What must Greece include in its national cloud and AI strategy under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), Greece is legally required to adopt a national cloud and AI strategy within one year of the regulation's entry into force. This strategy is not a voluntary policy document but a binding instrument that must explicitly include eight mandatory elements defined in Article 7(2). These range from adopting an 'AI first' principle to concrete measures for data centre capacity and high-intensity computing infrastructure (including AI factories, gigafactories, and quantum computers). Crucially, Greece must notify the European Commission of the adopted strategy within three months and is obligated to review and update it at least every three years based on key performance indicators.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, establishes a harmonised framework to strengthen the Union's cloud and AI ecosystem. A cornerstone of this framework is the requirement for Member States to align their national policies with EU-wide strategic objectives through formalised national strategies. Article 7 of the proposal specifically mandates the establishment of these "national cloud and AI strategies." For Greece, as for all Member States, this represents a shift from ad-hoc digital initiatives to a structured, legally binding strategic planning obligation.

Deadlines and Notification Obligations

The timeline for compliance is strict and clearly defined in the proposal. Article 7(1) stipulates that Member States shall establish their national strategies by a date corresponding to one year after the entry into force of the Regulation. This creates a fixed window for Greece to draft, consult on, and formally adopt its strategy.

Once adopted, the obligation to inform the Union is immediate. Article 7(5) requires Greece to notify the Commission of its national strategy within three months of its adoption. This notification is not merely administrative; it triggers the Commission's monitoring role. The Commission is tasked with monitoring both the initial adoption and subsequent revisions to ensure consistent implementation across the Union.

Furthermore, the strategy is a living document. Article 7(5) mandates that Member States must assess their national strategies at least every three years. This assessment must be based on key performance indicators (KPIs) and, where necessary, the strategy must be updated to reflect technological developments or changing market conditions. This cyclical review ensures that Greece's strategy remains relevant to the rapidly evolving cloud and AI landscape.

The 'AI First' Principle

A foundational requirement of the Greek strategy, explicitly listed in Article 7(2)(a), is the inclusion of key objectives and priorities for cloud and AI adoption in line with the 'AI first' principle. This principle is not a vague aspiration but a defined regulatory concept. As referenced in the CADA explanatory memorandum and the Apply AI Strategy, the 'AI first' principle "urges organisations to reflect on their business processes, considering the needs and opportunities offered by AI, while taking into consideration the potential risks."

For Greece, this means the national strategy must explicitly articulate how this principle will be operationalised. It is not enough to mention AI; the strategy must demonstrate a systematic approach where AI is considered a primary tool for solving public and industrial challenges. Additionally, Article 7(2)(a) requires the strategy to include a governance and monitoring framework to achieve these objectives, ensuring that the 'AI first' principle is backed by accountability mechanisms.

The Eight Mandatory Elements of the National Strategy

Article 7(2) sets out a comprehensive list of elements that the national strategy must include. While the text uses the phrase "at least the following," the specific enumeration of eight distinct points (a) through (h) creates a definitive checklist for compliance. For Greece, the strategy must explicitly address the following eight areas:

1. Governance and 'AI First' Adoption (Article 7(2)(a)): The strategy must define the key objectives and priorities for cloud and AI adoption, explicitly aligned with the 'AI first' principle. Crucially, it must also establish a governance and monitoring framework to ensure these objectives are met. This provides the structural backbone for the entire strategy.

2. Acceleration at All Levels (Article 7(2)(b)): Greece must include measures to accelerate the development and adoption of cloud and AI at national, regional, and local levels. This element specifically targets public sector bodies, small and medium-sized enterprises (SMEs), and small mid-cap enterprises (SMCs). A key mechanism identified in the proposal is the support of the Experience and Acceleration Centres for AI (formerly European Digital Innovation Hubs), which serve as entry points to the European AI innovation ecosystem for these entities.

3. Strategic Industrial and Public Sectors (Article 7(2)(c)): The strategy must include measures to support the broad deployment and uptake of AI in strategic industrial and public sectors. The proposal explicitly highlights healthcare, energy, and mobility as priority areas. This ensures that AI adoption is not limited to general IT but is deeply integrated into sectors critical to the economy and public welfare.

4. Data Centre Capacity (Article 7(2)(d)): A critical infrastructure component, the strategy must include measures to support the deployment of data centre capacity. This is not a generic reference to storage; the proposal specifies a focus on high-value data centres that deliver significant economic and societal benefits. Furthermore, these data centres must adhere to high environmental and energy-efficiency standards, aligning with the EU's broader sustainability goals.

5. High-Intensity Computing Infrastructure (Article 7(2)(e)): Greece must include measures to invest in high-intensity computing infrastructure. This is a specific mandate to support advanced computational assets. The proposal explicitly lists AI factories, AI gigafactories, and quantum computers as examples of such infrastructure. These are to be treated as strategic national and cross-border assets that support research, development, and industrial AI deployment across strategic sectors.

6. Cloud and AI Capabilities via Procurement (Article 7(2)(f)): The strategy must support the development of cloud and AI capabilities and promote excellence and innovation. This includes specific measures related to public procurement and the public procurement of innovation as set out in Article 33 of CADA. This links the national strategy directly to the Union's procurement framework, ensuring that public spending drives innovation.

