What must Sweden include in its national cloud and AI strategy under CADA?

Summary Under the proposed Cloud and AI Development Act (CADA), Sweden is legally required to adopt a national cloud and AI strategy within one year of the regulation's entry into force. As mandated by Article 7, this strategy is not optional; it must contain eight specific elements ranging from governance frameworks and SME support to plans for deploying high-intensity computing infrastructure like AI factories and quantum computers. Crucially, the strategy must align with the 'AI first' principle. Sweden must notify the European Commission of its adopted strategy within three months and is obligated to review and update it at least every three years based on key performance indicators.

Detail

The proposed Cloud and AI Development Act (CADA), COM(2026) 502 final, represents a fundamental shift in the regulatory landscape for EU Member States. Moving beyond voluntary guidelines, CADA imposes binding obligations on Member States to create coordinated, national-level roadmaps for their digital infrastructure and artificial intelligence capabilities. For Sweden, this means establishing a formal, documented strategy that aligns domestic efforts with the EU's broader objectives of technological sovereignty, competitiveness, and resilience.

The primary legal basis for this obligation is Article 7 of the CADA proposal. This article mandates that Member States establish national cloud and AI strategies (referred to in the text as 'national strategies') by a deadline of one year from the regulation's entry into force. These strategies are regulatory instruments that must be consistent with the objectives of the CADA and contribute to the digital targets set under the Digital Decade Policy Programme 2030.

The Eight Mandatory Elements of the National Strategy

Article 7(2) of the CADA proposal explicitly lists the minimum content requirements for these national strategies. Sweden's strategy must include at least the following eight cumulative elements:

1. Objectives, Priorities, and Governance (Article 7(2)(a)): The strategy must define key objectives and priorities for cloud and AI adoption. Crucially, these must be aligned with the 'AI first' principle. As defined in the proposal, this principle urges organisations to reflect on their business processes, considering the needs and opportunities offered by AI, while taking into account potential risks. The strategy must also include a governance and monitoring framework to achieve these objectives.

2. Acceleration Measures for Public Sector, SMEs, and SMCs (Article 7(2)(b)): The strategy must outline measures to accelerate the development and adoption of cloud and AI at national, regional, and local levels. This specifically targets public sector bodies, Small and Medium-sized Enterprises (SMEs), and Small Mid-Cap companies (SMCs). The strategy should support the 'Centres for AI' (established under Article 5) as entry points to the European AI innovation ecosystem.

3. Strategic Industrial and Public Sector Deployment (Article 7(2)(c)): Sweden must include measures to support the broad deployment and uptake of AI in strategic industrial and public sectors. The text specifically highlights healthcare, energy, and mobility as key areas for focus, ensuring that AI adoption drives efficiency and innovation in these critical domains.

4. Data Centre Capacity Deployment (Article 7(2)(d)): The strategy must contain measures to support the deployment of data centre capacity. This focus is particularly on high-value data centres that deliver significant economic and societal benefits while adhering to high environmental and energy-efficiency standards. This aligns with the broader CADA objective of tripling EU data centre capacity.

5. High-Intensity Computing Infrastructure Investment (Article 7(2)(e)): This is a critical component for Sweden's technological infrastructure. The strategy must include measures to invest in high-intensity computing infrastructure. This explicitly includes AI factories, AI gigafactories, and quantum computers. These are to be treated as "strategic national and cross-border assets" supporting research, development, and industrial AI deployment across strategic sectors.

6. Cloud and AI Capability Development via Procurement (Article 7(2)(f)): The strategy must outline measures to support the development of cloud and AI capabilities and promote excellence and innovation. This includes leveraging public procurement measures and public procurement of innovation measures as set out in Article 33 of CADA, ensuring that public spending drives market growth and innovation.

7. Open Hardware and Software Technologies (Article 7(2)(g)): To strengthen technological sovereignty and enhance the competitiveness of strategic European industries, the strategy must support the development of cloud computing stack technologies built upon open hardware and software. This element is designed to reduce dependency on proprietary, non-EU technologies.

8. Data Accessibility for AI Development (Article 7(2)(h)): Finally, the strategy must ensure the accessibility of high-quality data for AI development. This involves measures to prevent data bottlenecks encountered by organisations, ensuring that data is available for training and fine-tuning AI models, which is essential for the EU's AI leadership ambitions.

The 'AI First' Principle and SME/SMC Focus

A recurring theme in Article 7 is the emphasis on broad adoption and inclusivity. The 'AI first' principle is not merely a buzzword but a mandated consideration in the strategy's design. It requires a proactive approach where AI integration is considered at the outset of business and administrative process redesign, rather than as an afterthought. This principle is intended to ensure that AI is leveraged to simplify administrative procedures and improve decision-making across the public and private sectors.

Furthermore, the strategy must specifically address the needs of smaller entities. By explicitly mentioning SMEs and SMCs in Article 7(2)(b) and (f), the CADA proposal recognizes that technological sovereignty cannot be achieved by large corporations alone. Sweden's strategy must therefore include concrete measures to help these smaller entities overcome barriers to entry, such as lack of expertise, funding, or access to compute resources. This aligns with the broader CADA objective of fostering a diverse and competitive EU cloud market.

