Summary As proposed, the Cloud and AI Development Act (CADA) would significantly streamline operations for Latvian data centre and cloud providers by mandating accelerated permitting processes and establishing single information points for project support. The proposal introduces "data centre acceleration zones" where projects benefit from aggregated baseline permits and a strict 12-month permitting timeline, reducing administrative friction. Additionally, CADA creates a harmonised EU-wide sovereignty framework, allowing Latvian providers to gain Union-wide recognition and access to public procurement markets through a centralised repository.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, introduces a comprehensive regulatory framework designed to strengthen Europe's cloud and AI ecosystem. For data centre operators and cloud service providers in Latvia, the proposal offers specific mechanisms to accelerate infrastructure deployment, simplify administrative burdens, and create new market opportunities through a harmonised sovereignty recognition scheme.

Accelerated Deployment and Permitting: Acceleration Zones

A core pillar of CADA is the acceleration of data centre deployment to address the EU's compute capacity gap. Under Article 10, Member States, including Latvia, are required to designate at least one "data centre acceleration zone" where data centre capacity is being deployed. When designating these zones, Member States must consider factors such as power grid capacity, network connectivity, and the potential for waste heat reuse. For operators, this designation signals areas where regulatory support is prioritised.

To further facilitate deployment, Article 12 mandates the establishment of "single information points" for data centre operators in these acceleration zones. These points provide assistance throughout the entire lifecycle of the data centre project, covering all necessary authorisations. The role of the single information point includes coordinating spatial planning, building permits, environmental assessments, and applications for network connections. This centralised support aims to reduce the administrative burden on operators, particularly SMEs, by providing a dedicated channel for guidance and query resolution.

The most significant procedural change is outlined in Article 13, which facilitates administrative and permit-granting processes. Data centre projects deployed in acceleration zones are considered "strategic projects" within the meaning of the Regulation on speeding-up environmental assessments (referenced in Article 13(1) as Regulation (EU) 2026/XXX). Consequently, they benefit from a dedicated toolbox for accelerated environmental assessments.

Crucially, Article 13(2) requires Member States to issue an "aggregated baseline permit" for each designated acceleration zone. This permit covers the common permits and administrative authorisations required for data centre projects within that zone, excluding only installation-specific permits. Consequently, data centres within these zones would only need to obtain additional permits for activities falling outside the baseline. Article 13(5) sets a strict timeline, requiring that the permit-granting procedure for these projects does not exceed 12 months from the submission of a comprehensive application. This creates a predictable regulatory environment for Latvian investors.

Sovereignty Framework and Market Access

Beyond infrastructure deployment, CADA establishes a "Union cloud computing sovereignty framework" to mitigate risks associated with dependence on third-country providers. Article 16 sets out four "Union assurance levels" that cloud computing services must meet to be recognised as trustworthy for public sector use. For Latvian cloud providers, this creates a pathway to demonstrate compliance with EU-wide standards for data sovereignty, cybersecurity, and operational autonomy.

The recognition process is detailed in Article 17, which allows providers to apply to the national competent authority of their establishment (in this case, the relevant Latvian authority) for recognition. For Union assurance level 1, providers can issue a self-assessment statement of conformity, which is automatically recognised across the Union without prior national recognition for SMEs. For higher assurance levels (2, 3, and 4), independent third-party audits are required. Once recognised, the service is valid throughout the EU, reducing the need for separate national certifications.

Article 22 mandates the creation of a central repository of recognised cloud computing services. This publicly available database, maintained by the Commission, lists all services that have achieved Union assurance levels. For Latvian providers, inclusion in this repository serves as a powerful marketing tool, signalling to public sector bodies across the EU that their services meet rigorous sovereignty and security standards. This visibility is critical for competing in cross-border public procurement markets.

