Summary The proposed Cloud and AI Development Act (CADA) establishes a four-tiered "Union assurance level" framework to shield EU public sector activities from third-country laws, such as the US CLOUD Act. Levels 1 and 2 permit providers to be subject to third-country control only if they implement rigorous legal, technical, and organisational safeguards against foreign data access, service disruption, and the enforcement of extraterritorial sanctions. Levels 3 and 4 largely exclude third-country control entirely; Level 3 offers a narrow, conditional derogation for "associated" third countries meeting strict criteria, while Level 4 imposes a blanket prohibition. Higher tiers further mandate Union citizenship for personnel, strict data localisation, and enhanced supply chain transparency to guarantee operational autonomy.

Detail

The proposed Cloud and AI Development Act (CADA), as set out in COM(2026) 502 final, establishes a "Union cloud computing sovereignty framework" comprising four Union assurance levels (Article 16). These levels are designed to mitigate risks arising from the extraterritorial application of third-country laws, ensuring that public sector bodies and Union entities can preserve public order and operational autonomy. The specific criteria for each level, particularly regarding third-country control, are detailed in Annex II of the proposal.

Levels 1 and 2: Managed Foreign Control with Safeguards

Union assurance levels 1 and 2 acknowledge that some cloud providers may be subject to third-country control or established in third countries, provided they can demonstrably neutralise the associated risks through specific safeguards.

Union Assurance Level 1: The Baseline At this baseline level, the primary focus is on Union establishment and data localisation, with a specific, limited check on foreign law regarding vulnerabilities.

  • Third-Country Control: A provider subject to third-country control must guarantee that no existing laws or practices in that third country require the provider to report information on software vulnerabilities to foreign authorities prior to those vulnerabilities being known to have been exploited (Annex II, 1.1(g)).
  • Limitations: Level 1 does not explicitly mandate the comprehensive suite of measures against general data access, service disruption, or sanctions enforcement found in higher levels. It relies heavily on the provider's establishment in the Union and the localisation of data, unless the public sector body explicitly requires otherwise.

Union Assurance Level 2: Active Mitigation of Foreign Control Level 2 introduces a robust set of mandatory safeguards for providers subject to third-country control. Under Annex II, 2.1(g), if the provider or its subcontractors are controlled by a third country, they must implement legal, technical, and organisational measures to ensure four specific outcomes:

  1. Operational Autonomy: The third-country control must not restrain or restrict the provider's ability to perform and deliver the service, impose limitations on the required infrastructure, assets, or personnel, or undermine the capabilities necessary to perform the service.
  2. Data Access Prevention: Access by the third country or its legal entities to customer data must be prevented.
  3. Service Continuity: The possibility of disruption of service continuity or degradation of service quality by the third country must be prevented.
  4. Sanctions Compliance: The provider must not be obliged to implement, enforce, give effect to, or comply with restrictive measures (such as sanction regimes or embargoes) adopted by the third country, unless such measures are legitimate under the national laws of Member States or Union law.

Additionally, Level 2 mandates that technical and operational support be initiated and performed exclusively within the Union (Annex II, 2.1(h)). It also requires strict software supply chain measures, including a complete Software Bill of Materials (SBOM) and controls to block remote features that could materially tamper with or disrupt the system (Annex II, 2.1(i)).

Levels 3 and 4: Exclusion of Third-Country Control

Union assurance levels 3 and 4 are designed for high-sensitivity use cases where the risk of third-country interference is unacceptable. The default position for these levels is the exclusion of third-country control.

Union Assurance Level 3: The Conditional Derogation The default criterion for Level 3 is that the audited provider and its subcontractors must not be subject to the control of a third country or a legal entity established in a third country (Annex II, 3.1(g)).

Derogation for Associated Third Countries: However, Article 18 of CADA provides a mechanism for the Commission to designate specific third countries as "associated" for Level 3 purposes. A provider subject to control by such a designated third country may still be audited for Level 3 if the third country meets cumulative criteria, including:

  • It is subject to a relevant adequacy decision under Article 45 of the GDPR.
  • It has no measures enabling control over the provider that conflict with lawful access to non-personal data.
  • It has no measures compelling the provider to degrade or disrupt service continuity.
  • It has no measures obliging the provider to comply with restrictive measures (sanctions/embargoes) unless legitimate under Union law.
  • It maintains an open market to Union cloud services and grants equivalent access to public procurement.

If this derogation applies, the provider must still demonstrate measures ensuring that third-country control does not restrict service delivery, prevent data access, or disrupt service continuity (Annex II, 3.1(g)(i)-(iv)). Furthermore, Level 3 mandates that all personnel involved in service provision are Union citizens (with security clearances where necessary) and that technical/operational support is performed exclusively by Union residents not subject to third-country control (Annex II, 3.1(d) and 3.1(h)).

