The EU Cloud and AI Development Act: What It Gets Right, and What It Still Needs
SUSE, Thursday, June 4th, 2026
EU's new Cloud and AI Development Act represents the most ambitious commitment to open source by the Commission, but falls short on binding enforcement.
The EU Commission published its EU Cloud and AI Development Act (CADA) as part of the Tech Sovereignty Package, marking a landmark commitment to open source with initiatives including an EU Public Sector OSPO Network, a EUR 2 billion investment envelope, and mandatory cloud strategy requirements for member states
The legislation establishes "open source first" as a named principle in operative law and creates a structured cloud sovereignty certification framework with four assurance levels.
However, SUSE argues that while the signal is positive, Article 41's promotion of open source solutions lacks binding and enforceable requirements, treating open source as merely a procurement preference rather than a mandatory procedural requirement.
The company emphasizes that open source should require public contracting authorities to assess whether qualified open source solutions exist before spending on proprietary software, with documented and auditable justification.