Summary As proposed, the Cloud and AI Development Act (CADA) does not automatically mandate a single assurance level for all defence workloads. Instead, Article 29 requires Member States and Union entities to conduct risk assessments to determine the appropriate level based on the activity's contribution to "public order." However, for defence activities involving classified information or critical national security functions, Union Assurance Level 4 (UAL 4) is the only tier that explicitly prohibits third-country control and mandates that all personnel be Union citizens with necessary security clearances. While Level 3 allows for a derogation where a third country is deemed "associated," Level 4 imposes an absolute ban on such control, making it the requisite standard for the most sensitive defence workloads to ensure operational autonomy.

Detail

The Cloud and AI Development Act (CADA), as set out in proposal COM(2026) 502 final, establishes a tiered sovereignty framework comprising four Union Assurance Levels (UALs). The regulation applies to cloud computing services used by public sector bodies, but the determination of which level applies to defence workloads is not automatic; it is strictly risk-based. The practical implementation for the defence sector hinges on the interplay between the risk assessment obligations in Article 29 and the cumulative technical and legal criteria detailed in Annex II.

The Role of Article 29: Risk Assessments for Public Order

Article 29 of the CADA proposal places the primary onus on Member States and Union entities to identify which public sector activities require heightened sovereignty protections. Specifically, Article 29(1) mandates that these entities carry out risk assessments to:

  1. Identify public sector activities using cloud computing services that contribute to the preservation of public order, explicitly including sectors falling under defence, national security, internal security, and law enforcement.
  2. Determine which Union Assurance Level (2, 3, or 4) is appropriate for these identified activities.

Recital 62 of the CADA proposal clarifies the scope of these assessments. It states that while the determination of the sensitivity of information lies within the competence and discretion of Member States, "Union assurance levels 3 and 4 should allow for the secure hosting of EU classified information." Consequently, defence workloads involving classified data or those deemed critical to public order would typically trigger the requirement for UAL 3 or UAL 4. The choice between the two depends on the specific risk profile, particularly regarding the need for absolute operational autonomy and the absence of any third-country influence.

Union Assurance Level 4: The Highest Standard of Sovereignty

Union Assurance Level 4 represents the pinnacle of the CADA sovereignty framework. It is designed for the most sensitive use cases where any external influence, potential for disruption, or third-country legal reach is unacceptable. The criteria for UAL 4, detailed in Annex II, Section 4, impose cumulative requirements that are significantly stricter than those for Levels 1–3.

1. Absolute Prohibition of Third-Country Control

A defining feature of UAL 4 is the absolute prohibition of third-country control. Annex II, Section 4.1(g) states that the audited provider and its subcontractors "are not subject to the control of a third country or a legal entity established in a third-country."

This stands in sharp contrast to UAL 3. Under Annex II, Section 3.1(g), UAL 3 permits a derogation where the Commission has adopted an implementing act under Article 18 (formerly mis-referenced as Article 19 in some drafts, but corrected to Article 18 in the final text) identifying a third country as providing sufficient assurances. For defence architectures, UAL 4 eliminates the risk of extraterritorial legal reach, such as that posed by the US CLOUD Act, which could compel a provider to disclose data or disrupt services regardless of EU law. By mandating a total absence of third-country control, UAL 4 ensures that the provider cannot be legally or operationally coerced by a foreign state.

2. Union Establishment and Location

Annex II, Section 4.1(a) requires that the audited provider and its subcontractors are established in the Union. Furthermore, Section 4.1(b) mandates that the infrastructure, assets, and personnel of the provider and its subcontractors are located in the Union. This ensures that the physical and legal jurisdiction of the cloud service remains firmly within EU boundaries, reducing exposure to foreign legal systems and ensuring that data remains under the effective supervision of EU authorities.

3. Personnel Citizenship and Clearance

For UAL 4, the human element is strictly regulated, addressing a critical gap in lower assurance levels. Annex II, Section 4.1(d) requires that all personnel involved in the provision of the service, including personnel of subcontractors, are Union citizens.

Crucially, the text further stipulates that where appropriate, personnel "must also have the necessary national security clearance issued by a Member State when handling classified information." This criterion directly addresses the specific needs of defence workloads. Unlike UAL 2, where Union citizenship is only a conditional requirement if the public sector body explicitly demands it, UAL 4 makes it mandatory. This ensures that only vetted individuals with appropriate clearance levels have access to sensitive defence data and infrastructure, mitigating the risk of insider threats or foreign influence within the operational chain.

4. Data Localisation and AI Training Restrictions

Annex II, Section 4.1(c) mandates that customer data, including metadata and telemetry data, identified as sensitive following a risk assessment, "remain exclusively within the Union" at all times. Additionally, Section 4.1(f) prohibits the use of data generated by the service to train or fine-tune any AI system operated by a third country or a legal entity established in a third country. This prevents the leakage of defence-related patterns, operational data, or classified information to foreign AI models, a critical safeguard for modern defence capabilities.

