What must Hungary include in its national cloud and AI strategy under CADA?

Under the proposed Cloud and AI Development Act (CADA), Hungary, like all EU Member States, must adopt a national cloud and AI strategy within one year of

Summary Under the proposed Cloud and AI Development Act (CADA), Hungary, like all EU Member States, must adopt a national cloud and AI strategy within one year of the Regulation's entry into force. As proposed in Article 7, this strategy is not a voluntary guideline but a binding instrument that must include eight specific mandatory elements, ranging from governance frameworks to measures for SMEs/SMCs and high-intensity compute infrastructure (AI factories, gigafactories, quantum). The strategy must align with the "AI first" principle and be notified to the European Commission within three months of adoption, with mandatory reviews at least every three years.

Detail

The Cloud and AI Development Act (CADA), proposed in COM(2026) 502 final, establishes a unified framework to strengthen Europe's cloud and AI ecosystem. A cornerstone of this framework is the obligation for Member States to coordinate national efforts with EU-wide sovereignty objectives through a structured national strategy. For Hungary, this represents a shift from ad-hoc digital initiatives to a legally mandated, comprehensive strategic plan.

The Deadline and Legal Basis

According to Article 7(1) of the proposed Regulation, Member States shall establish national cloud and AI strategies (the "national strategies") by a specific deadline: one year after the date of entry into force of the Regulation. The Regulation itself enters into force on the twentieth day following its publication in the Official Journal of the European Union, as stipulated in Article 48. Consequently, Hungary has a strict one-year window from the date of publication to finalize, adopt, and publish its strategy.

The strategy must be consistent with the objectives of the Regulation (Article 7(3)) and must contribute to the digital targets established under the Digital Decade Policy Programme 2030 (Article 7(4)). Recital 33 clarifies that if Hungary has already adopted a national strategy that adequately covers these objectives, it is not required to adopt a completely new document. However, the Member State must update any existing strategy to fill identified gaps to ensure full alignment with CADA's specific requirements.

The Eight Mandatory Elements

Article 7(2) sets out the minimum content requirements for the national strategy. Hungary's document must include at least the following eight cumulative elements:

Objectives, Priorities, and Governance (Article 7(2)(a)): The strategy must define key objectives and priorities for cloud and AI adoption. Crucially, these must be in line with the "AI first" principle. As defined in Recital 32 and referenced in Article 7(2)(a), this principle urges organizations to reflect on their business processes by considering the needs and opportunities offered by AI, while taking into consideration potential risks. The strategy must also establish a governance and monitoring framework to achieve these objectives.
Acceleration Measures for Public Sector, SMEs, and SMCs (Article 7(2)(b)): The strategy must include measures to accelerate the development and adoption of cloud and AI at national, regional, and local levels. This specifically targets public sector bodies, small and medium-sized enterprises (SMEs), and small mid-caps (SMCs). The strategy must support the "Centres for AI" (established under Article 5) as entry points to the European AI innovation ecosystem, ensuring these entities have access to expertise, testing, and upskilling.
Broad Deployment in Strategic Sectors (Article 7(2)(c)): Hungary must outline measures to support the broad deployment and uptake of AI in strategic industrial and public sectors. The proposal explicitly cites healthcare, energy, and mobility as examples of sectors requiring targeted support, though the list is not exhaustive.
Data Centre Capacity Deployment (Article 7(2)(d)): The strategy must include measures to support the deployment of data centre capacity. This is not merely about increasing volume; the proposal emphasizes a focus on "high-value data centres delivering significant economic and societal benefits while adhering to high environmental and energy-efficiency standards." This aligns with the broader CADA objective of tripling EU data centre capacity while ensuring sustainability.
High-Intensity Computing Infrastructure (Article 7(2)(e)): Hungary must plan for investments in high-intensity computing infrastructure. This includes AI factories, AI gigafactories, and quantum computers. These are to be treated as strategic national and cross-border assets supporting research, development, and industrial AI deployment across strategic sectors. This element directly addresses the capacity gap identified in the CADA explanatory memorandum.
Cloud and AI Capabilities and Procurement (Article 7(2)(f)): The strategy must include measures to support the development of cloud and AI capabilities and promote excellence and innovation. This includes specific public procurement measures and the public procurement of innovation measures set out in Article 33 of the proposal. This ensures that public spending drives the development of a competitive European ecosystem.
Open Hardware and Software Stacks (Article 7(2)(g)): To strengthen technological sovereignty, the strategy must support the development of cloud computing stack technologies built upon open hardware and software. This aims to enhance the competitiveness of strategic European industries and reduce dependencies on non-EU providers, a core objective of the CADA proposal.
Data Accessibility (Article 7(2)(h)): Finally, the strategy must include measures to ensure the accessibility of high-quality data for AI development. This involves preventing data bottlenecks encountered by organizations, ensuring that data availability does not hinder AI progress. This complements the Data Act's provisions on data switching and interoperability.

