The package is intended to strengthen capacity across the digital technology stack, from chip design and manufacture through to cloud, AI and data centre infrastructure, reducing strategic dependence on non-EU suppliers at each level of the chain. It comprises four measures which we outline further below in this briefing.
- Legislative proposal for a Chips Regulation 2.0 (“Chips Act 2.0”)
- Communication on European Tech Sovereignty, which includes an Open Source Strategy
- Strategic Roadmap for Digitalisation and AI in Energy (the “Roadmap”)
Key points to consider now
The proposal includes development pathways for data centres and manufacturing projects. Developers may wish to anticipate the required criteria as they engage with State stakeholders and other entities to ensure they are well positioned as part of the development ecosystem the EU is aiming to create.
- CADA acceleration zones are to be set up within six months of the CADA entering into force in Member States where data centre capacity is being deployed.
- CADA strategic project designation will be a possibility for data centre projects that meet at least two out of several criteria.
- European semiconductor technology initiatives and strategic project designation relate to entities involved in semiconductor manufacturing, electronics integration or chip design activities.
There are several mechanisms for resilience and diversification which developers and operators may wish to anticipate in supply chain processes and records, as well as contractual provisions.
- Public procurement: Entities providing cloud computing services to public sector bodies will need to obtain an appropriate assurance level. Non-price criteria will be added to certain public procurement processes.
- Risk-prone sectors: Energy, data centre, and other sectors may be designated as “risk-prone”, setting in train a procedure that can lead to binding procurement obligations.
- Priority-rated orders: A crisis-response mechanism could culminate in orders requiring European semiconductor technology initiatives and strategic projects to prioritise specific orders.
- Cybersecurity supply chain: Cybersecurity concerns around certain components in renewable energy generation facilities should be considered in relation to procurement decisions.
There are also drivers of sustainability and energy efficiency which are relevant to decisions being made now around design, siting and utilities, and contractual structuring.
- Sustainability requirements: Developers should begin benchmarking project designs against the emerging energy efficiency framework as sustainability performance will affect both regulatory compliance and designation eligibility.
- PPA structuring: There are implications for how PPAs are structured, with the draft Delegated Regulation requiring guarantees of origin to match 15-minute consumption periods and to come from the same bidding zone.
- Waste heat: Heat reuse potential will be relevant to location in acceleration zones and other mechanisms. Engaging with stakeholders could help to position a developer to demonstrate a credible waste heat reuse pathway.
- Flexibility: The package frames data centres not just as energy consumers but also as flexibility providers. Developers may wish to consider flexibility capacity in design, including how any obligations would interact with customer requirements and SLA commitments.
- Sustainable integration of data centres into the energy system: A model agreement for data centre operators, energy-related parties and public authorities is under development (for H2 2026). The Commission may consider legislation in this area.
The Cloud and AI Development Act
The proposed CADA aims to triple data centre capacity in the EU by 2030, prioritising energy-efficient technologies, to meet EU computing capacity requirements by 2035. By 2030, operators should be able to obtain all permits to build and run a data centre in less than 18 months (12 months in acceleration zones).
The CADA also aims to strengthen the EU’s capacity to act autonomously and improve resilience, competitiveness and security of supply.
Acceleration zones
Where data centre capacity is being deployed in a Member State, the Member State would designate at least one data centre acceleration zone within six months of entry into force of the Regulation.
When designating acceleration zones, Member States would consider site parameters, grid capacity, possibilities for on-site storage and clean energy generation, network connectivity, capacity to phase out legacy copper networks, waste heat reuse potential, measures to accelerate permitting, brownfield preference, and sustainability and climate resilience. Where appropriate, Member States would analyse each zone’s energy needs and greenhouse gas impacts, identify required energy infrastructure capacity, and ensure that electricity system operators reflect that analysis in their network development plans, including through anticipatory investments.
Authorities responsible for preparing spatial and development plans would have to consider including provisions on the development of data centre projects in acceleration zones and the necessary infrastructure.
When setting sustainability requirements for data centres in acceleration zones, Member States would use the performance indicators being developed under the Energy Efficiency Directive (which we looked at here: Data Centres: EU consults on Regulation for rating sustainability).
Strategic projects
The Commission could designate “data centre strategic projects” following open calls for expressions of interest where a project meets at least two out of several criteria.
The criteria relate to whether the project:
- establishes and operates infrastructure supporting and enhancing essential public sector functions;
- includes highly sustainable or innovative features (including technologies / solutions developed under the Cloud and AI Leadership Initiatives);
- contributes to the security, safety and stability of the electricity grid and electricity system needs as evaluated by the system operator, in particular for projects involving co-location of large clean energy generation and storage facilities;
- supports the integration of chips, processors and accelerators, servers or quantum computers designed and/or manufactured in the EU into data centre systems or data centre facility management; and
- addresses a major shortage of compute capacity and contributes significantly to the growth, development and promotion of the local economy.
