What must Ireland include in its national cloud and AI strategy under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), Ireland is legally required to adopt a national cloud and AI strategy within one year of the regulation's entry into force. Article 7 mandates that this strategy must contain eight specific elements, ranging from the adoption of an "AI first" principle to concrete measures supporting SMEs, small mid-caps (SMCs), and the deployment of high-intensity compute infrastructure such as AI factories, AI gigafactories, and quantum computers. Once adopted, Ireland must notify the European Commission within three months and conduct a formal review of the strategy at least every three years.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, establishes a harmonised framework to strengthen Europe's cloud and AI ecosystem. A central pillar of this framework is the obligation for Member States to align their domestic policies with Union-wide objectives regarding technological sovereignty, capacity building, and the adoption of trusted cloud services. For Ireland, this obligation is codified in Article 7, which requires the establishment of a national cloud and AI strategy (referred to in the text as "national strategies").

This is not a voluntary policy paper; it is a binding legislative requirement designed to ensure that national efforts contribute to the EU's strategic autonomy and competitiveness. The strategy serves as the primary mechanism for Ireland to coordinate its national actions with the Cloud and AI Leadership Initiatives and the broader goals of the Digital Decade Policy Programme.

The Deadline and Notification Process

The timeline for compliance is strict and begins upon the regulation's entry into force. Article 7(1) stipulates that "Member States shall establish national cloud and AI strategies (the 'national strategies') by [same day as entry into force plus one year]."

While CADA is currently a proposal, once adopted, Ireland will have a fixed one-year window to draft, consult on, and formally adopt this strategy. The regulation does not provide for extensions; the deadline is tied directly to the entry into force date.

Following adoption, the strategy must be formally communicated to the European Commission. Article 7(5) explicitly states: "Member States shall notify the Commission of their national strategies within three months of their adoption." This notification is critical for the Commission's monitoring role, allowing it to assess whether national strategies are consistent with the Regulation's objectives and the Digital Decade targets.

Furthermore, the strategy is a living document. Article 7(5) mandates that "Member States shall assess their national strategies at least every three years on the basis of key performance indicators and, where necessary, update them." This ensures that Ireland's strategy remains responsive to rapid technological shifts in the cloud and AI sectors.

The Eight Mandatory Elements of the Strategy

Article 7(2) provides an exhaustive list of the minimum content requirements. Ireland's national strategy must include at least the following eight elements:

1. Objectives, Priorities, and Governance (Article 7(2)(a)) The strategy must outline "key objectives and priorities for cloud and AI adoption." Crucially, these must be in line with the "AI first" principle. As defined in the explanatory memorandum, this principle "urges organisations to reflect on their business processes, considering the needs and opportunities offered by AI, while taking into account the potential risks." The strategy must also establish a "governance and monitoring framework" to ensure these objectives are met.

2. Acceleration Measures for All Levels (Article 7(2)(b)) Ireland must include measures to accelerate the development and adoption of cloud and AI at "national, regional and local level." This element specifically targets public sector bodies, SMEs (small and medium-sized enterprises), and SMCs (small mid-caps). The strategy must explicitly support the "Centres for AI" (established under Article 5) as "entry points to the European AI innovation ecosystem" to facilitate this acceleration.

3. Strategic Industrial and Public Sectors (Article 7(2)(c)) The strategy must include measures to support the broad deployment and uptake of AI in "strategic industrial and public sectors." The text explicitly names healthcare, energy, and mobility as priority areas. This ensures that AI adoption is not limited to general administration but drives innovation in sectors critical to the economy and public welfare.

4. Data Centre Capacity (Article 7(2)(d)) Ireland must address the "deployment of data centre capacity." The strategy must focus on "high-value data centres delivering significant economic and societal benefits" while ensuring they adhere to "high environmental and energy-efficiency standards." This aligns with CADA's broader objective to triple EU data centre capacity while maintaining sustainability.

5. High-Intensity Computing Infrastructure (Article 7(2)(e)) This element requires measures to invest in "high-intensity computing infrastructure." The proposal specifically lists AI factories, AI gigafactories, and quantum computers as "strategic national and cross-border assets." These assets are intended to support research, development, and industrial AI deployment across strategic sectors, ensuring Ireland has access to the computational power required for frontier AI.

6. Cloud/AI Capabilities and Procurement (Article 7(2)(f)) The strategy must support the development of cloud and AI capabilities and promote excellence and innovation. This includes specific measures related to public procurement, explicitly referencing the "public procurement of innovation measures set out in Article 33" of CADA. This links the national strategy directly to the procurement obligations that will govern how Irish public bodies buy cloud and AI services.

7. Open Cloud Stack Technologies (Article 7(2)(g)) Ireland must include measures to support the development of "cloud computing stack technologies built upon open hardware and software." The stated goal is to "strengthen technological sovereignty and enhance the competitiveness of strategic European industries." This reflects CADA's emphasis on open source as a lever for reducing dependencies on non-EU providers.

