Brussels, BELGIUM – The European Commission’s Cloud and AI Development Act (CADA), presented today as part of a wider tech sovereignty package, introduces discriminatory measures that directly undermine the EU’s own digitalisation goals.
By excluding trusted international technology providers based on their headquarters location and organisational structure, the Commission forces users to rely on a much more limited selection of digital products.
The Computer & Communications Industry Association (CCIA Europe) warns that Europe’s digital ecosystem will only thrive if its compute capacity can scale at global speed and real demand for cloud and AI services is allowed to grow. Today’s protectionist proposal fails on both fronts.
A closer look reveals a dangerous recipe for progressive market shutdown. By requiring Member States to assess which use cases demand specific sovereignty levels – levels that non-EU vendors would be unable to meet by default – the CADA relies on an impractical Commission framework that no international provider could possibly satisfy. The result would be a fragmented shutdown of the EU Single Market.
This is the opposite of simplification. Instead, it invites national capitals to erect their own protectionist walls. In practice the Commission would be instructing Member States to discriminate, while avoiding direct accountability for the fragmented outcomes that follow.
In addition, the associated-country mechanism in Article 18 of the CADA sets an impossible standard: no major technology-producing nation meets it today, including the European Union itself. The ‘Level 3’ and ‘Level 4’ sovereignty levels are not modest safeguards. They are closed-market requirements dressed up as policy thresholds.
Trusted providers would be pushed out of parts of the EU market, while less competitive alternatives receive an artificially reserved share of demand. This would force cloud-based services to reorganise global operations around conflicting political understandings of ‘sovereignty’ that do nothing to strengthen security.
Finally, Article 31 moves beyond public services, potentially forcing private entities to choose less competitive suppliers if their trusted providers cannot operate under the CADA.
CCIA Europe recognises the need for greater EU compute capacity and supports Europe’s drive to scale companies across the Single Market. That is why the Association calls on the European Council and Parliament to abandon this discriminatory proposal and focus on a unified framework that allows users to safely harness cloud and AI at true scale.
The following can be attributed to CCIA Europe’s Senior Vice President & Head of Office, Daniel Friedlaender:
“The Cloud and AI Development Act is a direct recipe for fragmented discrimination across Europe in 27 different ways, not only in public procurement but potentially also across thousands of private critical entities, from banks to energy companies.”
“By pairing a strict mandate with unrealistic standards that the EU itself cannot meet, the Commission is effectively giving national capitals carte blanche to shut out trusted global vendors from every major technology-producing nation outside the Union.”
The following can be attributed to CCIA Europe’s Policy Manager, Mitchell Rutledge:
“The EU’s ambition to triple data centre capacity is the right one. But the way to achieve that goal is by attracting investment, not shutting it out.”
“We call on Member States and the European Parliament to fundamentally revisit this sovereignty framework, replace origin-based exclusions with verifiable technical security criteria, and ensure that any extension of these obligations beyond the public sector is subject to full legislative scrutiny.”
