In CADA, or the Cloud and AI Development Act, the European Commission paints a bleak picture of the current state of European digital autonomy. How does the Union hope to succeed where previous ambitions have failed?
Three non-European hyperscalers (AWS, Microsoft, and Google) dominate the cloud market on our continent. The 70 percent market share they hold has caused the European market share to shrink from 29 percent in 2017 to 15 percent in 2022. Structural bottlenecks such as very limited data center capacity and complex legislation must now be addressed drastically.
Simplicity and ambition…
CADA’s key steps revolve around stricter procurement of digital services, including for non-critical public services. The portion of the private sector subject to legislation based on the NIS2 Directive can be compelled by the Commission to conduct impact assessments and mitigate their risks. CADA also anticipates a “EuroCloud Federation,” in which member states can pool and redistribute their unused cloud and data center capacity.
Network providers must align their plans with analyses of energy needs. In doing so, the Commission is paving the way for “acceleration zones” for data centers and AI factories. These are sensible concepts that, according to the authors of the legislative proposal, must be based on “administrative simplification.” That stated ambition is perhaps the most self-assured, but also the most challenging, for the Commission.
Brussels has been working on CADA since December of last year, but the seeds for this legislative proposal were planted during the COVID-19 pandemic. Undoubtedly fueled by a renewed awareness of the digital domain during lockdowns, European member states have repeatedly attempted to offer a response to U.S. public clouds. The move toward these clouds could easily be called a sleepwalking process. The EU has been jolted awake for years now, but CADA is the clearest response to date. There are caveats, however. Dependence on hyperscalers won’t simply disappear, and the legislative proposal is notably cautious in this area.
…but compromises right from the start
A major problem for European cloud ambitions is that there is a good reason for this digital dependence. The public cloud has won the hearts and minds of IT decision-makers across all kinds of organizations, regardless of sector. Availability, scalability, affordability (under the right circumstances), and simplicity have been the main arguments for making the move to the cloud. In addition, many startups and employees have grown up with a cloud-native philosophy. For many, working with on-premises environments is far from familiar; it is an entirely new domain with all sorts of drawbacks.
The bill reflects this problem. The result is that U.S. hyperscalers do not explicitly face any barriers. That would have been a legal minefield, by the way; tenders must be free from discrimination against providers based on their location.
CADA offers multiple ways to exclude hyperscalers if geopolitical conditions deteriorate. However, “disproportionate costs” for alternatives or additional features from specific providers could lead organizations to continue using AWS, Azure, or Google Cloud.
Likewise, tenders must meet transparent, consistent requirements. Since the hyperscalers are not disqualified in advance, we can continue to expect “Sovereign Cloud” offerings from these parties. CADA offers advantages for European parties because they can more easily meet the criteria. However: those criteria should not be decisive. Only 15 out of 120 points are purely intended to give European parties an advantage. Technical performance and financial considerations remain dominant.
Improvements
With CADA, everything hinges on precise implementation, and the attempt at simple legislation is far from a guaranteed success. Should this succeed, however, there are a few surprising elements of the legislative proposal that we would like to highlight.
The European Commission can act as a contracting authority for data center services, cloud offerings, software, and AI systems. This applies both to itself and to other EU entities and member state authorities. Additionally, CADA puts pressure on member states to allocate at least 25 percent of public procurement contracts to innovative SMEs.
In any case, the framework surrounding the EuroCloud Federation sounds like a good starting point. A centralized catalog and an orchestration platform should make capacity transparent and manageable.
Again: CADA is still a legislative proposal. If we look at the timeline of the GDPR and the AI Act, we should expect it to take three to four years before we see an actual EU law adopted. The NIS2 Directive and Data Act were implemented much faster, in 24 and 21 months respectively, while the pace of the European Chips Act (17 months) suggests a positive scenario. In short, we should not assume that CADA will become law before 2028. However, an operational implementation is already ambitiously planned for between 2028 and 2030. The Commission wants to move quickly. It has to.