How does CADA help cloud and data centre operators in Lithuania?

Summary As proposed, the Cloud and AI Development Act (CADA) would significantly accelerate infrastructure deployment for Lithuanian operators by mandating data centre acceleration zones with a maximum 12-month permitting timeline and an aggregated baseline permit. Operators would benefit from dedicated single information points to navigate administrative hurdles across the project lifecycle. Furthermore, the proposal establishes a Union cloud computing sovereignty framework (Articles 16–22), allowing compliant Lithuanian providers to gain Union assurance recognition and be listed in a central repository, thereby unlocking access to public procurement markets across the entire EU. These measures aim to reduce regulatory fragmentation, enhance strategic autonomy, and improve the competitiveness of European providers.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, introduces a targeted regulatory framework designed to strengthen the EU's cloud and AI ecosystem. For operators in Lithuania, the proposal offers specific mechanisms to accelerate data centre deployment, simplify administrative procedures, and enhance the market access of local cloud service providers within the single market. The following sections detail how these provisions would apply to the Lithuanian context, grounded in the text of the proposal.

Accelerated Deployment through Data Centre Acceleration Zones

One of the primary benefits for data centre operators in Lithuania is the establishment of data centre acceleration zones. Under Article 10, Member States are required to designate at least one such zone within their territory where data centre capacity is being deployed. When designating these zones, Member States must consider factors such as available and future power grid capacity, network connectivity, and the potential for waste heat reuse. For Lithuania, this creates a predictable regulatory environment for investors, as the state would be obliged to facilitate the development of these zones by ensuring clear procedures for grid connection and land use.

Once a project is located within a designated acceleration zone, it benefits from significantly streamlined administrative processes. Article 13 mandates that the permit-granting procedure for data centre projects in these zones shall not exceed 12 months from the moment a comprehensive application has been submitted. This is a substantial reduction compared to current national timelines, which can often extend over several years. Furthermore, Member States are required to prepare and issue an aggregated baseline permit for each acceleration zone. This baseline permit covers the permits and administrative authorisations commonly required for data centre projects within that specific zone, excluding only installation-specific permits. This means that operators do not need to navigate a fragmented maze of individual permits for every aspect of their project; instead, the bulk of the regulatory approval is pre-cleared at the zone level.

Additionally, Article 13 explicitly states that data centre projects deployed in acceleration zones are to be considered as strategic projects within the meaning of the Regulation on speeding-up environmental assessments. This classification allows these projects to benefit from a dedicated toolbox designed to accelerate environmental assessments, further reducing the time to market while maintaining high levels of environmental protection.

Single Information Point Support

To further simplify the deployment process, Article 12 requires Member States to designate single information points for data centre operators of projects in acceleration zones. These points serve as a central hub of assistance throughout the entire lifecycle of the data centre project. The role of the single information point includes coordinating, facilitating, and monitoring procedures related to spatial planning, building permits, environmental assessments, and applications for connection to electricity and communications networks.

For Lithuanian operators, this means a dedicated channel for communication with public authorities. The single information point is tasked with assisting in assessing whether a data centre project may qualify as a strategic project under Article 14, which can unlock additional support measures. The proposal also requires that these points pay particular attention to small and medium-sized enterprises (SMEs), establishing dedicated channels to provide guidance and respond to queries. This reduces the administrative burden on operators, particularly smaller players, by providing clear, consistent, and timely information on regulatory requirements.

Sovereignty Framework and Market Access

Beyond deployment, CADA introduces a Union cloud computing sovereignty framework that offers significant opportunities for Lithuanian cloud service providers. Article 16 establishes four Union assurance levels, which serve as a harmonised standard for trusted cloud computing services. Providers can apply for recognition at these levels by meeting specific criteria related to data localisation, cybersecurity, and operational autonomy.

For a Lithuanian provider, achieving recognition under this framework is a powerful competitive tool. Article 17 outlines the recognition process, where a provider submits an application to the national competent authority of establishment. For Union assurance level 1, providers can issue an EU statement of conformity. Crucially, for SMEs, this statement is directly and automatically recognised in all Member States without the need for prior recognition by the evaluating national competent authority. For higher assurance levels (2, 3, and 4), providers undergo independent third-party audits. Once recognised, the service is valid across the entire Union.

