Summary Under the proposed Cloud and AI Development Act (CADA), Slovakia is legally required to adopt a comprehensive national cloud and AI strategy within one year of the Regulation's entry into force. As mandated by Article 7, this strategy is not a voluntary policy paper but a binding legislative instrument that must include eight specific elements. These range from embedding the 'AI first' principle to detailing measures for AI factories, AI gigafactories, and quantum computers. Slovakia must notify the European Commission of the adopted strategy within three months and is obligated to review and update it at least every three years based on key performance indicators. Failure to include these mandatory elements or meet the reporting deadlines would constitute a breach of the proposed Regulation.

Detail

The Cloud and AI Development Act (CADA), as proposed in COM(2026) 502 final, establishes a unified framework to strengthen Europe's cloud and AI ecosystem. A central pillar of this framework is the obligation for Member States to align their national policies with Union objectives through a coherent, legally mandated strategy. For Slovakia, this means the development of a "national cloud and AI strategy" that serves as the blueprint for the country's digital sovereignty and industrial competitiveness.

The Legal Obligation: Article 7 of CADA

Article 7 of the CADA proposal explicitly mandates that Member States establish "national cloud and AI strategies" (referred to in the text as "national strategies"). This obligation is triggered by the Regulation's entry into force.

The Adoption Deadline According to Article 7(1), Member States shall establish these national strategies by a date defined as "[same day as entry into force plus one year]." Since Article 48 stipulates that the Regulation shall apply from "[same day and month as date of entry into force plus 1 year]," Slovakia has a precise, hard deadline. The strategy must be fully adopted and operational shortly after the Regulation becomes applicable. This is not a suggestion for gradual implementation but a strict legislative requirement.

The Eight Mandatory Elements of the Strategy

The strategy cannot be a generic digital policy document. Article 7(2) prescribes an exhaustive list of eight mandatory elements that the national strategy must include. For legal counsel, compliance officers, and policymakers in Slovakia, these elements define the minimum scope of national policy. Any strategy omitting one of these points would be non-compliant with the proposed Regulation.

  1. Objectives, Priorities, and the 'AI First' Principle (Art. 7(2)(a)) The strategy must outline "key objectives and priorities for cloud and AI adoption." Crucially, it must align with the 'AI first' principle defined in the Apply AI Strategy. This principle urges organisations to "reflect on their business processes, considering the needs of and opportunities offered by AI, while taking into consideration the potential risks." The strategy must also include a "governance and monitoring framework" to ensure these objectives are achieved.

  2. Acceleration Measures for SMEs, SMCs, and Public Sector (Art. 7(2)(b)) The strategy must contain specific measures to "accelerate the development and adoption of cloud and AI at national, regional and local level." This explicitly targets "public sector bodies, small and medium-sized enterprises (SMEs) and small mid-caps (SMCs)." Furthermore, the strategy must include measures to support the "Centres for AI" (established under Article 5 of CADA) as "entry points to the European AI innovation ecosystem."

  3. Deployment in Strategic Sectors (Art. 7(2)(c)) Measures must be included to "support the broad deployment and uptake of AI in strategic industrial and public sectors." The proposal explicitly cites healthcare, energy and mobility as examples of sectors requiring focused support. The strategy must detail how Slovakia intends to foster AI adoption in these critical domains.

  4. Data Centre Capacity and Sustainability (Art. 7(2)(d)) The strategy must include measures to "support the deployment of data centre capacity." This is not a blanket mandate for all data centres but must focus on "high-value data centres delivering significant economic and societal benefits while adhering to high environmental and energy-efficiency standards." This aligns with CADA's broader goals of tripling EU capacity while ensuring sustainability.

  5. High-Intensity Computing Infrastructure (Art. 7(2)(e)) This is a critical infrastructure requirement. The strategy must include measures to "invest in high-intensity computing infrastructure." The proposal explicitly names AI factories, AI gigafactories and quantum computers as "strategic national and cross-border assets." These assets are intended to support "research, development and industrial AI deployment across strategic sectors." Slovakia's strategy must detail how it will contribute to or host these assets.

  6. Capabilities, Innovation, and Public Procurement (Art. 7(2)(f)) The strategy must support the "development of cloud and AI capabilities and promote excellence and innovation." This includes leveraging "public procurement measures" and specifically the "public procurement of innovation measures set out in Article 33." This element links the national strategy directly to the procurement obligations that will affect Slovak public bodies and the suppliers serving them.

  7. Open Hardware and Software Stacks (Art. 7(2)(g)) Measures must support the "development of cloud computing stack technologies built upon open hardware and software." The stated goal is to "strengthen technological sovereignty and enhance the competitiveness of strategic European industries." This reflects CADA's emphasis on open source as a lever for sovereignty.

