Summary The proposed Cloud and AI Development Act (CADA) does not establish a single, centralized "EU Defence Cloud." Instead, it creates a targeted framework to foster the availability of highly secured computing infrastructures specifically for the training, testing and deployment of defence-related AI models and systems, as explicitly mandated in Recital 20. As proposed, Article 8 enables the Commission to designate "frontier AI priority projects" that can support defence capabilities, while Article 9 ensures these projects receive matched computing resources from the Union's high-performance computing capacity. This infrastructure is further supported by the network of Experience and Acceleration Centres for AI (Article 5) and must align with the strict Union Assurance Levels (Title IV) to safeguard public order and strategic autonomy.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, addresses the critical need for secure computing infrastructure in the defence sector not by constructing a monolithic government cloud, but by embedding sovereignty and security requirements into the broader EU AI and cloud ecosystem. The proposal recognizes that defence AI requires distinct levels of assurance, data confidentiality, and operational autonomy that standard commercial clouds may not guarantee.

The Explicit Mandate: Recital 20 and Defence AI Lifecycle

The most direct reference to defence AI infrastructure is found in Recital 20 of the proposal. This recital states:

"The Union should also foster the availability of highly secured computing infrastructures for the training, testing and deployment of defence-related AI models and systems."

This provision is not merely aspirational; it establishes a specific policy objective that informs the interpretation of the Act's operational measures. It acknowledges the unique lifecycle of defence AI, which demands:

  1. Training: Requires massive, secure compute clusters to process sensitive military data without exposure to third-country jurisdictions or extraterritorial legal risks.
  2. Testing: Needs isolated, sovereign environments to validate robustness against adversarial attacks and ensure safety without compromising operational security (OPSEC).
  3. Deployment: Demands resilient infrastructure capable of withstanding geopolitical shocks, ensuring operational continuity in crisis scenarios, and preventing service disruption by third-country actors.

By framing this as a Union objective, CADA signals that future EU funding, policy support, and procurement preferences will favor infrastructure providers and projects that can demonstrate these high-security standards. This aligns directly with the Union Assurance Levels defined in Title IV, particularly Levels 3 and 4, which are designed for activities contributing to the preservation of public order.

Frontier AI Priority Projects: The Infrastructure Engine

The core mechanism for delivering this secure infrastructure is the AI Leadership Initiative, established under Title II. Within this framework, Article 8 sets out the criteria for the Commission to recognize projects as "frontier AI priority projects."

While Article 8 does not explicitly use the word "defence" in its text, the context provided by Recital 20 and the broader objectives of the Act clarify that frontier AI includes capabilities critical for security and defence. The criteria for designation under Article 8 require that these projects:

  • Are pioneering projects focused on the support and scaling-up of frontier AI technologies.
  • Are undertaken by a European digital infrastructure consortium (EDIC) established pursuant to Decision (EU) 2022/2481, or another legal entity eligible for funding under Union law.
  • Involve the participation of at least three Member States.
  • Pool computing time and other relevant resources to support the implementation of the designated project.

Article 9 complements this by mandating that the Union and Member States ensure sufficient AI computing resources are allocated to these priority projects. Crucially, Article 9(2) states:

"The Union shall at least match the AI computing resources contributed by Member States to frontier AI priority projects to the extent that sufficient AI computing capacity is available within the Union's share of European high performance computing access time."

This creates a direct pipeline of compute power for strategic AI development. For defence-related frontier AI, this means that if Member States contribute resources to a designated project, the Union is obligated to match that contribution from its EuroHPC capacity, effectively subsidizing and structuring the high-performance computing (HPC) infrastructure needed for advanced defence AI models.

The Role of Acceleration Centres and Industrial AI

CADA also leverages the network of Experience and Acceleration Centres for AI (Centres for AI) established under Article 5. These centres, built on existing European Digital Innovation Hubs, are tasked with supporting the integration and scaling-up of AI use cases in strategic industrial and public sectors.

Article 4(5) outlines that the AI Leadership Initiative shall accelerate the development and uptake of industrial AI across strategic sectors. Recital 19 explicitly lists defence as a strategic sector where AI has emerged as a disruptive technology with significant impact on security. The proposal notes that the Cloud and AI Leadership Initiatives could support the development of advanced capabilities in "full complementarity with, and without prejudice to, dedicated Union instruments in support of the defence industry, including the European defence fund ('EDF')."

This creates a dual-track approach for defence AI infrastructure:

  • Track 1 (Frontier/Strategic): High-level, frontier AI research and infrastructure development via Article 8/9 priority projects, ensuring access to matched EuroHPC capacity for training and testing.
  • Track 2 (Industrial/Application): Practical adoption and industrial application of AI in defence manufacturing, logistics, and systems via Acceleration Centres and industrial AI initiatives, facilitating testing and validation in real-world environments.