Benefits of these pathways are summarised in the table below.
| Benefit | Acceleration zone (Articles 10–13) | Strategic project designation (Article 14) |
|---|---|---|
| Permit-granting procedure. | 12 months | 12 months in acceleration zones; 18 months outside acceleration zones. |
| Aggregated baseline permit covering commonly required authorisations for data centre projects (excluding installation-specific permits). | Yes | No, unless in acceleration zone. |
| Single information point covering planning and building permits, environmental assessments, water, wastewater and heat use and recovery permissions, compliance obligations, and applications for connection to electricity, heat or communications networks. | Yes | No, unless in acceleration zone. |
| Treated as strategic project for the purposes of the Regulation being developed on speeding up environmental assessments. | Yes | Yes |
The proposal indicates that strategic projects should be granted support from EU programmes, funds and financial instruments and that Member States may apply support measures. They may be eligible for the competitiveness seal, a quality guarantee providing assurances to institutional investors (under development in a draft Competitiveness Fund Regulation).
“Cloud and AI Leadership Initiatives” sit across the Regulation as the R&D scale-up and EU funding driver. These Initiatives are to pursue several operational objectives. For example, operational objective 1 includes advancing energy and water efficiency technologies for data centres and leveraging data centres as anchor clients for advanced energy management systems. Operational objectives would be implemented through large-scale, cross-sectoral initiatives addressing major technological and industrial challenges of strategic relevance for the EU (“grand challenges”, listed in Annex I).
Public procurement
Within one year of the Regulation coming into force and at least every two years after, Member States and EU entities would carry out risk assessments identifying public order-relevant activities that contribute to the preservation of public order in sectors falling under Annex I or II of the NIS2 Directive (and several other areas) and determining the appropriate assurance level required to carry them out. All public bodies would be required to procure recognised assurance level 1 services, with those whose activities contribute to the preservation of public order procuring only assurance level 2 to 4 services, subject to limited exceptions.
Entities wishing to provide cloud computing services to public sector bodies would obtain recognition at the applicable level by applying to the national competent authority. Level 1 would entail self-assessment. Levels 2 to 4 would entail independent third-party audit. There are potential routes for third-country controlled cloud computing service providers to be recognised (except at level 4).
For cloud and AI procurements, contracting authorities would also include non-price “Union added value” award criteria assessing contributions such as strengthening the EU digital supply chain and integrating EU technologies and research.
Spillover effects for private procurement
The CADA aspires to set the standard for procurement processes for cloud computing services to which private sector entities would align over time. To advance this, under CADA private-sector entities operating in sectors listed under Annex I to the NIS2 Directive would be permitted to conduct impact assessments with a similar purpose to those conducted by EU entities and public sector bodies.
Guidance from the Commission on the methodology and mitigation measures may also be issued and, in specific circumstances, the CADA provides for the Commission to adopt delegated acts requiring impact assessment for those entities in sectors of high criticality and the risk mitigation measures that entities who are not public sector bodies would take.
Chips Act 2.0
Chips Act 2.0 would repeal and replace Regulation (EU) 2023/1781 establishing a framework of measures for strengthening Europe’s semiconductor ecosystem. It is intended to provide a framework for strengthening the semiconductor ecosystem and addressing and preventing dependencies that could threaten the security of supply of semiconductors.
Chips for Europe Initiative 2.0
The Chips for Europe Initiative would become the Chips for Europe Initiative 2.0 (the “Initiative”), supported by EU, national and private funding, aimed at large-scale technological capacity building across the EU’s semiconductor value chain.
The Initiative would pursue actions under six operational objectives and support “grand challenges” (publicly-funded R&D and industrial deployment programmes to advance next-generation AI chip development, improve energy efficiency in cloud, data centre and edge AI infrastructure, and accelerate the transfer of technologies from pilot lines into industrial-scale production).
The Commission and Member States would be required to stimulate uptake of EU-designed or manufactured semiconductors through demand accelerators, which would facilitate collaborative platforms, pilot projects and design partnerships, as well as a demand forum to showcase semiconductor technologies. There is also provision for cross-border joint procurement arrangements.
European semiconductor technology initiatives and strategic projects
“European semiconductor technology initiatives” (“ESTIs”) and “strategic projects” could attract certain support measures from Member States and the Commission and would have permit-granting procedures not exceeding 12 months from submission of a complete application to a one-stop shop. Projects would also benefit from the Regulation being developed on speeding up environmental assessments.
ESTIs must meet certain requirements which include, among other things:
- being carried out by domestic undertakings;
- reducing supply chain dependence on non-domestic undertakings;
- being first-of-a-kind initiatives; and
- demonstrating positive spill-over effects on the Union’s semiconductor value chain.
The definition of first-of-a-kind initiative is expanded, and first-of-a-kind initiatives do not have to receive public support to apply for ESTI status.
To attract strategic project status, a project would have to:
- provide significant added value to the EU;
- be carried out by domestic undertakings;
- demonstrate the supply chain will reduce dependence on non-domestic undertakings;
- have a clear cross-border dimension;
- contribute to the resilience and robustness of the EU’s semiconductor value chain; and
- contribute to the EU’s technological sovereignty and leadership.
