What procurement monitoring and reporting does CADA require of Member States?

Summary Under Article 33 of the proposed Cloud and AI Development Act (CADA), Member States would be required to monitor and report annually to the European Commission on their use of innovation procurement for cloud computing services and AI systems. This obligation establishes a "lean reporting framework" focused on three key data points: the size of participating economic operators, SME participation trends (including contract values and cross-border shares), and measures taken to improve SME access. Crucially, Article 33(4) mandates that Member States pursue an objective where at least 25% of such innovative procurement is awarded to SMEs. To ensure this is actionable, Member States must integrate specific plans to achieve this target into their national cloud and AI strategies under Article 7.

Detail

As proposed in COM(2026) 502 final, the Cloud and AI Development Act (CADA) introduces a targeted demand-side mechanism to foster a competitive European cloud and AI ecosystem. While much of the regulation focuses on sovereignty and assurance levels, Article 33, titled "Monitoring of procurement of innovation in cloud and AI," addresses the structural barriers that often prevent smaller, innovative European providers from accessing public markets.

The Monitoring and Reporting Obligation

Article 33(1) explicitly mandates that "Member States shall monitor and report on their use of procurement of innovation in cloud computing services and AI systems." This is not a passive data collection exercise; it is a proactive duty to track how public funds are deployed to drive technological development and digital resilience.

The regulation establishes a "lean reporting framework" designed to avoid excessive administrative burdens while providing the Commission with the granular data necessary to assess the effectiveness of the regulation's demand-side measures. Under Article 33(3), Member States must inform the Commission, on a yearly basis, of three specific categories of information:

1. Size of Economic Operators: Member States must report on the size of the economic operators participating in such procurement procedures. This allows for a detailed view of market participation across different company sizes, distinguishing between micro, small, medium, and large enterprises.
2. SME Participation Trends: This is the core metric of the reporting framework. Member States must report:
   • The number of contracts awarded to SMEs.
   • The share of the total contract value awarded to SMEs, expressed as a percentage.
   • Where available, the share of cross-border SME participation. This metric is critical for assessing whether CADA's sovereignty goals are translating into genuine opportunities for smaller, European-based providers to operate across borders, rather than just within their home markets.
3. Measures Taken: Member States must report on the specific measures taken to improve SMEs' access to public procurement procedures. This encourages transparency regarding how national authorities are actively removing barriers and facilitating market entry.

The Lean Reporting Framework and National Strategy Links

The "lean" nature of this framework is defined by its focus on high-impact indicators rather than exhaustive transactional data. The goal is to identify systemic issues without bogging down public administrations in paperwork.

However, the reporting mechanism is inextricably linked to the broader strategic planning obligations set out in Article 7 of the proposal. Article 7 requires Member States to establish national cloud and AI strategies within one year of the Regulation's entry into force. These strategies must include measures to support public procurement measures set out in Article 33 (see Article 7(2)(f)).

Article 33(4) introduces a specific, quantitative policy objective: "Member States shall pursue as objective that at least 25% of their procurement for cloud computing services and AI systems be awarded to innovative SMEs."

To ensure this objective is not merely aspirational, Article 33(4) further requires that Member States include, in their national strategies referred to in Article 7, "plans on how they intend to achieve this objective." This creates a direct feedback loop:

• Strategy (Article 7): Member States must draft a plan detailing how they will reach the 25% target.
• Monitoring (Article 33): Member States must annually report on their progress against this plan.
• Adjustment: The annual reports allow the Commission and Member States to identify if the current strategies are failing and to adjust measures accordingly.

Purpose: Identifying Barriers and Designing Solutions

The underlying purpose of these monitoring and reporting requirements is outlined in Article 33(2). Member States must take appropriate measures to ensure that the monitoring and reporting are actively used to:

• Identify barriers to SMEs' participation in procurement procedures.
• Improve access of SMEs to procurement markets.
• Support the design of simplified, proportionate, and SME-friendly procurement strategies, including the division into lots where appropriate.
• Promote the participation of SMEs in the innovation procedure foreseen under Directive 2014/24/EU and pre-commercial procurement of cloud computing services and AI systems.

By mandating this analytical use of data, CADA aims to transform procurement from a purely transactional exercise into a strategic tool for ecosystem building. The regulation further empowers Union entities and contracting authorities to promote preliminary market consultations, matchmaking between public buyers and innovative European SMEs, and the development of public contract clauses favorable to innovative SMEs (Article 33(5)).

Distinction from Article 32 (Union Added Value)

It is vital to distinguish the monitoring obligations of Article 33 from the award criteria requirements of Article 32.

