Summary As proposed, the Cloud and AI Development Act (CADA) would fundamentally reshape data centre deployment for legal and compliance teams by introducing a harmonised, accelerated permitting regime. Under Article 13, permit-granting procedures for projects within designated "data centre acceleration zones" must not exceed 12 months from the submission of a comprehensive application. This timeline is supported by an aggregated baseline permit issued by Member States under Article 13(2), which covers zone-level requirements, leaving only installation-specific permits to be processed separately. Legal teams must also navigate the Article 14 strategic project designation, which offers potential state aid benefits but carries a material risk of withdrawal if criteria are no longer met or if the application contained incorrect information. Furthermore, Article 11 mandates strict compliance with sustainability Key Performance Indicators (KPIs) defined in Delegated Regulation (EU) 2024/1364, making sustainability a binding regulatory condition rather than a voluntary target.

Detail

The Cloud and AI Development Act (CADA), proposed by the European Commission on 3 June 2026 (COM(2026) 502 final), establishes a framework to accelerate the deployment of data centres across the Union while ensuring sustainability and reducing dependencies. For in-house counsel and compliance officers, the proposal shifts the focus from fragmented national permitting regimes to a harmonised EU-wide approach, particularly for facilities located in designated "data centre acceleration zones." The legal implications centre on three pillars: accelerated permitting timelines, the conditional nature of strategic project status, and mandatory sustainability compliance.

Accelerated Permitting and the 12-Month Deadline

The most immediate operational impact for legal teams lies in the permitting timelines established by Article 13. Under Article 13(5), Member States are required to ensure that administrative applications related to the planning, construction, and operation of data centres in acceleration zones are processed efficiently. Crucially, the permit-granting procedure must not exceed 12 months from the moment a comprehensive application has been submitted. This time limit is without prejudice to any shorter time limits set by Member States, but it establishes a maximum ceiling for the procedure.

To achieve this accelerated timeline, Article 13(2) mandates that Member States prepare and issue an aggregated baseline permit for each designated acceleration zone. This baseline permit covers the permits and administrative authorisations commonly required for data centre projects within that specific zone, excluding installation-specific permits. Legal teams must distinguish between these two layers of authorisation:

  • Aggregated Baseline Permit: Issued by the Member State, covering zone-level requirements such as environmental assessments, spatial planning, and general administrative authorisations. Article 13(3) requires that all necessary procedures and assessments at the zone level be completed before this permit is issued. This means the 12-month clock for the project itself starts only after the baseline is in place.
  • Installation-Specific Permits: Required only for activities falling outside the aggregated baseline permit, as stated in Article 13(4). These are the specific technical or operational permits unique to the individual project.

This structure implies that legal counsel must verify whether a project's specific technical or operational features fall within the pre-approved baseline or trigger additional, separate permitting requirements. Failure to align with the baseline could reset or extend the 12-month clock, creating significant compliance risk. The proposal also notes in Article 13(5) that where a status of "highest national significance" exists in national law, data centre projects shall be allocated that status and treated as such in permit-granting processes, though this does not create an obligation for Member States to introduce such a status.

Strategic Projects and State Aid Implications

Beyond standard permitting, Article 14 introduces a mechanism for the Commission to designate certain data centre projects as "strategic projects." This designation is not automatic; it requires an application through open calls for expressions of interest, where the project must fulfil at least two of five specific criteria. These criteria include establishing infrastructure for essential public sector functions, incorporating highly sustainable or innovative features, contributing to electricity grid stability, supporting the integration of Union-designed chips and processors, or addressing major compute capacity shortages.

For legal and compliance teams, the strategic project status carries both benefits and risks. On the benefit side, Recital 42 of the proposal clarifies that Member States may, without prejudice to Articles 107 and 108 TFEU, apply support measures in a proportionate manner to these projects. This opens the door for state aid, but legal teams must coordinate with national authorities to ensure that any public support complies with EU state aid rules, avoiding distortions of competition.

However, the status is conditional and reversible. Article 14(4) of the enacting text states that the Commission may withdraw the designation if the project no longer fulfils the relevant criteria, or if the designation was based on an application containing incorrect information affecting compliance with those criteria. The consequence is severe: projects for which the designation has been withdrawn shall lose all rights connected to that status under the Regulation. Compliance officers must therefore implement ongoing monitoring to ensure that the project continues to meet the substantive criteria (e.g., sustainability standards, capacity contributions, grid stability) throughout its lifetime. The duration of the designation is based on the predicted lifetime of the project, which the applicant must substantiate in the proposal.

