Summary The proposed Cloud and AI Development Act (CADA) would transform the operating environment for cloud and data centre providers in Slovakia by introducing a harmonised framework for rapid infrastructure deployment and market access. As proposed, data centre projects located in designated "acceleration zones" would be treated as strategic projects, benefiting from an "aggregated baseline permit" and a strict 12-month maximum permitting timeline. Operators would receive dedicated support throughout the project lifecycle via "single information points" established under Article 12. Furthermore, Slovak providers would gain a clear pathway to EU-wide recognition under the Union cloud computing sovereignty framework (Article 16), allowing them to list their services in the central repository (Article 22) and compete for public sector contracts across the Union based on verified assurance levels.

Detail

The Cloud and AI Development Act (CADA), presented as Commission Proposal COM(2026) 502 final, addresses two critical bottlenecks for the European cloud ecosystem: the shortage of computing capacity and the fragmentation of sovereignty standards. For Slovakia, a Member State with significant potential for data centre growth, the proposal offers specific mechanisms to accelerate infrastructure deployment and enhance the competitiveness of local providers in the public sector market.

Accelerated Deployment: Acceleration Zones and Aggregated Permits

The most immediate impact for data centre operators in Slovakia concerns the permitting process. Under Article 10, Member States would be required to designate at least one "data centre acceleration zone" within their territory where data centre capacity is being deployed. These zones are not merely geographical markers; they are regulatory hubs designed to facilitate the development, expansion, and modernisation of data centres by providing a clear, streamlined framework. When designating these zones, Slovakia would need to consider critical factors such as available power grid capacity, network connectivity, and environmental sustainability, ensuring alignment with the EU's broader climate goals.

Once a zone is designated, the administrative burden for projects within it is significantly reduced through the mechanism of the "aggregated baseline permit." Article 13 mandates that Member States prepare and issue this permit for each acceleration zone. This single permit would cover the common permits and administrative authorisations required for data centre projects located within that specific area, excluding only installation-specific permits. This means that a Slovak operator building a facility within an acceleration zone would not need to navigate a fragmented series of individual approvals for planning, building, and environmental compliance. Instead, they would rely on the baseline permit, obtaining additional permits only for activities falling outside its scope.

Crucially, Article 13 imposes a strict timeline on this process. The permit-granting procedure for data centre projects deployed in acceleration zones would not exceed 12 months from the moment a comprehensive application is submitted. This creates a predictable timeline for investment decisions. Furthermore, data centre projects in these zones would be considered "strategic projects" within the meaning of the forthcoming Regulation on speeding-up environmental assessments. This status triggers a dedicated toolbox to accelerate and streamline environmental assessment procedures, ensuring that high-level environmental protection is maintained while removing unnecessary delays.

Single Information Points: A Dedicated Support Channel

To further reduce the complexity of navigating national and local authorities, Article 12 establishes the obligation for Member States to designate "single information points" for data centre operators. These points would assist operators throughout the entire lifecycle of their data centre projects in acceleration zones.

The role of the single information point is comprehensive. It includes coordinating, facilitating, monitoring, and sharing information on procedures relating to:

  • Spatial planning and building permits;
  • Environmental assessments;
  • Authorisations regarding water abstraction, wastewater discharge, and heat utilisation;
  • Compliance with administrative and reporting obligations;
  • Applications for connection to electricity, heat, or communications networks.

For a Slovak operator, this means having a single, dedicated contact point that understands the specific regulatory landscape of the acceleration zone. The single information point would also assist in assessing whether a project may qualify as a strategic project under Article 14, potentially unlocking further support measures. This centralised support aims to eliminate the fragmentation often experienced by operators dealing with multiple authorities, ensuring that information flows efficiently and that bottlenecks are identified and resolved quickly.

Sovereignty Framework: From Slovak Compliance to EU Recognition

Beyond infrastructure deployment, CADA introduces a Union cloud computing sovereignty framework to mitigate risks associated with dependence on third-country providers. This framework, established under Article 16, creates four "Union assurance levels" (Levels 1 to 4) based on cumulative criteria set out in Annex II. These levels provide a harmonised and auditable set of criteria for cloud computing services, ensuring varying degrees of sovereignty, security, and operational autonomy.

For Slovak cloud providers, this framework presents a significant opportunity to demonstrate compliance with high sovereignty standards and access the EU public sector market. The proposal creates a level playing field where a provider established in Slovakia can be recognised across the entire Union, rather than facing fragmented national standards.

To achieve recognition at Union assurance levels 2, 3, or 4, providers must undergo independent third-party audits. Article 20 details the requirements for these audits, ensuring that providers meet strict criteria regarding data localisation, personnel citizenship, and protection against third-country control. For instance, Level 3 and Level 4 require that personnel involved in the provision of the service are Union citizens, and that the service obtains a European cybersecurity certificate of at least "substantial" (for Level 3) or "high" (for Level 4) assurance.

