Summary Under the proposed Cloud and AI Development Act (CADA), Latvia, like all EU Member States, must adopt a national cloud and AI strategy within one year of the regulation's entry into force. As proposed in Article 7, this strategy is not a voluntary guideline but a binding regulatory instrument. It must explicitly include eight mandatory elements ranging from governance frameworks to specific measures for SMEs and small mid-caps (SMCs). Crucially, the strategy must embed the 'AI first' principle, outline plans for high-intensity computing infrastructure (including AI factories, AI gigafactories, and quantum computers), and detail measures for data centre capacity. Latvia is legally required to notify the European Commission of the adopted strategy within three months and must review and update it at least every three years based on key performance indicators.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a unified framework to strengthen the EU's cloud and AI ecosystem. A central pillar of this framework is the obligation for Member States to coordinate their national efforts through structured, legally mandated strategies. For Latvia, this obligation is codified in Article 7 of the proposal. The strategy serves as the primary mechanism to ensure that national actions align with the Union's broader objectives, specifically the 'AI Continent Action Plan' and the 'Apply AI Strategy'.

The Deadline and Legal Basis

According to Article 7(1), Member States must establish their national cloud and AI strategies (referred to as 'national strategies') by a specific deadline: one year after the date of entry into force of the Regulation. This sets a strict, non-negotiable timeline for Latvia to finalize, adopt, and publish its strategic document.

The strategy is not merely a statement of intent or a policy paper; it is a binding regulatory requirement. Its purpose is to ensure coherence between national actions and Union-level goals, preventing fragmentation and ensuring that Latvia's digital transformation contributes to the single market's functioning.

The Eight Mandatory Elements

Article 7(2) explicitly enumerates the minimum content that Latvia's national strategy must include. These eight elements are cumulative and mandatory, covering governance, adoption, deployment, and innovation:

  1. Governance and Monitoring Framework (Article 7(2)(a)): The strategy must define key objectives and priorities for cloud and AI adoption. Crucially, these objectives must be in line with the 'AI first' principle. As defined in the proposal, this principle urges organizations to reflect on their business processes, considering the needs and opportunities offered by AI, while taking into consideration potential risks. The strategy must also establish a robust governance and monitoring framework to achieve these objectives and priorities.

  2. Acceleration at All Levels (Article 7(2)(b)): Latvia must include measures to accelerate the development and adoption of cloud and AI at national, regional, and local levels. This requirement specifically targets public sector bodies, SMEs, and SMCs (small mid-caps). The strategy must explicitly support the 'Experience and Acceleration Centres for AI' (Centres for AI) established under Article 5, utilizing them as entry points to the European AI innovation ecosystem.

  3. Strategic Sector Deployment (Article 7(2)(c)): The strategy must outline measures to support the broad deployment and uptake of AI in strategic industrial and public sectors. The proposal explicitly highlights healthcare, energy, and mobility as key areas requiring targeted support to ensure the EU's competitiveness and resilience.

  4. Data Centre Capacity (Article 7(2)(d)): Latvia must include measures to support the deployment of data centre capacity. The proposal emphasizes a focus on high-value data centres that deliver significant economic and societal benefits. Crucially, these measures must ensure adherence to high environmental and energy-efficiency standards, aligning with the EU's sustainability goals.

  5. High-Intensity Computing Infrastructure (Article 7(2)(e)): The strategy must include measures to invest in high-intensity computing infrastructure. This explicitly includes AI factories, AI gigafactories, and quantum computers. These are to be treated as strategic national and cross-border assets supporting research, development, and industrial AI deployment across strategic sectors.

  6. Capabilities, Excellence, and Procurement (Article 7(2)(f)): Latvia must include measures to support the development of cloud and AI capabilities and promote excellence and innovation. This includes specific public procurement measures and the public procurement of innovation measures set out in Article 33 of CADA. This element ensures that public spending drives market innovation.

  7. Open Hardware and Software (Article 7(2)(g)): The strategy must support the development of cloud computing stack technologies built upon open hardware and software. The goal is to strengthen technological sovereignty and enhance the competitiveness of strategic European industries, reducing reliance on non-EU proprietary stacks.

  8. Data Accessibility (Article 7(2)(h)): Finally, the strategy must include measures to ensure the accessibility of high-quality data for AI development. This specifically involves preventing data bottlenecks encountered by organizations, ensuring that data flows freely to support AI training and deployment.

Alignment with Digital Decade Targets

Article 7(4) requires that Latvia's national strategy be consistent with, and contribute to, the associated digital targets established under Article 4 of Decision (EU) 2022/2481 (the Digital Decade Policy Programme 2030). This ensures that the national strategy is not developed in isolation but is an integral part of the broader EU digital transformation goals, particularly regarding the adoption of cloud computing services and the deployment of edge nodes.

