Summary As proposed, the Cloud and AI Development Act (CADA) would significantly streamline data centre deployment in Germany by mandating the creation of data centre acceleration zones and single information points. For cloud and data centre operators, this means faster permitting timelinesβstrictly capped at 12 months for comprehensive applicationsβand access to aggregated baseline permits that consolidate multiple authorisations into a single regulatory instrument. Additionally, the proposal introduces a harmonised Union cloud computing sovereignty framework that allows German providers to gain EU-wide recognition at four assurance levels. Once recognised, providers would be listed in a central repository, effectively unlocking access to public sector procurement across the Union where specific assurance levels are mandated.
Detail
The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, aims to address the EU's compute capacity deficit and reduce dependence on third-country cloud providers by creating a harmonised, accelerated regulatory environment for infrastructure deployment. For data centre operators and cloud service providers in Germany, the proposal introduces specific mechanisms designed to reduce administrative burden, speed up construction timelines, and create new market opportunities through a unified sovereignty certification.
Accelerated Deployment via Acceleration Zones and Baseline Permits
A core pillar of CADA is the establishment of data centre acceleration zones. Under Article 10, Member States, including Germany, would be required to designate at least one such zone within their territory where data centre capacity is being deployed. When designating these zones, Member States must consider factors such as available power grid capacity, network connectivity, the potential for reusing waste heat, and the preference for reusing brownfield sites over greenfield sites. Crucially, the proposal requires Member States to facilitate clear and efficient procedures for grid connection and to promote power purchasing agreements (PPAs) to ensure price predictability for operators.
To further streamline the administrative process, Article 13 introduces significant changes to permit-granting procedures for projects located within these acceleration zones. The proposal mandates that data centre projects in these zones be treated as strategic projects within the meaning of the Regulation on speeding-up environmental assessments, thereby benefiting from a dedicated toolbox for accelerating environmental assessments.
Most notably, Article 13(2) requires Member States to prepare and issue an aggregated baseline permit for each designated acceleration zone. This permit would cover the standard permits and administrative authorisations required for data centre projects located within that zone, excluding only installation-specific permits. Consequently, operators would only need to obtain additional permits for activities falling outside this baseline, drastically reducing the number of individual authorisations required.
Furthermore, Article 13(5) sets a strict deadline for the permit-granting procedure: it shall not exceed 12 months from the moment a comprehensive application has been submitted. This cap provides operators with greater certainty regarding project timelines, a critical factor for capital-intensive infrastructure investments. Where national law allows, projects in these zones should also be allocated the status of highest national significance to further prioritise their processing.
Single Information Point Support
Navigating the complex web of spatial planning, environmental assessments, and grid connections can be a major bottleneck for data centre developers. To address this, Article 12 establishes the obligation for Member States to designate single information points for data centre operators in acceleration zones.
The single information point serves as a central hub for administrative support throughout the entire lifecycle of the data centre project. Its role includes coordinating, facilitating, monitoring, and sharing information on procedures related to:
- Spatial planning and building permits;
- Environmental assessments;
- Authorisations for water abstraction, wastewater discharge, and heat utilisation;
- Applications for connection to electricity, heat, or communications networks.
This mechanism is designed to reduce fragmentation and provide operators with a clear, single point of contact, thereby minimising delays caused by disjointed administrative processes across different local and regional authorities. The single information point also assists in assessing whether a data centre project may qualify as a strategic project under Article 14.
Sovereignty Framework and Market Access for German Providers
Beyond infrastructure deployment, CADA introduces a Union cloud computing sovereignty framework designed to safeguard public order and reduce reliance on non-European providers. This framework consists of four Union assurance levels (Levels 1β4), with criteria detailed in Annex II of the proposal. For German cloud providers, this presents a significant opportunity to differentiate their services and access public sector contracts.
