Cloud & AI Development Act
Proposed regulationCADA COM(2026) 502 · European Commission · 3 June 2026
CADA is a proposed EU Regulation establishing legally binding Union Assurance Levels (UAL 1–4) for cloud sovereignty. It provides a harmonised, auditable set of criteria at four levels of sovereignty. UAL 2+ requires independent third-party audit for formal recognition. Not yet adopted law — results are indicative only.
Scoring model
Cumulative gate: UAL N is achieved if and only if all criteria at levels 1 through N are answered "yes". Self-assessment suffices for UAL 1; UAL 2–4 require third-party audit (CADA Art. 20) for formal recognition by national competent authorities (CADA Art. 17).
Objectives & weights (29 questions)
22 questions covering all CADA Annex II criteria (L1 through L4). Does not cover SOV-8 Environmental Sustainability.
| Objective | Weight | Questions |
|---|---|---|
| SOV-1 Strategic Sovereignty | 15% | 4 |
| SOV-2 Legal & Jurisdictional Sovereignty | 10% | 5 |
| SOV-3 Data & AI Sovereignty | 10% | 6 |
| SOV-4 Operational Sovereignty | 15% | 8 |
| SOV-5 Supply Chain Sovereignty | 20% | 3 |
| SOV-6 Technology Sovereignty | 15% | 1 |
| SOV-7 Security & Compliance Sovereignty | 10% | 2 |