EU unveils the Cloud and AI Development Act: four assurance levels and procurement tied to sovereignty

On 3 June 2026 the European Commission presented its Technology Sovereignty Package — four coherent initiatives to reduce Europe's dependence on non-European hyperscalers and foreign chips. At the heart of the package is the Cloud and AI Development Act (CADA), flanked by a Chips Act 2.0, an EU Open Source Strategy and a roadmap for digitalisation and AI in the energy sector.

For a European provider of sovereign compute infrastructure, this is not an incremental policy update but a structural shift. The market in which Sovereign AI-Grid operates is, for the first time, getting an official, EU-wide yardstick — and a demand engine anchored in legislation rather than in good intentions.

Four assurance levels as an official yardstick

CADA introduces a sovereignty framework with four assurance levels. Public institutions choose, based on their own risk assessment, which level a service must meet; providers are recognised per level after a Member State has audited them. This moves positioning from a self-chosen marketing term — "sovereign" — to a demonstrable, verified level. No longer a claim, but a certificate.

Procurement becomes tied to sovereignty

The most important shift is on the procurement side. For sensitive applications — think banking, healthcare and energy — governments and EU institutions must carry out a sovereignty risk assessment and procure accordingly. That creates a sheltered market that American hyperscalers, which today control the bulk of the European cloud market, will find structurally harder to enter. The demand that European providers have advocated for years is now legally underpinned.

Capacity, open source and European chips

CADA aims to triple Europe's compute capacity within five to seven years, with accelerated permitting and designated strategic projects. The package also anchors "open source first" as an operational principle in law — a tailwind for bring-your-own-model architectures — and, through a Chips Act 2.0, backs hardware designed and produced in Europe. For anyone able to place owned, controlled compute modules in Europe and fill them with European silicon, that is a seamless fit.

“The package does not make the case more complicated, but stronger: Brussels itself now underpins both the demand side and the capital side of sovereign compute.”

What it means for Sovereign AI-Grid

CADA limits services under the control of a third country to the lower assurance levels. A fully Dutch-established and Dutch-controlled entity falls outside that restriction — a built-in advantage at the top of the scale that hyperscalers by definition lack. Sovereign AI-Grid is built on exactly this: European ownership, steward ownership as governance, and an offering that moves from brand sovereignty to certified sovereignty.

CADA is currently a Commission proposal and still has to pass the European Parliament and the Council. The direction, however, is clear enough to act on now — and the details will be filled in over the coming period through the proposal and its accompanying annexes.