed CADA requires a fundamental shift in contract management and procedural adherence.

  1. Shift in Procedural Law: When your authority awards a specific contract under a Commission-led framework, you must stop applying national procurement procedures. Instead, you must apply the procedural provisions applicable to Union institutions. Your teams must be trained on the Financial Regulation and the specific rules governing EU institutional procurement to avoid procedural invalidity.
  2. Strict Contractual Auditing: You must audit all downstream agreements. If your authority acts as a central purchasing body for subordinate bodies, you are legally required under Article 39(3) to ensure those downstream contracts mirror the requirements of your agreement with the Commission. You cannot negotiate weaker terms for end-users.
  3. Documentation of Compliance: To benefit from the legal shield in Article 39(1), you must document that your specific contract award followed Union institutional procedures and that your downstream agreements strictly comply with the original contractual requirements. This documentation is your primary defence against challenges regarding procurement law compliance.
  4. Dynamic Purchasing System Management: If you intend to join a Commission-led DPS, monitor the 50% cap on cumulative requests. Coordinate with other participating entities to ensure your request does not exceed this limit, which could block your participation.

Common misconceptions

"National procurement rules still apply to specific contracts." Reality: Article 39(2) explicitly displaces national rules for the award of specific contracts under Commission frameworks. The procedural provisions applicable to Union institutions apply instead.

"Contracting authorities can negotiate better or different terms for end-users." Reality: Article 39(3) prohibits this. Intermediaries must ensure compliance with any contractual requirements they are bound to. The terms are fixed by the Commission's original procurement and must be passed through unchanged.

"Any entity can join a dynamic purchasing system at any time without limits." Reality: Article 39(5) imposes a strict cap: cumulative requests for new participation cannot exceed 50% of the initial estimated quantities. This is a hard constraint on scalability.

"Using the Commission's procurement exempts you from all procurement law obligations." Reality: While Article 39(1) deems obligations fulfilled, this is conditional. You must still comply with the specific procedural rules for awarding specific contracts (Article 39(2)) and the pass-through requirements (Article 39(3)). Failure to follow these specific rules voids the exemption.

Related

This is general information about a draft EU regulation, not legal advice.