Summary As proposed in the Cloud and AI Development Act (CADA), public-sector buyers must require a minimum of Union Assurance Level 1 for all cloud computing services. However, if a mandatory risk assessment determines that your activities contribute to the preservation of public orderβ€”such as in national security, defence, justice, or critical infrastructureβ€”you must procure services recognised at Union Assurance Level 2, 3, or 4. The specific level depends on the sensitivity of the data and the criticality of the service, with Levels 3 and 4 reserved for workloads involving classified information or where third-country control poses a severe risk.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, introduces a harmonised "Union cloud computing sovereignty framework" designed to reduce the EU's dependence on non-European cloud providers and protect public order. Central to this framework is a tiered system of "Union Assurance Levels" (UALs) ranging from 1 to 4. For public-sector buyers, understanding which tier to require is not optional; it is a mandatory compliance obligation under the proposed regulation.

The Legal Basis: Article 16 and the Four Levels

Article 16(1) establishes the framework, stating that the Union cloud computing sovereignty framework comprises four Union assurance levels, the criteria for which are set out in Annex II to the Regulation. These levels are cumulative; a provider seeking a higher level must meet all criteria of the lower levels plus the additional requirements of the higher tier.

The framework is designed to be proportionate. Recital 52 notes that most public services would not require the highest levels of assurance, but in specific cases, Levels 3 or 4 may be necessary to preserve public order. The risk assessment mechanism ensures that the principles of proportionality and subsidiarity are respected.

The Baseline: Union Assurance Level 1

Under Article 30(2) of the CADA proposal, the default requirement for all Union entities and public sector bodies is clear: if your public sector activities have not been identified as contributing to the preservation of public order in the required risk assessment, you must use cloud computing services that have been recognised as having Union Assurance Level 1.

Level 1 is the entry-level standard for public sector procurement. It ensures a baseline of trust and operational autonomy. According to Annex II (Section 1), to qualify for Union Assurance Level 1, a cloud computing service provider must meet the following cumulative criteria:

  • Establishment: The provider must be established in the Union.
  • Infrastructure Location: Infrastructure and assets (including those of subcontractors) must be located in the Union, unless the public sector body explicitly requires otherwise.
  • Data Localisation: Customer data, including metadata and telemetry, must remain exclusively within the Union, unless explicitly required otherwise by the public sector body.
  • Cybersecurity: The provider must demonstrate compliance with state-of-the-art cybersecurity standards.
  • Transparency: Full transparency regarding the use of subcontractors is required, including due diligence and ongoing oversight.
  • Third-Country Control: If the provider is subject to third-country control, they must guarantee that no laws in that country require reporting software vulnerabilities to authorities before they are known to be exploited.

Level 1 is designed for general administrative tasks, standard digital services, and non-critical public services where data leakage or service disruption would not significantly impact public order or national security.

The Escalation: Levels 2, 3, and 4

For activities deemed critical to public order, the baseline of Level 1 is insufficient. Article 30(3) mandates that contracting authorities whose activities have been identified as contributing to the preservation of public order must only procure cloud computing services recognised as having Union Assurance Level 2, 3, or 4.

The determination of which specific level (2, 3, or 4) is required is driven by the risk assessment mandated in Article 29. This assessment must identify public sector activities that contribute to the preservation of public order in sectors falling under the NIS2 Directive (Annex I or II), as well as in areas of:

  • National security
  • Internal security
  • External border management
  • Defence
  • Justice or law enforcement (including prevention, investigation, detection, and prosecution of criminal offences)

The risk assessment must consider the sensitivity, criticality, and magnitude of the data processed, as well as the risk of unlawful access by third countries.

Union Assurance Level 2: Operational Autonomy

Level 2 introduces stricter requirements for operational autonomy and personnel. Under Annex II (Section 2), providers must ensure that:

  • Personnel Location: Infrastructure, assets, and personnel involved in providing the service are located in the Union.
  • AI Training Restrictions: Data generated by using the service is not used to train or fine-tune any AI system operated by a third country or a legal entity established in a third country.
  • Support Location: Technical and operational support is initiated and performed exclusively within the Union.
  • Cybersecurity Certification: The service must obtain a European cybersecurity certificate of at least assurance level 'substantial' under a scheme established under Regulation (EU) 2019/881 (or demonstrate compliance with the highest standards if the scheme is not yet established).
  • Conditional Citizenship: Annex II (Section 2.1(d)) states that if the public sector body determines that imposing additional personnel screening and Union citizenship requirements are necessary, the provider must ensure personnel meeting those requirements are available. This makes Union citizenship for Level 2 conditional on the public body's specific requirement.

Level 2 is suitable for services handling sensitive non-classified data where operational continuity and protection against third-country interference are paramount.

Union Assurance Level 3: High Sensitivity and Classified Data

Level 3 is designed for high-sensitivity environments where third-country influence must be strictly mitigated. Annex II (Section 3) stipulates that for Level 3:

  • Mandatory Citizenship: Personnel involved in the provision of the service must be Union citizens. Where appropriate, they must also have the necessary national security clearance issued by a Member State when handling classified information.
  • No Third-Country Control: The provider and subcontractors must not be subject to the control of a third country or a legal entity established in a third country.
    • Derogation: A narrow exception exists. Annex II (Section 3.1(g)) allows a provider subject to third-country control to be audited for Level 3 only where the Commission has adopted an implementing act under Article 18 (titled "Associated third countries") identifying that third country as providing sufficient assurances. The criteria text explicitly references the implementing act mechanism, though the Annex text contains a drafting slip referencing "Article 19" in the cross-reference; the operative mechanism is established in Article 18.
  • Support Restrictions: Technical support must be performed exclusively within the Union by Union residents and third parties not subject to third-country control.
  • Cybersecurity: Requires a European cybersecurity certificate of at least assurance level 'substantial'.