Notification, Monitoring, and Review

Adoption is only the first step. Article 7(5) imposes strict reporting and maintenance obligations on Hungary:

Notification: Hungary must notify the European Commission of its national strategy within three months of its adoption.
Review Cycle: Member States must assess their national strategies at least every three years based on key performance indicators. If necessary, they must update them to reflect technological or market developments.
Monitoring: The Commission shall monitor the adoption and revision of the national strategies to ensure consistency across the Union.

The Role of the AI Board

Article 7(6) establishes that the European Artificial Intelligence Board (AI Board), established under the AI Act, will advise and assist Member States regarding the coordination of national strategies. The AI Board will facilitate the exchange of best practices among Member States. This means Hungary's strategy should be developed with an eye toward interoperability and alignment with peers, leveraging the Board's expertise to avoid fragmentation.

What this means for you

For in-house counsel, compliance officers, and strategic planners in Hungary, the requirement for a national strategy is not merely a political exercise; it creates the regulatory baseline against which future compliance, funding, and procurement will be measured.

1. Strategic Alignment is Mandatory: Your organization's cloud and AI roadmap must align with the national strategy once published. If the national strategy prioritizes specific sectors (e.g., healthcare, mobility) or technologies (e.g., open-source stacks), public bodies and regulated private entities may face procurement or funding requirements that favor aligned solutions. Ensure your internal governance frameworks reflect the "AI first" principle to demonstrate proactive compliance.

2. SMEs and SMCs Are Explicitly Targeted: If your organization qualifies as an SME or SMC, the national strategy will likely include specific support mechanisms, such as access to "Centres for AI" (Article 7(2)(b)). Compliance officers should monitor the rollout of these centres to leverage available expertise, testing, and upskilling schemes. Ignoring these resources could put smaller entities at a competitive disadvantage in meeting future CADA sovereignty requirements.

3. Data Centre and Infrastructure Planning: For organizations involved in infrastructure deployment, Article 7(2)(d) and (e) signal that future permits and investments will be scrutinized for sustainability and strategic value. Hungary's strategy will likely designate specific areas for data centre acceleration (linked to Article 10). Early engagement with these national plans is critical for securing site approvals and ensuring alignment with grid and environmental standards.

4. Procurement Implications: Article 7(2)(f) references procurement of innovation. As the national strategy is implemented, public procurement tenders will increasingly require evidence of contribution to the European cloud and AI ecosystem. Compliance teams must prepare documentation showing how their solutions integrate Union technologies or contribute to supply chain resilience, as these factors will become part of the evaluation criteria under Article 32.

5. Data Governance Preparation: Article 7(2)(h) highlights the need for high-quality data accessibility. Organizations should audit their data bottlenecks now. The national strategy will likely include measures to facilitate data sharing (potentially leveraging the Data Act). Preparing data governance frameworks that support AI development while respecting GDPR will be essential to avoid being left behind by competitors who can access better training data.

Common misconceptions

Misconception 1: "We already have a digital strategy, so we don't need to do anything." While Recital 33 allows Member States to update existing strategies, the content requirements in Article 7(2) are specific to cloud and AI sovereignty, data centre deployment, and the "AI first" principle. A general digital strategy may not cover the mandatory elements such as AI gigafactories, open-source hardware stacks, or the specific governance framework for AI adoption. Hungary must ensure its strategy explicitly addresses all eight elements of Article 7(2).

Misconception 2: "The 'AI first' principle is just a slogan." The "AI first" principle is a defined concept in the proposal (Recital 32 and Article 7(2)(a)). It requires organizations to actively consider AI opportunities in their business processes. For compliance officers, this means demonstrating that AI integration has been systematically evaluated, not just treated as an afterthought. This mindset will likely influence how national funding and support are allocated.

Misconception 3: "SMEs are exempt from CADA obligations." While SMEs may benefit from simplified procedures in other parts of CADA (e.g., automatic recognition for Union assurance level 1 under Article 17(3)), they are not exempt from the strategic direction set by the national strategy. Article 7(2)(b) explicitly includes SMEs in the acceleration measures. Furthermore, SMEs participating in public procurement will need to meet the evolving quality and sovereignty criteria outlined in the national strategy.

Misconception 4: "The strategy is only for the public sector." Although the strategy is adopted by the Member State, it sets the tone for the entire economy. Article 7(2)(c) and (e) reference strategic industrial sectors and high-intensity computing assets that involve private investment. The strategy will influence where infrastructure is built, where innovation funding is directed, and what procurement standards are applied, affecting private sector operations significantly.

Official sources

This is general information about a draft EU regulation, not legal advice.