5. Cybersecurity Certification

UAL 4 requires the audited service to obtain a European cybersecurity certificate of at least assurance level 'high' under a European cybersecurity certification scheme covering cloud computing services, as established under Regulation (EU) 2019/881 (the Cybersecurity Act). Until such a scheme is fully available, national cybersecurity certification schemes apply. This ensures that the technical security posture of the cloud service meets the highest EU standards, distinct from the "substantial" level required for UAL 2 and UAL 3.

6. Software Supply Chain Integrity

Annex II, Section 4.1(i) imposes rigorous software supply chain measures. The provider must demonstrate effective control over software components, ensuring that no third country holds or exercises effective control over the design, development, maintenance, and evolution of those components. This includes preventing remote features that could tamper with or disrupt the service. For defence systems, this mitigates the risk of "kill switches" or backdoors embedded by foreign vendors, ensuring that the software stack remains under Union control.

Practical Implications for Defence Workloads

For CTOs, architects, and defence procurement officers, the CADA proposal implies a decisive shift towards sovereign cloud architectures. If a defence workload is classified under Article 29 as contributing to the preservation of public order and involves sensitive or classified data, it would likely require UAL 4. This means:

  • Vendor Selection: Only providers that are entirely EU-established, with no third-country ownership or control (direct or indirect), and whose personnel are Union citizens with security clearances, would be eligible.
  • Infrastructure: All data processing and storage must occur within the EU, with no exceptions for backup or disaster recovery outside the Union unless explicitly authorized by the public sector body (which is unlikely for classified defence data).
  • Auditability: Providers must undergo independent third-party audits to verify compliance with UAL 4 criteria, including detailed scrutiny of their software supply chains, personnel vetting processes, and the absence of third-country control.

What this means for you

For CTOs, architects, and SMEs evaluating the impact of CADA on defence workloads, the following actions are critical:

  1. Conduct Early Risk Assessments: Begin mapping your cloud workloads against the criteria in Article 29. Identify which services support defence activities and determine the sensitivity of the data involved. If your workloads involve classified information or critical national security functions, prepare for UAL 4 compliance.
  2. Evaluate Provider Sovereignty: Review your current cloud providers' ownership structures. If a provider is controlled by a third-country entity (even indirectly), it will not qualify for UAL 4. Engage with providers who can demonstrate full EU establishment and personnel citizenship.
  3. Prepare for Audits: UAL 4 requires independent third-party audits. Ensure your internal processes for data localisation, personnel vetting, and software supply chain management are documented and ready for scrutiny. This includes maintaining up-to-date Software Bills of Materials (SBOMs) and demonstrating control over software components.
  4. Plan for Transition: If your current infrastructure does not meet UAL 4 criteria, develop a migration plan. Article 29(6) allows for a reasonable transition period (up to 12 months) for migrating to a compliant service, but early planning is essential to avoid operational disruptions.
  5. Engage with National Authorities: Since Member States conduct the risk assessments under Article 29, maintain close dialogue with national defence and cybersecurity authorities to understand how they interpret "public order" and "classified information" in the context of cloud services.

Common misconceptions

"All defence workloads must use UAL 4." Correction: CADA as proposed does not automatically assign UAL 4 to all defence activities. Article 29 requires a risk assessment to determine the appropriate level. Non-sensitive administrative defence workloads (e.g., HR or general logistics) might qualify for UAL 1 or 2, while highly sensitive operational data would require UAL 4. The determination is based on the risk to public order and the sensitivity of the data.

"UAL 3 is sufficient for classified data." Correction: While Recital 62 states that UAL 3 and UAL 4 allow for the secure hosting of EU classified information, UAL 3 permits a derogation for providers controlled by third countries if the Commission has recognized that country as providing sufficient assurances under Article 18. UAL 4 prohibits any third-country control entirely. For defence assets where zero external influence is required, UAL 4 is the more secure and robust option.

"Cybersecurity certification replaces sovereignty assurance." Correction: Cybersecurity certification (e.g., EUCS) addresses technical security risks, but CADA's assurance levels address broader sovereignty risks, including legal jurisdiction, operational autonomy, and data access by third countries. A service can be cyber-secure but still fail UAL 4 criteria if it is controlled by a third-country entity or employs non-Union citizens for critical roles.

"SMEs are exempt from UAL 4 criteria." Correction: While CADA includes measures to support SMEs (e.g., simplified self-assessment for UAL 1), the technical criteria for UAL 4 in Annex II apply regardless of the provider's size. SMEs seeking to provide UAL 4 services must still meet the strict requirements regarding EU establishment, personnel citizenship, and absence of third-country control.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.