Summary As proposed, the Cloud and AI Development Act (CADA) would significantly streamline operations for Slovenian cloud and data centre operators by mandating accelerated permitting processes and dedicated administrative support. The proposal requires Slovenia to designate "data centre acceleration zones" where projects benefit from "aggregated baseline permits" and dedicated "single information points," reducing permit-granting timelines to a maximum of 12 months. Additionally, the framework creates a clear pathway for Slovenian providers to gain EU-wide recognition for sovereign cloud services, enhancing their competitiveness in the public sector market through the central repository.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, introduces a comprehensive regulatory framework designed to boost the EU's cloud and AI ecosystem. For operators in Slovenia, the proposal offers specific mechanisms to reduce administrative burdens, accelerate infrastructure deployment, and enhance market access through standardized sovereignty criteria. The Act addresses two distinct but complementary challenges: the physical deployment of data centre capacity and the market access for sovereign cloud services.

Accelerated Deployment and Permitting in Acceleration Zones

A core pillar of CADA is the simplification of data centre deployment to address the Union's capacity gap. Under Article 10, Member States, including Slovenia, are obligated to designate at least one "data centre acceleration zone" within their territory where data centre capacity is being deployed. When designating these zones, Slovenian authorities must consider factors such as available and future power grid capacity, network connectivity, the ability to reuse waste heat, and environmental sustainability.

Once an acceleration zone is established, Article 13 introduces significant procedural efficiencies. Data centre projects deployed in these zones are explicitly considered "strategic projects" within the meaning of the environmental assessment acceleration framework. Crucially, Article 13(2) mandates that Member States prepare and issue an "aggregated baseline permit" for each designated zone. This permit covers the standard administrative authorizations required for data centre projects within that specific area, excluding only installation-specific permits. This means that for projects within an acceleration zone, operators would not need to navigate repetitive, project-by-project environmental or planning assessments for issues already covered by the baseline permit.

Furthermore, Article 13(5) mandates that administrative applications for planning, construction, and operation in these zones be processed in an efficient and timely manner. The proposal sets a strict deadline: the permit-granting procedure for data centre projects in acceleration zones must not exceed 12 months from the moment a comprehensive application has been submitted. This statutory cap provides a predictable timeline for investment planning, a significant improvement over the variable timelines often encountered in national permitting processes.

Administrative Support via Single Information Points

To further reduce friction and ensure operators can navigate the new framework effectively, Article 12 requires Member States to designate one or more "single information points" for data centre operators of projects in acceleration zones. These points serve as a dedicated contact throughout the entire lifecycle of the data centre project. Their role includes coordinating, facilitating, monitoring, and sharing information on procedures relating to spatial planning, building permits, environmental assessments, water abstraction, and network connections.

By centralizing this support, the proposal aims to provide Slovenian operators with clearer guidance and faster resolution of administrative queries. Article 12(4) specifically notes that the single information point shall pay particular attention to small and medium-sized enterprises (SMEs), suggesting tailored support channels for smaller operators who may have limited legal resources. The single information point also assists in assessing whether a project may qualify as a "strategic project" under Article 14, which could unlock additional support measures.

Sovereignty Framework and Market Access

Beyond physical infrastructure, CADA establishes a "Union cloud computing sovereignty framework" under Article 16. This framework defines four levels of assurance (Union assurance levels 1 to 4) for cloud computing services. For Slovenian cloud providers, this presents a significant commercial opportunity. By meeting the cumulative criteria set out in Annex II of the proposal, providers can apply for recognition as offering a specific Union assurance level.

The recognition process is managed by national competent authorities. Under Article 17, a Slovenian provider would submit an application for recognition to the national competent authority of establishment (in this case, the Slovenian authority). If recognized, the service is recognized across the entire Union. This EU-wide recognition is critical for public procurement. Article 30 mandates that public sector bodies in Slovenia (and across the EU) must procure cloud services that meet at least Union assurance level 1. For activities identified as contributing to public order, higher levels (2, 3, or 4) are required.