  8. Data Accessibility and Bottleneck Prevention (Art. 7(2)(h)) The strategy must include measures to "ensure the accessibility of high-quality data for AI development." This explicitly includes measures to "prevent data bottlenecks encountered by organisations," ensuring that data availability does not hinder AI innovation.

Consistency, Reporting, and Review Cycles

Consistency with Union Objectives Under Article 7(3), national strategies must be "consistent with the objectives of this Regulation." Furthermore, Article 7(4) mandates that these strategies be "consistent with, and contribute to, the associated digital targets established under Article 4 of Decision (EU) 2022/2481" (the Digital Decade Policy Programme). Slovakia cannot adopt a strategy that contradicts Union-wide digital targets.

Notification Deadline Article 7(5) imposes a strict reporting timeline. "Member States shall notify the Commission of their national strategies within three months of their adoption." This means that once Slovakia adopts the strategy, it has a narrow window to formally communicate it to the European Commission.

Review and Update Cycle The strategy is not a static document. Article 7(5) requires Member States to "assess their national strategies at least every three years on the basis of key performance indicators and, where necessary, update them." The Commission is tasked with monitoring the adoption and revision of these strategies. If Slovakia fails to update its strategy in line with technological developments or market changes, it risks non-compliance.

The Role of the European Artificial Intelligence Board

Article 7(6) assigns a specific coordination role to the European Artificial Intelligence Board (AI Board), established under the AI Act. The AI Board shall "advise and assist the Member States as regards the coordination of national strategies" and "facilitate exchange of best practices among Member States." For Slovakia, this implies that its strategy will be subject to a level of EU-wide scrutiny and coordination, ensuring that national approaches do not fragment the single market.

What this means for you

For in-house counsel, compliance officers, and strategic planners operating in Slovakia, the national cloud and AI strategy is a regulatory roadmap that will shape the operational environment for years to come.

1. Procurement and Sovereignty Alignment The national strategy will likely translate CADA's sovereignty framework (Articles 16–30) into concrete national procurement rules. If Slovakia's strategy identifies certain public sector activities as contributing to the preservation of public order (under Article 29 risk assessments), your organization may be restricted to procuring cloud services that meet Union assurance levels 2, 3, or 4. You must monitor the strategy's implementation to understand which assurance levels will be mandated for your sector.

2. Investment Opportunities in High-Intensity Compute The explicit mention of AI factories, AI gigafactories, and quantum computers in Article 7(2)(e) signals a strategic push toward heavy infrastructure investment. If your company is involved in AI development, industrial AI, or semiconductor manufacturing, the national strategy may outline incentives, grants, or public-private partnership opportunities linked to these facilities. Compliance officers should watch for calls for proposals related to these "strategic national assets."

3. SME and SMC Support Mechanisms If your company qualifies as an SME or SMC, the strategy's measures under Article 7(2)(b) are directly relevant. These measures will likely involve the "Centres for AI" (Article 5), which will act as local hubs for support, testing, and skills development. Engaging with these centres early can provide competitive advantages in accessing compute resources and regulatory guidance.

4. Data Governance and Open Source Compliance The strategy's requirements regarding high-quality data accessibility (Art. 7(2)(h)) and open hardware/software stacks (Art. 7(2)(g)) will influence internal data governance policies. Expect increased emphasis on data portability, interoperability, and the use of open-source components to reduce vendor lock-in and enhance technological sovereignty. Legal teams should review existing vendor contracts for clauses that may conflict with these emerging sovereignty and openness requirements.

5. Monitoring the Three-Year Cycle With the mandatory three-year review cycle (Art. 7(5)), regulatory requirements will evolve rapidly. Compliance programs must be agile enough to adapt to updates in the national strategy, which may introduce new KPIs, revised procurement criteria, or updated definitions of strategic sectors.

Common misconceptions

Misconception 1: The strategy is optional or advisory. Correction: Article 7(1) uses the mandatory language "Member States shall establish." Failure to adopt a strategy within the one-year timeframe would constitute a breach of the Regulation.

Misconception 2: The strategy can be a generic IT policy. Correction: Article 7(2) provides an exhaustive list of eight specific elements. A strategy that does not address AI factories, the 'AI first' principle, or specific SME/SMC measures would be non-compliant.

Misconception 3: The strategy is set in stone once adopted. Correction: Article 7(5) mandates a review at least every three years. Given the rapid pace of AI development, the strategy is expected to be a dynamic document that evolves with technological and market changes.

Misconception 4: Only the public sector is affected by the strategy. Correction: While the strategy is a public document, its measures on procurement, data accessibility, and infrastructure investment directly impact the private sector. Private entities, especially those in strategic sectors like healthcare and energy, will face new expectations and opportunities defined by this strategy.

Official sources

Related

This is general information about a draft EU regulation, not legal advice.