Gaia-X Position Paper on the European Commission’s Cloud and AI Development Act
The publication of the proposed Cloud and AI Development Act (CADA) represents an important step in strengthening Europe’s digital competitiveness, technological resilience and capacity to develop and deploy artificial intelligence at scale.
The Act recognises that Europe’s digital future depends on computing power and infrastructure capacityas well as on the ability of organisations to access, share and govern data and digital services in a trusted, secure and interoperable manner. Critically, it goes further than previous EU digital legislation by placing sovereignty, operational autonomy and resilience at the centre of Europe’s digital framework.
This is a welcome development.
For several years, policymakers, industry leaders and technology providers have recognised that artificial intelligence, cloud computing and data ecosystems are deeply interconnected. The challenge is no longer simply to build the infrastructure. Rather, it is to create the conditions that allow organisations to collaborate across sectors, borders and value chains with confidence, while reducing strategic dependencies on technologies and providers outside European control.
The Cloud and AI Development Act is an important step in that direction.
AI Requires Ecosystems, Not Just Infrastructure
The discussion around artificial intelligence often focuses on models, chips, computing capacity and data centres. These elements are essential, but they are only part of the equation.
AI adoption at scale depends on trusted digital ecosystems.
Organisations must be able to discover data and services, verify the characteristics of digital assets, establish trust with partners, demonstrate compliance with applicable rules and exchange information securely while maintaining control over their assets.
Without trust, organisations will not share data.
Without interoperability, ecosystems remain fragmented.
Without governance, digital sovereignty remains a political ambition rather than an operational reality.
Europe’s ability to compete in the age of AI will therefore depend on the frameworks that enable organisations to collaborate effectively.
Trust and interoperability are essential. However, the Cloud and AI Development Act also highlights the importance of operational autonomy and resilience. Organisations must be able to rely on critical digital services with confidence, particularly where continuity of service, strategic data assets and public-interest functions are concerned.
These are not abstract concepts. They determine whether a doctor in Warsaw can securely access relevant medical information from a hospital in Lyon, whether a small manufacturer in Bavaria can share production data with a logistics partner in Rotterdam without losing control of its intellectual property, or whether public administrations can collaborate across borders while respecting legal and regulatory requirements.
The value of Europe’s digital transformation will ultimately be measured not by the number of data centres or AI models it deploys, but by its ability to enable these kinds of trusted interactions at scale.
A New European Sovereignty Framework
One of the most significant aspects of the Cloud and AI Development Act is the introduction of a common European sovereignty framework for cloud services, with four assurance levels providing a harmonised approach to trusted cloud procurement and deployment.
This represents a qualitative step beyond previous EU digital legislation. For the first time, European organisations and public administrations will have a shared, structured reference for assessing the sovereignty characteristics of cloud services across the European market.
This is a concept that Gaia-X has already transformed into operational reality.
The Gaia-X Label scheme, launched in its operational form at the Gaia-X Summit 2025, provides a three-level sovereignty assurance framework for cloud services. Labels are verified against defined criteria covering trust, data sovereignty, transparency and compliance. The scheme is is live, and cloud services are already being assessed and listed against it.
At the Summit, the first catalogue of Gaia-X-labelled cloud services was launched in cooperation with CISPE. The catalogue allows users to search and compare services by sovereignty levels.
Providers including OVHcloud, 3DS OUTSCALE, T-Systems, Docaposte and Orange Business have been directly involved in Gaia-X compliance and catalogue implementations. The first providers to achieve Gaia-X Label Level 3, the highest level of sovereignty assurance, were announced at that time. CISPE has committed to deliver up to 3,000 European cloud infrastructure services compliant with Gaia-X Trust Framework and Label specifications, demonstrating that the Label scheme is moving from framework design to market deployment.
The Commission’s Cloud Sovereignty Framework explicitly references Gaia-X policy rules as one of its foundational inputs. CADA’s four assurance levels and Gaia-X’s three-level Label scheme share the same underlying logic: structured, verifiable, graduated sovereignty assurance that gives buyers a clear and comparable basis for procurement decisions.
Gaia-X is therefore the most advanced operational precursor to CADA’s sovereignty framework, and a natural reference point for implementation.
