How does CADA help cloud and data centre operators in Hungary?

Summary As proposed, the Cloud and AI Development Act (CADA) would significantly streamline operations for cloud and data centre providers in Hungary by mandating accelerated permitting processes and establishing single information points to guide projects through regulatory hurdles. Hungarian operators would benefit from faster deployment in designated data centre acceleration zones, where projects are treated as strategic projects and covered by aggregated baseline permits, while also gaining access to a harmonised EU-wide sovereignty framework that allows them to be recognised as trusted providers for public sector contracts across the Union.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, introduces a comprehensive framework designed to remove barriers to the deployment of digital infrastructure across the European Union. For cloud service providers and data centre operators in Hungary, the regulation targets two primary pain points: the complexity and duration of permitting processes, and the fragmentation of trust and sovereignty standards that currently hinder cross-border public sector procurement. By harmonising these areas, CADA aims to make Hungary a more attractive location for investment while providing domestic and international operators with legal certainty and operational efficiency.

Accelerated Deployment and Permitting in Acceleration Zones

A central pillar of CADA's support for data centre operators is the establishment of data centre acceleration zones. Under Article 10, Member States, including Hungary, are required to designate at least one acceleration zone within their territory where data centre capacity is being deployed. When designating these zones, Member States must consider factors such as the availability of power grid capacity, network connectivity, and the potential for waste heat reuse. For operators, this designation signals a government commitment to facilitating infrastructure development in specific areas, reducing the uncertainty often associated with site selection.

Within these acceleration zones, the regulatory burden is significantly reduced. Article 13 mandates that data centre projects deployed in these zones are considered "strategic projects" within the meaning of the Regulation on speeding-up environmental assessments. Crucially, this article requires Member States to issue an aggregated baseline permit for each designated acceleration zone. This permit covers the general permits and administrative authorisations required for data centre projects located within that zone, excluding only installation-specific permits. This means that operators no longer need to navigate a fragmented web of separate local approvals for standard infrastructure elements; the baseline regulatory clearance is effectively pre-approved for the zone.

Furthermore, Article 13 sets a strict timeline for the remaining administrative applications: the permit-granting procedure for data centre projects in acceleration zones must not exceed 12 months from the moment a comprehensive application is submitted. This cap on processing time provides operators with greater predictability regarding project timelines, allowing for more accurate financial planning and risk assessment.

Single Information Point Support

To further assist operators in navigating the regulatory landscape, Article 12 introduces the requirement for Member States to designate single information points. These entities are tasked with assisting data centre operators throughout the entire lifecycle of their projects within acceleration zones. This support extends to all authorisations required for deployment, including spatial planning, building permits, environmental assessments, and applications for connections to electricity or communications networks.

For a cloud provider in Hungary, this means having a dedicated liaison that can coordinate, facilitate, and monitor the procedural steps required for deployment. The single information point is also responsible for assisting in assessing whether a project may qualify as a strategic project under Article 14, potentially unlocking additional support measures. This centralised support mechanism is designed to reduce the administrative burden on operators, particularly small and medium-sized enterprises (SMEs), by providing clear guidance and a single channel for communication with public authorities.

Sovereignty Framework and Market Access

Beyond physical deployment, CADA addresses the market access challenges faced by European cloud providers. The EU currently relies heavily on non-European hyperscalers, and domestic providers often struggle to compete for public sector contracts due to varying national interpretations of "sovereignty" and "trust." CADA establishes a harmonised Union cloud computing sovereignty framework comprising four assurance levels, as outlined in Article 16.

This framework provides clear, auditable criteria for cloud computing services to be recognised at different levels of sovereignty. For Hungarian providers, this creates a level playing field. If a provider in Hungary can demonstrate compliance with the criteria for a specific Union assurance level, they can be recognised across the entire EU, not just in Hungary. This recognition is crucial for accessing public procurement markets, as contracting authorities are required to procure services that meet the minimum assurance levels determined by their risk assessments.

