Summary Under the proposed Cloud and AI Development Act (CADA), Ireland faces three critical, time-bound obligations triggered by the regulation's entry into force. First, Ireland must designate at least one data centre acceleration zone within six months of entry into force, as mandated by Article 10(1). Second, the Member State must adopt a national cloud and AI strategy within one year of entry into force and notify the European Commission within three months of that adoption, per Article 7(1) and Article 7(5). Third, Ireland must designate its national competent authority responsible for enforcing the sovereignty framework within one year of entry into force, pursuant to Article 25(1). As CADA is currently a proposal (COM(2026) 502 final), these deadlines are conditional on the final adoption of the text.

Detail

The Cloud and AI Development Act (CADA) represents a significant shift in how EU Member States must plan and govern their digital infrastructure. For Ireland, a nation with a high concentration of data centre activity, the proposal imposes a rigorous schedule to align national planning with EU-wide sovereignty and capacity goals. The timeline is anchored to the "entry into force" of the regulation, not its publication or application date.

The 6-Month Deadline: Data Centre Acceleration Zones

The most immediate operational requirement for Ireland concerns the physical deployment of computing infrastructure. To address the Union's compute capacity gap and reduce geographically concentrated dependencies, CADA requires Member States to designate specific zones where data centre deployment is streamlined.

Article 10(1) of the proposal is explicit: "Where data centre capacity is being deployed within the territory of a Member State, that Member State shall designate at least one data centre acceleration zone ('acceleration zone') within its territory by [date of entry into force plus 6 months]."

This creates a tight six-month window from the moment the regulation becomes legally binding. For Ireland, this means that within half a year of entry into force, the government must have officially identified and designated at least one zone. This is not a passive administrative step; Article 10(1) requires that the designation process consider specific factors, including:

  • The location and dimension of the site.
  • Available and future power grid capacity and the possibility of on-site clean energy generation.
  • Available and future network connectivity capacity.
  • The capacity to support the phasing out of legacy copper networks.
  • Facilities for reusing data centre waste heat.
  • Measures to accelerate permit granting and the preference for reusing brownfield sites.

Furthermore, Article 11 mandates that sustainability requirements within these zones must use the key performance indicators defined in Delegated Regulation (EU) 2024/1364. This ensures that the rapid expansion of capacity in Ireland does not come at the expense of environmental standards or grid stability. The designation of these zones is a prerequisite for the simplified permitting procedures outlined in Article 13, which aims to reduce the permit-granting process to a maximum of 12 months for projects within these zones.

The 1-Year Deadline: National Cloud and AI Strategy

Parallel to the physical designation of zones, CADA mandates a comprehensive strategic policy response. Article 7(1) requires Member States to establish national cloud and AI strategies (the "national strategies") by the date of entry into force plus one year.

This strategy is the central planning instrument for Ireland's digital ecosystem under CADA. It must include, at a minimum:

  • Key objectives and priorities for cloud and AI adoption, aligned with the "AI first" principle.
  • Measures to accelerate development and adoption at national, regional, and local levels, particularly for SMEs and public sector bodies.
  • Specific measures to support the deployment of data centre capacity, focusing on high environmental and energy-efficiency standards.
  • Plans to invest in high-intensity computing infrastructure, such as AI factories, AI gigafactories, and quantum computers.
  • Measures to support the development of cloud computing stack technologies built upon open hardware and software to strengthen technological sovereignty.

Crucially, Article 7(5) imposes a strict reporting obligation. Once the strategy is adopted, Ireland must "notify the Commission of their national strategies within three months of their adoption." This notification is not merely a formality; it allows the Commission to monitor consistency with CADA's objectives. The article further requires that these strategies be assessed at least every three years based on key performance indicators and updated where necessary. This establishes a continuous cycle of planning, reporting, and refinement, ensuring that Ireland's strategy evolves alongside technological and market developments.