Public Procurement and Demand-Side Measures

CADA also includes demand-side measures to drive adoption of sovereign cloud services. Article 30 requires public sector bodies to procure cloud computing services that have been recognised under the sovereignty framework. Specifically, bodies whose activities contribute to the preservation of public order must procure services with Union assurance levels 2, 3, or 4. This creates a guaranteed market for Latvian providers who achieve these higher assurance levels.

Furthermore, Article 32 introduces "Union added value" criteria for public procurement. Contracting authorities must include non-price award criteria that evaluate tenderers' contributions to the European cloud and AI ecosystem, such as the use of hardware designed or manufactured in the Union. This provision incentivises procurement decisions that favour European providers, potentially benefiting Latvian companies that integrate local or EU-based technologies.

What this means for you

For Latvian data centre operators and cloud providers, CADA presents both operational efficiencies and strategic opportunities.

For Data Centre Operators:

  • Faster Time-to-Market: By locating projects in designated acceleration zones, you can benefit from aggregated baseline permits and a capped 12-month permitting timeline. This reduces uncertainty and accelerates ROI.
  • Reduced Administrative Burden: The single information point provides a dedicated liaison for navigating complex regulatory requirements, including environmental assessments and grid connections. This is particularly valuable for SMEs that may lack extensive legal or regulatory teams.
  • Strategic Project Status: Projects in acceleration zones are treated as strategic, granting them access to specific toolboxes for speeding up environmental assessments. This status can also make projects eligible for certain support measures.

For Cloud Service Providers:

  • EU-Wide Recognition: Achieving a Union assurance level provides a passport for your services across the EU. Instead of navigating fragmented national sovereignty standards, you comply with a single, harmonised framework.
  • Access to Public Sector Markets: Recognition in the central repository makes your services eligible for procurement by public sector bodies across the EU, particularly those with public order relevance. This opens up significant new revenue streams.
  • Competitive Advantage: By demonstrating compliance with high sovereignty standards, you differentiate your services in a market increasingly concerned with data security and operational autonomy. The "Union added value" criteria in procurement further enhances your competitiveness against non-European incumbents.

Actionable Steps:

  1. Monitor Zone Designations: Stay informed about which areas in Latvia are designated as data centre acceleration zones. Aligning future projects with these zones will maximise regulatory benefits.
  2. Engage with Single Information Points: Utilise the support offered by single information points early in your project lifecycle to identify potential bottlenecks and streamline permitting.
  3. Prepare for Audits: Begin assessing your cloud services against the Union assurance level criteria. For higher levels, engage with auditing organisations early to understand the evidence requirements.
  4. Highlight EU Value: In your procurement responses, emphasise your contributions to the European cloud ecosystem, such as the use of EU-designed hardware or software, to leverage the "Union added value" criteria.

Common misconceptions

Misconception 1: CADA replaces national planning laws. CADA does not replace national spatial planning or environmental laws. Instead, it harmonises and accelerates specific aspects of the permitting process for data centres in acceleration zones. National laws still apply, but the aggregated baseline permit and 12-month timeline create a streamlined overlay.

Misconception 2: All cloud providers must achieve the highest sovereignty level. No. The Union assurance levels are proportionate. Most public services will only require Union assurance level 1. Higher levels (2, 3, 4) are reserved for activities with public order relevance, such as defence or critical infrastructure. Providers should aim for the level appropriate to their target market.

Misconception 3: The central repository is only for large hyperscalers. The framework is designed to be accessible to providers of all sizes. For Union assurance level 1, SMEs can benefit from automatic recognition of their self-assessment statements. This lowers the barrier to entry for smaller Latvian providers seeking to compete in the public sector market.

Misconception 4: Acceleration zones guarantee automatic permits. Designation as an acceleration zone does not guarantee a permit. It means the project benefits from a streamlined process, including an aggregated baseline permit and a strict 12-month decision timeline. Operators still must submit comprehensive applications and meet all sustainability and technical requirements.

Related

This is general information about a draft EU regulation, not legal advice.