• Article 32 requires contracting authorities to include non-price award criteria that evaluate the tenderer's contribution to the development of a European cloud and AI ecosystem (e.g., use of hardware designed in the Union, integration of Union technologies). It dictates how contracts should be evaluated to favor European value.
• Article 33 dictates how the outcomes of these evaluations—and the broader procurement landscape—should be tracked and reported. It ensures that the pursuit of "Union added value" does not inadvertently exclude smaller players. While Article 32 focuses on the quality of the tender, Article 33 focuses on the diversity of the market participants, specifically ensuring that SMEs are not excluded by overly complex or large-scale procurement processes.

What this means for you

For in-house counsel, compliance officers, and procurement professionals in public sector bodies or entities acting as contracting authorities, Article 33 imposes indirect but significant operational changes. While the direct reporting obligation falls on Member States, public bodies are the primary source of the data.

1. Data Granularity and System Upgrades

Ensure your procurement systems can capture and report on the "size" of economic operators. You must be able to distinguish between SME and non-SME contracts and calculate the share of total contract value awarded to SMEs. If your current procurement software does not tag vendors by size (e.g., based on the definitions in Article 2(8) and Article 2(9)) or separate innovation procurement streams from standard maintenance contracts, you may face significant manual work to comply with national reporting requirements derived from Article 33.

2. National Strategy Alignment and the 25% Target

Review your national government's cloud and AI strategy. Article 33(4) requires national plans to achieve the 25% SME award target. As a public buyer, you may be subject to national implementing measures or guidelines designed to hit this target. Your procurement strategies, particularly regarding lot division (splitting large contracts into smaller, manageable pieces) and the use of innovation procedures, should be aligned with these national plans. Failure to align could result in your procurement activities being flagged as barriers to the national objective.

3. Documentation of Barriers

Article 33(2) requires that monitoring be used to identify barriers. Maintain records of why certain SMEs may not have participated or won contracts. This documentation may be requested by national authorities as part of their reporting to the Commission. Proactive documentation of market feedback and participation hurdles will be essential for the "lean reporting" process.

4. Innovation Procurement Procedures

Pay close attention to the use of innovation partnerships and pre-commercial procurement. Article 33 specifically mentions these procedures as key areas for SME promotion. Ensure your processes for these types of procurements are designed to be SME-friendly, as this is a key focus of the monitoring framework. The regulation explicitly encourages the use of simplified procedures and the division of contracts into lots to facilitate SME participation.

Common misconceptions

Misconception 1: Article 33 imposes a strict 25% quota on all cloud and AI procurement. Correction: Article 33(4) states that Member States shall "pursue as objective" that at least 25% of procurement for cloud computing services and AI systems be awarded to innovative SMEs. This is a policy objective to be pursued, not a rigid, legally enforceable quota for every individual tender. However, the requirement to include plans in national strategies to achieve this objective makes it a serious policy target that will likely influence national enforcement, guidance, and the design of procurement frameworks.

Misconception 2: The reporting burden is placed directly on individual contracting authorities. Correction: The direct obligation to report to the Commission under Article 33(3) falls on "Member States." Individual public authorities will likely report to their national competent authorities or central purchasing bodies, which then aggregate the data. However, the quality and availability of this data depend entirely on the reporting capabilities of the individual contracting authorities. If a public body cannot provide the data, the Member State cannot fulfill its obligation.

Misconception 3: This applies to all public procurement of IT services. Correction: Article 33 specifically targets "procurement of innovation in cloud computing services and AI systems." It does not necessarily apply to routine, non-innovative IT maintenance, legacy system upgrades, or standard hardware purchases unless they fall within the specific definitions of cloud computing services or AI systems as defined in Article 2 of the proposal and are procured under innovation procedures.

Misconception 4: CADA replaces the Public Procurement Directives. Correction: CADA supplements the Public Procurement Directives (specifically Directive 2014/24/EU). Article 33 works in conjunction with existing EU procurement law, particularly regarding innovation partnerships and pre-commercial procurement. It adds a layer of monitoring and strategic planning specific to cloud and AI sovereignty goals, rather than replacing the core procedural rules of the Directives.

Related

• Does CADA require defence procurement to use EU-only cloud providers?
• When must public administrations comply with CADA? Entry into force, strategies and procurement deadlines
• CADA Article 32: What is the Union added value criterion in public procurement?
• What is the minimum cloud assurance level for public-sector procurement under CADA?
• CADA Common Procurement: How the Commission Acts as a Central Purchaser

This is general information about a draft EU regulation, not legal advice.