CADA vs the Digital Networks Act

Summary The proposed Cloud and AI Development Act (CADA) does not regulate internet connectivity, spectrum, or telecommunications networks; those domains remain exclusively with the Digital Networks Act (DNA) and the European Electronic Communications Code (EECC). Instead, CADA focuses on the deployment of cloud infrastructure, data centres, and AI capabilities, explicitly leveraging the connectivity foundations established by the DNA. As proposed, CADA treats high-speed connectivity as a prerequisite for data centre deployment, requiring operators to coordinate with grid and network planners, but it does not impose new obligations on telecom providers themselves. The two instruments operate in parallel: the DNA ensures the "pipes" exist, while CADA ensures the "compute" behind them is sovereign and resilient.

Detail

To understand the relationship between CADA and the Digital Networks Act, it is essential to distinguish between the infrastructure that moves data (networks) and the infrastructure that processes and stores data (cloud and AI). CADA, as proposed in COM(2026) 502 final, addresses the latter, while the DNA addresses the former. The two instruments are designed to be complementary, with CADA explicitly relying on the connectivity standards set by the DNA to function effectively.

Distinct Regulatory Scopes

The Digital Networks Act (DNA) harmonises rules for the deployment of gigabit and beyond connectivity, focusing on electronic communications networks, spectrum access, and the rights of users and providers to access network infrastructure. Its goal is to ensure widespread, high-speed, secure, and cutting-edge digital networks across the Union.

CADA, conversely, establishes a framework for strengthening Europe's cloud and AI ecosystem. Its subject matter, as defined in Article 1(1), includes establishing the Cloud and AI Leadership Initiatives, setting the framework for accelerated data centre deployment, enabling a "sovereign cloud and artificial intelligence (AI) offer to safeguard the Union's public order," and fostering cloud adoption in the public sector. It does not contain provisions that regulate the technical specifications of internet connections, the licensing of telecom operators, or the general availability of broadband services.

CADA's Explicit Link to the Digital Networks Act

While CADA does not regulate networks, it recognises that cloud and AI deployment is impossible without robust connectivity. The proposal explicitly leverages the advancements of the DNA. As stated in the explanatory memorandum, "The proposal leverages the Digital Networks Act's advancements for connectivity and thus stays focused on the deployment of data centres capacities, not the prior or parallel build-out of the necessary connectivity infrastructure."

This separation of concerns is operationalised in CADA's provisions regarding data centre acceleration zones. Article 10(1)(c) requires Member States to consider "the available and future network connectivity capacity" when designating acceleration zones. Furthermore, Article 12(2)(f) mandates that single information points for data centre operators assist with "applications for connection to the electricity, heat or communications networks."

Crucially, CADA does not create a new regime for network access. Instead, it relies on the existing framework. The explanatory memorandum notes that the DNA "addresses the convergence of networks infrastructure, including scenarios where a cloud computing service provider operates an electronic communications network and has so far not been subject to obligations under the European Electronic Communications Code although falling into its scope. Thus, the Digital Networks Act will clarify the procedures for connectivity between providers of various networks and other market participants within a broader ecosystem cooperation."

Coordination Over Regulation

For CTOs and architects, the practical implication is that CADA creates a coordination mechanism rather than a regulatory burden on connectivity. Article 10(2) obliges Member States to conduct comprehensive analyses of energy and network needs for acceleration zones, ensuring that "network development plans... take due account of the analysis prepared." This ensures that data centre projects are planned in tandem with network upgrades, preventing bottlenecks where data centres are built in areas lacking sufficient gigabit connectivity.

However, CADA does not grant cloud providers special rights to network infrastructure beyond what is already provided by the DNA. It also does not impose cybersecurity or resilience obligations on the network layer itself; those remain with the DNA and the NIS2 Directive. CADA's sovereignty framework (Articles 16–24) applies to cloud computing services and AI systems, not to the underlying physical or logical network connectivity.

Edge Computing and Network Convergence

One area of overlap is edge computing. Article 15 requires the Commission to monitor "edge computing capacity" as part of the Union's compute capacity gap. Edge nodes often sit at the intersection of network and cloud infrastructure. While the DNA promotes the deployment of edge nodes for low-latency services, CADA treats edge capacity as a critical component of the cloud and AI ecosystem. The proposal supports the development of "on-device edge" technologies under the Cloud and AI Leadership Initiatives (Article 4(2)(a)), but the physical deployment of the network links to these edge nodes remains governed by telecom regulations.

What this means for you

For CTOs, architects, and SMEs evaluating infrastructure strategy, the distinction between CADA and the DNA is critical for compliance and planning:

1. Separate Compliance Tracks: You must comply with the DNA if you operate or rely on electronic communications networks. You must comply with CADA if you operate or procure cloud computing services, data centre services, or AI systems. There is no single "digital infrastructure" regulation that covers both; you will face distinct reporting and assessment requirements under each.
2. Site Selection and Connectivity: If you are deploying new data centre capacity, Article 10 of CADA requires you to operate within designated acceleration zones that have been assessed for network connectivity. You cannot assume connectivity will be available; you must engage with the single information points (Article 12) to coordinate network connections. The CADA framework ensures that your site selection is informed by the DNA's connectivity maps.
3. Sovereignty Audits Exclude Networks: When seeking recognition under the Union assurance levels (Articles 16–23), you will be audited on the location of your infrastructure, personnel, and data, as well as your software supply chain. The audit criteria (Annex II) focus on the cloud service provider's control and location, not on the underlying internet backbone. However, if your cloud service relies on network components that are subject to third-country control, this may impact your sovereignty rating under the broader supply chain criteria.
4. No New Network Obligations: CADA does not impose new cybersecurity or resilience standards on your network operations. Those remain under the DNA and NIS2. CADA's cybersecurity requirements (e.g., Article 16(1)(e) for Level 1) apply to the cloud service's state-of-the-art cybersecurity standards, not to the ISP's network security.

Common misconceptions

• Misconception: CADA replaces or updates the Digital Networks Act.
  • Reality: CADA complements the DNA. The explanatory memorandum explicitly states that CADA "stays focused on the deployment of data centres capacities, not the prior or parallel build-out of the necessary connectivity infrastructure." The two acts operate in parallel, with CADA relying on the DNA's connectivity outcomes.
• Misconception: Cloud providers must now comply with telecom regulations under CADA.
  • Reality: CADA does not impose telecom-specific obligations on cloud providers. While Article 10 requires coordination with network operators, it does not subject cloud providers to the licensing, numbering, or universal service obligations of the DNA.
• Misconception: CADA regulates the speed or quality of internet connections.
  • Reality: CADA does not set minimum bandwidth requirements for cloud services. It focuses on the compute capacity, data sovereignty, and AI capabilities of the cloud infrastructure. Connectivity quality is a prerequisite managed by the DNA and national telecom regulators.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)

Related

• CADA Frontier AI vs AI Act GPAI: Definitions, Stacking & Compute Access
• CADA and eIDAS 2.0: How the Cloud Act Reuses the EU Digital Identity Wallet
• CADA and eIDAS: How the Act uses existing digital identity for its platforms
• CADA and the Chips Act 2.0: How the EU's Digital Stack Laws Interact
• Do CADA frontier AI compute projects rely on Chips Act semiconductors?

This is general information about a draft EU regulation, not legal advice.