Summary As proposed, the Cloud and AI Development Act (CADA) does not automatically mandate an interoperability assessment under the Interoperable Europe Act (Regulation (EU) 2024/903) for the central repository of recognised cloud services or the EuroCloud Federation platform. Instead, the accompanying impact assessment explicitly states that the need for such an assessment "will be evaluated once the operational details for the repository of recognised cloud computing services become available." However, the EU Open Source Solutions Catalogue (EU OSS Catalogue), established under CADA Article 43, is explicitly designed to deliver on the share-and-reuse requirements of Article 4 of the Interoperable Europe Act and is hosted on the Interoperable Europe portal.

Detail

The Cloud and AI Development Act (CADA), as set out in COM(2026) 502 final, establishes a suite of digital infrastructure components designed to strengthen Europe's cloud and AI ecosystem. These include the central repository of recognised cloud computing services (Article 22), the European public sector cloud federation platform (Article 34), and the EU Open Source Solutions Catalogue (Article 43). A critical compliance question for legal teams is whether these distinct platforms trigger the mandatory interoperability assessment obligations found in the Interoperable Europe Act (Regulation (EU) 2024/903).

The legislative text and the accompanying impact assessment draw a clear distinction between these components. While the Interoperable Europe Act generally requires public sector bodies to assess the interoperability of digital public services, CADA's approach is nuanced: it defers the assessment requirement for some platforms to a future operational phase while embedding compliance for others immediately.

The Central Repository and EuroCloud Platform: A Deferred Evaluation

Article 22 of the CADA proposal mandates the Commission to establish and maintain a "dedicated repository of cloud computing services that have been recognised in accordance with Article 17." This central repository will be publicly available and regularly updated by the Commission and national competent authorities. Similarly, Article 34 establishes the EuroCloud Federation and tasks the Commission with creating a platform to facilitate the sharing of public sector data centre and cloud computing services.

Crucially, the CADA proposal itself does not contain an explicit cross-reference requiring an immediate interoperability assessment under Regulation (EU) 2024/903 for these two specific platforms. Instead, the determination is left to the operational development phase.

The definitive guidance is found in the "Digital Dimensions" section of the CADA impact assessment. Under the specific entries for the "Union repository of recognised sovereign services" and the "EuroCloud Federation," the assessment states:

"The need for another interoperability assessment under the Interoperable Europe Act (Regulation EU 2024/903) will be evaluated once the operational details for the repository of recognised cloud computing services become available."

This phrasing indicates that no automatic, immediate obligation exists under the current draft text. The decision to conduct a formal assessment will depend on the specific technical and operational characteristics of these platforms as they are developed and deployed. The impact assessment notes that the implementation of these repositories will take "utmost account of existing policies and the building blocks stemming from them," but the formal assessment requirement is to be specified by the Commission at a later stage, likely through implementing acts or secondary legislation.

The EU Open Source Solutions Catalogue: Immediate Compliance

In stark contrast, the EU Open Source Solutions Catalogue (EU OSS Catalogue), established under Article 43 of the CADA proposal, has a direct and immediate link to the Interoperable Europe Act. Article 43 mandates that the Commission provide and maintain this catalogue as a centralised access point for software made available for reuse by Union entities and public sector bodies.

The impact assessment explicitly confirms that this catalogue is designed to satisfy the Interoperable Europe Act's core mandates. It states:

"Article 4 of the Interoperable Europe Act (Regulation EU 2024/903) mandates the share and reuse of interoperability solutions between Union entities and public sector bodies. The EU Open Source Solutions Catalogue delivers upon this requirement."

Furthermore, Article 43(2) of the CADA proposal specifies that the EU OSS Catalogue "shall be hosted on the Interoperable Europe portal referred to in Article 8 of Regulation (EU) 2024/903." This architectural integration ensures that the catalogue is not only compliant with the share-and-reuse mandate but is also technically aligned with the broader EU interoperability framework from day one. The impact assessment further notes that the catalogue will "re-use, in so far as relevant, the eIDAS framework," further embedding it within the existing EU digital identity and interoperability infrastructure.