Notification and Review Obligations

Once adopted, the strategy is not static. Article 7(5) imposes two key ongoing obligations on Latvia:

  1. Notification: Latvia must notify the Commission of its national strategy within three months of its adoption. This allows the Commission to monitor the adoption and revision of national strategies across the Union.
  2. Review: Latvia must assess its national strategy at least every three years on the basis of key performance indicators. If necessary, the strategy must be updated to reflect technological developments or changing priorities. The Commission will monitor this process to ensure consistency.

Role of the AI Board

Article 7(6) establishes that the European Artificial Intelligence Board (the 'AI Board'), established by the AI Act (Regulation (EU) 2024/1689), will advise and assist Member States in coordinating these national strategies. The AI Board will facilitate the exchange of best practices among Member States, which Latvia can leverage to refine its approach and ensure alignment with Union-wide AI policy.

What this means for you

For in-house counsel, compliance officers, and strategic planners in Latvia, the requirement to draft and maintain a national cloud and AI strategy under CADA has direct and immediate implications for public sector bodies, private enterprises, and infrastructure providers.

1. Strategic Alignment for Public Bodies If your organization is a public sector body or a contractor to the public sector, you must monitor the publication of Latvia's national strategy. Your internal cloud and AI procurement plans must align with the priorities set out in the strategy, particularly regarding the 'AI first' principle and the use of sovereign cloud services. Non-alignment could complicate procurement approvals under the sovereignty framework (Article 30) and may lead to challenges in securing public funding.

2. SME and SMC Support Mechanisms The strategy must include specific measures to support SMEs and SMCs (Article 7(2)(b)). Compliance officers in these entities should actively look for specific support programs, such as access to the 'Centres for AI' or dedicated procurement lots, as outlined in the national strategy. This can provide cost-effective pathways to adopt compliant cloud and AI technologies and access high-intensity computing resources.

3. Data Centre and Compute Infrastructure For organizations involved in infrastructure development or large-scale AI deployment, the national strategy will signal state support for high-intensity computing assets like AI factories, AI gigafactories, and quantum computers (Article 7(2)(e)). Understanding these national priorities is critical for securing funding, partnerships, or permits under the Cloud and AI Leadership Initiatives and for navigating the data centre acceleration zones proposed in Article 10.

4. Open Source and Supply Chain The mandate to support open hardware and software stacks (Article 7(2)(g)) suggests a regulatory push towards open-source solutions. Legal teams should prepare for potential procurement criteria that favor open-source components to strengthen technological sovereignty, as further detailed in Chapter V of CADA. This may require a shift in vendor selection strategies and software licensing reviews.

5. Continuous Monitoring and Adaptation Because the strategy must be reviewed every three years (Article 7(5)), compliance frameworks must be dynamic. Organizations should establish a process to review the national strategy upon each update to ensure ongoing alignment with evolving national priorities and EU digital decade targets. Static compliance strategies will quickly become obsolete.

6. Data Governance and Bottlenecks The requirement to prevent data bottlenecks (Article 7(2)(h)) implies that Latvian authorities will likely introduce measures to facilitate data sharing and accessibility. Organizations holding valuable datasets should prepare for new obligations or incentives to make data available for AI development, potentially impacting data governance policies and intellectual property strategies.

Common misconceptions

Misconception 1: The strategy is purely advisory. Correction: No. Article 7(1) and (2) impose a binding obligation on Member States to establish the strategy with specific mandatory content. Failure to adopt or notify the strategy within the prescribed timelines could constitute a breach of EU law, potentially leading to infringement proceedings by the Commission.

Misconception 2: Only the central government is responsible. Correction: While the Member State adopts the strategy, Article 7(2)(b) explicitly requires measures to accelerate adoption at national, regional, and local levels. Local authorities and regional bodies must actively participate in the implementation of the strategy's objectives, particularly through the 'Centres for AI'.

Misconception 3: The strategy is a one-time document. Correction: Article 7(5) requires an assessment at least every three years. The strategy must be updated if necessary based on key performance indicators. This reflects the rapid pace of AI development and the need for adaptive policy.

Misconception 4: SMEs are excluded from the strategy's focus. Correction: Article 7(2)(b) specifically mandates measures to accelerate adoption among SMEs and SMCs. The strategy must include support mechanisms for these entities, recognizing their role in the broader AI ecosystem and the need to prevent market concentration.

Misconception 5: Data centre deployment is unrestricted. Correction: Article 7(2)(d) requires measures to support data centre deployment, but explicitly ties this to high-value data centres that adhere to high environmental and energy-efficiency standards. This aligns with the broader sustainability goals of the EU and the specific criteria for data centre acceleration zones in Article 10.

Misconception 6: The 'AI first' principle is optional. Correction: The 'AI first' principle is a core component of the mandatory content under Article 7(2)(a). It is not a suggestion but a required element that must guide the objectives and priorities of the national strategy, urging organizations to consider AI opportunities and risks in their business processes.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.