7. Open Hardware and Software (Article 7(2)(g)): Measures must be included to support the development of cloud computing stack technologies built upon open hardware and software. The explicit goal of this element is to strengthen technological sovereignty and enhance the competitiveness of strategic European industries. This reflects CADA's broader objective of reducing dependencies on non-EU providers.

8. Data Accessibility (Article 7(2)(h)): Finally, the strategy must ensure the accessibility of high-quality data for AI development. This includes measures to prevent data bottlenecks encountered by organisations. Ensuring that data availability does not hinder AI progress is a prerequisite for the successful implementation of the other elements.

Consistency with EU Objectives and Digital Decade Targets

The Greek strategy cannot exist in a vacuum. Article 7(3) requires that the national strategy be consistent with the objectives of this Regulation. Furthermore, Article 7(4) mandates that Member States ensure their strategies are consistent with, and contribute to, the associated digital targets established under Decision (EU) 2022/2481 (the Digital Decade Policy Programme 2030).

This alignment ensures that Greece's national efforts contribute to Union-wide goals, such as the target for 75% of Union enterprises to adopt cloud computing services and the deployment of 10,000 climate-neutral highly secure edge nodes. The strategy must therefore be designed to help Greece meet these specific quantitative targets.

Role of the European Artificial Intelligence Board

Coordination is key to the success of this framework. Article 7(6) establishes the role of the European Artificial Intelligence Board (AI Board), which was established by the AI Act (Regulation (EU) 2024/1689). The AI Board shall advise and assist Member States, including Greece, regarding the coordination of national strategies. Additionally, the Board shall facilitate the exchange of best practices among Member States. This ensures that Greece can learn from the experiences of other Member States and that the Union maintains a coherent approach to cloud and AI policy.

What this means for you

For legal counsel, compliance officers, and strategic planners in Greece, Article 7 of the proposed CADA represents a significant regulatory shift from voluntary digital guidelines to binding strategic planning obligations.

Strategic Alignment and Monitoring: Organisations must ensure their digital transformation roadmaps align with the forthcoming Greek national cloud and AI strategy. Since the strategy must include specific measures for SMEs and SMCs (Article 7(2)(b)), businesses in these categories should anticipate tailored national incentives or requirements. Compliance officers should monitor the Greek government's notification to the Commission (due within three months of adoption) to understand the specific local implementation measures and KPIs that will be used for the triennial review.

Procurement and Supply Chain Implications: The national strategy must include measures to support cloud and AI capabilities through public procurement (Article 7(2)(f)). For businesses supplying the public sector, this signals that procurement processes will increasingly prioritise sovereign, open-source, and EU-designed technologies. Compliance teams should prepare for tender processes that evaluate contributions to the European cloud and AI ecosystem, as mandated by Article 33.

Infrastructure and Data Governance: With mandates for investing in AI factories, gigafactories, and quantum computers (Article 7(2)(e)), and ensuring high-quality data accessibility (Article 7(2)(h)), organisations should anticipate a more robust national digital infrastructure. However, this also implies stricter scrutiny on data governance and energy efficiency in data centre operations. Companies operating data centres or providing high-intensity compute services must ensure their projects align with the "high-value" and "energy-efficiency" criteria specified in the strategy.

Ongoing Compliance: Since the strategy must be reviewed every three years (Article 7(5)), compliance frameworks cannot be static. Legal teams should establish internal processes to regularly assess changes in the national strategy and adjust corporate AI governance policies accordingly. The requirement to update the strategy based on KPIs means that performance metrics will be central to future compliance.

Common misconceptions

Misconception 1: The national strategy is optional or merely advisory. Some may believe that national strategies are soft-law instruments or policy suggestions. However, Article 7(1) uses the mandatory language "Member States shall establish," making this a binding legal obligation under the proposed regulation. Failure to adopt a compliant strategy could lead to infringement proceedings by the Commission.

Misconception 2: 'AI First' is a marketing slogan rather than a regulatory requirement. The 'AI first' principle is not just a cultural initiative; it is a mandated component of the national strategy's objectives and priorities (Article 7(2)(a)). Organisations, particularly in the public sector and strategic industries, will be expected to demonstrate how they have integrated this principle into their business processes as part of the national strategy's governance framework.

Misconception 3: Greece can ignore existing national strategies. If Greece has already adopted a national strategy that adequately covers the objectives of CADA, it may not need to adopt a completely new one. However, Article 7(3) and the general principles of the proposal imply that any existing strategy must be updated if gaps are identified. Compliance officers should not assume that current policies are sufficient; they must be rigorously evaluated against the eight mandatory elements of Article 7(2).

Misconception 4: The strategy only affects the public sector. While the strategy includes measures for public sector bodies, Article 7(2)(b) and (c) explicitly mention SMEs, SMCs, and strategic industrial sectors. The private sector, especially those operating in healthcare, energy, and mobility, will be directly impacted by the measures designed to accelerate AI adoption in these areas.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• What must Sweden include in its national cloud and AI strategy under CADA?
• What must Spain include in its national cloud and AI strategy under CADA?
• What must Slovenia include in its national cloud and AI strategy under CADA?
• What must Slovakia include in its national cloud and AI strategy under CADA?
• What must Romania include in its national cloud and AI strategy under CADA?

This is general information about a draft EU regulation, not legal advice.