CADA Defence Cloud

Summary As proposed, the Cloud and AI Development Act (CADA) would impose a strict sovereignty framework on defence cloud procurement. Under Article 29, defence activities are explicitly identified as contributing to the preservation of public order, triggering a mandatory requirement under Article 30(3) to procure only cloud services recognised at Union assurance levels 2, 3, or 4. These levels, defined in Annex II, progressively tighten restrictions on third-country control, mandate Union citizenship for personnel, and require data to remain exclusively within the Union. Crucially, for the highest levels, providers must demonstrate immunity from foreign laws that could compel data access or service disruption, effectively excluding providers subject to extraterritorial jurisdiction unless they can prove complete legal and operational separation from their foreign parent entities.

Detail

The proposed Cloud and AI Development Act (CADA) represents a paradigm shift for the defence sector's digital infrastructure. Unlike previous instruments that focused primarily on technical cybersecurity or data protection, CADA targets the structural sovereignty of the cloud supply chain. For defence entities, this creates a direct compliance pressure to migrate away from providers subject to third-country control toward infrastructure that is legally, technically, and operationally anchored in the Union.

The Trigger: Public Order Risk Assessments

The mechanism driving this pressure is the risk assessment obligation. Article 29(1) of the proposal requires Member States and Union entities to carry out risk assessments to identify public sector activities that "contribute to the preservation of public order." The text explicitly lists "defence" alongside national security, internal security, external border management, justice, and law enforcement as sectors where these risks must be evaluated.

Once a defence activity is identified as contributing to public order, the procurement rules shift immediately. Article 30(3) mandates that contracting authorities "shall only procure cloud computing services that have been recognised as having a Union assurance level 2, 3 or 4." This removes the discretion to select providers based solely on cost or technical capability if they fail to meet the sovereignty criteria of these higher tiers. The baseline Level 1, which allows for some third-country involvement, is legally insufficient for defence workloads identified under this framework.

The Hierarchy of Sovereignty: Levels 2, 3, and 4

The pressure intensifies as the assurance level increases. Annex II of the proposal sets out cumulative criteria for each level, creating a ladder of sovereignty that defence entities must climb based on the sensitivity of their data and operations.

Union Assurance Level 2: The Baseline for Public Order Level 2 is the entry point for defence procurement. Under Annex II, Section 2.1, the provider and its subcontractors must be established in the Union, with infrastructure, assets, and personnel located within the Union.

• Third-Country Control: If the provider is subject to third-country control, it must demonstrate that such control does not restrict service delivery, allow data access, or undermine service continuity.
• Data Usage: Data generated by the service cannot be used to train or fine-tune AI systems operated by a third country.
• Cybersecurity: The service must obtain a European cybersecurity certificate of at least assurance level 'substantial' (or demonstrate compliance with the highest standards if the EU scheme is not yet established).
• Personnel: While Level 2 does not mandate Union citizenship for all personnel, it includes a conditional clause: "if the public sector body determines that imposing additional personnel screening and Union citizenship requirements are necessary, the audited provider should ensure that personnel meeting those requirements are available."

Union Assurance Level 3: The Threshold of Independence Level 3 significantly tightens the constraints, particularly regarding foreign influence.

• Prohibition on Control: Annex II, Section 3.1(g) states that the provider and subcontractors "are not subject to the control of a third country or a legal entity established in a third-country." This is a near-absolute prohibition. A narrow derogation exists only if the Commission has adopted an implementing act under Article 18 identifying a specific third country as providing sufficient assurances.
• Personnel Citizenship: Unlike Level 2, Level 3 mandates that "the personnel, including the personnel of the subcontractors... are Union citizens." This is a critical requirement for defence, ensuring that individuals with access to sensitive infrastructure hold EU citizenship, thereby reducing the risk of foreign coercion or espionage.
• Support Location: Technical and operational support must be initiated and performed exclusively within the Union by Union residents.
• Cybersecurity: Like Level 2, this requires a 'substantial' cybersecurity certificate.

Union Assurance Level 4: The Highest Sovereignty Level 4 is designed for the most critical defence operations, potentially involving classified information.

• Strict Control Prohibition: Annex II, Section 4.1(g) reiterates the prohibition on third-country control without the possibility of derogation via Article 18.
• Data Localisation: Sensitive data, as identified by risk assessment, must remain exclusively within the Union at all times.
• Personnel Citizenship: All personnel involved must be Union citizens, with national security clearance required where appropriate for classified information.
• Cybersecurity: The service must obtain a European cybersecurity certificate of at least assurance level 'high'. This is a distinct upgrade from the 'substantial' level required for Levels 2 and 3.
• Software Supply Chain: Level 4 requires measures to retain effective control over software components, ensuring no third country holds effective control over the design, development, or maintenance of critical components.

Immunity from Foreign Law and Operational Autonomy

A central pillar of CADA's pressure on defence is the requirement for operational autonomy from extraterritorial laws. The proposal explicitly addresses the risk of foreign governments compelling data access or service disruption.