Level 3 is appropriate for services processing sensitive government data, operational critical data, or data where third-country access poses a significant risk to public order. Recital 62 notes that Union assurance levels 3 and 4 should allow for the secure hosting of EU classified information.

Union Assurance Level 4: Maximum Sovereignty

Level 4 represents the highest tier of sovereignty and security, reserved for the most critical public sector activities. According to Annex II (Section 4):

  • Mandatory Citizenship & Clearance: All personnel involved must be Union citizens and, where appropriate, hold necessary national security clearances for handling classified information.
  • No Third-Country Control: The provider and subcontractors must not be subject to the control of a third country or a legal entity established in a third country. There is no derogation for third-country control at this level.
  • High Cybersecurity: The service must obtain a European cybersecurity certificate of at least assurance level 'high'.
  • Software Control: The provider must demonstrate effective control over software components, ensuring no third country holds effective control over the design, development, maintenance, or evolution of critical software.

Level 4 is reserved for the most critical public sector activities, particularly those involving classified information or data where any compromise would severely undermine national security or public order.

The Risk Assessment Mechanism

The bridge between your specific workload and the required tier is the risk assessment under Article 29. By the date of entry into force plus one year, Member States and Union entities must carry out these assessments. They must:

  1. Identify public sector activities using cloud services that contribute to public order preservation.
  2. Determine which Union Assurance Level (2, 3, or 4) is appropriate for these activities.

The Commission will provide guidance and methodologies for these assessments to ensure consistency across the Union. If the Commission finds that a Member State's chosen assurance level is inappropriate or does not adequately address public order concerns, it may adopt implementing acts specifying the required levels.

What this means for you

As a public-sector procurement officer, your role shifts from simply buying the most cost-effective cloud service to acting as a gatekeeper of sovereignty and public order. Here is how you should proceed:

  1. Conduct or Participate in Risk Assessments: You cannot determine the required tier in isolation. You must engage with your national competent authorities and security bodies to complete the risk assessments required by Article 29. Identify which of your services fall under national security, defence, justice, or critical infrastructure.
  2. Map Services to Assurance Levels:
    • General Admin/IT: If your service does not touch sensitive or critical data, you are legally required to procure at least Level 1. You cannot buy a service that does not meet Level 1 criteria.
    • Sensitive Data/Critical Operations: If your service handles sensitive data or is critical to public order, you must procure Level 2, 3, or 4. Use the risk assessment to determine the exact level. For example, a police database might require Level 3, while a defence command system might require Level 4.
  3. Check the Central Repository: Article 22 establishes a central repository of recognised cloud computing services. Before issuing a tender, check this repository to see which providers and services are officially recognised at the required assurance level. You can only procure from services that have received this recognition.
  4. Include Sovereignty Criteria in Tenders: When drafting procurement documents, explicitly state the required Union Assurance Level. Article 32 allows you to include non-price award criteria that evaluate the tenderer's contribution to the European cloud and AI ecosystem, such as the use of hardware or software designed in the Union.
  5. Plan for Migration: If your current cloud provider does not meet the required assurance level, Article 29(6) provides a reasonable transition period for migration, not exceeding 12 months. Start planning your migration strategy now to ensure continuity of service.
  6. Consider Multi-Cloud Strategies: Article 29(9) encourages you to consider whether a multi-vendor or multi-cloud strategy is appropriate to enhance resilience and limit dependency on a single provider. This can be part of your risk mitigation plan.

Common misconceptions

Misconception 1: Level 1 is "low security." Level 1 is not a low-security tier; it is a sovereignty tier. It requires state-of-the-art cybersecurity standards and keeps data and infrastructure within the EU. It is designed for the vast majority of public sector activities that do not involve classified or highly sensitive national security data. Do not confuse it with a lack of security; it is a lack of criticality regarding public order.

Misconception 2: I can choose any level I want for critical services. No. The level is not a choice; it is determined by the risk assessment. If your activity is deemed critical to public order, you must procure Level 2, 3, or 4. You cannot opt for Level 1 for these activities. Conversely, you are not required to buy Level 4 for every sensitive dataset; the risk assessment must justify the level based on proportionality.

Misconception 3: Non-EU providers are completely banned. Non-EU providers are not automatically banned. Article 18 allows the Commission to recognise certain third countries as providing sufficient assurances for Union Assurance Level 3. If a third country is recognised, providers subject to its control may be audited against Level 3 criteria, provided specific safeguards are in place (e.g., no measures to compel data access or service disruption). However, for Level 4, providers must not be subject to third-country control.

Misconception 4: The AI Act replaces these requirements. The AI Act and CADA are complementary. The AI Act regulates the safety and fundamental rights compliance of AI systems. CADA regulates the sovereignty and operational autonomy of the cloud infrastructure hosting those services. You must comply with both. A cloud service can be AI-Act compliant but still fail to meet CADA's Union Assurance Level requirements if it is controlled by a third country or stores data outside the EU.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.