Under Article 16, cloud computing service providers must meet specific criteria to be recognised as offering a particular Union assurance level. For Level 1, providers can undergo a conformity self-assessment, issuing an EU statement of conformity. For Levels 2, 3, and 4, providers must undergo independent third-party audits. The criteria for higher levels include stringent requirements regarding the location of infrastructure, assets, and personnel within the Union, the exclusive storage of customer data within the Union, and the absence of third-country control that could compromise service continuity or data confidentiality.
Once a provider is recognised, Article 22 requires the Commission to establish and maintain a central repository of cloud computing services that have been recognised under this framework. Inclusion in this publicly available repository would serve as a powerful trust signal for public sector bodies across the EU. Since public procurement rules under Article 30 would require contracting authorities to procure services meeting specific assurance levels based on risk assessments, being listed in the central repository would effectively open the door to EU-wide public sector contracts for German providers who achieve certification.
Strategic Project Designation
In addition to acceleration zones, Article 14 provides a mechanism for the Commission to designate specific data centre projects as strategic projects. These are projects that significantly contribute to the Union's digital and energy sectors, such as those supporting essential public sector functions, incorporating highly sustainable features, or addressing major shortages of compute capacity. Designation as a strategic project can unlock additional support measures, including potential access to EU funding and further facilitation in national permitting processes, providing an additional layer of advantage for qualifying German operators.
What this means for you
For cloud service providers and data centre operators in Germany, the proposed CADA framework offers both operational efficiencies and strategic market advantages.
1. Reduced Time-to-Market: By locating new data centre projects within designated acceleration zones, operators can benefit from the aggregated baseline permit and the 12-month permitting cap. This predictability allows for more accurate financial modelling and faster capital deployment.
2. Simplified Administrative Burden: Engaging with the single information point mandated by Article 12 can significantly reduce the time spent coordinating with multiple local authorities for grid connections, environmental clearances, and building permits. Operators should proactively engage with these points early in the project lifecycle to leverage their coordination role.
3. Competitive Advantage in Public Procurement: German providers should assess their readiness to meet the Union assurance levels. Achieving recognition, particularly for Levels 2β4, would position them favourably for public sector contracts across the EU. Investing in the necessary technical and organisational measures to pass independent audits can yield long-term returns through access to the central repository and increased market share.
4. Strategic Planning for Energy and Grid Access: As acceleration zones prioritise grid availability and sustainability, operators should align their site selection and energy procurement strategies (such as PPAs) with the criteria outlined in Article 10. Early collaboration with grid operators and local authorities on energy needs will be crucial for successful designation and operation within these zones.
Common misconceptions
Misconception 1: CADA replaces national planning laws entirely. Clarification: CADA does not abolish national planning or environmental laws. Instead, it harmonises certain aspects, such as setting a 12-month cap for permits in acceleration zones and requiring aggregated baseline permits. Operators must still comply with national and EU environmental standards, but the process is streamlined within the designated zones.
Misconception 2: All data centre projects automatically qualify for accelerated permits. Clarification: The accelerated permitting and aggregated baseline permits apply specifically to projects located within data centre acceleration zones designated by Member States under Article 10. Projects outside these zones may not benefit from the same level of procedural simplification, although they may still qualify as strategic projects under Article 14 if they meet specific criteria.
Misconception 3: Sovereignty certification is optional for all providers. Clarification: While certification is not mandatory for private sector contracts, it is effectively mandatory for public sector procurement. Article 30 requires public bodies to procure services meeting specific Union assurance levels based on risk assessments. Therefore, for providers targeting the public sector, achieving recognition under the sovereignty framework is a critical business requirement, not an optional extra.
Misconception 4: The single information point makes decisions for operators. Clarification: The single information point (Article 12) is a support and coordination mechanism, not a decision-making body. It assists operators in navigating the permitting process and liaising with relevant authorities, but the actual permits and authorisations are still issued by the competent national and local authorities.
Related
- How does CADA help cloud and data centre operators in Sweden?
- How does CADA help cloud and data centre operators in Spain?
- How does CADA help cloud and data centre operators in Slovenia?
- How does CADA help cloud and data centre operators in Portugal?
- How does CADA help cloud and data centre operators in Poland?
This is general information about a draft EU regulation, not legal advice.