Interoperability Measures and Future Specifications

While the central repository and EuroCloud platform do not currently trigger an immediate assessment, the CADA proposal empowers the Commission to adopt implementing acts to specify the technical, operational, and organisational measures for these platforms.

For the EuroCloud Federation, Article 35(6) empowers the Commission to adopt implementing acts to specify the technical, operational, and organisational measures. Similarly, the impact assessment notes that "Semantic measures will be specified by the Commission at a later stage" and "Technical measures will be specified by the Commission at a later stage" for both the repository and the federation.

This suggests a phased regulatory approach:

  1. Immediate Phase: The EU OSS Catalogue is fully aligned with the Interoperable Europe Act.
  2. Future Phase: The central repository and EuroCloud platform will have their interoperability requirements defined through secondary legislation. At that point, the need for a formal assessment under Regulation (EU) 2024/903 will be re-evaluated based on the specific operational details established.

What this means for you

For in-house counsel, compliance officers, and public sector IT directors, the distinction between these platforms dictates a two-track compliance strategy.

1. Immediate Action: The EU OSS Catalogue

If your organisation is a Union entity or a public sector body making software available for reuse under an open-source licence, you must act now.

  • Mandatory Connection: Under CADA Article 42, any software made available for reuse must be published in a catalogue or repository that is "connected to, and made accessible through, the EU OSS Catalogue."
  • Dual Compliance: By connecting to the EU OSS Catalogue, you simultaneously satisfy CADA Article 42 and the share-and-reuse obligations of Article 4 of the Interoperable Europe Act. No separate assessment is needed for this specific activity, as the platform itself is the compliant vehicle.

2. Monitoring and Preparation: The Central Repository and EuroCloud Platform

For entities planning to interact with the central repository of recognised services or the EuroCloud Federation:

  • Track Implementing Acts: The Commission is empowered to adopt implementing acts to specify the technical and operational measures for these platforms. These acts will likely define the specific interoperability standards required.
  • Prepare for Evaluation: While an assessment is not currently mandatory, the impact assessment explicitly states it "will be evaluated" once operational details are available. Organisations developing solutions to integrate with these platforms should proactively adopt Interoperable Europe standards (such as the European Interoperability Framework) to ensure seamless integration when the formal assessment requirement is triggered.
  • Secondary Legislation Watch: Pay close attention to the Commission's future communications regarding the "operational details" of the repository. The trigger for the assessment is tied to the availability of these details.

Common misconceptions

Misconception 1: All CADA digital platforms require an immediate Interoperable Europe assessment. This is incorrect. The impact assessment explicitly states that the need for an assessment for the central repository and EuroCloud platform "will be evaluated once the operational details... become available." Only the EU OSS Catalogue has a confirmed, immediate alignment with the Interoperable Europe Act's share-and-reuse requirements.

Misconception 2: CADA replaces the Interoperable Europe Act. CADA and the Interoperable Europe Act are complementary, not substitutive. CADA focuses on cloud sovereignty, data centre deployment, and AI ecosystem strengthening, while the Interoperable Europe Act provides the horizontal framework for public sector interoperability. The EU OSS Catalogue serves as a bridge, fulfilling obligations under both. The central repository and EuroCloud platform will eventually operate within the Interoperable Europe framework, but the specific assessment trigger is deferred.

Misconception 3: Private cloud providers must conduct interoperability assessments under CADA. The interoperability assessment requirements under the Interoperable Europe Act primarily target public sector bodies and Union entities. Private cloud providers seeking recognition under CADA's sovereignty framework must comply with CADA's specific audit and recognition procedures (Articles 17–21), including independent third-party audits. Unless a private provider is also acting as a public sector body or providing specific interoperability solutions for public use, the Interoperable Europe Act's assessment mandate does not apply to them directly under CADA.

Related

This is general information about a draft EU regulation, not legal advice.