What must Denmark include in its national cloud and AI strategy under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), Denmark is legally required to adopt a national cloud and AI strategy within one year of the Regulation's entry into force, as mandated by Article 7(1). This strategy is not a voluntary policy document but a binding instrument that must explicitly include eight specific elements outlined in Article 7(2). These elements range from the adoption of the 'AI first' principle and measures to support SMEs and Small Mid-Caps (SMCs), to concrete plans for high-intensity computing infrastructure such as AI factories, AI gigafactories, and quantum computers. Once adopted, Denmark must notify the European Commission of the strategy within three months (Article 7(5)) and is obligated to assess and update the strategy at least every three years based on key performance indicators.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, fundamentally alters the strategic planning obligations for EU Member States. While the EU AI Act (Regulation (EU) 2024/1689) regulates the safety and fundamental rights of AI systems, CADA targets the underlying ecosystem: the cloud infrastructure, data-centre capacity, and strategic autonomy required to deploy those systems. For Danish legal counsel, policymakers, and compliance officers, Article 7 of the CADA proposal is the definitive provision governing national strategic planning.

The Binding Obligation to Adopt a National Strategy

Article 7(1) imposes a clear, time-bound obligation on all Member States, including Denmark. The text states: "By [same day as entry into force plus one year], Member States shall establish national cloud and AI strategies (the 'national strategies')." This deadline is absolute. If Denmark has already adopted a strategy that "adequately covers the objectives set out in this Regulation," it is not required to draft a new document from scratch. However, Recital 33 clarifies a critical nuance: "if a Member State identifies gaps in its existing strategy in light of those objectives, it should update it accordingly." Therefore, existing Danish digital strategies must be audited against CADA's specific requirements; if they lack the mandated elements, they must be revised to achieve compliance.

These strategies are not isolated national documents. Article 7(3) requires that "National strategies shall be consistent with the objectives of this Regulation." Furthermore, Article 7(4) mandates that strategies must be "consistent with, and contribute to, the associated digital targets established under Article 4 of Decision (EU) 2022/2481" (the Digital Decade Policy Programme 2030). This includes targets such as the adoption of cloud computing services, big data, and AI by at least 75% of Union enterprises.

The Eight Mandatory Elements of the Strategy

Article 7(2) provides an exhaustive list of eight elements that the Danish national strategy must include. A strategy omitting any of these would be non-compliant with the proposal. The elements are:

1. Objectives, Priorities, and the 'AI First' Principle (Art. 7(2)(a)): The strategy must define "key objectives and priorities for cloud and AI adoption, in line with the 'AI first' principle, as well as a governance and monitoring framework to achieve those objectives and priorities." The 'AI first' principle, as defined in the Apply AI Strategy referenced in the CADA explanatory memorandum, urges organisations to reflect on their business processes and consider the needs and opportunities offered by AI. The strategy must not merely mention this principle but operationalise it through a specific governance framework.

2. Measures for Acceleration and SME/SMC Support (Art. 7(2)(b)): The strategy must include "measures to accelerate the development and adoption of cloud and AI at national, regional and local level, particularly among public sector bodies, SMEs and SMCs, including by supporting the Centres for AI referred to in Article 5 as entry points to the European AI innovation ecosystem." This explicitly targets Denmark's dense ecosystem of small and medium-sized enterprises and small mid-caps, requiring concrete measures to integrate them into the AI value chain via the Experience and Acceleration Centres for AI.

3. Strategic Sector Deployment (Art. 7(2)(c)): Denmark must outline "measures to support the broad deployment and uptake of AI in strategic industrial and public sectors, including in healthcare, energy and mobility." This element ensures the strategy moves beyond general IT modernisation to target specific high-impact sectors identified in the CADA proposal.

4. Data Centre Capacity and Sustainability (Art. 7(2)(d)): The strategy must contain "measures to support the deployment of data centre capacity, with a particular focus on high-value data centres delivering significant economic and societal benefits while adhering to high environmental and energy-efficiency standards." This aligns with CADA's broader Title III on data centre acceleration zones, requiring Denmark to plan for capacity that is both economically valuable and environmentally sustainable.

5. High-Intensity Computing Infrastructure (Art. 7(2)(e)): A critical and specific requirement is "measures to invest in high-intensity computing infrastructure, including AI factories, AI gigafactories and quantum computers as strategic national and cross-border assets supporting research, development and industrial AI deployment across strategic sectors." This element mandates that Denmark's strategy explicitly plans for these advanced infrastructure assets, treating them as strategic national priorities rather than optional commercial ventures.

6. Public Procurement and Innovation (Art. 7(2)(f)): The strategy must include "measures to support the development of cloud and AI capabilities and promote excellence and innovation, including through public procurement measures, and public procurement of innovation measures set out in Article 33." This links the national strategy directly to the procurement obligations in Title IV, Chapter II, Section 3 of CADA, ensuring that public spending drives the ecosystem's development.

7. Open Hardware and Software for Sovereignty (Art. 7(2)(g)): To address the sovereignty objective, the strategy must include "measures to support the development of cloud computing stack technologies built upon open hardware and software to strengthen technological sovereignty and enhance the competitiveness of strategic European industries." This requires Denmark to actively promote open standards and reduce reliance on proprietary third-country technologies.

