Summary Under the proposed Cloud and AI Development Act (CADA), Lithuania is legally required to adopt a national cloud and AI strategy within one year of the Regulation's entry into force. This strategy is not optional; it must contain eight specific mandatory elements as defined in Article 7(2), including the adoption of the 'AI first' principle, measures to support SMEs and SMCs, and concrete plans for data centre capacity and high-intensity computing infrastructure (such as AI factories and quantum computers). Once adopted, Lithuania must notify the European Commission within three months and conduct a formal review of the strategy at least every three years based on key performance indicators. Failure to include these elements or meet these deadlines would constitute a breach of the proposed Union legal framework.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, represents a significant shift in how EU Member States must approach digital sovereignty. While previous digital strategies were often voluntary or loosely aligned with EU targets, CADA introduces a harmonised, binding framework. For Lithuania, as for all Member States, the core obligation is found in Article 7, titled "National cloud and AI strategies."

This article mandates that Member States establish a national strategy to ensure their domestic policies are consistent with the Union's objectives of strengthening the cloud and AI ecosystem, reducing dependencies on third-country providers, and enhancing strategic autonomy. The strategy serves as the primary vehicle through which Lithuania will align its national investments, regulatory adjustments, and public procurement practices with the EU's broader goals.

The Eight Mandatory Elements of the Lithuanian Strategy

Article 7(2) of the CADA proposal explicitly enumerates the minimum content that Lithuania's national strategy must include. These eight elements are cumulative; omitting any one of them would render the strategy non-compliant with the proposed Regulation. The elements cover the full spectrum of the cloud and AI value chain, from infrastructure deployment to data accessibility.

  1. Objectives, Priorities, and Governance (Article 7(2)(a)) The strategy must first define the key objectives and priorities for cloud and AI adoption. Crucially, these objectives must be in line with the 'AI first' principle. As defined in the CADA explanatory memorandum and referenced in Article 7(2)(a), this principle "urging organisations to reflect on their business processes, considering the needs and opportunities offered by AI, while taking into consideration the potential risks." The strategy must also establish a robust governance and monitoring framework to ensure these objectives are actually achieved, moving beyond aspirational statements to actionable oversight.

  2. Acceleration Measures for All Levels (Article 7(2)(b)) Lithuania must include specific measures to accelerate the development and adoption of cloud and AI at the national, regional, and local levels. This provision explicitly targets public sector bodies, Small and Medium-sized Enterprises (SMEs), and Small Mid-Caps (SMCs). The strategy must identify how it will support the network of Experience and Acceleration Centres for AI (established under Article 5) to serve as entry points for these entities into the European AI innovation ecosystem. This ensures that support mechanisms are not limited to large corporations but are accessible to smaller, agile players.

  3. Strategic Sector Deployment (Article 7(2)(c)) The strategy must outline measures to support the broad deployment and uptake of AI in strategic industrial and public sectors. The text specifically highlights healthcare, energy, and mobility as priority areas. By focusing on these sectors, Lithuania's strategy aims to ensure that AI adoption drives tangible economic and societal benefits in areas critical to national resilience and public welfare.

  4. Data Centre Capacity and Sustainability (Article 7(2)(d)) Addressing the EU's critical capacity gap, Lithuania must include measures to support the deployment of data centre capacity. The focus is on high-value data centres that deliver significant economic and societal benefits. Crucially, these measures must adhere to high environmental and energy-efficiency standards. This aligns with CADA's broader objective to triple EU data centre capacity within five to seven years while ensuring the deployment is sustainable and geographically balanced.

  5. High-Intensity Computing Infrastructure (Article 7(2)(e)) The strategy must include measures to invest in high-intensity computing infrastructure. This is a specific requirement to support the development of AI factories, AI gigafactories, and quantum computers. These are designated as "strategic national and cross-border assets" that are essential for supporting research, development, and industrial AI deployment across strategic sectors. Lithuania's strategy must detail how it will facilitate the establishment or expansion of such facilities.

  6. Capabilities, Procurement, and Innovation (Article 7(2)(f)) Lithuania must outline measures to support the development of cloud and AI capabilities and promote excellence and innovation. This element explicitly links the national strategy to public procurement measures. Specifically, it must include measures related to public procurement of innovation as set out in Article 33 of CADA. This creates a direct feedback loop where national strategy goals drive public spending to foster a competitive European market.

  7. Open Technology and Sovereignty (Article 7(2)(g)) To reduce dependency on proprietary, third-country-controlled stacks, the strategy must include measures to support the development of cloud computing stack technologies built upon open hardware and software. The goal is to strengthen technological sovereignty and enhance the competitiveness of strategic European industries. This element mandates a shift towards open standards and open-source solutions in national digital infrastructure planning.

  8. Data Accessibility (Article 7(2)(h)) Finally, the strategy must include measures to ensure the accessibility of high-quality data for AI development. A key focus is on preventing data bottlenecks encountered by organisations. Without accessible, high-quality data, AI innovation stalls; therefore, Lithuania's strategy must address the legal, technical, and organisational barriers to data sharing and reuse.

