Which CADA obligations stack on top of AI Act obligations?

Summary The proposed Cloud and AI Development Act (CADA, COM(2026) 502 final) would not merge with the EU AI Act (Regulation (EU) 2024/1689); it would run alongside it. The AI Act regulates AI systems and general-purpose AI models for safety, transparency and fundamental rights. CADA, as proposed, would add: a sovereignty recognition regime for cloud services (Articles 16–17, Annex II); mandatory public-sector risk assessments (Article 29); procurement constraints tied to assurance levels (Article 30); "Union added value" procurement criteria (Article 32); and a separate penalty and enforcement track (Articles 24–26). There is no "double conformity" exemption — but neither does CADA re-do the AI Act's product-safety assessment. In-house counsel must run two distinct workflows over the same underlying technology.

Detail

CADA was proposed by the Commission on 3 June 2026 to strengthen Europe's cloud and AI ecosystem and reduce dependence on third-country providers. The AI Act is already in force and regulates AI by risk. The practical question is not whether CADA replaces the AI Act, but which CADA obligations would add to a provider's existing AI Act burden. The answer: they stack and run in parallel, with separate documentation, recognition and enforcement.

Different legal bases, different aims

The AI Act rests on Articles 114 and 16 TFEU and harmonises rules on placing AI systems on the market to protect health, safety and fundamental rights. CADA, as proposed, rests on Articles 114 and 173(3) TFEU and targets the internal market's functioning plus the Union's industrial competitiveness and strategic autonomy. CADA would not amend the AI Act's prohibitions or high-risk requirements; instead Article 16 would establish a separate "Union cloud computing sovereignty framework comprising four Union assurance levels."

What actually stacks

CADA does not impose a second product-safety conformity assessment on the AI system. It adds a parallel cloud recognition regime and a set of demand-side duties:

• Sovereignty recognition (Articles 16–17). A provider wishing to serve Union entities or public sector bodies would apply to the national competent authority of establishment for recognition at a given assurance level. The criteria are in Annex II. This is a sovereignty attestation, not a safety certificate.
• Conformity routes (Articles 19–20). Level 1 is demonstrated by a conformity self-assessment and an EU statement of conformity (Article 19); levels 2, 3 and 4 require an independent third-party audit (Article 20). A higher-level audit must satisfy all the cumulative criteria of the lower levels too.
• Risk assessments (Article 29). Member States and Union entities must assess which assurance level fits each public-sector activity, considering data sensitivity and the risks of third-country access and service disruption.
• Procurement constraints (Article 30). Activities not contributing to public order require level 1; activities contributing to public order in the NIS2 Annex I/II sectors or in national security, defence, justice and similar areas require level 2, 3 or 4.
• "Union added value" in tenders (Article 32). Contracting authorities would apply Union-added-value criteria when procuring cloud and AI services, as a quality factor in the award.
• Penalties and enforcement (Articles 24–26). A separate, nationally set penalty regime plus national-authority investigative and enforcement powers.

How the layering plays out

Consider a cloud-hosted clinical-decision tool. Under the AI Act it may be high-risk, triggering a conformity assessment and CE marking. Under CADA, if a public hospital procures it for an activity its Article 29 risk assessment flags as contributing to public order, the hosting service must be recognised at level 2, 3 or 4. The provider then maintains two evidence sets: AI Act technical documentation for the system, and Annex II sovereignty evidence for the service.

Recognition is Union-wide — but via a review process

Recognition under Article 17 is not a unilateral national stamp. The evaluating national competent authority of establishment prepares a draft decision and notifies the other Member States' authorities for a review period during which they may raise reasoned objections or requests for clarification; absent objection, the service is recognised "throughout the Union" at the relevant level. Disputes can be referred to the Commission, which adopts a binding decision. The effect is a Union-wide recognition, but it is produced through a coordinated cross-border procedure, not an automatic passport.

