What must Croatia include in its national cloud and AI strategy under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), Croatia is legally required to adopt a national cloud and AI strategy within one year of the regulation's entry into force. As proposed in Article 7, this strategy is not a voluntary political declaration but a binding framework containing eight mandatory elements defined in Article 7(2). These elements range from embedding the "AI first" principle to concrete measures for deploying data centre capacity and investing in high-intensity computing infrastructure like AI factories, AI gigafactories, and quantum computers. Crucially, Croatia must notify the European Commission of its adopted strategy within three months and review it at least every three years based on key performance indicators. Failure to align with these requirements could jeopardise Croatia's access to EU funding streams and create compliance risks for public bodies in future cloud procurement.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, represents a significant shift in how Member States must govern their digital ecosystems. For Croatia, as for all Member States, the proposal imposes a specific, time-bound obligation to create a coordinated national roadmap. This roadmap is the national cloud and AI strategy, mandated by Article 7 of the proposal.

The Legal Obligation: Article 7 of CADA

Article 7(1) establishes a strict timeline: Member States shall establish national cloud and AI strategies by the date of entry into force of the Regulation plus one year. This is not a suggestion but a legislative requirement designed to ensure that national policies are coherent with the Union's objectives of strengthening the cloud and AI ecosystem, reducing dependencies, and ensuring strategic autonomy.

The regulation explicitly rejects a "one-size-fits-all" approach that ignores national specifics, yet it refuses to leave the content of these strategies to unfettered national discretion. Article 7(2) sets out a definitive list of eight mandatory elements that every national strategy must include. For Croatia, this means the strategy cannot be a high-level political document; it must contain actionable, measurable measures across eight specific domains.

The Eight Mandatory Elements of the National Strategy

According to Article 7(2), Croatia's national cloud and AI strategy must include at least the following eight elements:

1. Objectives, Priorities, and Governance (Article 7(2)(a)) The strategy must define key objectives and priorities for cloud and AI adoption. Crucially, these must align with the "AI first" principle. As defined in the Apply AI Strategy and referenced in CADA, this principle urges organisations to reflect on their business processes by considering the needs and opportunities offered by AI, while simultaneously accounting for potential risks. The strategy must also include a governance and monitoring framework to achieve these objectives, ensuring that the strategy is not merely a static document but a dynamic tool for implementation.

2. Acceleration at National, Regional, and Local Levels (Article 7(2)(b)) Measures must be included to accelerate the development and adoption of cloud and AI at all administrative levels. This specifically targets public sector bodies, small and medium-sized enterprises (SMEs), and small mid-caps (SMCs). The strategy must explicitly support the Centres for AI (established under Article 5 of CADA) as entry points to the European AI innovation ecosystem. This ensures that Croatian SMEs and SMCs have direct access to the expertise, testing facilities, and skills development needed to compete in the digital single market.

3. Strategic Industrial and Public Sector Deployment (Article 7(2)(c)) The strategy must support the broad deployment and uptake of AI in strategic industrial and public sectors. The proposal explicitly names healthcare, energy, and mobility as priority areas. For Croatia, this implies a need to map national industrial strengths and public service needs against these sectors, ensuring that AI adoption is targeted where it delivers the highest societal and economic value.

4. Data Centre Capacity Deployment (Article 7(2)(d)) A core pillar of CADA is the physical expansion of infrastructure. Croatia's strategy must include measures to support the deployment of data centre capacity. The text specifies a focus on "high-value data centres" that deliver significant economic and societal benefits while adhering to high environmental and energy-efficiency standards. This aligns with the broader CADA objective to triple EU data centre capacity in the next five to seven years.

5. High-Intensity Computing Infrastructure (Article 7(2)(e)) Beyond standard data centres, the strategy must address the need for high-intensity computing. This includes measures to invest in AI factories, AI gigafactories, and quantum computers. These are to be treated as strategic national and cross-border assets supporting research, development, and industrial AI deployment across strategic sectors. For Croatia, this may involve identifying sites suitable for such facilities and creating incentives for their establishment.

6. Cloud and AI Capabilities and Procurement (Article 7(2)(f)) The strategy must support the development of cloud and AI capabilities and promote excellence and innovation. This includes specific measures related to public procurement, particularly the public procurement of innovation measures set out in Article 33 of CADA. This element ensures that public spending is leveraged to drive market innovation and support European providers.

7. Open Hardware and Software Stacks (Article 7(2)(g)) To strengthen technological sovereignty, the strategy must include measures to support the development of cloud computing stack technologies built upon open hardware and software. This aims to enhance the competitiveness of strategic European industries and reduce reliance on proprietary, closed ecosystems. For Croatia, this could involve supporting local open-source communities or mandating open standards in public IT projects.

8. Data Accessibility (Article 7(2)(h)) Finally, the strategy must ensure the accessibility of high-quality data for AI development. This involves measures to prevent data bottlenecks encountered by organisations, ensuring that data is available for training and fine-tuning AI models. This is critical for Croatia to ensure its researchers and businesses can access the data necessary to build competitive AI solutions.

The "AI First" Principle in Practice

The "AI first" principle is a recurring theme in CADA and is explicitly embedded in Article 7(2)(a) as a mandatory component of the national strategy. It is not merely a suggestion but a foundational element. For Croatian public bodies and supported industries, this means proactively integrating AI considerations into business process redesigns, rather than treating AI as an afterthought. However, the principle is balanced: organisations must consider the needs and opportunities offered by AI while simultaneously accounting for potential risks. This dual focus ensures that adoption is both ambitious and responsible.

