Summary As proposed, if a Member State is deploying data centre capacity but fails to designate at least one data centre acceleration zone, it would breach the mandatory obligation in Article 10(1) of the Cloud and AI Development Act (CADA). The proposal sets no specific financial penalty on Member States for this failure; because CADA would be a directly applicable Regulation, enforcement would instead run through the standard EU infringement route (Article 258 TFEU), potentially ending before the Court of Justice. The practical knock-on effect is that operators in that Member State would not get the streamlined zone benefits (single information point, aggregated baseline permit, 12-month permit cap).

Detail

The proposed Cloud and AI Development Act (CADA) sets out, in Title III, a framework to accelerate data centre deployment across the EU. A cornerstone is the requirement that Member States designate "data centre acceleration zones." As proposed, the obligation is not discretionary where deployment is occurring.

The mandatory obligation Article 10(1) ties the duty to activity, not intent. The text provides: "Where data centre capacity is being deployed within the territory of a Member State, that Member State shall designate at least one data centre acceleration zone ('acceleration zone') within its territory." So if a Member State allows or facilitates data centre deployment on its soil, it would have to designate at least one zone. Failing to do so would defeat the Regulation's core acceleration mechanism.

Deadline and timing Article 10(1) requires designation "by [P.O. insert the date of entry into force of this Regulation plus 6 months]." As proposed, Member States would therefore have a six-month window from entry into force. A Member State that took no action within that window, while data centre capacity was being deployed in its territory, would be in non-compliance.

Enforcement and consequences CADA does not lay down a specific administrative fine on Member States that miss the Article 10(1) deadline. (The penalty provision in Article 24 is different in kind: it requires Member States to set penalties for infringements of the sovereignty Chapter of Title IV by cloud computing service providers — not penalties on Member States themselves.) Enforcement of the Article 10 obligation would instead rest on general EU law.

As a Regulation, CADA would be directly applicable and binding in its entirety once in force. If a Member State missed the deadline, the European Commission could open infringement proceedings under Article 258 TFEU. That process typically runs:

  1. Letter of formal notice: the Commission asks the Member State to explain and to comply.
  2. Reasoned opinion: if the response is unsatisfactory, the Commission sets out the breach and a deadline to comply.
  3. Referral to the Court of Justice: if non-compliance persists, the Commission may refer the case to the CJEU.
  4. Financial penalties: under Article 260 TFEU, the CJEU can impose a lump sum and/or periodic penalty payments where a Member State fails to comply with its judgment.

This is a slower, indirect mechanism than a self-executing fine, so non-compliance could persist for some time before any financial consequence bites.

Impact on data centre operators The failure also harms operators. Without a designated zone, an operator could not access the zone-specific benefits CADA would create: the single information point (Article 12), the aggregated baseline permit and the 12-month maximum permit-granting timeline (Article 13). The likely result is slower, more fragmented permitting and greater investment uncertainty — the opposite of what the proposal aims to achieve.

What this means for you

For in-house counsel and compliance officers at data centre operators or cloud service providers, a Member State's failure to designate creates regulatory and operational risk.

Operational uncertainty. If you plan to deploy in a Member State that has missed the Article 10(1) deadline, the zone-based regime may simply not be available: no aggregated baseline permit, no guaranteed 12-month permit ceiling under Article 13(5), and no single information point under Article 12. Build the resulting administrative friction into your timelines and budget.

Engagement with authorities. Ask national competent authorities about the status of any designation and whether interim arrangements exist. Document those interactions; persistent non-designation can be raised in dialogue with the Commission and may inform infringement scrutiny.

Contractual protection. Review investment and construction contracts for change-in-law and delay provisions that could respond to the absence of a designated zone.

Monitoring Commission action. Track any infringement proceedings against the Member State. The public record can indicate the severity of the breach and the likely timeline to resolution, which feeds your assessment of that jurisdiction's viability.

Common misconceptions

Misconception 1: Designation is optional. Article 10(1) makes it conditional on deployment ("Where data centre capacity is being deployed"), but where deployment is occurring it is mandatory, not a voluntary best practice.

Misconception 2: Member States face immediate fines. CADA sets no automatic financial penalty on a Member State for missing the deadline. Consequences run through the Commission and, ultimately, the CJEU under Articles 258 and 260 TFEU — a process that can be slow.

Misconception 3: Existing data centres automatically fall inside a zone. Designation does not retroactively pull every existing facility into a zone. A zone is a defined area where the streamlined procedures apply; facilities outside it would not automatically get those benefits.

Related

This is general information about a draft EU regulation, not legal advice.