Summary Under the proposed Cloud and AI Development Act (CADA), a "data centre service" is not defined by CADA itself; it is defined by reference. As proposed in Article 2(12), a "data centre service" means a data centre service as defined in Article 6, point (31), of Directive (EU) 2022/2555 (the NIS2 Directive) β€” broadly, the provision of facilities for the housing, interconnection and operation of information and communication technology (ICT) infrastructure. As proposed, it is distinct from a "cloud computing service" (Article 2(1), itself referencing NIS2 Article 6, point (30)): a data centre service provides the physical and network foundation, while a cloud computing service adds the on-demand, scalable compute, storage and software layers on top.

Detail

CADA, COM(2026) 502 final, is a proposal β€” not yet in force. It aims to strengthen Europe's cloud and AI ecosystem by addressing dependencies, increasing compute capacity and supporting sovereignty. To do that, it would establish a precise legal vocabulary that separates the physical infrastructure of the digital economy from the services running on it. The definition of "data centre service" matters because, as proposed, it helps determine which obligations apply β€” for example those tied to acceleration zones, permitting and strategic-project designation.

The legal definition (Article 2(12))

As proposed, CADA does not create a new, standalone definition. It incorporates an existing one by reference. Article 2(12) provides:

"β€˜data centre service’ means data centre service as defined in Article 6, point (31), of Directive (EU) 2022/2555;"

Directive (EU) 2022/2555 is the NIS2 Directive. By pointing to it, CADA would align its terminology with the EU's broader cybersecurity and resilience framework. Under NIS2, a data centre service concerns the provision of facilities for the housing, interconnection and operation of ICT infrastructure β€” covering:

  1. Housing: the physical space, power, cooling and security systems required to house ICT equipment.
  2. Interconnection: the network connectivity that allows data to flow between servers, users and other networks.
  3. Operation: the management and maintenance of the physical and network infrastructure.

This definition focuses on the infrastructure layer β€” the "pipes and power" that enable digital services β€” not the digital services themselves.

Distinction from cloud computing services

As proposed, CADA treats data centre services and cloud computing services as distinct concepts with different regulatory treatment.

  • Data centre service: the physical and network foundation. A provider supplies rack space, electricity, cooling and network links, but does not necessarily manage the virtual machines, storage volumes or software running on the housed servers.
  • Cloud computing service: defined in Article 2(1) of CADA by reference to NIS2 Article 6, point (30), a cloud computing service is a digital service enabling on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources β€” including compute, storage and software.

In practice, a cloud provider often relies on a data centre service to host its physical servers, then adds virtualisation, orchestration and software so customers can consume computing power remotely. As proposed, the entity providing the cloud computing service faces the sovereignty and procurement rules (such as the Union assurance levels) that do not apply in the same way to the entity merely providing the data centre service.

Why the distinction matters in CADA

As proposed, CADA introduces specific measures for data centres that would not apply to cloud services in the same way:

  • Acceleration zones: Member States would be obliged to designate "data centre acceleration zones" (Article 10), with the conditions inside those zones set out in Article 11, to facilitate rapid deployment of data centre capacity. These rules focus on physical deployment, grid connection and permitting, and apply to data centre operators deploying infrastructure rather than to cloud providers who may rent it.
  • Strategic projects: the Commission could designate certain data centre projects as "strategic projects" (Article 14). This designation would apply to the physical data centre project, not the cloud services hosted within it.
  • Sovereignty framework: cloud computing services would be assessed under the Union cloud computing sovereignty framework and its four assurance levels (Article 16), whereas data centre services are not directly assessed under that framework in the same manner. Data centre operators would still be subject to other applicable cybersecurity and operational requirements.

Implications for operators

For businesses in the EU, correctly classifying a service would be essential. A colocation provider offering rack space and power is likely a data centre service provider; a provider offering virtual machines or storage-as-a-service is likely a cloud computing service provider. Some firms do both, and as proposed would need to comply with both sets of rules: the infrastructure-focused rules for their data centre services and the sovereignty-focused rules for their cloud computing services.

What this means for you

If you are a data centre operator or a cloud service provider, the definition would have direct operational and compliance implications under the proposed CADA:

  1. Regulatory classification: determine whether your offering is a "data centre service" or a "cloud computing service." Colocation points primarily to the data centre provisions (acceleration zones, permitting); IaaS, PaaS or SaaS point to the cloud sovereignty framework.
  2. Permitting and deployment: deploying new capacity in an acceleration zone would bring facilitated administrative and permit-granting processes (Article 13) and single information points (Article 12). These benefits attach to the physical deployment, not to any cloud services you host.
  3. Strategic-project eligibility: a data centre project may qualify as a strategic project (Article 14), which could ease access to support and faster processing. This would apply to the data centre infrastructure, not the cloud layer.
  4. Sovereignty compliance: as proposed, a cloud service provider seeking to meet higher public-sector requirements would seek recognition under a Union assurance level (Article 17). Data centre service providers would not need that recognition for their infrastructure services, but their facilities still need to meet the security and operational standards that cloud providers depend on.
  5. Hybrid models: if you offer both colocation and cloud, you would manage compliance separately β€” physical-infrastructure rules for the data centre side, sovereignty and procurement rules for the cloud side.

Common misconceptions

  • Misconception: data centre services and cloud services are the same under CADA.
    • Reality: as proposed, CADA distinguishes them. Data centre services concern physical infrastructure (housing, interconnection, operation); cloud services concern scalable, on-demand computing resources. They have separate definitions in Article 2 and face different requirements.
  • Misconception: only cloud providers need to worry about sovereignty.
    • Reality: the Union assurance levels (Article 16) apply to cloud computing services, but data centre operators are not immune to regulation generally β€” and cloud providers will, in practice, require their data centre partners to meet security and operational standards needed for recognition.
  • Misconception: CADA defines "data centre service" in detail in its own text.
    • Reality: it does not. Article 2(12) references the definition in NIS2 (Article 6, point (31), of Directive (EU) 2022/2555).
  • Misconception: data centre operators are outside CADA.
    • Reality: as proposed, they are central actors, subject to rules on acceleration zones (Article 10), single information points (Article 12), facilitated permitting (Article 13) and strategic-project designation (Article 14), even though they are not assessed under the cloud assurance levels.

Related

This is general information about a draft EU regulation, not legal advice.