Summary Europe faces a critical strategic vulnerability: "currently, three non-EU hyperscalers control over 70% of the European cloud market." This concentration creates risks of operational discontinuity, exposure to extraterritorial laws, and a lack of control over critical data. As proposed in COM(2026) 502 final, the Cloud and AI Development Act (CADA) addresses this by establishing the Cloud and AI Leadership Initiatives to boost domestic computing capacity and reduce dependencies. The proposal responds directly to the Draghi report's call for a "robust financial and talent flywheel" to drive innovation. By funding homegrown capabilities, the EU aims to triple its data centre capacity within five to seven years, ensuring a resilient, sovereign digital ecosystem that safeguards economic security and public order.

Detail

The imperative for the EU to fund its own cloud and AI infrastructure is rooted in a stark reality of market concentration and strategic dependency. The explanatory memorandum of the proposed CADA explicitly states that the current landscape is "characterised by a pronounced dependence on a limited pool of third-country providers." The memorandum quantifies this risk: "currently, three non-EU hyperscalers control over 70% of the European cloud market." This dominance is not merely a commercial statistic; it represents a systemic risk to the Union's economic security, sovereignty, and resilience.

The consequences of this dependence are multifaceted. Large market incumbents are often subject to third-country jurisdictions where laws with extraterritorial effects apply. These laws may mandate data access and transfer that conflict with EU fundamental rights and data protection frameworks. Furthermore, this dependence exposes European users to risks of "operational discontinuity," particularly in scenarios where unilateral decisions by third-country actors could disrupt service provision. The lack of domestic capacity forces European enterprises to route critical workloads through foreign hyperscaler infrastructure, making the EU a less attractive destination for tech investment compared to regions with more abundant, lower-cost compute resources.

To counter these vulnerabilities, the Commission proposes CADA as a coordinated "ecosystem approach." Central to this strategy is Article 6, which establishes the Cloud and AI Leadership Initiatives. These initiatives are designed to support research and innovation activities and achieve large-scale capacity throughout the Union's cloud and AI ecosystem. The proposal outlines specific operational objectives to be pursued under these initiatives, including:

  • Supporting the development and deployment of advanced data centre technologies incorporating principles of energy and resource efficiency.
  • Advancing the Union's capabilities in frontier AI, physical AI, and industrial AI.
  • Accelerating the development and uptake of industrial AI across strategic sectors.
  • Promoting the sharing of public sector data centre services and cloud computing services through the EuroCloud Federation.

The urgency of this funding is reinforced by the Draghi report on the future of European competitiveness. As cited in the CADA explanatory memorandum, the report calls on the European Commission to take targeted actions aimed at "regaining and retaining control over data and cloud computing services, expanding domestic computational capacity and establishing a robust financial and talent flywheel to drive innovation." This "flywheel" concept is critical: it suggests that investment in domestic capabilities must be sustained to attract talent, foster innovation, and create a competitive industrial base capable of withstanding global market pressures. Without such a flywheel, the EU risks falling further behind in the global race for AI leadership.

The proposal also directly addresses the capacity gap. The rapid proliferation of AI has resulted in "unprecedented and growing demand for computational capabilities." The explanatory memorandum notes that the Union's limited data centre capacity poses a "significant threat to its ability to benefit from the digital transformation and adopt AI-driven solutions." To bridge this gap, CADA proposes a framework to simplify and harmonise the deployment of data centres EU-wide. The goal is ambitious: to "triple EU capacity in the next five-to-seven years and reach the needed capacity by 2035." This expansion is intended to ensure balanced geographic deployment across Member States and provide European businesses and researchers with broad access to high-capacity, next-generation computational resources.

Funding under CADA is not limited to hardware. The proposal places a specific focus on open source as a lever to boost technological sovereignty. By promoting open European alternatives across the technology stack, the EU aims to reduce dependencies on proprietary, third-country technologies. This approach ensures that the Union retains control over the software and hardware underpinning its digital economy, fostering a competitive single market where providers compete on quality, innovation, and price, rather than being locked into a single vendor's ecosystem.

What this means for you

For public-sector bodies, procurement officers, and European technology providers, the proposed CADA funding mechanisms represent a fundamental shift in the digital landscape.

For Public Sector Bodies and Procurement Officers: The establishment of the Cloud and AI Leadership Initiatives means that public authorities will have access to a more robust, sovereign supply base. However, this comes with new obligations. Under Article 29, Member States and Union entities must carry out risk assessments to determine which public sector activities contribute to the preservation of public order. For activities identified as critical (e.g., national security, defence, law enforcement), Article 30 mandates that contracting authorities procure only cloud services recognised at Union assurance levels 2, 3, or 4. This ensures that sensitive data and critical operations are protected against unauthorised access and service disruption. The funding mechanisms will support the transition to these higher assurance levels, potentially through the EuroCloud Federation, which facilitates the sharing of data centre services among public sector bodies to optimise resource utilisation and reduce costs.

For European Cloud and AI Providers: The "financial and talent flywheel" described in the Draghi report and operationalised through CADA offers significant opportunities. The Cloud and AI Leadership Initiatives are designed to support research, innovation, and the deployment of sustainable technologies. This includes funding for "grand challenges" in areas such as frontier AI, physical AI, and industrial AI. European providers, particularly SMEs and start-ups, will benefit from measures to improve their access to public procurement markets. The proposal encourages the use of open-source solutions and the development of European open cloud computing stacks, creating a more level playing field against non-EU incumbents.

For Businesses and Researchers: The tripling of data centre capacity aims to resolve the current bottleneck where European enterprises are forced to use foreign infrastructure due to a lack of local options. By ensuring the availability of low-latency, high-performance compute resources within the Union, CADA aims to make Europe a more attractive destination for tech investment. This is crucial for sectors relying on AI-driven solutions, such as healthcare, automotive, and manufacturing, where data sovereignty and operational continuity are paramount.

Common misconceptions

Misconception 1: CADA is just about building more data centres. While tripling data centre capacity is a headline goal, CADA is a comprehensive ecosystem strategy. It funds research and innovation in frontier AI, physical AI, and industrial AI. It promotes open-source software, establishes a sovereignty framework, and creates mechanisms for public-sector collaboration like the EuroCloud Federation. The funding addresses the entire value chain, from hardware to software and skills.

Misconception 2: The EU is trying to ban non-EU cloud providers. CADA does not propose a ban. It establishes a risk-based sovereignty framework. For non-critical public sector activities, Union assurance level 1 may be sufficient, which allows for certain third-country controls under specific conditions. The goal is to reduce dependence and ensure that critical services are not vulnerable to external pressures, not to isolate the EU market entirely. The proposal explicitly states it is consistent with international commitments and trade agreements.

Misconception 3: Funding is only for large corporations. The Cloud and AI Leadership Initiatives explicitly aim to support SMEs and start-ups. The proposal includes measures to ensure that at least 25% of innovation procurement procedures are awarded to SMEs. The "financial and talent flywheel" is intended to benefit the entire ecosystem, fostering a diverse range of European providers rather than consolidating power further.

Misconception 4: Sovereignty means data must never leave the EU. While data localisation is a key requirement for higher assurance levels (2, 3, and 4), the framework is nuanced. Union assurance level 1 allows for data to remain exclusively within the Union unless the public sector body explicitly requires otherwise. The framework is designed to be proportionate, ensuring that the level of sovereignty matches the risk profile of the activity.

Related

This is general information about a draft EU regulation, not legal advice.