Summary As proposed, the Cloud and AI Development Act (CADA) would significantly streamline the deployment of data centres in Denmark by mandating accelerated permitting timelines and creating designated "acceleration zones." For Danish cloud and data centre operators, the proposal introduces a single information point to coordinate administrative processes, aggregated baseline permits to reduce bureaucratic redundancy, and a harmonised sovereignty framework that allows compliant providers to gain EU-wide recognition. These measures are designed to reduce time-to-market, lower administrative burdens, and enhance the competitiveness of European cloud infrastructure against third-country incumbents.

Detail

The proposed Cloud and AI Development Act (CADA) represents a comprehensive legislative effort to strengthen the European Union's cloud and AI ecosystem. For cloud service providers and data centre operators in Denmark, the proposal addresses two critical bottlenecks: the slow, fragmented permitting process for physical infrastructure and the lack of a harmonised framework for sovereign cloud certification. By standardising these processes across Member States, CADA aims to create a more predictable and attractive investment environment for Danish operators.

Accelerated Deployment via Data Centre Acceleration Zones

A core pillar of CADA is the establishment of a framework to rapidly expand compute capacity across the Union. To achieve this, Member States, including Denmark, are required to designate specific geographic areas known as "data centre acceleration zones."

Under Article 10, Member States must designate at least one acceleration zone within their territory where data centre capacity is being deployed. When designating these zones, authorities must consider factors such as available power grid capacity, network connectivity, and the potential for waste heat reuse. Crucially, Article 10(2) requires Denmark to conduct a comprehensive analysis of the energy needs of current and future acceleration zones. This analysis must be integrated into national network development plans to ensure that grid infrastructure can accommodate the increased demand from data centre projects. This proactive planning reduces the risk of projects being stalled due to insufficient energy connectivity, a common hurdle for data centre operators.

Once a zone is designated, the regulatory environment for projects within it changes significantly. Article 11 sets out conditions for these zones, including sustainability requirements based on key performance indicators from existing EU delegated regulations. It also mandates that resource allocation within these zones occurs on fair, reasonable, and non-discriminatory terms, preventing speculative reservation of land or resources that could impede competition.

Streamlined Permitting with Aggregated Baseline Permits

One of the most significant operational benefits for Danish data centre operators under CADA is the simplification of the permitting process. Historically, deploying a data centre involves navigating a complex web of separate permits for spatial planning, environmental impact, building codes, and energy connections.

Article 13 introduces a mechanism to address this fragmentation. It requires Member States to prepare and issue an "aggregated baseline permit" for each designated acceleration zone. This single permit covers the permits and administrative authorisations commonly required for data centre projects located within that zone, excluding only installation-specific permits. By pre-clearing many of the standard regulatory hurdles at the zone level, the proposal drastically reduces the time and legal uncertainty associated with individual project approvals.

Furthermore, Article 13(5) imposes a strict timeline: the permit-granting procedure for data centre projects in acceleration zones must not exceed 12 months from the submission of a comprehensive application. This cap provides Danish operators with greater certainty regarding project timelines, allowing for more accurate financial modelling and investment planning. Additionally, data centre projects in these zones are considered "strategic projects" under a related EU regulation on speeding up environmental assessments, granting them access to a dedicated toolbox for faster environmental reviews.

Single Information Point Support

To further reduce administrative friction, CADA mandates the establishment of support structures for operators. Article 12 requires Member States to designate one or more "single information points" for data centre operators working in acceleration zones.

This single information point serves as a central contact for operators throughout the entire lifecycle of a data centre project. Its role includes coordinating, facilitating, monitoring, and sharing information on procedures related to:

  • Spatial planning and building permits.
  • Environmental assessments.
  • Authorisations for water abstraction and heat utilisation.
  • Compliance with administrative and reporting obligations.
  • Applications for connection to electricity and communications networks.

For Danish operators, this means a single entry point for navigating complex regulatory interactions, reducing the need to engage with multiple disparate authorities. Article 12(4) specifically notes that these points should pay particular attention to SMEs, establishing dedicated channels to provide guidance and respond to queries, thereby lowering the barrier to entry for smaller Danish data centre providers.