The success of the CADA assurance framework will depend on implementation rigour. For the four levels to serve as a meaningful signal to buyers, the criteria at each level must be clear, auditable and consistently enforced. Ambiguity in the lower assurance levels risks creating conditions for sovereignty washing, where services are presented as compliant without meaningfully addressing the strategic dependencies and operational autonomy concerns that the Act is designed to resolve. The experience accumulated through the Gaia-X Label scheme offers concrete lessons for how to avoid this outcome.
Gaia-X’s Role in Europe’s Digital Landscape
Gaia-X is a federated framework that combines governance, trust, interoperability and ecosystem development to enable trusted digital collaboration across sectors and jurisdictions. No other European initiative operates simultaneously across all of these dimensions.
Today, Gaia-X brings together more than 200 member organisations from across Europe and beyond, including cloud providers, industrial leaders, SMEs, public administrations, research institutions and technology companies. Its activities span manufacturing, mobility, energy, agriculture, healthcare, smart communities, public services and digital infrastructure.
What distinguishes Gaia-X is its ability to operate across the full digital ecosystem stack. This includes:
- Governance frameworks that establish common rules and responsibilities;
- Trust mechanisms that enable organisations to verify identities, claims and compliance;
- Interoperability approaches that facilitate collaboration across technologies and sectors;
- Federation services that support trusted interactions between participants;
- Policy and compliance frameworks that translate European values and regulatory requirements into operational practices.
By connecting these dimensions, Gaia-X helps transform policy objectives such as trust, interoperability, sovereignty and operational resilience into practical implementation mechanisms.
This is not a future ambition. It is already happening at scale.
Among the most visible examples, Catena-X applies Gaia-X governance and trust principles to automotive data sharing, connecting major manufacturers and suppliers including BMW, Volkswagen and Mercedes-Benz. It has around 190 to 200 participating organisations, with approximately 1,000 companies reported to be in the activation pipeline.
Across multiple sectors, Gaia-X principles are being applied in the Mobility Data Space for trusted cross-border mobility data exchange, in Health-X for healthcare data sharing across European health systems, in Agri-Gaia for AI-enabled agricultural data sharing, and through STRUCTURA-X, a consortium of European cloud and infrastructure providers building Gaia-X-compliant federated cloud services.
Taken together, these initiatives represent a proof of concept for the trusted, sovereign, interoperable European digital ecosystem that CADA envisions. They demonstrate that the governance models, trust frameworks and interoperability mechanisms required by the Act are not theoretical. They exist, they function, and they are already connecting organisations across Europe while creating the conditions for adoption at industrial scale.
This positions Gaia-X as the organization best placed to accelerate CADA’s contribution.
Avoiding Fragmentation and Building Scale
Europe has invested significantly in cloud infrastructures, AI initiatives, data spaces, research programmes and digital innovation ecosystems.
The challenge now is not creating additional isolated initiatives.
The challenge is connecting existing efforts into a coherent and interoperable European landscape.
The Cloud and AI Development Act provides an opportunity to strengthen alignment between infrastructure providers, data ecosystems, AI initiatives, public administrations and industrial stakeholders.
To realise this vision, interoperability must remain a guiding principle.
Interoperability should extend not only to technical systems, but also to the assurance frameworks and market signals that buyers use to assess trust, sovereignty and resilience.
Europe’s digital future should not be characterised by competing silos. It should be built on federated ecosystems that enable innovation while preserving trust, autonomy and choice.
From Policy to Implementation
The publication of CADA is an important policy milestone.
Its success will ultimately depend on implementation.
Europe already possesses many of the necessary building blocks: world-class research capabilities, industrial expertise, emerging AI ecosystems, growing cloud capacities and a strong regulatory foundation.
The next step is ensuring that these building blocks can work together effectively.
Gaia-X is already contributing to the development of trusted digital ecosystems across Europe and looks forward to supporting the implementation of the objectives outlined in the Cloud and AI Development Act.
The future of European AI will not be determined solely by the infrastructure Europe builds.
It will depend on Europe’s ability to create trusted, sovereign ecosystems in which organisations can collaborate, innovate and generate value while maintaining control over their data, services and digital assets.
This is the challenge that the Cloud and AI Development Act seeks to address.
Building trusted, sovereign and interoperable digital ecosystems is no longer a future ambition. It is a strategic necessity for Europe’s competitiveness, resilience and technological autonomy. It is also the challenge that Gaia-X was created to solve.