Sustainability and KPI Compliance

Sustainability is not merely a corporate social responsibility goal under CADA; it is a regulatory requirement with specific technical metrics. Article 11(1) stipulates that when setting sustainability requirements for data centres deployed in acceleration zones, Member States must use the key performance indicators (KPIs) specified in Commission Delegated Regulation (EU) 2024/1364, pursuant to Directive (EU) 2023/1791. These KPIs cover critical aspects such as Power Usage Effectiveness (PUE), water usage, and carbon emissions.

Legal teams must ensure that technical and operational plans align with these mandatory KPIs. Non-compliance could lead to permit denial or revocation, as well as potential penalties under national laws implementing the energy efficiency directives. The proposal explicitly links the sustainability requirements in acceleration zones to this existing delegated regulation, ensuring a consistent EU-wide standard. Furthermore, Article 11(2) requires that the allocation and use of resources within acceleration zones take place on fair, reasonable, and non-discriminatory terms. This provision is designed to prevent speculative reservation or foreclosure practices capable of impeding effective competition. Compliance officers should monitor land and energy contract structures to avoid practices that could be construed as speculative hoarding or market foreclosure.

Single Information Points and Administrative Coordination

To assist with these complex permitting processes, Article 12 requires Member States to designate single information points (SIPs) for data centre operators in acceleration zones. While the SIP does not grant permits, it assists operators with authorisations, spatial planning, environmental assessments, and network connections throughout the entire lifecycle of the project. Legal teams should engage with the SIP early in the project lifecycle to ensure that all documentation is comprehensive, thereby avoiding delays that could jeopardise the 12-month permit timeline. The SIP also has a role in assessing whether a project may qualify as a strategic project under Article 14, providing a critical link between the permitting and strategic designation processes.

What this means for you

For in-house counsel and compliance officers, CADA transforms data centre deployment from a purely technical and local planning exercise into a strategic legal compliance function. The harmonised framework reduces fragmentation but introduces strict deadlines and conditional statuses that require proactive management.

  1. Audit Your Permitting Strategy: Review your current and planned data centre projects to determine if they will fall within designated acceleration zones. If so, prepare for the 12-month permit deadline under Article 13(5). Ensure your applications are "comprehensive" from day one to avoid procedural delays that could reset the clock.
  2. Verify Baseline Coverage: Work with your technical and real estate teams to confirm that your project's design aligns with the aggregated baseline permit issued by the Member State. Identify any installation-specific requirements early to manage parallel permitting tracks and ensure they do not inadvertently extend the timeline.
  3. Monitor Strategic Project Status: If your organisation applies for or holds strategic project status under Article 14, establish internal compliance checks to ensure continued adherence to the criteria (e.g., sustainability, public benefit, grid contribution). Document all interactions with the Commission and national authorities to mitigate the risk of designation withdrawal under Article 14(4).
  4. Integrate KPIs into Contracts: Ensure that sustainability KPIs from Article 11(1) (referencing Delegated Regulation (EU) 2024/1364) are embedded in construction and operation contracts. Non-compliance with these metrics could trigger regulatory action, permit revocation, or state aid clawbacks.
  5. Engage with Single Information Points: Proactively engage with the national Single Information Point under Article 12 to streamline administrative coordination. Treat the SIP as a key stakeholder in your permitting timeline and strategic project assessment.

Common misconceptions

  • "The 12-month timeline applies to all data centres." Incorrect. The 12-month limit under Article 13(5) applies specifically to data centre projects deployed in acceleration zones. Projects outside these zones may be subject to different, potentially longer, national permitting timelines.
  • "Strategic project status is permanent." Incorrect. Article 14(4) explicitly allows the Commission to withdraw the designation if criteria are no longer met or if the application contained incorrect information. This status is conditional and requires ongoing compliance.
  • "Sustainability is a voluntary best practice." Incorrect. Article 11(1) mandates the use of specific KPIs from Delegated Regulation (EU) 2024/1364 for data centres in acceleration zones. Compliance is a regulatory requirement, not optional.
  • "The Single Information Point grants permits." Incorrect. The SIP under Article 12 provides assistance and coordination. The actual permit-granting authority remains the relevant national or local public authority, adhering to the 12-month timeline.
  • "State aid is automatically granted to strategic projects." Incorrect. While Recital 42 indicates Member States may apply support measures, any such aid must still comply with Articles 107 and 108 TFEU and requires proportionate application to avoid market distortion.

Related

This is general information about a draft EU regulation, not legal advice.