High-Intensity Compute: AI Factories, Gigafactories, and Quantum

Article 7(2)(e) marks a significant policy intervention in the hardware layer of the AI stack. By requiring Member States to include measures for investing in AI factories, AI gigafactories, and quantum computers, the EU is signaling the strategic importance of high-performance computing (HPC) infrastructure.

For Sweden, this means the national strategy must go beyond software and data governance to address physical infrastructure. It must outline how Sweden will develop or access these high-intensity computing assets. This includes:

• AI Factories: Large-scale data centers optimized for AI training and inference.
• AI Gigafactories: Even larger facilities designed to meet the massive compute demands of frontier AI models.
• Quantum Computers: Next-generation computing resources that promise breakthroughs in specific computational tasks.

These assets are defined as "strategic national and cross-border assets," implying that Sweden's strategy should consider both domestic deployment and cross-border cooperation within the EU to avoid fragmentation and maximize efficiency.

Notification, Monitoring, and Review Obligations

The adoption of the strategy is not a one-time event. Article 7 establishes a continuous cycle of reporting and review to ensure ongoing alignment with EU objectives.

Notification Deadline: Under Article 7(5), Member States must notify the Commission of their national strategies within three months of their adoption. This notification allows the Commission to monitor compliance and ensure that national strategies are consistent with the regulation's objectives. For Sweden, this means that once the national strategy is formally adopted by the relevant Swedish authorities, a three-month window opens to submit the document to the European Commission.

Review Cycle: The same paragraph mandates that Member States shall assess their national strategies at least every three years. This assessment must be based on key performance indicators (KPIs). If gaps are identified, the strategy must be updated accordingly. This ensures that the strategy remains relevant in the face of rapid technological change and evolving market conditions.

Consistency and Coordination: Article 7(3) and (4) require that national strategies be consistent with the objectives of the CADA and contribute to the digital targets of the Digital Decade Policy Programme 2030. This includes targets such as the adoption of cloud computing services by at least 75% of EU enterprises and the deployment of at least 10,000 climate-neutral highly secure edge nodes.

The European Artificial Intelligence Board (AI Board), established under the AI Act, plays a central role in this process. Under Article 7(6), the AI Board is tasked with advising and assisting Member States in the coordination of these national strategies and facilitating the exchange of best practices. This provides Sweden with a forum to align its approach with other Member States and ensure a cohesive EU-wide strategy.

What this means for you

For in-house counsel, compliance officers, and strategic planners in Sweden, the CADA proposal introduces several critical action items:

• Monitor Legislative Progress: CADA is currently a proposal. Track its progress through the EU legislative procedure. Once adopted, the one-year clock for national strategy adoption will start. Sweden must be prepared to draft and adopt the strategy within this tight timeframe.
• Engage with National Authorities: Swedish authorities will be drafting the national strategy. Companies, especially SMEs and SMCs, should engage with these processes to ensure their specific needs (e.g., access to compute, data bottlenecks) are reflected in the final document.
• Align Internal Strategies: Begin aligning your organization's cloud and AI adoption plans with the 'AI first' principle. Consider how your organization can leverage the measures outlined in the national strategy, such as access to Centres for AI or public procurement opportunities.
• Prepare for High-Intensity Compute Access: If your organization requires significant compute resources for AI training or inference, monitor the development of AI factories and gigafactories in Sweden. The national strategy will outline access mechanisms and investment plans for these facilities.
• Data Governance Review: Ensure your data governance frameworks are robust enough to support AI development. The national strategy will emphasize preventing data bottlenecks, so internal data accessibility and quality should be reviewed proactively.
• Compliance with Reporting: If your organization is involved in public procurement or receives public funding for AI/cloud projects, ensure you are aware of the reporting requirements linked to the national strategy's implementation.

Common misconceptions

Misconception 1: The national strategy is optional or advisory.

• Reality: Article 7 uses mandatory language ("shall establish"). The national strategy is a binding regulatory requirement for Member States, not a voluntary guideline.

Misconception 2: The strategy only concerns large corporations.

• Reality: Article 7(2)(b) and (f) explicitly require measures for SMEs and SMCs. The strategy must address the barriers faced by smaller entities to ensure a competitive market.

Misconception 3: High-intensity compute refers only to traditional data centers.

• Reality: Article 7(2)(e) specifically lists AI factories, AI gigafactories, and quantum computers as strategic assets requiring investment measures, distinct from standard data centre capacity.

Misconception 4: Once adopted, the strategy is static.

• Reality: Article 7(5) mandates a review at least every three years, based on KPIs. The strategy must be dynamic and updated to reflect technological and market changes.

Misconception 5: Sweden can ignore the 'AI first' principle.

• Reality: Article 7(2)(a) explicitly requires the strategy's objectives and priorities to be in line with the 'AI first' principle, making it a core component of the national roadmap.

Official sources

• EU AI Act (Regulation (EU) 2024/1689)
• Digital Decade Policy Programme (Decision (EU) 2022/2481)

Related

• What must Spain include in its national cloud and AI strategy under CADA?
• What must Slovenia include in its national cloud and AI strategy under CADA?
• What must Slovakia include in its national cloud and AI strategy under CADA?
• What must Romania include in its national cloud and AI strategy under CADA?
• What must Portugal include in its national cloud and AI strategy under CADA?

This is general information about a draft EU regulation, not legal advice.