Summary As proposed, the Cloud and AI Development Act (CADA) would fundamentally reshape the operating environment for cloud and data centre providers in Belgium. The proposal introduces "data centre acceleration zones" where projects benefit from an "aggregated baseline permit" and a strict 12-month maximum permitting timeline. Operators would receive dedicated support via "single information points" throughout the project lifecycle. Simultaneously, Belgian cloud providers could gain EU-wide recognition under a new "Union cloud computing sovereignty framework," allowing them to be listed in a central repository and compete for public sector contracts that require specific assurance levels.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, addresses two critical bottlenecks for the European digital ecosystem: the shortage of computing capacity and the dependence on non-European cloud providers. For operators in Belgium, the proposal offers a dual pathway: accelerating physical infrastructure deployment through streamlined permitting and creating a harmonised market for sovereign cloud services.

Accelerated Deployment via Data Centre Acceleration Zones

The proposal establishes a mechanism to overcome the fragmentation and delays often associated with data centre deployment. Under Article 10, Member States, including Belgium, would be required to designate at least one "data centre acceleration zone" within their territory where data centre capacity is being deployed. When designating these zones, Member States must consider critical factors such as available and future power grid capacity, network connectivity, and the availability of facilities for waste heat reuse.

To ensure operators can navigate these zones efficiently, Article 12 mandates the designation of "single information points." These points would assist data centre operators throughout the entire lifecycle of a project in an acceleration zone. Their role includes coordinating and facilitating administrative support for spatial planning, building permits, environmental assessments, water abstraction, and applications for connection to electricity, heat, or communications networks. This creates a unified channel for administrative queries, reducing the bureaucratic fragmentation that often slows down investment.

Aggregated Baseline Permits and the 12-Month Timeline

The most significant operational change for data centre operators in Belgium would be the introduction of the "aggregated baseline permit." Under Article 13(2), Member States would be required to prepare and issue this permit for each designated acceleration zone. This permit would cover the permits and administrative authorisations commonly required for data centre projects located within that specific zone, excluding installation-specific permits.

Consequently, as stated in Article 13(4), data centres deployed in acceleration zones would only need to obtain additional permits for activities falling outside the scope of the aggregated baseline permit. This shifts the permitting burden from the individual project level to the zone level, significantly reducing administrative overhead.

Furthermore, Article 13(5) establishes a strict, binding timeline: the permit-granting procedure for data centre projects deployed in data centre acceleration zones shall not exceed 12 months from the moment a comprehensive application has been submitted. This provides Belgian operators with a predictable regulatory horizon, a stark contrast to the often indefinite timelines of traditional permitting processes.

Additionally, Article 13(1) stipulates that data centre projects deployed in acceleration zones are considered "strategic projects" within the meaning of the Regulation on speeding-up environmental assessments. This classification grants them access to a dedicated toolbox for accelerated environmental assessments, further reducing deployment timelines and ensuring that environmental protection is maintained while accelerating the rollout of critical infrastructure.

Sovereignty Framework and Market Access

Beyond physical infrastructure, CADA introduces a "Union cloud computing sovereignty framework" designed to mitigate risks associated with third-country dependencies and to safeguard the Union's public order. Article 16 establishes four "Union assurance levels" (Level 1 to Level 4), with specific criteria set out in Annex II that cloud computing service providers must meet to be recognised as providing Union assurance.

For Belgian cloud providers, this framework offers a formal route to demonstrate trustworthiness and gain market access. Under Article 17, providers can apply for recognition to the national competent authority of their establishment. If recognised, their services are valid across the entire Union. This recognition is crucial for accessing public sector contracts, as Article 30 mandates that contracting authorities must procure cloud services that meet specific Union assurance levels, particularly for activities deemed relevant to public order (e.g., law enforcement, defence, or critical infrastructure).

To enhance transparency and market access, Article 22 requires the Commission to establish and maintain a central repository of cloud computing services that have been recognised under Article 17. Being listed in this central repository would signal to public authorities and private enterprises across the EU that a Belgian provider meets strict sovereignty and security standards. This levels the playing field, allowing compliant Belgian providers to compete effectively against larger, non-European incumbents who may not meet these specific sovereignty criteria.

What this means for you

If you are a cloud service provider or data centre operator based in Belgium, CADA presents both operational efficiencies and new market opportunities, provided you align with the proposed framework.

For Data Centre Operators:

  • Strategic Location Selection: Prioritise locating new facilities in designated data centre acceleration zones. These zones offer the benefit of aggregated baseline permits, which significantly reduce the administrative burden and time required to obtain necessary authorisations.
  • Engage Early with Single Information Points: Utilise the single information points designated under Article 12 from the earliest stages of your project. These points will serve as your primary contact for navigating spatial planning, environmental assessments, and grid connection processes, ensuring you receive coordinated support throughout your project's lifecycle.
  • Leverage Predictable Timelines: Plan your financial models and project schedules with the expectation of a maximum 12-month permitting process for projects in acceleration zones, as mandated by Article 13(5). This predictability allows for faster time-to-market and more accurate investment planning.
  • Prepare for Strategic Project Status: Ensure your project qualifies for the "strategic project" designation under Article 13(1) to benefit from the dedicated environmental assessment toolbox, further accelerating your deployment.

For Cloud Service Providers:

  • Pursue Sovereignty Certification: Invest in meeting the criteria for Union assurance levels outlined in Annex II of CADA. Achieving recognition under Article 17 is essential for accessing public sector contracts, which are increasingly restricted to providers meeting specific sovereignty standards.
  • Target Public Sector Contracts: Understand that under Article 30, contracting authorities must procure services at Union assurance Level 1 as a baseline, and at Levels 2, 3, or 4 for activities contributing to public order. Align your service offerings to meet these specific levels to unlock government demand.
  • Maximise Market Visibility: Aim to be listed in the central repository established under Article 22. Inclusion in this repository will enhance your visibility to contracting authorities across the EU, demonstrating your compliance with EU sovereignty requirements and differentiating you from non-compliant competitors.
  • Differentiate on Sovereignty: Leverage the sovereignty framework's focus on data localisation, personnel citizenship, and the absence of third-country control to offer a clear value proposition to EU-based clients concerned with data sovereignty and operational autonomy.

Common misconceptions

"CADA replaces national planning laws entirely." No. CADA does not abolish national planning laws. Instead, it harmonises specific aspects of data centre deployment, such as the requirement for acceleration zones and aggregated baseline permits. National authorities in Belgium still retain discretion in designating zones and issuing permits, but they must do so within the constraints, timelines, and procedural frameworks set by CADA.

"All cloud providers automatically qualify for the sovereignty framework." Qualification is not automatic. Providers must actively apply for recognition and undergo assessment. For Union assurance Level 1, this involves a conformity self-assessment; for Levels 2, 3, and 4, it requires independent third-party audits. Failure to meet the strict criteria in Annex II, particularly regarding data localisation, personnel citizenship, and the absence of third-country control, will result in non-recognition.

"The 12-month permitting timeline applies to all data centre projects." The 12-month maximum timeline for permit-granting applies specifically to data centre projects deployed within designated data centre acceleration zones, as per Article 13(5). Projects located outside these zones may still be subject to longer, traditional permitting processes under national law.

"CADA only benefits large hyperscalers." The proposal explicitly aims to create opportunities for smaller EU-based providers. By establishing a harmonised sovereignty framework and a central repository, CADA lowers the barrier to entry for Belgian and other EU providers to compete for public contracts, reducing the market dominance of non-European incumbents.

Related

This is general information about a draft EU regulation, not legal advice.