Once a Slovak provider successfully meets these criteria and receives a "positive" audit opinion, they can apply for recognition to the national competent authority of their establishment (in this case, the Slovak authority). Article 17 outlines the procedure, where the evaluating authority assesses the evidence and, if satisfied, notifies other Member States. If no reasoned objection is raised within the review period, the service is recognised throughout the Union.

Upon successful recognition, the cloud computing service is listed in a central repository maintained by the Commission, as specified in Article 22. This repository serves as a publicly available register of cloud computing services recognised as offering specific Union assurance levels. For Slovak providers, inclusion in this central repository is a powerful market signal. It enhances visibility and trust, making them eligible for procurement by public sector bodies across the EU that require specific sovereignty levels under Article 30. This mechanism helps Slovak providers compete directly with non-EU incumbents by providing a transparent, standardised way to demonstrate sovereignty compliance.

Strategic Projects and Investment Support

CADA also supports the strategic deployment of data centre capacity through the designation of "data centre strategic projects." Under Article 14, the Commission can designate projects that meet specific criteria, such as enhancing essential public sector functions, incorporating highly sustainable or innovative features, or addressing major shortages of compute capacity.

For Slovak operators, aligning projects with these criteria can open doors to additional funding and recognition. Strategic projects may receive support from Union programmes and funds, and Member States may apply proportionate support measures to them. This could include access to the European Competitiveness Fund or other Union instruments, further supporting the growth of the local cloud ecosystem. The designation process is transparent, with the Commission publishing a list of designated projects, providing a clear roadmap for operators seeking to maximise the strategic value of their investments.

What this means for you

For cloud service providers and data centre operators in Slovakia, the proposed CADA offers a structured pathway to reduce regulatory friction and enhance market competitiveness. Here is how you can prepare and benefit:

  1. Engage with National Authorities on Acceleration Zones: As Slovakia designates its data centre acceleration zones under Article 10, operators should actively engage with national and local authorities to ensure their projects are located within these zones. This positioning is critical, as it grants access to the aggregated baseline permit and the 12-month permitting timeline, significantly accelerating your time-to-market.
  2. Utilise Single Information Points: Familiarise yourself with the single information points established under Article 12. These points will serve as your primary contact for navigating the complex web of permits, environmental assessments, and grid connections. Early engagement with these points can help identify potential bottlenecks and streamline the approval process, ensuring your project stays within the 12-month limit.
  3. Prepare for Sovereignty Audits: If you aim to serve the public sector or critical industries, start preparing for the independent audits required for Union assurance levels 2, 3, or 4. Review the criteria in Annex II of the CADA proposal, focusing on data localisation, supply chain transparency, and protection against third-country control. Investing in compliance early will position you to be among the first Slovak providers listed in the central repository under Article 22, giving you a competitive edge in EU-wide procurement.
  4. Explore Strategic Project Designation: Assess whether your data centre projects meet the criteria for designation as strategic projects under Article 14. If your project contributes to public sector functions, incorporates innovative sustainability features, or addresses compute capacity shortages, you may be eligible for additional support and recognition, potentially unlocking Union funding.

Common misconceptions

  • "CADA replaces national planning laws." CADA does not replace national planning or environmental laws. Instead, it harmonises certain aspects of the permitting process, such as through aggregated baseline permits and single information points, to make them more efficient and predictable. National laws on zoning, environmental protection, and energy efficiency still apply, but CADA provides a framework to streamline their application for data centre projects in acceleration zones.
  • "All cloud providers must achieve the highest sovereignty level." CADA establishes four Union assurance levels, but not all services require the highest level (Level 4). The required level depends on the risk assessment conducted by public sector bodies, as outlined in Article 29. Most public services would not require the highest levels of assurance. Providers should aim for the level appropriate for their target market and service offering.
  • "Slovak providers will be disadvantaged by EU-wide standards." On the contrary, CADA aims to level the playing field by providing a harmonised framework for sovereignty. By meeting the EU-wide criteria, Slovak providers can demonstrate their trustworthiness and compliance to customers across the entire EU, rather than navigating fragmented national standards. This can enhance their competitiveness against both non-EU incumbents and other EU providers.
  • "The 12-month permit timeline applies everywhere." The strict 12-month permitting timeline applies specifically to data centre projects deployed within designated "acceleration zones" under Article 13. Projects outside these zones would not automatically benefit from this accelerated timeline, though they may still benefit from other streamlining measures.

Related

This is general information about a draft EU regulation, not legal advice.