The 'AI First' Principle in Practice

The 'AI first' principle, referenced in Article 7(2)(a), is a foundational concept of the CADA proposal. It is not merely a slogan but a strategic directive. As the explanatory memorandum clarifies, it requires organisations to proactively reflect on their business processes to identify where AI can offer needs and opportunities, while simultaneously assessing potential risks. For Lithuania, embedding this principle in the national strategy means that public bodies and supported private entities must integrate AI considerations into their core strategic planning, rather than treating AI as an afterthought or a purely technical add-on.

Focus on SMEs and SMCs

CADA places a distinct emphasis on supporting smaller economic actors. Article 7(2)(b) explicitly requires measures targeting SMEs and SMCs (Small Mid-Caps). This is reinforced by Article 33, which sets a quantitative target for Member States: at least 25% of their procurement for cloud computing services and AI systems must be awarded to innovative SMEs. Consequently, Lithuania's national strategy cannot be generic; it must include concrete plans on how to achieve this 25% target, including identifying barriers to SME participation and designing simplified, proportionate procurement strategies that lower the entry threshold for smaller innovators.

Deadlines, Notification, and Review Obligations

The timeline for Lithuania is strict and non-negotiable under the proposed Regulation.

  • Adoption Deadline: Article 7(1) requires Member States to establish their national strategies by the date of entry into force of the Regulation plus one year.
  • Notification Deadline: Once the strategy is adopted, Article 7(5) imposes a strict obligation: Lithuania must notify the Commission of its national strategy within three months of its adoption. This ensures the Commission can monitor consistency across the Union.
  • Review Cycle: The strategy is not a static document. Article 7(5) mandates that Lithuania must assess its national strategy at least every three years on the basis of key performance indicators. If the assessment reveals gaps or if the strategy no longer aligns with the Regulation's objectives, it must be updated accordingly.

The Commission will monitor the adoption and revision of these strategies. Furthermore, the European Artificial Intelligence Board (established under the AI Act) will advise and assist Lithuania in coordinating its strategy with other Member States, facilitating the exchange of best practices to ensure a harmonised approach across the EU.

What this means for you

For legal counsel, compliance officers, and strategic planners in Lithuania, the requirements of Article 7 have immediate and tangible implications:

  • Track National Drafting: You must actively monitor the Lithuanian government's progress in drafting the national strategy. As a business, your access to public funding, eligibility for support via 'Centres for AI', and ability to participate in public procurement will be directly influenced by the measures outlined in this document.
  • Prepare for 'AI First' Alignment: If your organisation is an SME or SMC, begin aligning your internal processes with the 'AI first' principle now. The national strategy will likely define specific support mechanisms for companies that demonstrate proactive AI integration. Being prepared to articulate how your business processes reflect this principle could be a competitive advantage.
  • Leverage Procurement Targets: If you are a provider of cloud or AI services, the strategy's focus on Article 7(2)(f) and the 25% SME target in Article 33 signals a significant market opportunity. Ensure your tender responses highlight innovation, European added value, and compliance with the emerging sovereignty criteria.
  • Infrastructure Planning: If you are involved in data centre or high-performance computing infrastructure, note the emphasis on AI factories, quantum computers, and sustainable data centres (Article 7(2)(d) and (e)). The national strategy will likely detail zoning, permitting, and support measures for these projects, potentially offering faster-track approvals or financial incentives.
  • Audit Your Tech Stack: The strategy's focus on open hardware and software (Article 7(2)(g)) suggests that future public procurement may favour solutions that are interoperable and based on open standards. Review your current technology stack for potential lock-in risks and consider how you might pivot towards open-source or open-standard solutions to align with national priorities.

Common misconceptions

  • Misconception: The national strategy is optional or purely advisory. Reality: Article 7 imposes a binding obligation on Member States to establish and maintain a national strategy. Failure to adopt a compliant strategy within the one-year deadline, or failure to include the eight mandatory elements, could lead to infringement proceedings by the Commission for non-compliance with EU law.
  • Misconception: 'AI first' means AI must be used in every single decision. Reality: The 'AI first' principle is about strategic consideration, not mandatory automation. It urges organisations to reflect on how AI can optimise processes and consider the opportunities offered by AI, while explicitly requiring them to take into account potential risks. It is a framework for decision-making, not a mandate for indiscriminate AI deployment.
  • Misconception: Only large corporations are the focus of the strategy. Reality: Article 7(2)(b) and Article 33 explicitly target SMEs and SMCs. The strategy must include measures to accelerate adoption among these smaller entities and ensure they have access to public procurement markets, with a specific target of 25% of innovation procurement going to SMEs.
  • Misconception: The strategy is a one-time document. Reality: Article 7(5) requires a formal review at least every three years. The strategy must be dynamic, adapting to technological developments, market changes, and the results of key performance indicators. It is a living document that requires continuous maintenance.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.