Technological areas identified as potential areas for strategic project recognition are in Annex II.
Regional authorities would be able to apply for a European Semiconductor Region of Excellence label to signal investment attractiveness. Their Regional Investment Plan would include information on enabling conditions including energy access, grid capacity, decarbonisation pathways, land, transport, communication and water infrastructure, and measures to simplify and accelerate permitting.
Public procurement
For public procurements in sectors of high criticality and other critical sectors under NIS2, contracting authorities could require economic operators to submit a “security of supply declaration” relating to the sourcing of semiconductors incorporated into the infrastructures, equipment or systems covered by the contract. Where the Commission identifies a potential supply chain risk through its monitoring activities, it may issue recommendations to contracting authorities regarding the supply of semiconductors by domestic undertakings. Where the risks persist, the Commission may adopt an implementing decision making declarations mandatory for specified infrastructures, equipment or systems.
Risk-prone sectors
The Commission would be able to identify sectors listed in Annexes V or VI (which include energy, defence and data centres) as “risk-prone”, based on their exposure to semiconductor supply disruptions. Where a sector is so designated, the Commission may issue guidance and recommend mitigation measures covering dual sourcing, upstream and downstream supply chain mapping, and vulnerability analysis.
If recommended mitigation measures are not adequately adopted, the Commission may adopt a further implementing act with binding risk mitigation measures for specified semiconductor products, which may include performance of a risk assessment, procurement measures, dual sourcing, stockpiling, and diversification of supply.
Monitoring and crisis response
A strategic mapping and early-warning indicator system would identify supply-chain dependencies and vulnerabilities across the value chain. A crisis stage can be activated by the Council. Provisions governing activation are carried over from the 2023 Chips Act. Chips Act 2.0 adds enhanced pre-crisis preparedness: a Business-to-Business Semiconductor Supply Chain Platform, functioning as a digital twin of the supply chain, through which the Commission can gather information at the alert stage before a crisis is formally declared, with participants able to access aggregated market intelligence.
Once a crisis stage is activated, the Commission may impose priority-rated orders on ESTIs and strategic projects, requiring them to prioritise certain orders. This is a scope change from the 2023 Act, which targeted integrated production facilities and open EU foundries, requiring them to accept and prioritise crisis-relevant orders ahead of existing contractual obligations. Hardship safeguards apply, and contractual liability for breaches necessary to comply with the priority-rated orders is expressly excluded.
Companies should anticipate the possibility of priority-rated orders in their commercial contracts.
Open-Source Strategy
The strategy has four objectives: leveraging open source for technological sovereignty; strengthening and promoting a vibrant open-source ecosystem; promoting open and interoperable digital ecosystems for public administrations; and reinforcing digital standards and international outreach.
For each objective, several actions are identified to be taken by the Commission, Member States and the private sector. The strategy combines supply-side measures, including funding, with demand-side measures. Energy is included as a priority sector for open-source industrial deployment.
Strategic Roadmap for digitalisation and AI in energy
Pillar 1 of the Roadmap is intended to ensure sustainable integration of data centres into the energy system. The Commission in H2 2026 is to publish a model tripartite agreement between public authorities, data centre operators and energy actors, covering improved grid planning information, optimal siting, transparency of grid connection requests, PPAs, flexibility solutions, waste heat recovery and flexible connection agreements. Companies that are among the first signatories are encouraged by the Commission to sign a Declaration of Support. The Commission may consider a legislative proposal to ensure sustainable integration of data centres into the EU energy system.
The Commission’s Data Centre Energy Efficiency Package (which we discussed in a recent insights blog: Data Centres: EU consults on Regulation for rating sustainability) is to be adopted in 2026, with first labels issued in 2027. Regulatory authorities are to create frameworks for flexible connection agreements (which is already provided for in EU energy law). System operators are to reflect data centre energy demand analyses in network development plans and to facilitate flexible connection agreements.
Pillar II references anticipated legislation to enable more efficient use of grid assets through smart and digital solutions and to accelerate rollout of smart meters. The Commission also intends to support the development of AI foundation models for grid management and planning. Funding is being made available for AI technologies and digital solutions across the energy and energy efficiency value chain.
Pillar III includes establishment of an EU framework for simplified cross-border energy data exchange for smart energy services and AI model training. Assessment is to take place in 2026 and development in 2027.
A cross-cutting action is to strengthen safety of AI and the cybersecurity of critical devices. The Roadmap flags solar and wind generation infrastructure as a priority cybersecurity concern. The Commission has restricted funding for projects involving inverters from high-risk suppliers. It may impose a ban under the Cybersecurity Act and will carry out a risk assessment of solar installations in 2026.
Next steps
The proposals will be negotiated by the Parliament and Council of the EU before passing into law. Based on comparable EU practice, adoption would typically be expected no earlier than 2027 to 2028, and potentially later depending on political complexity.
In the meantime, developers and service providers will wish to engage early with the proposed framework, whether in relation to site selection, grid access, permitting, sustainability, procurement, or contractual structures, to be well placed when opportunities and obligations crystallise.
