As proposed, the Cloud and AI Development Act (CADA) does not create its own original definitions for "data centre" or "data centre service." Instead, Article 2 of the CADA proposal incorporates existing definitions from other EU law: the energy-statistics framework (Regulation (EC) No 1099/2008) for the data centre, and the NIS2 Directive for the data centre service. This referential approach is designed to keep CADA's scope aligned with established technical and security standards. For CTOs and architects, it means the regulatory definition of a data centre is tied to existing energy-related characteristics, while the definition of a data centre service is tied to its role as a digital infrastructure service under cybersecurity law.
Detail
The CADA proposal (COM(2026) 502 final) relies on a referential-definition strategy for its core infrastructure terms, intended to ensure legal consistency across the EU's digital policy stack. The definitions are in Article 2 of the proposed regulation.
1. Data Centre (Article 2(10)) Article 2(10) defines a "data centre" as "data centre as defined in point 2.6.3.1.16 of Annex A to Regulation (EC) No 1099/2008 of the European Parliament and of the Council."
Regulation (EC) No 1099/2008 is the EU framework on energy statistics. By referencing it, CADA anchors the definition of a data centre in established terminology for facilities housing computer and associated systems, together with the associated environmental control and power equipment.
2. Data Centre Operator (Article 2(11)) Article 2(11) defines a "data centre operator" as "data centre operator as defined in Article 2, point (7), of Delegated Regulation (EU) 2024/1364."
Delegated Regulation (EU) 2024/1364 establishes the common Union rating scheme for data centres under the Energy Efficiency Directive. This definition focuses on the entity responsible for the operation and management of the data centre, tying obligations to the party that controls the facility's operational performance.
3. Data Centre Service (Article 2(12)) Article 2(12) defines a "data centre service" as "data centre service as defined in Article 6, point (31), of Directive (EU) 2022/2555."
Directive (EU) 2022/2555 is the NIS2 Directive. Under NIS2, a data centre service centres on the provision of structures, or groups of structures, dedicated to the centralised accommodation, interconnection and operation of IT and network equipment providing data storage, processing and transport services. This shifts the focus from a single building toward the service of providing dedicated infrastructure.
Why these definitions matter for scope By using these references, CADA draws a line between:
- Physical infrastructure: Covered by the "data centre" definition (Article 2(10)), central to the proposal's data centre capacity provisions, acceleration zones, and related requirements.
- Digital services: Covered by the "data centre service" definition (Article 2(12)), which intersects with the proposal's autonomy and cloud computing sovereignty provisions.
It is worth noting that CADA also defines "cloud computing service" in Article 2(1) by reference to NIS2 (Article 6, point (30)). Under NIS2, a cloud computing service is a digital service enabling on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources, including where distributed across several locations. The distinction between a "data centre service" and a "cloud computing service" is subtle but real: a data centre service tends to concern the dedicated infrastructure itself (e.g., colocation), while a cloud computing service concerns the on-demand, elastic provision of resources. Both fall within CADA's broader framework.
What this means for you
For CTOs, architects, and SMEs, the referential nature of these definitions has three practical implications:
1. Alignment with Energy Reporting Obligations Because the "data centre" and "data centre operator" definitions are drawn from EU energy-related instruments, a facility that qualifies as a data centre under CADA is likely already touched by reporting obligations under the Energy Efficiency Directive and its rating scheme. If you are building or expanding a facility (for example in a CADA acceleration zone), ensure your facility's energy metrics are measurable and reportable according to the standards in Delegated Regulation (EU) 2024/1364. As proposed, CADA leverages existing definitions rather than creating a parallel set.
2. Cybersecurity and Sovereignty Overlap Defining "data centre service" via NIS2 means that if you provide such services, you are likely already classified as a digital infrastructure entity under EU cybersecurity law. As proposed, CADA would build on this by adding sovereignty considerations. A data centre service provider aiming to serve the public sector would need to navigate the Union assurance levels (Article 16), which add layers on data localisation, personnel controls (for higher levels), and freedom from third-country control on top of the NIS2 baseline.
3. Distributed and Edge Models The NIS2 cloud computing service definition expressly contemplates resources "distributed across several locations," and CADA's references inherit that framing. For architects designing distributed AI infrastructure, this means networks of smaller or edge facilities may fall within scope where they meet the relevant service definitions, potentially triggering both capacity-building incentives and sovereignty considerations under CADA.
Common misconceptions
Misconception 1: CADA creates a new, unique definition of a data centre. Correction: As proposed, CADA does not. It points to existing EU law. You do not need to learn a new technical definition; you need to understand how CADA's new rules (such as acceleration zones and strategic project designations) would apply to facilities already regulated under energy and cybersecurity law.
Misconception 2: "Data centre service" and "cloud computing service" are identical in CADA. Correction: Both are defined via NIS2, but they are distinct terms in Article 2. A data centre service (Art 2(12)) concerns dedicated infrastructure; a cloud computing service (Art 2(1)) concerns on-demand, elastic access to scalable resources. A provider might offer one without the other. As proposed, the sovereignty framework's assurance levels attach to cloud computing services.
Misconception 3: Only large hyperscalers are covered. Correction: The referenced definitions are technology- and size-neutral. A small, specialised data centre is still a "data centre," and its operator a "data centre operator," under these definitions. If it also provides cloud computing services, it could face the sovereignty assurance levels when seeking to contract with public authorities.
Related
- What is the EU data-centre capacity gap that CADA addresses?
- What is CADA's data centre deployment framework at a high level?
- What does CADA mean for data centre operators?
- How does CADA complement EU data-centre energy and grid rules?
- Does CADA apply to data centre operators?
This is general information about a draft EU regulation, not legal advice.