Focus on SMEs and Small Mid-Caps (SMCs)

CADA places significant emphasis on supporting smaller entities to prevent market concentration. Article 7(2)(b) explicitly requires measures to accelerate adoption among SMEs and SMCs. This aligns with the broader CADA goal of fostering a diverse European cloud market. Croatia's strategy must therefore include concrete support mechanisms—such as access to the Centres for AI, training schemes, and simplified procurement routes—to help these entities adopt cloud and AI technologies without being locked into dominant third-country providers.

Data Centres and High-Intensity Compute

The proposal links national strategy directly to physical infrastructure. Article 7(2)(d) and (e) require Croatia to plan for the deployment of data centres and high-intensity compute facilities. This is not just about building space; it is about ensuring these facilities are energy-efficient, sustainable, and strategically located. The mention of AI factories and gigafactories signals a need for large-scale, specialised infrastructure capable of supporting frontier AI training and inference workloads. Croatia must consider how its national strategy aligns with the EU's goal of tripling data centre capacity in the next five to seven years, ensuring that national investments contribute to the Union's overall capacity gap reduction.

Notification and Review Obligations

Adopting the strategy is only the first step. Article 7(5) imposes strict procedural obligations on Croatia:

• Notification: Croatia must notify the Commission of its national strategies within three months of their adoption. This ensures the Commission can monitor consistency across the Union.
• Review Cycle: Croatia must assess their national strategies at least every three years on the basis of key performance indicators.
• Updates: If gaps are identified during the review, Croatia must update them accordingly.
• Monitoring: The Commission shall monitor the adoption and revision of the national strategies, ensuring that Member States remain on track.

Role of the European Artificial Intelligence Board

The European Artificial Intelligence Board (AI Board), established by the AI Act, plays a central role in this process. Article 7(6) states that the AI Board shall advise and assist the Member States as regards the coordination of national strategies. It shall also facilitate exchange of best practices among Member States. This means Croatia's strategy will not be developed in isolation; it will be subject to peer review and guidance from the AI Board to ensure consistency across the Union and alignment with the broader AI policy framework.

Consequences of Non-Alignment

While CADA does not specify direct fines for failing to adopt a national strategy, the implications are significant. The national strategy is the roadmap for accessing EU funding and support under the Cloud and AI Leadership Initiatives. Misalignment could result in Croatia missing out on critical investments in AI factories, data centres, and public cloud infrastructure. Furthermore, the strategy informs public procurement rules (Articles 30–32). If Croatia's strategy does not properly identify public order risks and map them to Union assurance levels, its public bodies may fail to procure sovereign cloud services as required, leading to operational and legal vulnerabilities.

What this means for you

For in-house counsel, compliance officers, and strategic planners in Croatia, the adoption of the national cloud and AI strategy is a critical compliance milestone.

• Monitor the Timeline: You must track the entry into force of CADA. Croatia has one year from that date to adopt its strategy. Ensure your organisation is prepared to align its internal cloud and AI policies with the "AI first" principle and the specific measures outlined in the national strategy.
• Public Sector Procurement: If you work for a public body, your procurement processes for cloud computing services and AI systems will be directly influenced by the national strategy. Article 30 requires public bodies to procure cloud services that meet specific Union assurance levels based on risk assessments. Your legal team must ensure that procurement documents reflect these sovereignty requirements, which will be shaped by the national strategy.
• SME and SMC Support: If you represent an SME or SMC, look for opportunities under the national strategy to access support from the Centres for AI. These centres will provide expertise, testing, and skills support to help you adopt European cloud and AI solutions, as mandated by Article 7(2)(b).
• Data Centre Investments: For entities involved in infrastructure, the national strategy will highlight priorities for data centre deployment, including sustainability and energy efficiency. Ensure your projects align with these national priorities to qualify for strategic project designation and potential EU funding.
• Engage with the AI Board: Stay informed about guidance from the European Artificial Intelligence Board. Their recommendations will shape the interpretation and implementation of the national strategy, affecting how compliance is assessed across the EU.

Common misconceptions

"The national strategy is optional." No. Article 7(1) makes it mandatory for all Member States, including Croatia, to establish a national cloud and AI strategy within one year of CADA's entry into force.

"The strategy is only about public sector adoption." No. While public sector adoption is a key component, Article 7(2)(b) and (c) explicitly require measures to support SMEs, SMCs, and strategic industrial sectors. The strategy is a holistic roadmap for the entire national ecosystem.

"'AI first' means adopting AI at all costs." No. The "AI first" principle requires organisations to consider AI opportunities but also to assess risks. It is not a mandate to use AI indiscriminately but a framework for integrating AI responsibly into business processes, as stated in Article 7(2)(a).

"Croatia can design its strategy in isolation." No. Article 7(6) establishes the role of the AI Board in advising and assisting Member States. Croatia's strategy must be consistent with EU objectives and will be subject to coordination and best-practice exchange at the Union level.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)

Related

• What must Sweden include in its national cloud and AI strategy under CADA?
• What must Spain include in its national cloud and AI strategy under CADA?
• What must Slovenia include in its national cloud and AI strategy under CADA?
• What must Slovakia include in its national cloud and AI strategy under CADA?
• What must Romania include in its national cloud and AI strategy under CADA?

This is general information about a draft EU regulation, not legal advice.