Summary Under the proposed Cloud and AI Development Act (CADA), there is no pre-approved list of "sovereign" vendors in Germany. Instead, the regulation establishes a Union cloud computing sovereignty framework (Article 16) with four Union assurance levels (1–4). German public bodies must procure services recognised at the appropriate level based on a risk assessment. Providers are formally recognised by national competent authorities and listed in a central repository maintained by the European Commission (Article 22). This system strictly distinguishes between providers fully autonomous from third-country control (Levels 3–4) and those subject to conditional safeguards (Levels 1–2), effectively filtering out providers exposed to non-EU extraterritorial laws unless specific derogations apply.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, fundamentally reshapes how cloud services are procured by the German public sector. It moves away from voluntary "sovereign cloud" marketing labels toward a mandatory, harmonised legal framework. The core mechanism is the Union cloud computing sovereignty framework, established under Article 16, which defines four distinct assurance levels. These levels are not optional certifications but regulatory prerequisites for public procurement.

The Union Cloud Computing Sovereignty Framework (Article 16)

As proposed in Article 16, the framework requires cloud computing service providers to meet cumulative criteria set out in Annex II to be recognised at any of the four levels. The criteria escalate in strictness regarding establishment, data localisation, personnel, cybersecurity, and exposure to third-country control.

Union Assurance Level 1: The Baseline

Level 1 is the minimum entry point for public sector procurement.

  • Establishment: The provider must be established in the Union.
  • Infrastructure & Data: Infrastructure, assets, and customer data (including metadata and telemetry) must remain exclusively within the Union, unless the public sector body explicitly requires otherwise.
  • Third-Country Control: If the provider is subject to the control of a third country or a legal entity established in a third country, it must guarantee that no laws or practices in that third country require the provider to report software vulnerabilities to authorities before those vulnerabilities are known to have been exploited.
  • Cybersecurity: The provider must demonstrate compliance with state-of-the-art cybersecurity standards.

Union Assurance Level 2: Enhanced Autonomy

Level 2 introduces stricter controls on personnel and operational support, targeting services where public order is a concern.

  • Personnel & Infrastructure: The provider, subcontractors, infrastructure, assets, and personnel must be located in the Union.
  • Operational Support: Technical and operational support must be initiated and performed exclusively within the Union.
  • AI Data Use: Data generated by the service cannot be used to train or fine-tune AI systems operated by a third country or a legal entity established in a third country.
  • Third-Country Control: If subject to third-country control, the provider must implement measures to ensure that such control does not restrict service delivery, access customer data, disrupt continuity, or oblige the provider to comply with restrictive measures (e.g., sanctions) unless legitimate under Union law.
  • Cybersecurity: The service must obtain a European cybersecurity certificate of at least assurance level 'substantial' (once established under the Cybersecurity Act). Until then, national schemes or highest standards apply.

Union Assurance Level 3: High Sovereignty with Derogation

Level 3 is designed for activities contributing to the preservation of public order, such as law enforcement or defence.

  • Personnel: Personnel involved in the service provision must be Union citizens. Where appropriate, they must hold national security clearance.
  • Cybersecurity: The service must obtain a European cybersecurity certificate of at least assurance level 'substantial'.
  • Third-Country Control (The Derogation): Generally, providers at Level 3 must not be subject to the control of a third country. However, Article 18 provides a specific derogation: the Commission may adopt an implementing act identifying a third country as providing sufficient assurances. If such an act exists, a provider subject to that third country's control may be audited for Level 3, provided they demonstrate that the third country does not exercise control in a way that restricts service delivery, accesses data, or disrupts continuity.
    • Note on Drafting: While Annex II, Section 3.1(g) contains a drafting slip referencing "Article 19" for this derogation, the substantive power to identify associated third countries is exclusively vested in Article 18 ("Associated third countries"). Article 19 is strictly for conformity self-assessment.
  • Support: Technical support must be performed by Union residents and third parties not subject to third-country control.

Union Assurance Level 4: Maximum Sovereignty

Level 4 is the highest tier, reserved for the most sensitive data and critical public order functions.

  • Data: Sensitive data identified via risk assessment must remain exclusively within the Union.
  • Personnel: Personnel must be Union citizens and, where appropriate, hold national security clearance.
  • Cybersecurity: The service must obtain a European cybersecurity certificate of at least assurance level 'high'.
  • Third-Country Control: The provider and its subcontractors must not be subject to the control of a third country or a legal entity established in a third country. No derogation applies here.
  • Support: Support must be performed exclusively within the Union by Union residents and third parties not subject to third-country control.
  • Software Supply Chain: The provider must demonstrate effective control over software components, ensuring no third country holds effective control over their design, development, or maintenance.

Identifying Recognised Providers: The Central Repository (Article 22)

For German contracting authorities and buyers, the mechanism to verify compliance is centralised. Article 22 mandates that the Commission shall establish and maintain a central repository of cloud computing services recognised under Article 17.

