Why does CADA require sharing through a connected catalogue?

Summary As proposed in the Cloud and AI Development Act (CADA), Union entities and public-sector bodies must share software developed for them via a catalogue or repository connected to the central EU Open Source Solutions Catalogue (EU OSS Catalogue). This requirement, set out in Article 42, aims to solve the critical problem of software being scattered across disparate, siloed repositories, which currently hampers searchability and reuse. By centralising discoverability, the Act seeks to maximise the value of public expenditure, reduce duplication of effort, and foster innovation across the Union's digital ecosystem.

Detail

The Cloud and AI Development Act (CADA) introduces specific obligations to promote the sharing and reuse of open-source software within the public sector. A core mechanism for achieving this is the mandatory connection of local software repositories to a centralised EU-wide catalogue. This section explains the legal basis, the rationale, and the operational requirements of this provision, grounding every fact in the verbatim text of the proposal COM(2026) 502 final.

The Legal Obligation: Article 42 and Article 43

Under Article 42 of the proposed CADA, titled "Share and reuse of software," a clear obligation is placed on Union entities and public sector bodies. The Article states that when these entities make software to which they hold intellectual property rights available for reuse under an open-source licence, they "shall do so using a catalogue or repository that is connected to, and made accessible through, the EU OSS Catalogue referred to in Article 43."

This provision does not mandate that all public software be open-sourced. Rather, it applies conditionally: when an entity voluntarily decides to make software available for reuse, the method of distribution is regulated. The software cannot remain in an isolated, internal, or disconnected repository. It must be listed in a catalogue that interfaces with the central EU OSS Catalogue.

Article 43 establishes the infrastructure for this requirement. It mandates that the Commission "shall provide and maintain an EU Open Source Solutions Catalogue ('EU OSS Catalogue') as a centralised catalogue to access software made available for reuse by Union entities and public sector bodies." Furthermore, Article 43(2) specifies that this catalogue shall be hosted on the Interoperable Europe portal and shall be accessible electronically free of charge.

The Rationale: Solving the Discoverability Problem

The driving force behind this connectivity requirement is detailed in Recital 83 of the CADA proposal. The Recital explicitly identifies the current market failure: "An increasing number of Union entities and public-sector bodies are sharing software developed by or for them and making it available for reuse under an open-source licence... However, software is often made available and accessible in different repositories or catalogues, hampering searchability, discoverability and, ultimately, reuse."

The proposal argues that this fragmentation leads to several negative outcomes:

1. Reduced Discoverability: Potential users cannot easily find existing solutions because they are hidden in disparate, non-interoperable systems.
2. Duplication of Effort: Developers may unknowingly rebuild software that already exists in another Member State or EU institution because they cannot find the original.
3. Inefficient Public Spending: The value of public expenditure is not maximised when software developed with public funds remains siloed and underutilised.

By requiring a connection to the EU OSS Catalogue, CADA aims to create a "one-stop-shop" for open-source resources. This centralisation improves discoverability, allowing public sector bodies to find, evaluate, and reuse existing solutions rather than developing new ones from scratch. As stated in Recital 83, this approach "may maximise the value of public expenditure, reduce duplication costs and foster innovation across the Union."

Operational Mechanics: A Federated Approach

The implementation of this requirement relies on a federated model rather than a fully centralised upload system. Public sector bodies are not required to migrate their software into a single Commission-managed server. Instead, they must use a catalogue or repository that is "connected to" the EU OSS Catalogue.

According to Article 43(3), the Commission will decide on the request of any Union entity or public sector body owning or maintaining a catalogue or repository to have that catalogue "connected to and made accessible through the EU OSS Catalogue." This decision will be based on "objective and relevant criteria." This suggests a governance mechanism where local repositories must meet certain technical and metadata standards to ensure interoperability with the central EU catalogue.

This structure allows Member States and Union entities to maintain their existing Open Source Programme Offices (OSPOs) and local repositories while ensuring that the content within them is visible to the wider EU community. It aligns with the broader CADA goal of establishing a network of Open Source Programme Offices (as per Article 44) to facilitate cooperation and the exchange of best practices.

What this means for you

For public-sector IT managers, procurement officers, and legal counsels, this provision introduces a new compliance step in the software release lifecycle. If your organisation develops software in-house or commissions software development with public funds, and you intend to release that software under an open-source licence, you can no longer simply publish it on an internal GitHub instance or a standalone website.

Actionable Steps:

1. Audit Current Practices: Review how your organisation currently handles the release of open-source software. Identify any repositories that are currently isolated from external discovery mechanisms.
2. Prepare for Interoperability: Ensure that your local software catalogue or repository meets the technical criteria required for connection to the EU OSS Catalogue. While the specific technical standards will be defined in secondary legislation or Commission decisions, early alignment with open standards and metadata schemas (such as those promoted by the Interoperable Europe Act) is advisable.
3. Engage with OSPOs: Leverage the network of Open Source Programme Offices (OSPOs) established under Article 44. These offices will play a key role in facilitating the exchange of information and best practices regarding the sharing and reuse of open-source software. Your local OSPO should be the primary contact for implementing these connectivity requirements.
4. Update Procurement Clauses: Consider updating public procurement contracts for software development to include clauses that facilitate future open-sourcing and connection to the EU OSS Catalogue, if such reuse is anticipated. This ensures that intellectual property rights are clearly defined and that the resulting software can be legally shared in compliance with Article 42.

By proactively addressing these requirements, public sector bodies can turn compliance into an opportunity. Connecting to the EU OSS Catalogue not only fulfils a legal obligation but also increases the visibility of your organisation's digital contributions, potentially attracting community contributions, bug fixes, and enhancements from other parts of the EU public sector.

Common misconceptions

Misconception 1: CADA forces all public software to be open-source. This is incorrect. Article 42 applies only "when making software... available for reuse under an open source licence." It is a conditional obligation. If a public sector body chooses to keep software proprietary or does not intend to reuse it, Article 42 does not apply. The Act encourages, but does not mandate, the initial decision to open-source.

Misconception 2: All software must be uploaded directly to the Commission's central server. No. The model is federated. Article 42 requires the use of a catalogue "connected to" the EU OSS Catalogue. Entities can maintain their own local repositories, provided these repositories are technically integrated with the central EU catalogue so that the software is discoverable via the central portal.

Misconception 3: This only applies to large EU institutions. The definition of "public sector body" in CADA (referencing Directive (EU) 2019/1024) is broad. It includes bodies governed by public law, as well as bodies governed by private law that have a special power or privilege. Therefore, this requirement extends to many national, regional, and local authorities across the EU, not just Union-level institutions.

Misconception 4: Connection is automatic. Connection is not automatic. Article 43(3) states that the Commission shall "decide on the request" of an entity to connect its catalogue. This implies a review process based on objective criteria. Entities must actively seek and qualify for connection, ensuring their metadata and access protocols align with EU standards.

Related

• How does a repository get connected to the EU OSS Catalogue under CADA?
• Does CADA require sharing software with the public or only other public bodies?
• Who maintains the EU OSS Catalogue under CADA?
• Where is the EU OSS Catalogue hosted? CADA Article 43 explained
• CADA Article 42: When does the obligation to use the EU OSS Catalogue apply?

This is general information about a draft EU regulation, not legal advice.