By when must Member States adopt a national cloud and AI strategy under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), Member States must adopt their national cloud and AI strategies within one year of the Regulation's entry into force. As proposed, the Regulation enters into force on the twentieth day following its publication in the Official Journal. Consequently, the deadline for national strategies is approximately one year and 20 days after publication. These strategies must be coherent with the Regulation's objectives, consistent with the Digital Decade targets, and notified to the Commission within three months of adoption.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a binding framework for Member States to formalize their national approaches to cloud and AI development. This requirement is central to the Act's goal of creating a coordinated, EU-wide ecosystem that increases computing capacity, fosters innovation, and reduces strategic dependencies on non-European providers.

The Deadline: One Year from Entry into Force

The timeline for adoption is strictly defined by the interplay between Article 7 and Article 48 of the proposal.

Article 7(1) explicitly sets the deadline: "By [same day as entry into force plus one year], Member States shall establish national cloud and AI strategies (the 'national strategies')."

To calculate the precise date, one must first determine the entry-into-force date defined in Article 48: "This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union."

Therefore, the compliance clock does not start on the day of publication, but rather 20 days later. Member States then have exactly one year from that entry-into-force date to establish their strategies.

• Example Calculation: If the Regulation were published on 3 June 2026 (the date of the proposal), it would enter into force on 23 June 2026. The deadline for Member States to adopt their national strategies would then be 23 June 2027.

It is important to note that while the Regulation applies generally from one year after entry into force (Article 48), the obligation to adopt the national strategy is triggered specifically by the entry-into-force date, creating a distinct milestone for Member State governance.

Content Requirements: Coherence and Specific Objectives

The national strategies cannot be generic digital plans; they must be specifically tailored to the objectives of the CADA. Article 7(2) outlines the minimum content these strategies must include, ensuring they address the specific "grand challenges" and capacity gaps identified in the proposal:

1. Key Objectives and Governance: Strategies must include key objectives and priorities for cloud and AI adoption, aligned with the "AI first" principle. They must also establish a governance and monitoring framework to achieve these objectives.
2. Accelerated Adoption: Measures to accelerate cloud and AI development and adoption at national, regional, and local levels, particularly among public sector bodies, SMEs, and small mid-caps (SMCs). This includes supporting the "Centres for AI" referenced in Article 5.
3. Strategic Sector Deployment: Measures to support the broad deployment of AI in strategic industrial and public sectors, such as healthcare, energy, and mobility.
4. Data Centre Capacity: Measures to support the deployment of data centre capacity, focusing on high-value data centres that deliver economic and societal benefits while adhering to high environmental and energy-efficiency standards.
5. High-Intensity Computing: Investments in high-intensity computing infrastructure, including AI factories, AI gigafactories, and quantum computers, as strategic national and cross-border assets.
6. Procurement and Innovation: Measures to support cloud and AI capabilities through public procurement, including the innovation procurement measures set out in Article 33.
7. Open Technology: Support for cloud computing stack technologies built upon open hardware and software to strengthen technological sovereignty.
8. Data Accessibility: Measures to ensure the accessibility of high-quality data for AI development, preventing data bottlenecks.

Consistency, Monitoring, and the Role of the AI Board

Article 7(3) requires that national strategies "shall be consistent with the objectives of this Regulation." Furthermore, Article 7(4) mandates that these strategies must be consistent with and contribute to the digital targets established under the Digital Decade Policy Programme (Decision (EU) 2022/2481). These targets include the adoption of cloud computing services, big data, and AI by at least 75% of Union enterprises.

The process is not a one-off event. Article 7(5) requires Member States to notify the Commission of their national strategies within three months of their adoption. The strategies are dynamic; Member States must assess them at least every three years based on key performance indicators and update them where necessary. The Commission will monitor the adoption and revision of these strategies.

Article 7(6) assigns a specific coordination role to the European Artificial Intelligence Board (AI Board), established by the AI Act. The Board "shall advise and assist the Member States as regards the coordination of national strategies" and facilitate the exchange of best practices. This ensures that national efforts are aligned with broader EU AI policy and that fragmentation is minimized.

What this means for you

For in-house counsel, compliance officers, and strategic planners, the establishment of national cloud and AI strategies is a critical leading indicator of the regulatory landscape. While the obligation to create the strategy falls on Member States, the content of those strategies will directly shape corporate obligations and market opportunities.

1. Procurement and Vendor Selection National strategies will likely include specific measures to support the procurement of European cloud and AI solutions. As CADA introduces Union assurance levels for cloud sovereignty (Article 16), national strategies may prioritize or mandate the use of services meeting these levels, particularly in the public sector. Companies providing cloud services should monitor these strategies to understand if they need to pursue Union assurance recognition to remain competitive for public contracts.

2. Investment and Infrastructure Planning Strategies will outline national priorities for data centre deployment and high-intensity computing. If your organization is planning infrastructure investments, aligning with the national strategy's focus on energy efficiency, sustainability, and strategic locations (such as data centre acceleration zones under Article 10) will be crucial. The strategies may also detail national support measures or funding opportunities linked to CADA's Cloud and AI Leadership Initiatives.

3. Data and Open Source The requirement for strategies to support open hardware and software (Article 7(2)(g)) and ensure data accessibility (Article 7(2)(h)) signals a push towards open standards and data sharing. Compliance teams should review their data governance and software licensing practices to ensure they align with the growing emphasis on open source and data availability for AI training.

4. Monitoring and Reporting As the AI Board facilitates coordination, expect increased reporting requirements and benchmarking against national KPIs. Companies may be indirectly affected if national strategies impose reporting or transparency obligations on entities benefiting from public support or participating in strategic sectors.

Common misconceptions

Misconception 1: The strategy deadline is one year from publication. The deadline is one year from entry into force, which is 20 days after publication. This distinction is crucial for precise compliance calendar planning. The Regulation does not start ticking on the day it is published.

Misconception 2: National strategies replace existing digital plans. Article 7(3) (and the explanatory memorandum) clarifies that if a Member State has already adopted a national strategy that adequately covers the CADA objectives, it is not required to adopt a new strategy. However, it must update its existing strategy to address any gaps. This means companies should look for updates to existing national digital strategies rather than entirely new documents.

Misconception 3: The strategies are non-binding guidelines. While the strategies themselves are national policy documents, they are mandated by an EU Regulation and must be coherent with CADA's binding objectives. Failure to establish a compliant strategy could lead to infringement procedures against the Member State. More immediately, it signals a lack of regulatory alignment that may affect funding eligibility and procurement preferences.

Misconception 4: Only the public sector is affected. While the strategies focus heavily on public sector adoption and procurement, they also outline measures to support SMEs, SMCs, and strategic industrial sectors. Private companies in these sectors will be subject to the measures and incentives defined in the national strategies.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• CADA Deadlines: When Must Member States Adopt National Strategies and Designate Authorities?
• CADA directly applicable: What 'binding in all Member States' means for compliance
• Will existing cloud contracts be affected when CADA starts to apply?
• When will the Cloud and AI Development Act (CADA) be reviewed?
• When is the first CADA evaluation report due? Article 47 timeline

This is general information about a draft EU regulation, not legal advice.