On 3 June 2026, the European Commission adopted the proposal for the Cloud and AI Development Act (CADA) as part of its European Tech Sovereignty package. The proposal is at the legislative stage: it has been adopted by the Commission and must proceed through the ordinary legislative procedure involving the European Parliament and the Council of the European Union before it can enter into force. CADA forms one element of a broader set of measures adopted on 3 June 2026, alongside the Chips Act 2.0 and the EU Open Source Strategy.
The CADA proposal pursues three stated objectives: research, development, and innovation in cloud and AI technologies; capacity, defined as accelerating data centre deployment across EU territory with a Commission target of at least tripling EU data centre capacity within five to seven years; and autonomy, operationalised through a single EU-wide assessment for cloud and AI sovereignty replacing divergent national schemes. The sovereignty assessment component would introduce a common classification mechanism for cloud and AI services used by public authorities and critical sectors.
Cloud service providers, AI infrastructure operators, data centre developers, and public-sector procurement bodies are the primary parties affected by the proposed CADA. Cloud providers serving EU public administrations or critical sectors could face mandatory participation in the sovereignty assessment process, with classification consequences for their ability to bid on public contracts. AI deployers and developers relying on non-EU cloud infrastructure may need to assess supply-chain exposure against sovereignty criteria once the regulation is finalised and compliance timelines are set.
The CADA proposal is at an early stage of the legislative process, and the co-decision procedure for technology regulation of this type typically takes between one and two years. Key open questions include the precise scope of the sovereignty assessment, which sectors will face mandatory rather than voluntary participation, and how CADA will interact with existing obligations under the Network and Information Security Directive 2 (NIS2), the Digital Operational Resilience Act (DORA), and the AI Act. The Commission has not published a final regulation text, and the co-legislators may amend the proposal substantially.
Licentium advises AI developers, cloud service providers, and public-sector organisations on EU digital regulation and may assist clients in assessing exposure to the CADA proposal and related sovereignty requirements. Entities wishing to prepare for potential CADA compliance obligations or to engage in the legislative process are welcome to reach out. Work we undertake includes EU AI Act compliance, cloud regulatory advisory, NIS2 and DORA assessments, public procurement technology advising, and EU digital sovereignty strategy.
Source: European Commission, Cloud and AI Development Act (CADA) proposal, 3 June 2026