How does CADA help cloud and data centre operators in Czechia?

Summary As proposed, the Cloud and AI Development Act (CADA) would significantly accelerate data centre deployment in Czechia by mandating "data centre acceleration zones" with aggregated baseline permits and single information points, capping permitting times at 12 months. For cloud providers, the proposal establishes a unified EU sovereignty framework with four assurance levels, allowing Czech operators to gain EU-wide recognition and access the public sector market through a central repository.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, introduces a comprehensive regulatory framework designed to strengthen the EU's cloud and AI ecosystem. For operators in Czechia, the proposal addresses two primary bottlenecks: the slow pace of data centre deployment and the fragmentation of trust criteria for cloud services. By harmonising permitting processes and establishing a clear path to sovereignty recognition, CADA aims to create a more predictable and competitive environment for Czech infrastructure and service providers.

Accelerated Deployment via Acceleration Zones and Baseline Permits

Under Article 10, Member States, including Czechia, would be required to designate at least one "data centre acceleration zone" where capacity is being deployed. These zones are not merely geographical markers; they trigger a specific regulatory regime designed to speed up construction. When designating these zones, Czech authorities would need to consider site dimensions, power grid capacity, network connectivity, and environmental sustainability, ensuring that new infrastructure is integrated responsibly into the national energy and spatial planning frameworks.

The most significant benefit for data centre operators in these zones is the introduction of the "aggregated baseline permit" under Article 13. Instead of navigating a fragmented array of local and national permits for every individual facility, Czechia would issue a single baseline permit covering the administrative authorisations required for data centre projects within the designated zone. This baseline permit would cover common requirements, excluding only installation-specific permits. Consequently, data centre operators would only need to obtain additional permits for activities falling outside this baseline.

Furthermore, Article 13 mandates that the permit-granting procedure for data centre projects in these acceleration zones must not exceed 12 months from the submission of a comprehensive application. This strict timeline provides Czech operators with greater certainty regarding project timelines, reducing the financial risk associated with prolonged regulatory uncertainty. Data centre projects deployed in these zones would also be considered strategic projects under the forthcoming Regulation on speeding-up environmental assessments, granting them access to accelerated environmental assessment toolboxes.

Single Information Points for Lifecycle Support

To further streamline the administrative burden, Article 12 requires Member States to designate "single information points" for data centre operators in acceleration zones. Czech operators would have the right, upon request, to be assisted by this single point of contact throughout the entire lifecycle of their data centre project.

The role of the Czech single information point would include coordinating and facilitating procedures related to:

• Spatial planning and building permits.
• Environmental assessments.
• Authorisations for water abstraction, wastewater discharge, and heat utilisation.
• Compliance with administrative and reporting obligations.
• Applications for connection to electricity, heat, or communications networks.

This centralised support structure is designed to prevent operators from being bounced between multiple authorities. The single information point would also assist in assessing whether a data centre project might qualify as a "strategic project" under Article 14, which could unlock additional support measures and state aid opportunities if the project meets specific criteria regarding sustainability, innovation, or grid stability.

Sovereignty Framework and Market Access for Cloud Providers

For cloud service providers operating in Czechia, CADA introduces a harmonised "Union cloud computing sovereignty framework" under Article 16. This framework consists of four "Union assurance levels" (Level 1 to Level 4), each with specific criteria regarding data localisation, personnel citizenship, cybersecurity certification, and freedom from third-country control.

Czech cloud providers seeking to serve the EU public sector would need to achieve recognition at one of these levels. Article 17 outlines the mechanism for this recognition. A Czech provider would submit an application to the national competent authority in Czechia (the "evaluating national competent authority"). For Union Assurance Level 1, providers can self-assess and issue an EU statement of conformity. For Levels 2, 3, and 4, providers must undergo independent third-party audits.

Once recognised, the service would be valid across the entire EU. This "passporting" effect is crucial for Czech providers, as it eliminates the need to navigate divergent national sovereignty standards. A Czech provider recognised in Prague would be eligible for public procurement across all Member States, provided they meet the assurance level required by the specific public sector activity.

The Central Repository and Transparency

To facilitate market transparency and help public buyers find trusted providers, Article 22 requires the Commission to establish and maintain a central repository of cloud computing services that have been recognised under the sovereignty framework. Czech national competent authorities would register recognised Czech services in this repository.

This central repository serves as a public-facing directory, allowing contracting authorities across the EU to identify Czech cloud providers that meet specific sovereignty criteria. By being listed in this repository, Czech operators gain visibility and credibility, directly supporting their ability to win public sector contracts. The repository would also publish any revocations of recognition, ensuring that the information remains accurate and up-to-date for buyers.

What this means for you

If you are a data centre operator or cloud provider in Czechia, CADA presents both operational opportunities and compliance requirements.

For Data Centre Operators:

• Location Strategy: Prioritise sites within designated Czech data centre acceleration zones. These zones offer the aggregated baseline permit and the 12-month permitting cap, significantly reducing time-to-market.
• Engage Early: Utilise the single information point early in your project planning. This authority can help you navigate complex grid connections and environmental assessments, and advise if your project qualifies as a strategic project for additional support.
• Sustainability Focus: Ensure your projects align with the sustainability requirements of acceleration zones, as these are tied to key performance indicators from existing EU energy efficiency directives.

For Cloud Service Providers:

• Sovereignty Alignment: Review your current service architecture against the criteria in Annex II of CADA. If you aim to serve the public sector, you must target at least Union Assurance Level 1. For critical public order activities, you will need Levels 2, 3, or 4.
• Audit Preparation: For Levels 2–4, prepare for rigorous third-party audits. Ensure your subcontractors, data flows, and personnel policies meet the strict EU-localisation and control requirements.
• Market Expansion: Use the EU-wide recognition mechanism to expand beyond the Czech market. Once recognised by the Czech competent authority, your service is valid EU-wide, allowing you to compete for public contracts in other Member States without re-certification.
• Registry Listing: Ensure your service is correctly registered in the central repository to maximise visibility among EU public buyers.

Common misconceptions

• Misconception: CADA replaces national building permits entirely.
  • Reality: CADA introduces an aggregated baseline permit for acceleration zones, but operators may still need installation-specific permits for activities outside this baseline. It simplifies, but does not eliminate, all permitting.
• Misconception: Only EU-headquartered companies can achieve sovereignty recognition.
  • Reality: While providers must be established in the Union, Czech providers are fully eligible. The framework is designed to boost EU-wide capacity, and Czech operators can leverage the single market passporting effect to compete globally.
• Misconception: Level 1 recognition requires a third-party audit.
  • Reality: Union Assurance Level 1 is based on a conformity self-assessment and an EU statement of conformity issued by the provider. Independent audits are only mandatory for Levels 2, 3, and 4.
• Misconception: The central repository is a certification body.
  • Reality: The repository is a transparency tool maintained by the Commission. It lists services that have already been recognised by national competent authorities. It does not perform the assessment itself.

Related

• How does CADA help cloud and data centre operators in Sweden?
• How does CADA help cloud and data centre operators in Spain?
• How does CADA help cloud and data centre operators in Slovenia?
• How does CADA help cloud and data centre operators in Portugal?
• How does CADA help cloud and data centre operators in Poland?

This is general information about a draft EU regulation, not legal advice.