Union Assurance Level 4: The Strict Prohibition Level 4 imposes the strictest requirements and offers no derogation for third-country control.

  • No Third-Country Control: The audited provider and its subcontractors must not be subject to the control of a third country or a legal entity established in a third country (Annex II, 4.1(g)).
  • Personnel: All personnel must be Union citizens and, where appropriate, hold necessary national security clearances (Annex II, 4.1(d)).
  • Support: Technical and operational support must be performed exclusively within the Union by Union residents not subject to third-country control (Annex II, 4.1(h)).
  • Supply Chain Control: Providers must demonstrate effective control over software components, ensuring that a third country does not hold or exercise effective control over the design, development, maintenance, and evolution of those components (Annex II, 4.1(i)).

Protection Against Foreign Data Access and Disruption

Across all levels, CADA aims to protect against the extraterritorial reach of foreign laws (such as the US CLOUD Act) through specific data and operational mandates.

  • Data Localisation: Levels 2, 3, and 4 require that customer data, including metadata and telemetry, remain exclusively within the Union unless the public sector body explicitly requires otherwise (Annex II, 2.1(c), 3.1(c), 4.1(c)).
  • AI Training Data: Levels 2, 3, and 4 explicitly prohibit the use of data generated by the service to train or fine-tune any AI system operated by a third country or its legal entities, and prohibit transferring such data outside the Union in any case (Annex II, 2.1(f), 3.1(f), 4.1(f)).
  • Operational Resilience: Levels 2, 3, and 4 require specific measures to prevent third countries from disrupting service continuity or degrading service quality, directly addressing the risk of unilateral service termination by foreign actors.

What this means for you

For in-house counsel, compliance officers, and public procurement teams, understanding these tiers is critical for risk management and strategic sourcing.

  1. Risk Assessments Determine the Tier: Under Article 29, Member States and Union entities must conduct risk assessments to determine which Union assurance level (2, 3, or 4) is appropriate for their activities. Level 1 is the default for non-critical activities. Activities contributing to the preservation of public order in sectors like national security, defence, justice, or law enforcement will likely require Levels 2, 3, or 4.
  2. Procurement Obligations: Article 30 mandates that contracting authorities procure services meeting the minimum assurance level determined by their risk assessment. For public order-relevant activities, they must only procure services recognised as offering Levels 2, 3, or 4.
  3. Vendor Due Diligence: When evaluating cloud providers, you must verify their recognition status in the central repository (Article 22). For Levels 2–4, this involves reviewing independent audit reports. Pay close attention to the provider's ownership structure. If a provider is foreign-controlled, verify that they have implemented the specific safeguards required by Annex II for their claimed level. For Level 3, check if the Commission has adopted an implementing act under Article 18 for the relevant third country.
  4. Penalties and Remedies: Article 24 requires Member States to impose effective, proportionate, and dissuasive penalties for infringements. While CADA sets the framework, national laws will define specific fines. Non-compliance by providers can lead to the revocation of their assurance level recognition, immediately impacting their ability to serve the public sector. Recipients of services also have the right to seek compensation for damage caused by such infringements.
  5. Transition Planning: If a risk assessment requires migration to a higher assurance level, Article 29(6) allows for a reasonable transition period not exceeding 12 months. Plan migrations early to ensure business continuity and avoid service gaps.

Common misconceptions

"Level 1 provides full sovereignty protection." No. Level 1 is a baseline. It requires Union establishment and data localisation but allows for third-country control without the stringent operational autonomy, data access prevention, and sanctions-compliance measures required at Levels 2–4. It is suitable for non-critical public sector activities but not for those involving sensitive data or public order concerns.

"Third-country providers are banned from Levels 3 and 4." Not entirely. Level 3 allows for a derogation if the Commission designates a third country as "associated" under Article 18, provided strict criteria are met (including GDPR adequacy and no conflicting laws). Level 4, however, strictly prohibits third-country control with no exceptions.

"GDPR adequacy is enough for Level 3." While an adequacy decision is a prerequisite for a third country to be considered for the Level 3 derogation, it is not sufficient on its own. The third country must also demonstrate no measures for data access, service disruption, or sanction enforcement that conflict with Union interests, as detailed in Article 18.

"Open-source software eliminates third-country risk." While CADA promotes open source (Article 41), Annex II requires specific controls for open-source components used in Levels 2–4. Providers must demonstrate measures to prevent remote features or mechanisms that could tamper with or disrupt the system, regardless of the software's licence.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.