How does CADA help cloud and data centre operators in the Netherlands?

Summary As proposed, the Cloud and AI Development Act (CADA) would significantly streamline the deployment of data centres in the Netherlands by introducing data centre acceleration zones with aggregated baseline permits and a strict 12-month permitting deadline. It would also provide Dutch cloud providers with a clear, harmonised path to EU-wide market access through a Union cloud computing sovereignty framework and a central repository of recognised services. These measures aim to reduce administrative fragmentation, accelerate infrastructure rollout, and enhance the competitiveness of European providers against third-country incumbents.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, introduces a comprehensive framework designed to address the EU's compute capacity deficit and reduce dependence on non-European cloud providers. For operators in the Netherlands, CADA translates into three primary pillars of benefit: accelerated permitting through designated zones, streamlined administrative support via single information points, and a harmonised sovereignty framework that enhances market access across the single market.

1. Accelerated Deployment via Data Centre Acceleration Zones

Under Article 10, Member States, including the Netherlands, are required to designate at least one data centre acceleration zone within their territory where data centre capacity is being deployed. These zones are not merely geographical markers; they are regulatory instruments designed to facilitate the rapid development, expansion, and modernisation of data centres.

When designating these zones, Member States must consider specific criteria, including the availability of power grid capacity, network connectivity, and the preference for reusing brownfield sites over greenfield sites. Crucially, Article 10(2) mandates that Member States conduct a comprehensive analysis of the energy needs of current and future acceleration zones, reviewing this analysis at least every three years. This analysis must feed into national network development plans, ensuring that grid infrastructure evolves in tandem with data centre deployment. For Dutch operators, this means greater predictability regarding energy availability and grid connection timelines, which are often critical bottlenecks in the Netherlands.

Furthermore, Article 11 imposes conditions within these zones to ensure sustainability and fair competition. Member States must use key performance indicators specified in Delegated Regulation (EU) 2024/1364 to set sustainability requirements. Additionally, the allocation and use of resources within acceleration zones must occur on fair, reasonable, and non-discriminatory terms, preventing speculative reservation of resources that could impede effective competition.

2. Streamlined Permitting and Aggregated Baseline Permits

One of the most significant operational benefits for data centre operators is the facilitation of administrative and permit-granting processes outlined in Article 13.

Article 13(1) explicitly states that data centre projects deployed in acceleration zones shall be considered as strategic projects. This classification allows them to benefit from a dedicated toolbox under the upcoming Regulation on speeding-up environmental assessments, bypassing some of the traditional delays associated with complex environmental reviews.

More importantly, Article 13(2) introduces the concept of an aggregated baseline permit. For each designated acceleration zone, Member States must prepare and issue an aggregated baseline permit authorising the deployment of data centres in that specific zone. This permit covers the permits and administrative authorisations commonly required for data centre projects located within the zone, excluding only installation-specific permits.

This mechanism fundamentally changes the permitting landscape. Instead of negotiating individual environmental and planning permissions for every new facility from scratch, operators benefit from a pre-approved baseline for the zone. Article 13(3) requires Member States to carry out all necessary procedures, including environmental assessments, at the zone level before issuing this baseline permit. Consequently, Article 13(4) clarifies that data centres deployed in these zones are required to obtain additional permits only for activities falling outside the aggregated baseline permit.

To further accelerate timelines, Article 13(5) sets a strict deadline: the permit-granting procedure for data centre projects in acceleration zones shall not exceed 12 months from the submission of a comprehensive application. This statutory cap provides Dutch operators with legal certainty regarding approval timelines, reducing the risk of indefinite delays.

3. Single Information Point Support

Navigating the complex web of spatial planning, environmental assessments, and grid connections is a major administrative burden. Article 12 addresses this by requiring Member States to designate one or more single information points for data centre operators of projects in acceleration zones.

These single information points are not just contact details; they are active support mechanisms. Article 12(1) grants data centre operators the right to be assisted by a single information point throughout the entire lifecycle of the data centre project with respect to all authorisations required for deployment.

The role of these points, as detailed in Article 12(2), includes coordinating, facilitating, monitoring, and sharing information on procedures related to:

• Spatial planning and building permits;
• Environmental assessments;
• Authorisations regarding water abstraction, wastewater discharge, and heat utilisation;
• Compliance with administrative and reporting obligations;
• Applications for connection to electricity, heat, or communications networks.

For Dutch operators, this means a unified interface for all regulatory interactions, reducing the need to engage with multiple disparate authorities. Article 12(4) further emphasises that these points must pay particular attention to SMEs, potentially establishing dedicated communication channels to provide guidance and respond to queries.