To ensure transparency and market visibility, Article 22 requires the Commission to establish and maintain a central repository of cloud computing services that have received this recognition. Slovenian providers who achieve recognition would be listed in this central repository, making them visible to public sector buyers across Europe and validating their compliance with strict sovereignty and security standards. This mechanism effectively creates a "trusted list" that public buyers must consult, giving recognized Slovenian providers a distinct advantage over non-compliant competitors.

What this means for you

For cloud service providers and data centre operators in Slovenia, the proposed CADA translates into three primary benefits: reduced time-to-market for infrastructure, lower administrative costs, and expanded market access for sovereign services.

1. Faster Infrastructure Rollout If your data centre project is located within a designated acceleration zone, you would benefit from the aggregated baseline permit. This reduces the need for redundant environmental and planning approvals for each individual project, as many common permits are pre-approved at the zone level. The statutory 12-month cap on permit-granting procedures provides greater predictability for investment planning and construction timelines, allowing Slovenian operators to scale capacity more rapidly to meet the growing demand for AI and cloud computing.

2. Streamlined Administrative Interaction The mandatory single information point under Article 12 means you would have a dedicated liaison for your project. This reduces the complexity of dealing with multiple municipal and regional authorities simultaneously. The proposal specifically notes that these points should pay particular attention to SMEs, suggesting tailored support channels for smaller operators. This centralized support is designed to prevent projects from stalling due to administrative confusion or lack of clarity on requirements.

3. Competitive Advantage in Public Procurement By aligning your services with the Union assurance levels, you position your Slovenian cloud offering as a compliant choice for public sector procurement. Recognition under Article 17 and listing in the central repository under Article 22 serve as a trusted badge of compliance. This is particularly relevant for public sector bodies in Slovenia that are required to conduct risk assessments under Article 29 and subsequently procure services meeting specific assurance levels. Meeting these standards can differentiate your service from non-compliant competitors and open doors to cross-border public sector contracts within the EU, as the recognition is valid across all Member States.

4. Strategic Project Status and Support Under Article 14, the Commission may designate specific data centre projects as "strategic projects" if they meet certain criteria, such as contributing to grid stability, addressing capacity shortages, or incorporating highly sustainable features. If your project qualifies, it may become eligible for additional support measures, including potential state aid and access to Union funding, further enhancing its viability. The single information point assists in this designation process.

Common misconceptions

Misconception 1: All data centre projects in Slovenia will automatically benefit from accelerated permits. The accelerated permitting and aggregated baseline permits under Articles 10 and 13 apply specifically to projects deployed within designated "data centre acceleration zones." Projects located outside these zones may not benefit from the same streamlined procedures or the 12-month cap. Therefore, location strategy is critical for operators seeking these benefits.

Misconception 2: Sovereignty recognition is automatic for EU-based providers. Recognition under the sovereignty framework (Articles 16-17) is not automatic simply because a provider is established in Slovenia. Providers must actively apply and demonstrate compliance with specific criteria, including data localization, personnel requirements, and cybersecurity standards, depending on the assurance level sought. For levels 2, 3, and 4, independent third-party audits are required, and the provider must submit an audit report and a "positive" audit opinion to the competent authority.

Misconception 3: The rules are already in force. CADA is a proposal (COM(2026) 502 final) and is not yet law. The timelines and obligations described here are subject to the legislative process, including negotiation by the European Parliament and the Council. Final text may change, and implementation dates will depend on when and how the regulation is adopted. The proposal would enter into force 20 days after publication and apply one year later.

Misconception 4: Private sector entities are directly regulated by the sovereignty procurement rules. The mandatory procurement requirements for Union assurance levels (Article 30) apply to public sector bodies and Union entities. Private sector entities, particularly those in high-criticality sectors listed in Annex I of the NIS2 Directive, may conduct similar impact assessments under Article 31, but they are not subject to the same mandatory procurement obligations as the public sector. However, market pressure may drive private adoption of these standards.

Related

This is general information about a draft EU regulation, not legal advice.