  • Single Source of Truth: This repository is the definitive list for public procurement. German authorities must consult it to identify providers recognised at levels 1 through 4.
  • Public Access: The repository will be publicly available and regularly updated by the Commission and national competent authorities.
  • Transparency: If a recognition is revoked (e.g., due to non-compliance or material changes), this status will be published in the repository and remain visible for five years.
  • No Pre-Approval: The repository does not list "sovereign" providers by default; it only lists those that have successfully undergone the recognition process involving evidence submission, audit (for levels 2–4), and national authority approval.

Distinguishing EU-Controlled vs. Non-EU-Exposed Providers

The CADA framework creates a clear legal distinction between providers fully autonomous from non-EU influence and those that are merely "compliant" under safeguards.

  • Fully Sovereign (Levels 3 & 4): These levels effectively exclude providers subject to the control of third countries (e.g., US hyperscalers) unless a specific Article 18 derogation is in place for Level 3. Level 4 strictly prohibits third-country control. This ensures that for critical German public order functions, the infrastructure is legally and operationally insulated from extraterritorial laws like the US CLOUD Act.
  • Conditionally Sovereign (Levels 1 & 2): These levels allow providers subject to third-country control, provided they implement robust legal, technical, and organisational measures. For example, a US provider could potentially offer Level 2 services in Germany if they can prove that US law cannot compel them to access EU customer data or disrupt service. However, they remain exposed to the risk that such safeguards could be challenged or that the third country's laws could change.

The Role of German National Competent Authorities

While the criteria are EU-wide, the recognition process is national. Under Article 25, Member States must designate a national competent authority. In Germany, this will likely be the Federal Office for Information Security (BSI) or a designated body within the Federal Ministry of the Interior.

  • Application: Providers submit applications to the German authority of establishment.
  • Assessment: The authority assesses evidence, including audit reports for levels 2–4.
  • Union-Wide Effect: Once recognised by the German authority, the service is recognised across the entire Union, facilitating cross-border procurement within the EU.

What this means for you

For cloud service providers, data centre operators, and German public sector buyers, the CADA proposal introduces a rigorous compliance regime.

For Cloud Service Providers in Germany

  1. Audit Readiness: To reach Levels 2, 3, or 4, you must undergo independent third-party audits. You will need to provide a complete Software Bill of Materials (SBOM), prove data localisation, and demonstrate that no remote features can tamper with your systems.
  2. Third-Country Exposure: If you are part of a global group headquartered outside the EU, you face a binary choice. For Level 4, you must effectively sever third-country control. For Levels 1–3, you must implement and document "firewalls" against third-country laws. If you cannot prove this, you will be restricted to Level 1 or excluded from public procurement.
  3. Personnel Strategy: Levels 3 and 4 require Union citizens for personnel. You must audit your workforce and subcontractors to ensure compliance, potentially requiring security clearances for sensitive roles.
  4. Repository Listing: Your market access depends on being listed in the Article 22 central repository. Engage early with the German national competent authority to prepare your evidence.

For German Public Sector Buyers

  1. Risk Assessment First: Before procuring, your organisation must conduct a risk assessment under Article 29 to determine the required assurance level. Standard administrative tasks may only need Level 1, but law enforcement, defence, and critical infrastructure will likely require Levels 3 or 4.
  2. Verify via Repository: Do not rely on vendor marketing claims. Check the Article 22 central repository to confirm the provider's recognised status and assurance level.
  3. Procurement Constraints: Under Article 30, if your activity is identified as contributing to public order, you are legally mandated to procure only services recognised at Level 2, 3, or 4. You cannot procure Level 1 services for these activities.

Common misconceptions

"Sovereign cloud" is just a marketing label. Under CADA, sovereignty is a regulated legal status. A provider cannot claim to be sovereign without formal recognition by a national competent authority and listing in the central repository.

"All EU-based providers are automatically sovereign." Being established in Germany is only the baseline for Level 1. Providers must also meet strict criteria on data localisation, personnel citizenship, and exposure to third-country laws. An EU subsidiary of a US hyperscaler is not automatically compliant with Levels 3 or 4 without proving effective separation from third-country control.

"Level 1 is sufficient for all public sector work." While Level 1 is the minimum baseline, Article 30 mandates that activities contributing to public order (e.g., defence, law enforcement) must procure only Level 2, 3, or 4 services. Relying on Level 1 for these activities would be a breach of the regulation.

"The repository is a static list of approved vendors." The repository is dynamic. Recognitions can be amended or revoked if providers fail to maintain compliance or if material changes occur. Providers have ongoing transparency obligations to report changes to their status.

"Article 19 allows third-country providers into Level 3." This is a common drafting confusion. While Annex II Section 3.1(g) contains a typo referencing "Article 19", the substantive power to identify third countries for Level 3 derogations lies exclusively in Article 18 ("Associated third countries"). Article 19 is strictly for conformity self-assessment.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.