4. Sovereignty Framework and Market Access

Beyond physical deployment, CADA provides a strategic advantage for Dutch cloud service providers through its sovereignty framework. Article 16 establishes a Union cloud computing sovereignty framework comprising four Union assurance levels. This framework provides a harmonised, auditable set of criteria for cloud computing services to be recognised as providing varying levels of sovereignty assurance.

For Dutch providers, meeting these criteria allows them to be formally recognised across the EU. Article 17 outlines the mechanism for this recognition. Providers submit an application to the national competent authority of their establishment (in this case, the Dutch authority). Once recognised, the service is recognised throughout the Union at the appropriate assurance level.

Article 22 reinforces this by requiring the Commission to establish and maintain a central repository of cloud computing services that have been recognised. Being listed in this repository is not just a badge of honour; it is a functional requirement for public sector procurement. Article 30 mandates that contracting authorities procure cloud computing services that have been recognised under the framework. Specifically, services contributing to public order must meet higher assurance levels (2, 3, or 4), while others must meet at least level 1.

This creates a level playing field. Dutch providers who achieve recognition gain access to the entire EU public sector market, bypassing the need to navigate 27 different national trustworthiness standards. The framework also includes provisions for Union added value in procurement (Article 32), allowing contracting authorities to evaluate tenders based on contributions to the European cloud ecosystem, including the use of hardware and software designed or manufactured in the Union.

What this means for you

For cloud service providers and data centre operators in the Netherlands, CADA offers tangible operational and strategic benefits:

• Reduced Time-to-Market: The 12-month permitting cap and aggregated baseline permits in acceleration zones significantly reduce the lead time for deploying new facilities. Operators should prioritise locating new projects within designated Dutch acceleration zones to leverage these streamlined processes.
• Administrative Efficiency: Engaging with the designated single information point will simplify interactions with local and national authorities. Operators should proactively establish relationships with these points early in the project lifecycle to ensure smooth coordination across spatial planning, environmental, and grid connection procedures.
• Competitive Advantage in Public Procurement: Achieving recognition under the Union assurance levels is critical for securing public sector contracts. Dutch providers should begin aligning their services with the criteria in Annex II of the proposal, particularly regarding data localisation, cybersecurity certification, and supply chain transparency. Early adoption of these standards will position Dutch providers as preferred partners in the EU's sovereign cloud market.
• Energy and Grid Certainty: The requirement for Member States to analyse energy needs and integrate them into grid planning provides greater visibility into power availability. Operators should monitor the development of Dutch acceleration zones and the associated grid investment plans to ensure their projects are aligned with future energy infrastructure.
• SME Support: Smaller Dutch providers and start-ups should take advantage of the dedicated support channels mentioned in Article 12(4). The framework is designed to lower barriers to entry, and leveraging the single information point can help navigate complex regulatory requirements more effectively.

Common misconceptions

• "CADA replaces national planning laws." CADA does not abolish national planning or environmental laws. Instead, it harmonises specific aspects, such as permitting timelines and the recognition of strategic projects, to ensure consistency across the EU. National laws still apply, but they must align with the accelerated frameworks established by CADA, particularly within acceleration zones.

• "The sovereignty framework is only for government use." While the framework is primarily driven by public sector procurement requirements, it also influences the private sector. Article 31 allows private sector entities in critical sectors (as defined in the NIS2 Directive) to conduct similar impact assessments. Furthermore, achieving sovereignty recognition enhances a provider's market reputation and competitiveness across the entire EU, not just in public contracts.

• "Aggregated baseline permits cover everything." The aggregated baseline permit covers common permits and authorisations for the zone but excludes installation-specific permits (Article 13(2)). Operators will still need to obtain specific permits for unique aspects of their facility that fall outside the baseline, but the bulk of the regulatory burden is pre-negotiated at the zone level.

• "Only EU-based providers can benefit." While CADA aims to strengthen European providers, the framework is open to any provider that meets the criteria. However, the emphasis on Union added value and the specific requirements for data localisation and control make it more advantageous for providers with a strong EU presence, such as Dutch operators, to achieve higher assurance levels.

Related

• How does CADA help cloud and data centre operators in Sweden?
• How does CADA help cloud and data centre operators in Spain?
• How does CADA help cloud and data centre operators in Slovenia?
• How does CADA help cloud and data centre operators in Portugal?
• How does CADA help cloud and data centre operators in Poland?

This is general information about a draft EU regulation, not legal advice.