This recognition is crucial for public procurement. Article 30 stipulates that contracting authorities whose activities contribute to the preservation of public order must procure cloud computing services that have been recognised as offering Union assurance levels 2, 3, or 4. Even for non-critical public sector activities, a minimum of Union assurance level 1 is required. By meeting these standards, Lithuanian providers can compete for public contracts across the EU, not just locally.

To facilitate this market access, Article 22 requires the Commission to establish and maintain a central repository of cloud computing services that have been recognised under the sovereignty framework. This repository will be publicly available and regularly updated, allowing public sector customers across the EU to easily identify and select trusted European providers. For Lithuanian operators, being listed in this central repository enhances visibility and trust, effectively acting as an EU-wide seal of approval for sovereignty and security.

Strategic Projects and Additional Support

While Article 13 automatically classifies projects in acceleration zones as strategic for environmental assessment purposes, Article 14 provides a mechanism for the Commission to designate specific data centre projects as data centre strategic projects. These projects are selected through open calls for expressions of interest and must fulfil at least two criteria, such as supporting essential public sector functions, incorporating highly sustainable or innovative features, or addressing a major shortage of compute capacity.

Designation as a strategic project can open doors to additional support. While the proposal does not mandate direct subsidies, it allows Member States to apply support measures in a proportionate manner, without prejudice to State aid rules. For Lithuanian operators, this means that innovative or strategically important data centre projects may be eligible for national or EU funding, provided they align with the broader objectives of the CADA.

What this means for you

For cloud service providers and data centre operators in Lithuania, the proposed CADA presents both immediate operational benefits and long-term strategic advantages.

• Faster Time-to-Market: By locating your data centre projects in designated acceleration zones, you can benefit from the 12-month permitting timeline and the aggregated baseline permit. This reduces uncertainty and accelerates your return on investment.
• Reduced Administrative Burden: The single information point serves as a one-stop shop for regulatory queries and coordination. Engage with this point early in the project lifecycle to streamline your interactions with multiple authorities.
• Competitive Edge in Public Procurement: Pursue recognition under the Union cloud computing sovereignty framework. Even achieving Union assurance level 1 can make you eligible for a wide range of public sector contracts. For providers targeting critical infrastructure or high-security public sector clients, aiming for levels 2, 3, or 4 is essential.
• EU-Wide Visibility: Ensure your recognition is registered in the central repository. This listing will enhance your credibility and visibility to public sector buyers across the EU, potentially opening new markets beyond Lithuania.
• Sustainability as a Strategic Asset: The proposal emphasises sustainability. Incorporating energy-efficient technologies and waste heat reuse not only aligns with the criteria for acceleration zones but can also strengthen your application for strategic project designation, potentially unlocking additional support.

Common misconceptions

• "CADA replaces national permitting laws entirely."
  • Correction: CADA harmonises certain conditions and sets maximum timelines, but it does not abolish national permitting procedures. Operators must still comply with national spatial planning, environmental, and building regulations. However, the aggregated baseline permit and single information point significantly simplify the process.
• "Only large hyperscalers can benefit from the sovereignty framework."
  • Correction: The framework is designed to be accessible to providers of all sizes. For Union assurance level 1, SMEs can issue an EU statement of conformity that is automatically recognised across the EU. This lowers the barrier to entry for smaller Lithuanian providers seeking to compete in the public sector market.
• "Strategic project designation guarantees funding."
  • Correction: Designation as a strategic project under Article 14 does not automatically grant funding. It makes projects eligible for certain support measures and prioritises them in environmental assessments. Funding is subject to national and EU State aid rules and available budgets.
• "The central repository is a marketing tool for private companies."
  • Correction: The central repository under Article 22 is specifically for cloud computing services recognised under the sovereignty framework. It is primarily a tool for public sector procurement, helping contracting authorities identify trusted providers that meet EU sovereignty standards. It is not a general directory for all cloud services.

Related

• How does CADA help cloud and data centre operators in Sweden?
• How does CADA help cloud and data centre operators in Spain?
• How does CADA help cloud and data centre operators in Slovenia?
• How does CADA help cloud and data centre operators in Portugal?
• How does CADA help cloud and data centre operators in Poland?

This is general information about a draft EU regulation, not legal advice.