Annex II criteria for Levels 2, 3, and 4 require providers to guarantee that there are no laws or practices in a third country that would require them to report software vulnerabilities to foreign authorities before those vulnerabilities are known to be exploited. Furthermore, providers must demonstrate that they are not obliged to comply with restrictive measures (such as sanctions or embargoes) adopted by a third country, unless those measures are legitimate under EU law.

For defence, this creates a high barrier for providers subject to laws like the US CLOUD Act. While Article 18 allows the Commission to recognise third countries that provide sufficient assurances (e.g., through adequacy decisions and specific safeguards against data access), this mechanism is limited to Level 3. Given the sensitivity of defence data, it is highly probable that most critical defence workloads will require Level 4 compliance, which offers no derogation for third-country control. Consequently, providers must prove they are legally and technically severed from any foreign parent company that could be compelled by foreign law to access data or disrupt service.

The Role of Article 18 and Third-Country Derogations

It is vital to note that the mechanism for recognising third-country control is Article 18, not Article 19. Article 18 allows the Commission to adopt implementing acts identifying third countries where providers subject to their control may still be audited for Level 3, provided strict conditions are met (including an adequacy decision and no measures to compel data access or service degradation). This is a "derogation" from the general prohibition in Annex II, Section 3.1(g). However, this derogation does not apply to Level 4, which maintains a strict "no third-country control" rule.

What this means for you

For defence procurement officers, CADA would fundamentally alter the landscape of cloud acquisition, moving from a market-driven approach to a sovereignty-driven one.

1. Mandatory Risk Assessments: You must conduct and document risk assessments for all defence-related cloud usage to determine if it falls under "public order" preservation. Under Article 29, defence is explicitly included. If it does, you are legally bound to procure from providers recognised at Assurance Levels 2–4.
2. Vendor Qualification Checks: You can no longer rely solely on technical performance or price. You must verify that your chosen cloud provider holds the appropriate Union assurance recognition in the central repository maintained by the Commission under Article 22. For defence, Level 1 is insufficient.
3. Supply Chain Scrutiny: You must ensure that not only the primary cloud provider but also their subcontractors meet the sovereignty criteria. This includes verifying that subcontractors are established in the Union and, for Levels 3 and 4, that their personnel are Union citizens.
4. Data Localisation Verification: Procurement contracts must include strict clauses ensuring that all defence data, including metadata and telemetry, remains exclusively within the Union. Any transfer outside the EU would require explicit, documented approval, which is unlikely for sensitive defence data.
5. Transition Planning: If your current defence cloud infrastructure relies on providers that do not meet these sovereignty standards (e.g., major non-EU hyperscalers without specific EU subsidiaries that are fully legally separated), you must plan for migration. Article 29(6) allows for a reasonable transition period of up to 12 months for migration when a risk assessment necessitates a change in cloud service.

Common misconceptions

Misconception 1: CADA bans all non-EU cloud providers. This is incorrect. CADA does not ban non-EU providers outright. Instead, it creates a tiered system. Non-EU providers can still serve the EU market if they establish entities within the Union that are legally and operationally independent from their foreign parent companies. However, for defence and other high-assurance levels, the provider must effectively be free from third-country control, which is a high bar for many global hyperscalers.

Misconception 2: Defence is automatically excluded from CADA. While the EU AI Act excludes military and defence purposes from its scope, CADA specifically includes "defence" in its list of activities contributing to public order in Article 29. Therefore, defence cloud procurement is explicitly within the scope of CADA's sovereignty framework, not exempt from it.

Misconception 3: Assurance Level 1 is sufficient for all government cloud use. Level 1 is the minimum baseline for public sector bodies whose activities are not identified as contributing to public order. For defence, which is explicitly named as a public order concern, Level 1 is insufficient. Procurement must target Levels 2, 3, or 4, depending on the specific risk assessment outcome.

Misconception 4: Cybersecurity certification replaces sovereignty requirements. CADA distinguishes between cybersecurity and sovereignty. While Levels 2–4 require high cybersecurity certifications (such as EUCS), this is only one part of the requirement. Sovereignty also involves legal independence from foreign laws, data localisation, and personnel citizenship, which cybersecurity certifications alone do not address.

Misconception 5: The third-country derogation is in Article 19. This is a common drafting error. The mechanism for recognising third countries that allow for Level 3 compliance is Article 18. Article 19 relates to conformity self-assessment for Level 1.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Cybersecurity Act (Regulation (EU) 2019/881)

Related

• Which CADA assurance level should defence workloads use?
• CADA Cloud Procurement for Public Banks: Assurance Levels Explained
• Which CADA assurance level applies to patient and medical records?
• When do CADA defence-related provisions take effect?
• What sovereign-cloud pressure does CADA place on the public sector?

This is general information about a draft EU regulation, not legal advice.