Sovereignty Framework and EU-Wide Recognition

Beyond physical infrastructure, CADA introduces a harmonised "Union cloud computing sovereignty framework" to address dependencies on third-country providers. This framework is critical for Danish cloud providers seeking to compete for public sector contracts across the EU.

Article 16 establishes four "Union assurance levels" of sovereignty. Providers must meet specific cumulative criteria to be recognised at each level. For example, higher levels require that infrastructure, assets, and personnel are located within the Union, that data remains exclusively within the Union, and that providers are not subject to the control of third countries.

Article 17 outlines the recognition process. A Danish cloud provider seeking recognition submits an application to the national competent authority of establishment (in this case, the designated Danish authority). If the provider meets the criteria for Union assurance level 1, they can issue a self-assessment EU statement of conformity. For levels 2, 3, and 4, independent third-party audits are required. Once recognised, the service is recognised across the entire Union, eliminating the need for separate national certifications.

Article 22 mandates the creation of a central repository of recognised cloud computing services. The Commission will maintain this publicly available database, listing services that have achieved Union assurance levels 1 through 4. For Danish providers, inclusion in this repository serves as a powerful market signal, demonstrating compliance with EU sovereignty standards and enhancing credibility with public sector buyers in other Member States.

What this means for you

For cloud service providers and data centre operators in Denmark, CADA presents both operational efficiencies and strategic opportunities.

Operational Efficiencies:

  • Faster Time-to-Market: By locating projects in designated acceleration zones, you can benefit from the 12-month permitting cap and the aggregated baseline permit, significantly reducing the lead time from planning to operation.
  • Reduced Administrative Burden: The single information point under Article 12 provides a streamlined channel for regulatory queries, reducing the legal and administrative costs associated with navigating multiple authorities.
  • Energy Certainty: The requirement for Member States to analyse energy needs in acceleration zones (Article 10) suggests a more coordinated approach to grid connectivity, potentially easing one of the most critical constraints for data centre deployment.

Strategic Opportunities:

  • EU-Wide Market Access: Achieving recognition under the sovereignty framework (Articles 16–17) allows Danish providers to offer their services across the EU with a single certification. This is particularly valuable for public sector contracts, where Member States will be required to conduct risk assessments and procure services at appropriate assurance levels.
  • Competitive Advantage: By demonstrating compliance with high sovereignty standards (e.g., Union assurance level 3 or 4), Danish providers can differentiate themselves from third-country incumbents who may not meet these criteria, especially in sectors sensitive to data sovereignty and public order.
  • SME Support: The specific provisions for SMEs within the single information point framework and the broader emphasis on supporting smaller European providers create a more level playing field for smaller Danish operators.

To prepare, Danish operators should monitor the designation of acceleration zones in Denmark and engage early with the single information points. Providers should also begin assessing their current operations against the sovereignty criteria in Annex II of CADA to identify any gaps that need to be addressed for future certification.

Common misconceptions

Misconception 1: CADA applies only to large hyperscalers.

  • Reality: CADA explicitly includes measures to support SMEs and smaller providers. For instance, Article 12 requires single information points to pay particular attention to SMEs, and the sovereignty framework allows for self-assessment at Union assurance level 1 for SMEs, reducing the cost of entry for smaller Danish providers.

Misconception 2: The aggregated baseline permit removes all permitting requirements.

  • Reality: While the aggregated baseline permit covers common requirements, Article 13(4) clarifies that data centres must still obtain additional permits for activities falling outside the baseline permit, such as installation-specific permits. It streamlines, but does not eliminate, the permitting process.

Misconception 3: Sovereignty recognition is automatic for EU-based providers.

  • Reality: Being established in the EU is a necessary but not sufficient condition. Providers must actively apply for recognition under Article 17 and meet cumulative criteria, including data localisation, personnel location, and independence from third-country control. Independent audits are required for assurance levels 2–4.

Misconception 4: CADA replaces national planning laws.

  • Reality: CADA harmonises certain aspects of data centre deployment but operates within the existing national and EU legal frameworks. For example, sustainability requirements in acceleration zones still rely on indicators from existing EU delegated regulations (Article 11).

Related

This is general information about a draft EU regulation, not legal advice.