The recognition process is managed by national competent authorities. Under Article 17, a cloud computing service provider submits an application for recognition to the national competent authority of its establishment. For Union assurance level 1, this involves a conformity self-assessment and the issuance of an EU statement of conformity. For higher levels (2, 3, and 4), independent third-party audits are required. Once recognised, the service is registered in a central repository maintained by the Commission, as specified in Article 22. This public repository ensures transparency and allows public sector bodies across the EU to easily identify and verify trusted European providers, thereby increasing the visibility and marketability of Hungarian cloud services.

Strategic Projects and Investment Opportunities

In addition to the baseline acceleration measures, CADA provides a mechanism for individual data centre projects to be designated as strategic projects by the Commission under Article 14. These projects must meet specific criteria, such as supporting essential public sector functions, incorporating highly sustainable or innovative features, or addressing major shortages of compute capacity. If a Hungarian operator's project qualifies, it may become eligible for targeted support measures, including state aid, provided such aid complies with EU rules. This creates an additional avenue for securing investment and public support for large-scale, high-impact data centre developments.

What this means for you

For cloud service providers and data centre operators in Hungary, the implementation of CADA would translate into tangible operational and strategic benefits:

• Faster Time-to-Market: By locating new facilities in designated acceleration zones, you can benefit from the aggregated baseline permit and the 12-month cap on permit-granting procedures. This reduces the time spent in regulatory limbo and accelerates the start of commercial operations.
• Reduced Administrative Burden: The single information point provides a dedicated resource to guide you through the permitting process, reducing the need for in-house legal and regulatory teams to navigate complex local authorities. This is particularly beneficial for SMEs and new market entrants.
• Enhanced Market Access: By aligning your services with the Union assurance levels, you can gain recognition as a sovereign cloud provider. This recognition is recorded in the central repository, making your services visible and eligible for procurement by public sector bodies not only in Hungary but across the entire European Union.
• Investment Attractiveness: The clear regulatory framework and potential for strategic project designation make Hungary a more predictable and attractive location for investment. Investors are more likely to commit capital when they have visibility on permitting timelines and market access opportunities.
• Competitive Advantage: As non-European providers face stricter scrutiny under the sovereignty framework, European providers who achieve high assurance levels (particularly levels 2, 3, and 4) will have a competitive advantage in public sector tenders. Hungarian providers that invest in meeting these criteria can capture a larger share of the growing demand for trusted cloud services.

To maximise these benefits, operators should engage with Hungarian authorities to understand the location and characteristics of designated acceleration zones. They should also begin preparing their internal compliance and audit processes to align with the Union assurance level criteria, ensuring they are ready to apply for recognition once the framework is fully operational.

Common misconceptions

• Misconception: CADA forces all data centres into acceleration zones.
  • Reality: CADA does not mandate that all data centre projects must be located in acceleration zones. However, it provides significant incentives, such as faster permitting and aggregated baseline permits, for those that are. Operators outside these zones will still face national permitting procedures, which may be slower and more complex.
• Misconception: The single information point makes decisions for you.
  • Reality: The single information point is a support and coordination body. It assists with administrative processes and provides information, but it does not have the authority to grant permits or override local planning decisions. Its role is to facilitate the process, not to replace the regulatory authorities.
• Misconception: Sovereignty recognition is automatic for EU-based providers.
  • Reality: Being established in the EU is only one of the criteria for Union assurance level 1. Providers must still undergo a conformity self-assessment or independent audit (depending on the level) and submit an application to the national competent authority. Recognition is not granted automatically; it requires active compliance and verification.
• Misconception: CADA replaces national building and environmental laws.
  • Reality: CADA harmonises certain aspects of the permitting process and introduces EU-wide sovereignty standards, but it does not replace national laws on building safety, environmental protection, or land use. The aggregated baseline permit covers common requirements, but installation-specific permits and national environmental assessments still apply.

Related

• How does CADA help cloud and data centre operators in Sweden?
• How does CADA help cloud and data centre operators in Spain?
• How does CADA help cloud and data centre operators in Slovenia?
• How does CADA help cloud and data centre operators in Portugal?
• How does CADA help cloud and data centre operators in Poland?

This is general information about a draft EU regulation, not legal advice.