Summary As proposed, the Cloud and AI Development Act (CADA) would transform the landscape for Bulgarian cloud and data centre operators by mandating data centre acceleration zones with aggregated baseline permits and single information points, capping permit-granting procedures at 12 months. For Bulgarian cloud providers, CADA would establish a harmonised Union cloud computing sovereignty framework, allowing them to gain EU-wide recognition at four assurance levels. Once listed in the central repository, these providers could access public procurement contracts across the Union that were previously fragmented by national rules.

Detail

The Cloud and AI Development Act (CADA), as set out in the Commission proposal COM(2026) 502 final, aims to address the shortage of computing capacity in the EU and reduce dependence on non-European providers. For Bulgaria, the proposal introduces two distinct but complementary mechanisms: a streamlined regulatory framework for deploying physical infrastructure and a unified market access regime for cloud service providers.

Accelerating Data Centre Deployment in Bulgaria

Bulgaria, like other Member States, faces the dual challenge of rapidly deploying data centre capacity to meet AI-driven demand while ensuring sustainability and regulatory compliance. CADA addresses this through the creation of data centre acceleration zones and a simplified permitting process.

Designation of Acceleration Zones (Article 10) Under Article 10, Member States are required to designate at least one data centre acceleration zone within their territory where data centre capacity is being deployed. For Bulgaria, this means identifying specific areas where the necessary infrastructure is or can be made available. When designating these zones, Bulgarian authorities must consider:

  • The available and future power grid capacity and the possibility of on-site clean energy generation.
  • Available and future network connectivity capacity.
  • The preference for reusing brownfield sites over greenfield sites.
  • Measures taken to accelerate the granting of necessary permits.

This structured approach ensures that data centre projects in Bulgaria are sited in areas with the necessary energy and connectivity support, mitigating the risk of projects stalling due to infrastructure bottlenecks.

Single Information Points (Article 12) To reduce administrative fragmentation, Article 12 obliges Member States to designate single information points for data centre operators. These points provide assistance throughout the entire lifecycle of a data centre project located in an acceleration zone. The support covers:

  • Spatial planning and building permits.
  • Environmental assessments (in accordance with the proposed Regulation on speeding-up environmental assessments).
  • Authorisations regarding water abstraction, wastewater discharge, and heat utilisation.
  • Applications for connection to electricity, heat, or communications networks.

This single point of contact is designed to prevent operators from navigating a fragmented bureaucratic landscape, offering a streamlined path for compliance and coordination.

Aggregated Baseline Permits and the 12-Month Cap (Article 13) The most significant procedural benefit for operators is the introduction of aggregated baseline permits. Under Article 13(2), Member States must prepare and issue an aggregated baseline permit for each designated acceleration zone. This permit covers the permits and administrative authorisations commonly required for data centre projects within that zone, excluding installation-specific permits.

Consequently, data centre operators in Bulgaria would only need to obtain additional permits for activities falling outside this baseline. Crucially, Article 13(5) mandates that the permit-granting procedure for data centre projects deployed in acceleration zones shall not exceed 12 months from the moment a comprehensive application has been submitted. This provides a clear, predictable timeline for investors, a significant improvement over current national averages.

Furthermore, Article 13(1) states that data centre projects deployed in acceleration zones shall be considered strategic projects within the meaning of Article 14 of the proposed Regulation on speeding-up environmental assessments (Regulation (EU) 2026/XXX). This status grants them access to a dedicated toolbox for accelerated environmental evaluations, ensuring that sustainability goals are met without delaying deployment.

Note on Strategic Projects: While projects in acceleration zones automatically qualify as strategic projects for environmental assessment purposes under Article 13, Article 14 establishes a separate mechanism for the Commission to designate specific projects as "data centre strategic projects" based on criteria such as supporting public sector functions, sustainability innovation, or grid stability. These designated projects may qualify for additional support measures, such as the "competitiveness seal" mentioned in the explanatory memorandum.

