The recently proposed Cloud and AI Development Act (CADA) within the EU’s Tech Sovereignty Package underscores growing emphasis on data sovereignty, prompting IT channel partners to adapt their business models beyond traditional product sales, explains Lewis Dick, Alliances Director, Infinigate.
The Cloud and AI Development Act (CADA) aims to strengthen Europe’s cloud and AI ecosystem while addressing dependencies on non-EU providers. It introduces a framework for assessing cloud and AI sovereignty, including tiered assurance levels based on factors such as data location, supply chain control, and cybersecurity standards. This development comes as organizations increasingly distribute data across borders, making visibility into data storage, access rights, and applicable laws essential for risk management.
For businesses processing sensitive data, particularly in regulated sectors or those handling EU citizens’ information, the implications are substantial. Data breach costs have risen, and CADA imposes stricter protections against third-country access. Compliance requires more than isolated tools; it demands integrated technologies, policies, and controls tailored to specific data flows.
More Than Just a Compliance Requirement
The challenge: Every organization that processes sensitive data across borders must take action. However, the pressure is greatest in regulated sectors and for companies that process data belonging to EU citizens. As the costs of data breaches have risen to record levels and CADA is introducing strict security measures to protect sensitive data from access by third countries, the issue has long since reached the boardroom.
This regulatory environment challenges traditional IT distribution practices. Resellers and managed service providers (MSPs) historically focused on product sales, often described as “box-shifting.” The new demands call for a transition toward advisory services, where partners evaluate customer data architectures, compliance gaps, and incident response capabilities before recommending solutions.
Data sovereignty involves determining where data resides, who can access it, and under which jurisdictions it falls. Organizations must navigate complex supply chains and cross-border transfers while meeting EU standards. CADA’s sovereignty framework supports public sector procurement and extends influence to private entities through contractual and risk considerations.
The legislation presents opportunities for channel partners to expand their roles. Services such as compliance assessments, architecture reviews, and ongoing monitoring can generate recurring revenue streams, particularly for MSPs. Success depends on building expertise in both technology and regulatory risks, enabling informed discussions with clients on data governance.
Distributors play a supporting role by offering training, pre-sales assistance, and portfolios of complementary solutions. Value-added services help partners address knowledge gaps and develop repeatable assessment methodologies. Organizations integrating data sovereignty into broader cybersecurity strategies are better positioned to manage risks effectively.
Critics of the approach have raised concerns about potential market fragmentation and increased costs, noting the challenges of scaling EU-based infrastructure. Nevertheless, the framework reflects a strategic response to perceived vulnerabilities in digital dependencies.
As implementation progresses, the channel’s evolution will be key to helping enterprises balance innovation with sovereignty and security requirements. The focus remains on practical adaptation rather than abstract ideals, ensuring data practices align with evolving legal and operational realities.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de