From the EuroCloud Federation to Accelerator Zones

The average PUE of EU data centers should drop to 1.15, and the server utilization rate should reach 50%.

The European Commission aims for these goals. It has incorporated them—without setting deadlines—into its proposed legislation known as the CADA (Cloud and AI Development Act).

The drive for a European agentive orchestrator

Among other measures, the document establishes so-called Cloud Leadership Initiative and AI Leadership Initiative. Their broad aim is to promote research and innovation as a lever to scale up. They crystallize into eight operational objectives. Advances in the data center—including the optimization of PUE and server utilization—are one of them. The others, in broad terms, cover:

  • Software and hardware stacks supporting the EU’s technological autonomy
  • Edge models (notably in cybersecurity)
  • Physical AI (for robotics, autonomous vehicles and drones, in particular)
  • Industrial AI (collaborative training, among other things)
  • AI agents (primary target: a European orchestrator)
  • AI in the public sector (healthcare at the forefront)
  • Regional and local adoption of European AI

A connection to the data spaces

Read also: “Digital administration must recruit more IT specialists”

On the technology autonomy front, Brussels mentions middleware interfaces with the data spaces across Europe. There is also talk of creating foundations to support the development of open-source components.

Also on the horizon is a network of “AI centers.” Among its missions are to scale up use cases, drive local adoption, transfer expertise between regions, and foster start-ups emerging from academia and accelerators.

Acceleration zones for the data centers

Echoing the fast-track process that France has put in place, the European Commission proposes “acceleration zones” for data centers. Each member state must designate at least one within six months of the CADA entering into force.

In these “acceleration zones,” permitting procedures must not exceed 12 months. Data center operators should have access to a single information point.

The projects concerned will be considered strategic under the forthcoming legislation aimed at speeding up environmental impact assessments (the environmental omnibus component). They will benefit from the associated toolbox in this regard.

5 criteria to designate data center projects as “strategic”

Brussels may also designate as strategic data center projects selected under calls for expressions of interest that meet at least two of the following criteria:

  • Enhances essential public service functions
  • Includes features that are “very sustainable” or “very innovative”
  • Contributes to the security, resilience and stability of the electricity grid
  • Manages the integration of chips, processors, accelerators, servers or quantum computers designed and/or manufactured in the EU
  • Helps address a major shortage of computing capacity and significantly contributes to local growth, development and the promotion of the local economy

The Cloud Sovereignty Framework, codified in the CADA…

In October 2025, the EU equipped itself with a reference framework to assess the sovereignty of cloud offerings within the framework of public procurement.

Read also: Open Data: Opening of SIRENE data in early 2017

It is essentially transcribed into the CADA. With its four levels of assurance that the European Commission may modify.

At Level 1, called “jurisdictional sovereignty,” the provider is established in the EU. The same goes for the infrastructure and assets, including those of subcontractors… unless the public buyer requires otherwise. Customer data remains in the EU… unless, again, the purchaser objects. The technical support is operational and may be outsourced, but with appropriate traceability, security and governance measures. In the event of exposure to the control of a third country or a legal entity from a third country, the provider must guarantee that it does not disclose security vulnerabilities to authorities “before becoming aware of their exploitation.”

At Level 2 (“data sovereignty”), there can be no exception to the location of assets within the EU. The provider must also hold a substantial security visa (preferably based on an EU certification scheme—when one becomes available for cloud services). It must also ensure that data generated by the services are not used to train AI “operated by third countries or by entities based in third countries.” Any potential exposure to third-country controls should not prevent it from delivering the service. Nor should it force disclosure of customer data. Nor impose sanctions, embargoes or similar measures unless legal under EU law or a member state’s law.

… without reference to the High+ security level

At Level 3 (“digital resilience”), on-call operating staff must be an EU citizen. And technical and operational support must be provided exclusively on-site by EU residents. The provider and subcontractors are not subject to third-country control… unless the European Commission authorizes it. It may do so under three conditions:

  • Existence of an adequacy decision with that third country
  • No conflict with the European Regulation governing international access by public authorities to non-personal data
  • No obligation for the provider to degrade its service or to apply sanctions, embargoes or similar measures unless legal

At Level 4 (“complete digital sovereignty”), there is no exception to the residence of customer data. As for the security visa, it must be of a high level. There is no mention of any High+, which had been called for, for example, by MEDEF.

Public procurement: the EU as central authority or wholesaler

As proposed, the CADA gives member states and EU entities one year to attach the required assurance levels to certain public sector activities—particularly those that “contribute to maintaining public order.” Brussels provides for an exemption if no EU cloud service offering in the future catalogue meets a demand and there is no reasonable alternative.

Read also: Telegrams: CADA-CNIL, Swiftkey-ML, FBI-Nutanix, IoT-OTT

The CADA invites buyers to include non-price criteria, but does not go further. It, however, sanctifies the European interinstitutional procurement system, in an adaptation suited to cloud/data center services, software and AI systems. Through it, the European Commission can act as a central or wholesale supplier for EU entities, member state contracting authorities and partner organizations.

Toward an “EuroCloud Federation” to pool services

Beyond public procurement, the CADA addresses the pooling of public-sector services. It creates a voluntary exchange and orchestration platform. The proposed name: EuroCloud Federation.

A few provisions are specific to open source. One establishes a network of public-sector OSPOs. Another creates a catalog of solutions on the Interoperable Europe portal. The EU and member states are more broadly encouraged to use open standards and open components.

Dawn Liphardt

Dawn Liphardt

I'm Dawn Liphardt, the founder and lead writer of this publication. With a background in philosophy and a deep interest in the social impact of technology, I started this platform to explore how innovation shapes — and sometimes disrupts — the world we live in. My work focuses on critical, human-centered storytelling at the frontier of artificial intelligence and emerging tech.