The 1-Year Deadline: Designation of National Competent Authority

To enforce the sovereignty and assurance frameworks central to CADA, Ireland must establish a dedicated regulatory body. Article 25(1) stipulates that "Member States shall designate one or more national competent authorities responsible for enforcing this Chapter by [date of entry into force plus 1 year]."

This deadline aligns with the requirement to adopt the national strategy, indicating that the strategic planning and regulatory enforcement structures must be operational simultaneously. The national competent authority will hold significant powers under Article 26, including the ability to:

  • Recognize cloud computing service providers as meeting specific Union assurance levels (Levels 1–4).
  • Conduct investigations, including requiring information and inspecting premises.
  • Order the cessation of infringements and impose fines or periodic penalty payments.

Article 25(3) further requires that these authorities be provided with "all necessary resources, including sufficient technical, financial and human resources, to adequately supervise all cloud computing service providers within their competence." Ireland must notify the Commission of the names, tasks, and powers of these authorities, and the Commission will maintain a public register of them. The Member State where the cloud provider has its main establishment (in this case, Ireland for providers established there) will have exclusive competence for enforcing the sovereignty chapter.

The Entry into Force vs. Application Distinction

It is critical for public-sector officers to distinguish between "entry into force" and "application." Article 48 of the proposal states that the regulation shall "enter into force on the twentieth day following that of its publication in the Official Journal of the European Union." However, it shall "apply from [same day and month as date of entry into force plus 1 year]."

While the deadlines for designating acceleration zones (6 months) and establishing strategies/authorities (1 year) are tied to the "entry into force" date, many operational obligations for cloud providers and public procurement rules will only become fully applicable one year after entry into force. This distinction allows Ireland a brief period to prepare its legal and administrative frameworks before the full weight of the regulation's operational rules takes effect.

What this means for you

For public-sector procurement officers, IT leaders, and policy planners in Ireland, these deadlines create a clear, non-negotiable roadmap for the next 18–24 months, assuming CADA is adopted in its current form.

  1. Immediate Infrastructure Planning: The six-month deadline for acceleration zones means that discussions with the Department of the Environment, Climate and Communications, the Commission for Regulation of Utilities (CRU), and local planning authorities must begin immediately. Procurement officers should anticipate that future data centre contracts will be heavily influenced by the location and sustainability criteria of these designated zones.
  2. Strategic Alignment: The one-year deadline for the national strategy requires that public bodies begin assessing their current cloud dependencies and AI adoption plans now. Procurement strategies for cloud services should be reviewed to ensure they align with the forthcoming national strategy, particularly regarding the use of sovereign cloud services and open-source solutions.
  3. Regulatory Readiness: The designation of a national competent authority within one year means that a new layer of regulatory oversight will be established. Procurement officers must prepare to interact with this authority, particularly when assessing the Union assurance levels of cloud providers. Understanding the recognition process for Union assurance levels (Article 17) will become essential for compliant procurement.
  4. Reporting Obligations: The requirement to notify the Commission within three months of adopting the national strategy highlights the need for efficient internal coordination. Delays in finalizing the strategy could compress the reporting window and impact Ireland's standing in the EU-wide monitoring framework.

Common misconceptions

  • "The deadlines start when the regulation is published." Incorrect. The deadlines are tied to the "entry into force" date, which is 20 days after publication. While this is a short gap, it is distinct from the publication date itself.
  • "Ireland can wait one year to start planning." Incorrect. The six-month deadline for acceleration zones is the earliest major milestone. Planning for site selection, grid capacity analysis, and environmental assessments must begin well before the entry into force date to meet this tight timeline.
  • "The national strategy is a static document." Incorrect. Article 7(5) requires assessment and updates at least every three years. Procurement officers should view the strategy as a living document that will influence long-term procurement policies.
  • "Only the IT department is responsible for these deadlines." Incorrect. The designation of acceleration zones involves environmental, energy, and planning authorities. The national strategy involves economic, industrial, and digital policy bodies. Procurement officers must collaborate across departments to ensure compliance.

Related

This is general information about a draft EU regulation, not legal advice.