GPAI and open source: intersection, not duplication

The AI Act imposes its own duties on general-purpose AI models, including systemic-risk obligations. CADA would not duplicate these. It intersects with them only at the hosting layer (a GPAI model hosted on a public-sector cloud must still meet CADA's sovereignty criteria) and through CADA's open-source measures: Article 41 would require Union entities and public sector bodies to encourage sharing and reuse of software, with obligations around software released under an open-source licence — which may shape how models are distributed in the public sector.

Two penalty tracks

The AI Act sets EU-wide ceilings under Article 99 — up to €35 million or 7% of worldwide annual turnover for the Article 5 prohibitions, and up to €15 million or 3% for most other breaches. CADA, by contrast, leaves penalty levels to Member States under Article 24, requiring only that they be "effective, proportionate and dissuasive," and lists non-exhaustive criteria for setting them in Article 24(2) (including the nature, gravity, scale and duration of the infringement and the provider's Union turnover). National authorities would also wield investigative and enforcement powers under Article 26, including periodic penalty payments. Liability under the two regimes could be cumulative.

CADA would also add a civil dimension the AI Act handles differently: under Article 24(3), recipients of cloud computing services would be entitled to seek compensation from providers for damage caused by infringements of CADA obligations. For a provider, that means exposure not only to public enforcement under both regimes but to private claims from affected customers under CADA.

SMEs: a procedural easing, not an exemption

The two regimes treat smaller players differently in detail. CADA gives SMEs a recognition shortcut at level 1 — an EU statement of conformity issued by an SME is "directly and automatically recognised in all Member States" without prior recognition by the evaluating authority (Article 17(3)) — but it does not exempt SMEs from the substantive Annex II criteria, and higher levels still require independent audit regardless of size. So an SME provider stacking AI Act and CADA duties gains administrative relief on level-1 entry, not a reduced sovereignty standard. Counsel should not read CADA's SME provisions as mirroring any AI Act proportionality measures; they operate on different mechanics.

What this means for you

1. Build a two-axis matrix. Cross-reference each offering against AI Act risk class and CADA assurance level. The same product can sit high on one axis and low on the other.
2. Prepare dual documentation. AI Act files for traceability, risk management and data governance; Annex II sovereignty evidence (Union establishment, data-localisation guarantees, third-country-control mitigations, SBOM and supply-chain controls) for CADA.
3. Get audit-ready early. For levels 2–4, engage an independent auditing organisation (Article 20). Begin assembling supply-chain evidence now.
4. Align with buyers' risk assessments. If you sell to the public sector, understand the Article 29 assessments your clients run and be ready to evidence the level they need.
5. Track the text. CADA is a proposal. Watch the "cloud computing service" definition (Article 2) and the Annex II criteria, which the Commission may amend by delegated act and must review at least every 18 months.

Common misconceptions

"A CE mark means I'm CADA-compliant." No. The CE mark attests AI Act conformity, not Annex II sovereignty criteria such as data localisation or third-country-control mitigation.

"CADA is just more cybersecurity." No. Cybersecurity certification is one Annex II element, but the framework also covers data sovereignty, operational autonomy and supply-chain resilience — geopolitical risks technical standards alone do not address.

"Small providers are exempt." No. SMEs get a procedural easing — an EU statement of conformity for level 1 issued by an SME is "directly and automatically recognised in all Member States" without prior recognition (Article 17(3)) — but the substantive sovereignty criteria still apply, and higher levels still require audits regardless of size.

"The two acts will be merged." Unlikely. They have distinct legal bases and aims; the memorandum frames CADA as reinforcing the AI Act, not absorbing it.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Data Act (Regulation (EU) 2023/2854)

Related

• Which EU laws does CADA stack on top of? A guide to the new sovereignty layer
• Which CADA obligations stack with NIS2 obligations?
• CADA for SaaS Providers: How NIS2, Data Act and Sovereignty Tiers Stack
• CADA vs the Cyber Resilience Act (CRA): How the Sovereignty Stack Works
• CADA and the Chips Act 2.0: How the EU's Digital Stack Laws Interact

This is general information about a draft EU regulation, not legal advice.