8. Data Accessibility (Article 7(2)(h)) Finally, the strategy must include measures to "ensure the accessibility of high-quality data for AI development." This involves "preventing data bottlenecks encountered by organisations," which is a prerequisite for training and validating robust AI models within the Irish ecosystem.

Consistency and Coordination Obligations

The national strategy cannot exist in a vacuum. Article 7(3) states that national strategies "shall be consistent with the objectives of this Regulation." Additionally, Article 7(4) requires that they be "consistent with, and contribute to, the associated digital targets established under Article 4 of Decision (EU) 2022/2481" (the Digital Decade Policy Programme).

These targets include the adoption of cloud computing services, big data, and AI by at least 75% of Union enterprises for their business operations, and the deployment of at least 10,000 climate-neutral highly secure edge nodes in the Union. Ireland's strategy must demonstrate how it will contribute to these Union-wide metrics.

To facilitate this, Article 7(6) assigns a coordination role to the European Artificial Intelligence Board (the "AI Board"), established by the AI Act. The AI Board shall "advise and assist the Member States as regards the coordination of national strategies" and "facilitate exchange of best practices among Member States." For Ireland, this means its strategy development process will likely involve engagement with the AI Board to ensure alignment with peer practices and EU-wide coordination mechanisms.

What this means for you

For legal counsel, compliance officers, and strategic planners in Ireland, the national strategy will define the regulatory and operational landscape for cloud and AI for the foreseeable future.

1. Strategic Alignment for Public Procurement The national strategy will operationalise CADA's procurement rules. As Article 30 mandates that public bodies procure cloud services with specific "Union assurance levels" based on risk assessments, Ireland's strategy will outline the methodology for these assessments. Compliance officers in public bodies must prepare for procurement processes that prioritise sovereign, audited cloud services. The strategy will likely dictate which sectors are deemed "public order" relevant, triggering the requirement for higher assurance levels (2, 3, or 4).

2. Opportunities for SMEs and SMCs If your organisation is an SME or small mid-cap, the strategy's requirement to support your adoption of AI (Article 7(2)(b)) is a significant opportunity. You should monitor the establishment of "Centres for AI" and related support measures. These centres are designed to provide access to expertise, testing facilities, and potentially funding or technical assistance for digital transformation. The strategy will likely detail how these resources are allocated to smaller enterprises.

3. Infrastructure and Data Planning For organisations planning to deploy AI models, the strategy's focus on "high-quality data" (Article 7(2)(h)) and "data centre capacity" (Article 7(2)(d)) suggests that Ireland will prioritise investments in local, sustainable compute infrastructure. Compliance teams should assess their current data governance frameworks to ensure they align with the "AI first" principle. Expect a push towards leveraging local data centres for low-latency, sovereign AI workloads, particularly in the healthcare, energy, and mobility sectors.

4. Monitoring and Adaptation Counsel must track the notification of Ireland's strategy to the Commission (within three months of adoption) and its subsequent three-year reviews. Because the strategy is dynamic, changes in the national approach could impact regulatory expectations, particularly regarding the use of open-source solutions (Article 41) and the sharing of software developed by public bodies (Article 42). The three-year review cycle means that compliance strategies cannot be static; they must evolve alongside the national strategy.

Common misconceptions

Misconception 1: The national strategy is optional or non-binding. Reality: Article 7 uses the mandatory term "shall," indicating a binding obligation. Failure to adopt a strategy or include the required eight elements could lead to infringement proceedings by the Commission. While CADA does not specify direct financial penalties for Member States failing to draft the strategy, non-compliance undermines the legal basis for the public procurement rules in Title IV and could result in the Commission specifying assurance levels for public sector activities under Article 29(5).

Misconception 2: The strategy only applies to the government. Reality: While the strategy is drafted by the Member State, its objectives directly impact the private sector. Article 7(2)(c) and (e) focus on strategic industrial sectors and high-intensity compute. The strategy will likely include incentives, funding mechanisms, or regulatory frameworks that private companies must engage with to access resources like AI factories or public procurement contracts. Private sector entities in healthcare, energy, and mobility will find their operational environment shaped by these national priorities.

Misconception 3: Ireland can ignore the "AI first" principle. Reality: Article 7(2)(a) explicitly requires the strategy to be in line with the "AI first" principle. This is not a suggestion but a mandatory component of the strategic framework. Organisations in Ireland should expect this principle to influence public sector mandates and potentially private sector expectations regarding AI integration. It implies a shift in how business processes are designed, prioritising AI solutions where appropriate.

Misconception 4: The strategy is a one-time exercise. Reality: Article 7(5) mandates an assessment at least every three years. The dynamic nature of AI and cloud technologies requires regular updates. Compliance officers should anticipate evolving requirements and keep an eye on the three-year review cycles. The Commission will monitor these updates to ensure continued alignment with Union objectives.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• What must Sweden include in its national cloud and AI strategy under CADA?
• What must Spain include in its national cloud and AI strategy under CADA?
• What must Slovenia include in its national cloud and AI strategy under CADA?
• What must Slovakia include in its national cloud and AI strategy under CADA?
• What must Romania include in its national cloud and AI strategy under CADA?

This is general information about a draft EU regulation, not legal advice.