Sovereignty and Assurance Levels: The Security Baseline

The infrastructure supported by CADA must meet strict sovereignty criteria. Title IV introduces Union Assurance Levels (UALs), which classify cloud services based on their trustworthiness. For defence-related activities, UAL 3 and UAL 4 are particularly relevant.

  • UAL 3 requires that the audited provider and subcontractors are established in the Union, with infrastructure, assets, and personnel located in the Union. It mandates that customer data remains exclusively within the Union. Crucially, Annex II (3.1(d)) requires that personnel are Union citizens and, where appropriate, have the necessary national security clearance issued by a Member State when handling classified information.
  • UAL 4 adds even stricter requirements, including that the provider is not subject to the control of a third country, and that technical support is performed exclusively within the Union by Union residents.

While CADA does not mandate that all defence AI must run on UAL 4 infrastructure, Article 29 requires Member States and Union entities to conduct risk assessments to determine the appropriate assurance level for public sector activities contributing to the preservation of public order, including defence. Article 30(3) then mandates that contracting authorities whose activities are identified as contributing to public order "shall only procure and use services that have been recognised as offering Union assurance levels 2, 3, or 4."

This means national defence ministries will likely be required to migrate to UAL 3 or 4 services for sensitive AI workloads, driving demand for the "highly secured computing infrastructures" mentioned in Recital 20.

What this means for you

For CTOs, architects, and SMEs operating in or supplying the defence sector, CADA presents both opportunities and compliance imperatives.

1. Infrastructure Providers: If you provide cloud or HPC services, you must prepare for the Union Assurance Level certification process. To win defence contracts, your infrastructure will likely need to achieve UAL 3 or 4 status. This means:

  • Ensuring all data processing, storage, and backup occur exclusively within the EU.
  • Guaranteeing that personnel with access to the infrastructure are EU citizens with appropriate national security clearances (Annex II 3.1(d)).
  • Demonstrating legal and technical separation from any third-country control, ensuring no third-country laws can compel access to data or disrupt service.

2. Defence AI Developers: SMEs developing AI models for defence can leverage the Frontier AI Priority Project mechanism under Article 8. If your technology involves cutting-edge AI (e.g., autonomous systems, advanced simulation), consider applying through a European digital infrastructure consortium. This could unlock access to matched EuroHPC compute time under Article 9, significantly reducing the cost of training large models.

3. Integration with Existing Systems: CADA complements, rather than replaces, existing defence funding mechanisms like the European Defence Fund. Recital 19 explicitly states that support for defence AI should be in "full complementarity with, and without prejudice to, dedicated Union instruments." When designing your AI architecture, ensure it is modular enough to be deployed on sovereign EU clouds. Avoid vendor lock-in with non-EU providers that cannot meet UAL 3/4 criteria, as migration costs will be high if Member States enforce stricter sovereignty requirements post-CADA adoption.

4. Engagement with Acceleration Centres: Utilize the Centres for AI (Article 5) for testing and validation. These centres can provide access to specialized hardware and expertise, helping you validate your AI models in secure environments before full-scale deployment. They act as regional accelerators for the uptake of AI in strategic sectors, including defence.

Common misconceptions

Misconception 1: CADA creates a single "EU Defence Cloud."

  • Reality: CADA does not mandate a single, centralized cloud for all defence data. Instead, it establishes a framework of standards (Assurance Levels) and supports the development of multiple sovereign infrastructure options. Member States and EU entities retain the flexibility to choose providers that meet the required assurance levels, fostering competition among qualified EU providers.

Misconception 2: Only large hyperscalers can participate.

  • Reality: The proposal explicitly aims to create opportunities for smaller EU-based providers. The EuroCloud Federation (Article 34) and Centres for AI (Article 5) are designed to foster collaboration and allow SMEs to access shared resources and expertise. The frontier AI priority projects also encourage consortium-based approaches, enabling smaller players to contribute specialized components.

Misconception 3: CADA replaces the European Defence Fund (EDF).

  • Reality: CADA is complementary. Recital 19 states that support for defence AI should be in "full complementarity with, and without prejudice to, dedicated Union instruments" like the EDF. CADA focuses on the underlying cloud/AI ecosystem and sovereignty standards, while the EDF focuses on specific defence capabilities and procurement.

Misconception 4: Data localization is the only requirement.

  • Reality: While data remaining in the EU is a key criterion (UAL 1-4), sovereignty under CADA is broader. It includes operational autonomy, protection against third-country legal extraterritoriality (e.g., US CLOUD Act), and personnel citizenship requirements for higher assurance levels. A provider can have data in the EU but still fail UAL 3/4 if it is subject to third-country control or if personnel lack proper clearance.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.