8. Data Accessibility (Art. 7(2)(h)): Finally, the strategy must include "measures to ensure the accessibility of high-quality data for AI development, notably by preventing data bottlenecks encountered by organisations." This addresses a fundamental barrier to AI adoption, requiring Denmark to plan for data pooling, sharing mechanisms, and the removal of obstacles to data availability.

Notification, Review, and Coordination Obligations

Adopting the strategy is only the initial step. Article 7(5) establishes a rigorous lifecycle for the document:

• Notification Deadline: "The Member States shall notify the Commission of their national strategies within three months of their adoption." For Denmark, this means that once the strategy is formally adopted by the relevant Danish authorities, a formal notification must be sent to the European Commission within 90 days.
• Review Cycle: "Member States shall assess their national strategies at least every three years on the basis of key performance indicators and, where necessary, update them." This is not a passive review; it requires an active assessment against KPIs and a commitment to update the strategy if it no longer meets CADA's objectives.
• Commission Monitoring: The Commission is tasked to "monitor the adoption and revision of the national strategies," ensuring that Denmark and other Member States remain on track.

Article 7(6) further integrates this process with the broader EU AI governance framework. It states that "The European Artificial Intelligence Board established by Regulation (EU) 2024/1689 (the 'AI Board') shall advise and assist the Member States as regards the coordination of national strategies." The AI Board will facilitate the exchange of best practices, ensuring that Denmark's strategy aligns with the evolving EU-wide approach to AI adoption.

Implications for the Danish Ecosystem

For Denmark, these requirements necessitate a coordinated, cross-ministerial effort. The strategy must bridge the gap between high-level EU targets and local implementation. The focus on SMEs and SMCs is particularly significant given the structure of the Danish economy. The requirement to support these entities via the Centres for AI (Article 5) suggests that Denmark must leverage its existing innovation hubs to act as entry points for the European AI ecosystem.

The mandate to invest in high-intensity computing infrastructure (AI factories, gigafactories, quantum computers) implies that Denmark must plan for significant, long-term infrastructure projects. These are not merely IT upgrades but strategic assets that require integration with national energy grids, cross-border cooperation, and substantial public or private investment. The requirement for open hardware and software further suggests a shift in procurement and development policies to prioritise sovereignty and reduce dependency on non-EU providers.

What this means for you

For in-house counsel, compliance officers, and strategic planners in Denmark, the adoption of the national cloud and AI strategy under Article 7 of CADA has direct operational implications:

1. Monitor the National Strategy Timeline: Track the Danish government's progress in adopting the national strategy. Once published, conduct a gap analysis to understand how the specific measures (e.g., public procurement criteria, data accessibility initiatives) will affect your organisation's operations.
2. Align with the 'AI First' Principle: Proactively review your organisation's digital transformation roadmap. Ensure that AI is not treated as an add-on but is integrated into core business processes, aligning with the 'AI first' principle that the national strategy will enforce.
3. Prepare for Procurement Shifts: If your organisation supplies the Danish public sector, anticipate changes in tender criteria. The national strategy will likely mandate the use of sovereign cloud services (Union assurance levels) and favour providers contributing to European technological sovereignty, as per Article 32.
4. Leverage SME/SMC Support Mechanisms: If your organisation is an SME or SMC, actively engage with the measures outlined in the strategy. Look for opportunities to access the Centres for AI for testing, skills development, and innovation support, as these are the primary vehicles for implementation.
5. Data Governance Readiness: Review your data governance frameworks. The strategy's focus on preventing "data bottlenecks" may lead to new obligations or incentives for data sharing and pooling. Ensure your data practices are robust, high-quality, and compliant with GDPR to meet the strategy's accessibility goals.

Common misconceptions

Misconception 1: The national strategy is a voluntary policy paper. Correction: Article 7(1) creates a binding legal obligation. Member States shall establish these strategies. Failure to adopt a compliant strategy within the one-year deadline could lead to infringement proceedings by the European Commission.

Misconception 2: Existing Danish digital strategies are automatically sufficient. Correction: While Recital 33 allows for the use of existing strategies, they must "adequately cover the objectives set out in this Regulation." If an existing strategy lacks the eight mandatory elements of Article 7(2) (e.g., specific plans for AI factories or open hardware), it must be updated. A generic digital strategy is not a substitute for a CADA-compliant cloud and AI strategy.

Misconception 3: The strategy only concerns the public sector. Correction: While public bodies are the primary actors in procurement, Article 7(2)(b) and (c) explicitly require measures to support SMEs, SMCs, and strategic industrial sectors. The strategy is designed to drive ecosystem-wide adoption, impacting the private sector significantly.

Misconception 4: High-intensity compute (AI factories) is only for large tech giants. Correction: Article 7(2)(e) identifies these as "strategic national and cross-border assets supporting research, development and industrial AI deployment across strategic sectors." The infrastructure is intended to serve a broad range of industries, including healthcare, energy, and mobility, not just large technology corporations.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• GDPR (Regulation (EU) 2016/679)
• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• What must Sweden include in its national cloud and AI strategy under CADA?
• What must Spain include in its national cloud and AI strategy under CADA?
• What must Slovenia include in its national cloud and AI strategy under CADA?
• What must Slovakia include in its national cloud and AI strategy under CADA?
• What must Romania include in its national cloud and AI strategy under CADA?

This is general information about a draft EU regulation, not legal advice.