Opportunities for Bulgarian Cloud Providers

Beyond physical infrastructure, CADA offers Bulgarian cloud service providers a pathway to compete at the EU level through a harmonised cloud computing sovereignty framework.

Union Assurance Levels (Article 16) Article 16 establishes a framework comprising four Union assurance levels (Level 1 to Level 4). Cloud computing service providers must meet specific cumulative criteria to be recognised as offering services at these levels. These criteria cover establishment in the Union, location of infrastructure and personnel, data localisation, cybersecurity standards, and the absence of third-country control.

This harmonisation removes the need for providers to navigate divergent national sovereignty standards, creating a level playing field across the EU. For a Bulgarian provider, meeting these criteria means their service is recognised as "sovereign" across the entire Union, not just in Bulgaria.

Recognition and the Central Repository (Article 22) Once a Bulgarian provider meets the criteria for a specific assurance level, they can apply for recognition.

  • Level 1: Requires a conformity self-assessment under Article 19, resulting in an EU statement of conformity.
  • Levels 2–4: Require an independent third-party audit under Article 20, resulting in a "positive" audit opinion.

Under Article 22, the Commission shall establish and maintain a central repository of cloud computing services that have been recognised. The national competent authority of the Member State where the provider is established (in this case, Bulgaria) registers the service in this repository.

If a Bulgarian provider is listed in this central repository, their service is recognised across the entire Union. This visibility is crucial for procurement, as public sector bodies are required to consult this repository when sourcing cloud services.

Public Procurement Advantages (Article 30) The sovereignty framework directly impacts public procurement. Article 30 sets out the obligations for contracting authorities:

  • Article 30(2): Public sector bodies whose activities have not been identified as contributing to the preservation of public order must use services recognised at Union assurance level 1.
  • Article 30(3): Contracting authorities whose activities have been identified as contributing to the preservation of public order (e.g., in defence, justice, or law enforcement) must procure only services recognised at Union assurance levels 2, 3, or 4.

By achieving recognition in the central repository, Bulgarian providers can access these contracts across the EU, which were previously difficult to secure due to fragmented national requirements.

What this means for you

For data centre operators in Bulgaria, CADA translates into faster time-to-market and reduced administrative overhead. By locating projects within designated acceleration zones, you can benefit from the aggregated baseline permit, which pre-approves many standard requirements. The 12-month permitting cap provides a clear deadline for regulatory approval, aiding in financial planning and investor confidence. You should engage early with the designated single information point to ensure all project documentation aligns with the streamlined process.

For Bulgarian cloud service providers, the proposal offers a route to EU-wide market access. By aligning your services with the Union assurance levels, you can undergo the recognition process (self-assessment for Level 1, audit for Levels 2–4) and be listed in the central repository. This listing is a prerequisite for bidding on many public sector contracts across the EU. Providers should focus on meeting the technical and legal criteria for the relevant assurance levels, particularly regarding data localisation, cybersecurity, and third-country control, to qualify for recognition.

Common misconceptions

  • "CADA allows unlimited data centre construction." CADA does not remove environmental or planning regulations. Instead, it streamlines them through acceleration zones and aggregated permits. Operators must still comply with sustainability requirements, including energy efficiency standards (as defined in Delegated Regulation (EU) 2024/1364) and environmental assessments.
  • "All cloud providers automatically qualify for public contracts." Qualification requires formal recognition under the sovereignty framework. Providers must undergo self-assessment or independent auditing and be listed in the central repository. Without this recognition, providers may be excluded from procurement for activities deemed to contribute to public order.
  • "The 12-month permitting timeline applies to all data centre projects." The 12-month maximum timeline applies specifically to projects deployed in data centre acceleration zones. Projects outside these zones may be subject to different, potentially longer, national permitting procedures.
  • "Strategic project status under Article 13 grants all benefits." While Article 13 grants automatic "strategic project" status for environmental assessment purposes, the designation of specific projects for additional Union support (such as the competitiveness seal) is a separate process under Article 14, based on specific criteria like grid stability or public sector support.

Related

This is general information about a draft EU regulation, not legal advice.